[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2022-26592 & CVE-2022-43357 in libsass for buster LTS.

Wed Sep 6 18:33:33 BST 2023


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
288a3a72 by Chris Lamb at 2023-09-06T10:23:52-07:00
Triage CVE-2022-26592 & CVE-2022-43357 in libsass for buster LTS.

- - - - -
cedf3f14 by Chris Lamb at 2023-09-06T10:24:36-07:00
Triage CVE-2021-32050 in node-mongodb for buster LTS.

- - - - -
c60b1cdc by Chris Lamb at 2023-09-06T10:27:37-07:00
Triage CVE-2021-32050 in php-mongodb for buster LTS.

- - - - -
66901448 by Chris Lamb at 2023-09-06T10:28:32-07:00
Triage CVE-2023-4641 in shadow for buster LTS.

- - - - -
5aff8b26 by Chris Lamb at 2023-09-06T10:32:55-07:00
data/dla-needed.txt: Triage exiv2 for buster LTS (CVE-2020-18831)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -924,6 +924,7 @@ CVE-2023-4641 [gpasswd(1) password leak]
 	- shadow <unfixed> (bug #1051062)
 	[bookworm] - shadow <no-dsa> (Minor issue)
 	[bullseye] - shadow <no-dsa> (Minor issue)
+	[buster] - shadow <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2215945
 	NOTE: https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 (4.14.0-rc1)
 CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cr ...)
@@ -61741,6 +61742,7 @@ CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sa
 	- libsass <unfixed>
 	[bookworm] - libsass <no-dsa> (Minor issue)
 	[bullseye] - libsass <no-dsa> (Minor issue)
+	[buster] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/3177
 CVE-2022-43356
 	RESERVED
@@ -108919,6 +108921,7 @@ CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSe
 	- libsass <unfixed>
 	[bookworm] - libsass <no-dsa> (Minor issue)
 	[bullseye] - libsass <no-dsa> (Minor issue)
+	[buster] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/3174
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
 	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
@@ -165184,12 +165187,14 @@ CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injecti
 CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing authent ...)
 	- php-mongodb 1.11.1+1.9.2+1.7.5-4
 	[bullseye] - php-mongodb <no-dsa> (Minor issue)
+	[buster] - php-mongodb <no-dsa> (Minor issue)
 	- mongo-c-driver 1.18.0-1
 	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	[buster] - mongo-c-driver <no-dsa> (Minor issue)
 	- node-mongodb <unfixed>
 	[bookworm] - node-mongodb <no-dsa> (Minor issue)
 	[bullseye] - node-mongodb <no-dsa> (Minor issue)
+	[buster] - node-mongodb <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/PHPC-1869
 	NOTE: https://github.com/mongodb/mongo-php-driver/pull/1235
 	NOTE: https://jira.mongodb.org/browse/NODE-3356


=====================================
data/dla-needed.txt
=====================================
@@ -57,6 +57,9 @@ dogecoin
 elfutils (Thorsten Alteholz)
   NOTE: 20230903: Added by Front-Desk (gladk)
 --
+exiv2
+  NOTE: 20230906: Added by Front-Desk (lamby)
+--
 file (Thorsten Alteholz)
   NOTE: 20230901: Added by Front-Desk (gladk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/211ef86fd6c322775f47626dbb6661c315d5ec23...5aff8b26f8a05ba4e18ba2b1422702c4ca4c6901

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/211ef86fd6c322775f47626dbb6661c315d5ec23...5aff8b26f8a05ba4e18ba2b1422702c4ca4c6901
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/ee4f9c1c/attachment.htm>
