[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 23 14:41:23 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76be03cc by Moritz Muehlenhoff at 2023-10-23T15:40:56+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201,22 +201,40 @@ CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing
 	NOTE: https://github.com/nothings/stb/pull/1553
 CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 7)
+	NOTE: https://github.com/nothings/stb/pull/1551
 CVE-2023-45666 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 6)
+	NOTE: https://github.com/nothings/stb/pull/1549
 CVE-2023-45664 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 4)
+	NOTE: https://github.com/nothings/stb/pull/1545
 CVE-2023-45663 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 3)
+	NOTE: https://github.com/nothings/stb/pull/1543
 CVE-2023-45662 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 2)
+	NOTE: https://github.com/nothings/stb/pull/1541
 CVE-2023-45661 (stb_image is a single file MIT licensed library for processing images. ...)
 	- libstb <unfixed>
-	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
+	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 1)
+	NOTE: https://github.com/nothings/stb/pull/1539
 CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
 	NOT-FOR-US: CMSmadesimple
 CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
@@ -1876,7 +1894,9 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and imm
 	- golang-1.21 1.21.3-1
 	- golang-1.20 1.20.10-1
 	- golang-1.19 <unfixed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	NOTE: https://github.com/golang/go/issues/63417
 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...)
@@ -3888,6 +3908,8 @@ CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to c
 	NOT-FOR-US: Hospital Management System
 CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
 	- composer 2.6.4-1
+	[bookworm] - composer <no-dsa> (Minor issue)
+	[bullseye] - composer <no-dsa> (Minor issue)
 	[buster] - composer <no-dsa> (Minor issue, only a problem when configured improperly)
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
 	NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76be03cce30e752219a2e04c9ba69d4134cea2d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76be03cce30e752219a2e04c9ba69d4134cea2d5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/c007b90c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list