[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 23 10:30:33 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daaa8d06 by Moritz Muehlenhoff at 2023-10-23T11:30:13+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,28 +153,52 @@ CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (X
 	NOT-FOR-US: I-doit pro
 CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 15)
+	NOTE: https://github.com/nothings/stb/pull/1560
 CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 14)
+	NOTE: https://github.com/nothings/stb/pull/1559
 CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 13)
+	NOTE: https://github.com/nothings/stb/pull/1558
 CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 12)
+	NOTE: https://github.com/nothings/stb/pull/1557
 CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 11)
+	NOTE: https://github.com/nothings/stb/pull/1556
 CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 10)
+	NOTE: https://github.com/nothings/stb/pull/1555
 CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 9)
+	NOTE: https://github.com/nothings/stb/pull/1554
 CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 8)
+	NOTE: https://github.com/nothings/stb/pull/1553
 CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
@@ -235,6 +259,8 @@ CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored
 	NOT-FOR-US: WordPress plugin
 CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...)
 	- nagvis 1:1.9.38-1
+	[bookworm] - nagvis <no-dsa> (Minor issue)
+	[bullseye] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/pull/356
 	NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38)
 CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...)
@@ -2795,6 +2821,8 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege
 	NOT-FOR-US: IBM
 CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...)
 	- gradle <unfixed>
+	[bookworm] - gradle <no-dsa> (Minor issue)
+	[bullseye] - gradle <no-dsa> (Minor issue)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8
 CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...)
 	NOT-FOR-US: WordPress plugin
@@ -3045,6 +3073,8 @@ CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCo
 	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...)
 	- wireshark 4.0.10-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daaa8d06f4aaa4046704de3e70e6da7f18c82870
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/fd8ddbeb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list