[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 22 10:00:16 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a0109c5 by Moritz Muehlenhoff at 2023-11-22T10:59:25+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,9 +76,10 @@ CVE-2023-6238 (A buffer overflow vulnerability was found in the NVM Express (NVM
 CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...)
 	NOT-FOR-US: Duet Display for Windows
 CVE-2023-6228 [heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c]
-	- tiff <unfixed>
+	- tiff <unfixed> (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/606
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...)
 	- firefox 120.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
@@ -1536,9 +1537,13 @@ CVE-2023-47117 (Label Studio is an open source data labeling tool. In all curren
 	NOT-FOR-US: Label Studio
 CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to control t ...)
 	- python-asyncssh <unfixed> (bug #1055999)
+	[bookworm] - python-asyncssh <no-dsa> (Minor issue)
+	[bullseye] - python-asyncssh <no-dsa> (Minor issue)
 	NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
 CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to control t ...)
 	- python-asyncssh <unfixed> (bug #1056000)
+	[bookworm] - python-asyncssh <no-dsa> (Minor issue)
+	[bullseye] - python-asyncssh <no-dsa> (Minor issue)
 	NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
 CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank  ...)
 	NOT-FOR-US: Code-Projects Blood Bank
@@ -4573,6 +4578,8 @@ CVE-2023-46119 (Parse Server is an open source backend that can be deployed to a
 	NOT-FOR-US: Parse Server
 CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API  ...)
 	- rabbitmq-server <unfixed>
+	[bookworm] - rabbitmq-server <no-dsa> (Minor issue)
+	[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708
 CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0109c5a3b29c102ddc93d794e6c0ba32b7e007

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0109c5a3b29c102ddc93d794e6c0ba32b7e007
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/a7bb9de1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list