[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 6 10:29:41 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75ddbc45 by Moritz Muehlenhoff at 2023-09-06T11:29:19+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -54,10 +54,13 @@ CVE-2023-36851
 	NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim <unfixed>
+	[bookworm] - vim <no-dsa> (Minor issue)
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
 	NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873)
 CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
 	NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed
@@ -184,20 +187,25 @@ CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x
 	NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210
 CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated]
 	- xen <unfixed>
+	[bookworm] - xen <postponed> (Minor issue, fix along in future DSA)
+	[bullseye] - xen <no-dsa> (Minor issue, fix along in future DSA)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-437.html
 CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
 	NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6
 CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
 	NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05
 CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
 	NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3
@@ -208,18 +216,22 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-D
 	NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
 CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
 	- vim <unfixed>
+	[bookworm] - vim <no-dsa> (Minor issue)
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
 	NOTE: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 (v9.0.1858)
 CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea/
 	NOTE: https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed (v9.0.1857)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4748 (A vulnerability, which was classified as critical, has been found in Y ...)
 	NOT-FOR-US: Yongyou UFIDA-NC
 CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/
 	NOTE: https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c (v9.0.1840)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress File Sharing Plugin plugin for WordPress
 CVE-2023-4616 (This vulnerability allows remote attackers to disclose sensitive infor ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+cacti
 --
 chromium
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75ddbc4597f0d393e6017696d1567a8623c2ce1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75ddbc4597f0d393e6017696d1567a8623c2ce1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/8f48e539/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list