[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Sep 12 08:03:02 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51837e30 by Moritz Muehlenhoff at 2023-09-12T09:02:40+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,6 +29,7 @@ CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attac
 	NOT-FOR-US: Interact
 CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function  ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2550
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa
 CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...)
@@ -43,6 +44,7 @@ CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check
 	NOT-FOR-US: Softneta MedDream PACS
 CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...)
 	- vips 8.14.4-1
+	[bookworm] - vips <no-dsa> (Minor issue)
 	[bullseye] - vips <not-affected> (Vulnerable code not present)
 	[buster] - vips <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libvips/libvips/pull/3604
@@ -61,7 +63,7 @@ CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an aut
 CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...)
 	NOT-FOR-US: Softneta MedDream PACS
 CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...)
-	- cppcheck <unfixed>
+	- cppcheck <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/
 CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...)
 	TODO: check
@@ -95,6 +97,8 @@ CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through 6.
 	NOT-FOR-US: Imou Life com.mm.android.smartlifeiot application
 CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ...)
 	- qemu <unfixed>
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1813
 CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" ...)
 	NOT-FOR-US: MyCrops HiGrade "THC Testing & Cannabi" application
@@ -2065,6 +2069,7 @@ CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create
 	NOT-FOR-US: Zenario CMS
 CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...)
 	- gpac <unfixed> (bug #1051740)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2537
 	NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51837e301a0e976499cc2b9e6c5d26bca1c24a96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/6a5bf650/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list