[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 9 15:25:14 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06c9a8c7 by Moritz Muehlenhoff at 2023-10-09T16:24:47+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -346,23 +346,33 @@ CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buff
 	NOT-FOR-US: IQ Engine
 CVE-2023-3430
 	- openimageio 2.4.13.0+dfsg-1
+	[bookworm] - openimageio <no-dsa> (Minor issue)
+	[bullseye] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/issues/3840
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
 	NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0)
 CVE-2023-38473
 	- avahi <unfixed>
+	[bookworm] - avahi <no-dsa> (Minor issue)
+	[bullseye] - avahi <no-dsa> (Minor issue)
 	NOTE: https://github.com/lathiat/avahi/issues/451
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38472
 	- avahi <unfixed>
+	[bookworm] - avahi <no-dsa> (Minor issue)
+	[bullseye] - avahi <no-dsa> (Minor issue)
 	NOTE: https://github.com/lathiat/avahi/issues/452
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38471
 	- avahi <unfixed>
+	[bookworm] - avahi <no-dsa> (Minor issue)
+	[bullseye] - avahi <no-dsa> (Minor issue)
 	NOTE: https://github.com/lathiat/avahi/issues/453
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
 CVE-2023-38470
 	- avahi <unfixed>
+	[bookworm] - avahi <no-dsa> (Minor issue)
+	[bullseye] - avahi <no-dsa> (Minor issue)
 	NOTE: https://github.com/lathiat/avahi/issues/454
 	NOTE: https://github.com/lathiat/avahi/pull/457
 	NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
@@ -2005,6 +2015,8 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por
 	NOTE: https://jira.mariadb.org/browse/MDEV-25068
 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files]
 	- ansible-core <unfixed> (bug #1053693)
+	[bookworm] - ansible-core <no-dsa> (Minor issue)
+	[bullseye] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810
 	NOTE: https://github.com/ansible/ansible/pull/81780
@@ -6362,6 +6374,8 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.
 	- python2.7 <removed>
 	[bullseye] - python2.7 2.7.18-8+deb11u1
 	- pypy3 7.3.13+dfsg-1
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
+	[bullseye] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
 	NOTE: https://github.com/python/cpython/issues/108310
 	NOTE: https://github.com/python/cpython/pull/108315
@@ -37600,7 +37614,7 @@ CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
 	[bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
 	- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
 	[bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
-	[bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1
+	[bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1
 	- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
 	[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
 	NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
@@ -37625,7 +37639,7 @@ CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
 	[bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
 	- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
 	[bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
-	[bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1
+	[bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1
 	- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
 	[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
 	NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ cacti
 --
 cinder/oldstable
 --
+curl (jmm)
+--
 gpac/oldstable (jmm)
 --
 gst-plugins-bad1.0 (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9a8c793683242bd0cf3a109148e5542dae21b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231009/81b1651f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list