[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 22 16:02:48 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6718b1f7 by Moritz Muehlenhoff at 2023-11-22T17:02:18+01:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1149,6 +1149,8 @@ CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Exe
 	- gimp 2.10.36-1 (bug #1055984)
 	[buster] - gimp <not-affected> (DDS plugin added in 2.10.10)
 	- gimp-dds <removed>
+	[bookworm] - gimp-dds <no-dsa> (Obsoleted by src:gimp, should get dropped via Breaks)
+	[bullseye] - gimp-dds <no-dsa> (Obsoleted by src:gimp, should get dropped via Breaks)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
 	NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/7db71cd0b6e36c454aa0d2d3efeec7e636db4dbc (GIMP_2_10_36)
@@ -6569,6 +6571,8 @@ CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt t
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in the sand ...)
 	- tracker-miners 3.4.5-1 (bug #1053881)
+	[bookworm] - tracker-miners <no-dsa> (Minor issue)
+	[bullseye] - tracker-miners <no-dsa> (Minor issue)
 	NOTE: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape
 	NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
 	NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480
@@ -43353,6 +43357,8 @@ CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response
 	NOT-FOR-US: Crow
 CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial  ...)
 	- ruby-sidekiq <unfixed>
+	[bookworm] - ruby-sidekiq <no-dsa> (Minor issue)
+	[bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
 	[buster] - ruby-sidekiq <no-dsa> (Minor issue, DoS still possible)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
 	NOTE: https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3)
@@ -229819,15 +229825,23 @@ CVE-2020-24296
 	RESERVED
 CVE-2020-24295 (Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in Fre ...)
 	- freeimage <unfixed>
+	[bookworm] - freeimage <postponed> (Revisit when patches are available)
+	[bullseye] - freeimage <postponed> (Revisit when patches are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
 CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDP ...)
 	- freeimage <unfixed>
+	[bookworm] - freeimage <postponed> (Revisit when patches are available)
+	[bullseye] - freeimage <postponed> (Revisit when patches are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
 CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp i ...)
 	- freeimage <unfixed>
+	[bookworm] - freeimage <postponed> (Revisit when patches are available)
+	[bullseye] - freeimage <postponed> (Revisit when patches are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
 CVE-2020-24292 (Buffer Overflow vulnerability in load function in PluginICO.cpp in Fre ...)
 	- freeimage <unfixed>
+	[bookworm] - freeimage <postponed> (Revisit when patches are available)
+	[bullseye] - freeimage <postponed> (Revisit when patches are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
 CVE-2020-24291
 	RESERVED
@@ -481417,11 +481431,15 @@ CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.2016
 CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute a ...)
 	{DSA-3676-1 DLA-631-1}
 	- unadf <unfixed> (bug #838248)
+	[bookworm] - unadf <no-dsa> (Minor issue)
+	[bullseye] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
 	{DSA-3676-1 DLA-631-1}
 	- unadf <unfixed> (bug #838248)
+	[bookworm] - unadf <no-dsa> (Minor issue)
+	[bullseye] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6718b1f7011e963f7d1ed317be9f222859974ee4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6718b1f7011e963f7d1ed317be9f222859974ee4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/5c4fc51c/attachment.htm>

More information about the debian-security-tracker-commits mailing list