[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Tue Jan 2 11:22:37 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c49b2bc by Moritz Muehlenhoff at 2024-01-02T12:13:50+01:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -208,6 +208,7 @@ CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lb
 	NOT-FOR-US: CETIC-6LBR (aka 6lbr)
 CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain security  ...)
 	- sympa 6.2.66~dfsg-1
+	[bullseye] - sympa <no-dsa> (Minor issue)
 	NOTE: https://www.sympa.community/security/2021-001.html
 	NOTE: https://github.com/sympa-community/sympa/issues/1091
 CVE-2023-7192 [netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()]
@@ -689,6 +690,7 @@ CVE-2023-50038 (There is an arbitrary file upload vulnerability in the backgroun
 	- textpattern <removed>
 CVE-2023-49469 (Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, ...)
 	- shaarli 0.13.0+dfsg-1
+	[bookworm] - shaarli <no-dsa> (Minor issue)
 	NOTE: https://github.com/shaarli/Shaarli/issues/2038
 	NOTE: https://github.com/shaarli/Shaarli/commit/326870f216ba52d80488cb4ba3fadcf1247d7cf8 (v0.13.0)
 CVE-2023-49230 (An issue was discovered in Peplink Balance Two before 8.4.0. A missing ...)
@@ -1062,6 +1064,8 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/C
 	NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
 CVE-2023-51765 (sendmail through at least 8.14.7 allows SMTP smuggling in certain conf ...)
 	- sendmail <unfixed> (bug #1059386)
+	[bookworm] - sendmail <no-dsa> (Minor issue)
+	[bullseye] - sendmail <no-dsa> (Minor issue)
 	NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5
@@ -1133,14 +1137,20 @@ CVE-2023-50727 (Resque is a Redis-backed Ruby library for creating background jo
 CVE-2023-6937
 	[experimental] - wolfssl 5.6.6-1
 	- wolfssl 5.6.6-1.2 (bug #1059357)
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
 CVE-2023-6936
 	[experimental] - wolfssl 5.6.6-1
 	- wolfssl 5.6.6-1.2 (bug #1059357)
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
 CVE-2023-6935
 	[experimental] - wolfssl 5.6.6-1
 	- wolfssl 5.6.6-1.2 (bug #1059357)
+	[bookworm] - wolfssl <no-dsa> (Minor issue)
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
 CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been  ...)
 	NOT-FOR-US: slawkens MyAAC
@@ -1314,6 +1324,8 @@ CVE-2023-6690 (A race condition in GitHub Enterprise Server allowed an existing
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...)
 	- proftpd-dfsg 1.3.8.a+dfsg-1
+	[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
+	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
 	NOTE: https://github.com/proftpd/proftpd/issues/1683
 	NOTE: https://github.com/proftpd/proftpd/commit/1376d8ccc0966d1ce9a1c76b32c6a9ca61bbe67f (v1.3.9rc1)
 	NOTE: https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 (v1.3.8a)
@@ -2354,6 +2366,8 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
 	- openssh 1:9.6p1-1
 	- paramiko <unfixed> (bug #1059006)
+	[bookworm] - paramiko <no-dsa> (Minor issue)
+	[bullseye] - paramiko <no-dsa> (Minor issue)
 	- phpseclib 1.0.22-1
 	- php-phpseclib 2.0.46-1
 	- php-phpseclib3 3.0.35-1
@@ -3481,6 +3495,8 @@ CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allow
 	NOT-FOR-US: DedeBIZ
 CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
 	- python-cryptography <unfixed> (bug #1059308)
+	[bookworm] - python-cryptography <no-dsa> (Minor issue)
+	[bullseye] - python-cryptography <no-dsa> (Minor issue)
 	[buster] - python-cryptography <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25659)
 	NOTE: https://github.com/pyca/cryptography/issues/9785
 	NOTE: https://people.redhat.com/~hkario/marvin/
@@ -14319,6 +14335,7 @@ CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to 2.1
 CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remo ...)
 	{DLA-3704-1}
 	- xerces-c 3.2.4+debian-1
+	[bullseye] - xerces-c <no-dsa> (Minor issue)
 	NOTE: https://github.com/apache/xerces-c/pull/51
 	NOTE: https://issues.apache.org/jira/browse/XERCESC-2241
 	NOTE: Fixed by: https://github.com/apache/xerces-c/commit/1296a40db07308dbaac32494469f609b00cdfaf3 (v3.2.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c49b2bc7112318fd22b65b664304d64c14afb54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c49b2bc7112318fd22b65b664304d64c14afb54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240102/293ad3d3/attachment-0001.htm>
