[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71322725 by Moritz Muehlenhoff at 2023-09-12T12:23:42+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -412,6 +412,7 @@ CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be co
 	NOT-FOR-US: WireMock
 CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...)
 	- redis 5:7.0.13-1 (bug #1051512)
+	[bookworm] - redis <no-dsa> (Minor issue)
 	[bullseye] - redis <not-affected> (Vulnerable code introduced later)
 	[buster] - redis <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced after: https://github.com/redis/redis/commit/55c81f2cd3da82f9f570000875e006b9046ddef3 (7.0-rc1)
@@ -2029,6 +2030,7 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController all
 	NOT-FOR-US: Cerebrate
 CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...)
 	- frr <unfixed>
+	[bookworm] - frr 8.4.4-1.1~deb12u1
 	[bullseye] - frr <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/FRRouting/frr/pull/14241
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840
@@ -2036,6 +2038,7 @@ CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c do
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e
 CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...)
 	- frr 8.4.4-1.1
+	[bookworm] - frr 8.4.4-1.1~deb12u1
 	[bullseye] - frr <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/FRRouting/frr/pull/14245
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702
@@ -2111,6 +2114,8 @@ CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/net
 	NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
 CVE-2023-4567
 	- ansible <unfixed> (bug #1051725)
+	[bookworm] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
 CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction]
 	- linux 6.4.13-1


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+audiofile
+  unfixed upstream
 --
 cacti
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713227254a14be52444e3dc7ed2fec2d0dc9cd53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713227254a14be52444e3dc7ed2fec2d0dc9cd53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/386ba1e3/attachment-0001.htm>