[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f2cbdbb by Moritz Muehlenhoff at 2023-09-03T21:02:13+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,23 @@
 CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim <unfixed>
+	[bookworm] - vim <no-dsa> (Minor issue)
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/
 	NOTE: https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 (v9.0.1848)
 CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.)
-	- vim <unfixed>
+	- vim <not-affected> (Windows-specific)
 	NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/
 	NOTE: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c (v9.0.1833)
 CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/
 	NOTE: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 (v9.0.1847)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/
 	NOTE: https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (v9.0.1846)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-39983 (A vulnerability that poses a potential risk of polluting the MXsecurit ...)
 	NOT-FOR-US: MXsecurity
 CVE-2023-39982 (A vulnerability has been identified in MXsecurity versions prior to v1 ...)
@@ -1276,6 +1280,8 @@ CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.
 	NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47
 CVE-2023-4380
 	- ansible <unfixed>
+	[bookworm] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232324
 CVE-2023-4420 (A remote unprivileged attacker can intercept the communication via e.g ...)
 	NOT-FOR-US: SICK LMS5xx
@@ -5762,11 +5768,13 @@ CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulner
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...)
 	- nomad <removed>
+	[bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...)
 	- nomad <not-affected> (Specific to Nomad Enterprise)
 CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL  ...)
 	- nomad <removed>
+	[bullseye] - nomad <ignored> (Will be removed in Bullseye 11.8)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
 CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse the reg ...)
 	NOT-FOR-US: Weincloud
@@ -19742,11 +19750,15 @@ CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON
 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...)
 	{DLA-3538-1}
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22588
 	NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4
 	NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb
 CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...)
 	- zabbix <unfixed>
+	[bookworm] - zabbix <no-dsa> (Minor issue)
+	[bullseye] - zabbix <no-dsa> (Minor issue)
 	[buster] - zabbix <not-affected> (vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-22589
 	NOTE: Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2cbdbbbd71480032bd068740a244e3cae0520c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230903/f7784504/attachment-0001.htm>