[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Sep 2 19:09:25 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac3dd65a by Moritz Muehlenhoff at 2023-09-02T20:08:57+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -95,6 +95,8 @@ CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions
 	NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement
 CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before  ...)
 	- libtommath <unfixed>
+	[bookworm] - libtommath <no-dsa> (Minor issue)
+	[bullseye] - libtommath <no-dsa> (Minor issue)
 	NOTE: https://github.com/libtom/libtommath/pull/546
 	NOTE: https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9
 CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...)
@@ -466,6 +468,8 @@ CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
 CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...)
 	- xrdp <unfixed> (bug #1051061)
+	[bookworm] - xrdp <no-dsa> (Minor issue)
+	[bullseye] - xrdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
 	NOTE: https://github.com/neutrinolabs/xrdp/commit/25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e
 CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
@@ -623,6 +627,7 @@ CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expre
 	TODO: check
 CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...)
 	- aom 3.7.0~rc3-1
+	[bookworm] - aom <no-dsa> (Minor issue)
 	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
 	[buster] - aom <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3
@@ -1989,6 +1994,8 @@ CVE-2023-39743 (lrzip-next LZMA v23.01 was discovered to contain an access viola
 	- lrzip-next <itp> (bug #1042088)
 CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the libzpaq ...)
 	- lrzip <unfixed>
+	[bookworm] - lrzip <no-dsa> (Minor issue)
+	[bullseye] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/246
 CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a  ...)
 	NOT-FOR-US: JeecgBoot
@@ -6165,6 +6172,7 @@ CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for deve
 	NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...)
 	- openrefine 3.6.2-3 (bug #1041422)
+	[bookworm] - openrefine <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e (master)
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/c40c84d8170c4d61c6a0926531b552a50caa5651 (3.7.4)
@@ -22207,6 +22215,8 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...)
 	{DLA-3447-1 DLA-3408-1}
 	- rubygems <unfixed>
+	[bookworm] - rubygems <no-dsa> (Minor issue)
+	[bullseye] - rubygems <no-dsa> (Minor issue)
 	- ruby3.1 <unfixed> (bug #1038408)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3dd65ac6eac8ffc0729eb262b40827d8b0ec88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3dd65ac6eac8ffc0729eb262b40827d8b0ec88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230902/4b7d44a3/attachment.htm>

More information about the debian-security-tracker-commits mailing list