[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Fri Mar 22 16:01:00 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4e1c12c by Moritz Muehlenhoff at 2024-03-22T17:00:18+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -871,6 +871,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers
 	- python3.9 <removed>
 	- python3.7 <removed>
 	- python2.7 <removed>
+	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	NOTE: https://github.com/python/cpython/pull/110016
 	NOTE: https://github.com/python/cpython/issues/109858
 	NOTE: https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba (v3.13.0a3)
@@ -886,6 +887,7 @@ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` c
 	- python3.9 <removed>
 	- python3.7 <removed>
 	- python2.7 <removed>
+	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	NOTE: https://github.com/python/cpython/pull/99930
 	NOTE: https://github.com/python/cpython/issues/91133
 	NOTE: https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 (v3.12.1)
@@ -1294,9 +1296,10 @@ CVE-2024-1333 (The Responsive Pricing Table WordPress plugin before 5.1.11 does
 CVE-2024-1331 (The Team Members WordPress plugin before 5.3.2 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1013 (An out-of-bounds stack write flaw was found in unixODBC on 64-bit arch ...)
-	- unixodbc <unfixed>
+	- unixodbc <unfixed> (unimportant)
 	NOTE: https://github.com/lurcher/unixODBC/pull/157
 	NOTE: Fixed by: https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1
+	NOTE: Only affects example code, not present in binary packages
 CVE-2024-0973 (The Widget for Social Page Feeds WordPress plugin before 6.4 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0951 (The Advanced Social Feeds Widget & Shortcode WordPress plugin through  ...)
@@ -1502,6 +1505,8 @@ CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not p
 	NOT-FOR-US: Net::IPAddress::Util Perl module
 CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...)
 	- libnetwork-ipv4addr-perl <unfixed>
+	[bookworm] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
+	[bullseye] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
 	NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
 CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not properly cons ...)
 	- libnet-cidr-lite-perl 0.22-1
@@ -1613,6 +1618,8 @@ CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & M
 	NOT-FOR-US: WooCommerce plugin
 CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack]
 	- libcrypt-openssl-rsa-perl <unfixed> (bug #1066969)
+	[bookworm] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue)
+	[bullseye] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue)
 	[buster] - libcrypt-openssl-rsa-perl <postponed> (Minor issue; side-channel timing attack)
 	NOTE: https://people.redhat.com/~hkario/marvin/
 	NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
@@ -2667,7 +2674,8 @@ CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site S
 CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...)
 	NOT-FOR-US: My Food Recipe Using PHP with Source Code
 CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...)
-	- tcpreplay <unfixed>
+	- tcpreplay <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/appneta/tcpreplay/issues/824
 CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...)
 	NOT-FOR-US: Code-Projects Exam Form Submission
@@ -7103,6 +7111,8 @@ CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: https://redmine.openinfosecfoundation.org/issues/6657
 CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
 	- libhtp 1:0.5.46-1
+	[bookworm] - libhtp <no-dsa> (Minor issue)
+	[bullseye] - libhtp <no-dsa> (Minor issue)
 	[buster] - libhtp <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
 	NOTE: https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a (0.5.46)
@@ -45242,6 +45252,8 @@ CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manag
 	NOT-FOR-US: Veritas InfoScale
 CVE-2023-7250 (A flaw was found in iperf, a utility for testing network performance u ...)
 	- iperf3 3.15-1
+	[bookworm] - iperf3 <no-dsa> (Minor issue)
+	[bullseye] - iperf3 <no-dsa> (Minor issue)
 	NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc
 	NOTE: https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4 (3.15)
 CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow and heap  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -93,7 +93,7 @@ ruby-tzinfo/oldstable
 --
 salt/oldstable
 --
-samba/oldstable
+samba/oldstable (jmm)
   santiago started to backport patches to bullseye
 --
 squid



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e1c12c1b3ba70e3e8cd16d8b26c453b31e1290

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e1c12c1b3ba70e3e8cd16d8b26c453b31e1290
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240322/4a503974/attachment-0001.htm>
