[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 5 11:28:03 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baf17973 by Moritz Muehlenhoff at 2024-01-05T12:18:25+01:00
bullseye/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1156,6 +1156,8 @@ CVE-2023-51075 (hutool-core v5.8.23 was discovered to contain an infinite loop i
NOT-FOR-US: Hutool
CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...)
- jayway-jsonpath <unfixed>
+ [bookworm] - jayway-jsonpath <no-dsa> (Minor issue)
+ [bullseye] - jayway-jsonpath <no-dsa> (Minor issue)
NOTE: https://github.com/json-path/JsonPath/issues/973
CVE-2023-51010 (An issue in the export component AdSdkH5Activity of com.sdjictec.qdmet ...)
NOT-FOR-US: com.sdjictec.qdmetro
@@ -2854,8 +2856,13 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
[bookworm] - paramiko <no-dsa> (Minor issue)
[bullseye] - paramiko <no-dsa> (Minor issue)
- phpseclib 1.0.22-1
+ [bookworm] - phpseclib <no-dsa> (Minor issue)
+ [bullseye] - phpseclib <no-dsa> (Minor issue)
- php-phpseclib 2.0.46-1
+ [bookworm] - php-phpseclib <no-dsa> (Minor issue)
+ [bullseye] - php-phpseclib <no-dsa> (Minor issue)
- php-phpseclib3 3.0.35-1
+ [bookworm] - php-phpseclib3 <no-dsa> (Minor issue)
- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -2934,12 +2941,18 @@ CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated To
NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service)
CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows atta ...)
- libcrypto++ <unfixed> (bug #1059312)
+ [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+ [bullseye] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/1249
CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to ...)
- libcrypto++ <unfixed> (bug #1059311)
+ [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+ [bullseye] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/1248
CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...)
- libcrypto++ <unfixed> (bug #1059310)
+ [bookworm] - libcrypto++ <no-dsa> (Minor issue)
+ [bullseye] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/1247
CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...)
NOT-FOR-US: Redpanda
@@ -3989,6 +4002,8 @@ CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - inc
NOTE: CVE is for incomplete fix of CVE-2020-25659
CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657]
- m2crypto <unfixed> (bug #1059292)
+ [bookworm] - m2crypto <no-dsa> (Minor issue)
+ [bullseye] - m2crypto <no-dsa> (Minor issue)
[buster] - m2crypto <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25657)
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342
NOTE: https://people.redhat.com/~hkario/marvin/
@@ -13161,6 +13176,8 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la
NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831
CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
- libxml-security-java <unfixed> (bug #1059313)
+ [bookworm] - libxml-security-java <no-dsa> (Minor issue)
+ [bullseye] - libxml-security-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5
NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
@@ -18706,6 +18723,8 @@ CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allow
NOT-FOR-US: Neos CMS
CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...)
- ansible <unfixed> (bug #1055300)
+ [bookworm] - ansible <no-dsa> (Minor issue)
+ [bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ python3.11/stable (carnil)
--
python3.9/oldstable
--
+python-asyncssh
+--
redmine/stable
--
ring
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf179734b0fede4b1a1c6cf53b59b1721456257
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240105/bc540306/attachment.htm>
More information about the debian-security-tracker-commits
mailing list