[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 20 08:15:00 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c021404 by Moritz Muehlenhoff at 2023-09-20T09:13:55+02:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -156,6 +156,8 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. driver
 	NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
 CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages]
 	- roundcube 1.6.3+dfsg-1 (bug #1052059)
+	[bookworm] - roundcube <no-dsa> (Minor issue)
+	[bullseye] - roundcube <no-dsa> (Minor issue)
 	NOTE: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
 	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b (1.6.3)
 CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos  ...)
@@ -587,6 +589,8 @@ CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This i
 	NOT-FOR-US: Craft CMS
 CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some circumstances, ...)
 	- libapache-mod-jk 1:1.2.49-1 (bug #1051956)
+	[bookworm] - libapache-mod-jk <no-dsa> (Minor issue)
+	[bullseye] - libapache-mod-jk <no-dsa> (Minor issue)
 	NOTE: https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b
 	NOTE: http://www.openwall.com/lists/oss-security/2023/09/13/2
 	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49
@@ -683,6 +687,8 @@ CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_ine
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36)
 CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...)
 	- glibc 2.37-10
+	[bookworm] - glibc <no-dsa> (Minor issue)
+	[bullseye] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843
 CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...)
 	- glibc 2.37-9 (bug #1051958)
@@ -1968,6 +1974,8 @@ CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPre
 CVE-2023-41164
 	{DLA-3558-1}
 	- python-django 3:3.2.21-1 (bug #1051226)
+	[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
+	[bullseye] - python-django <postponed> (Minor issue, fix along in future update)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
 	NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
 	NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main)
@@ -7306,6 +7314,8 @@ CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixe
 	NOT-FOR-US: Apple
 CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...)
 	- modsecurity 3.0.10-1 (bug #1042475)
+	[bookworm] - modsecurity <no-dsa> (Minor issue)
+	[bullseye] - modsecurity <no-dsa> (Minor issue)
 	NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
 CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple


=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ lldpd (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
+netatalk/oldstable (jmm)
+--
 nodejs
   maintainer proposed to follow the upstream 18.x LTS branch
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c021404e462f119daeb92be61dc95566a140cdc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230920/3b804e1c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list