[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Mar 31 20:32:22 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a39713a4 by Moritz Mühlenhoff at 2024-03-31T21:31:41+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1322,9 +1322,10 @@ CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability in Zacha ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c ...)
-	- sane-backends <unfixed>
+	- sane-backends <unfixed> (unimportant)
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/709
 	NOTE: https://gitlab.com/sane-project/backends/-/commit/a92ffb3d978329c29513b0acb98ae7987ec1bed7 (1.3.0)
+	NOTE: Negligible security impact
 CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdfte ...)
 	- texlive-bin <unfixed> (unimportant)
 	NOTE: https://tug.org/pipermail/tex-live/2023-August/049406.html
@@ -1336,9 +1337,10 @@ CVE-2023-46048 (Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pd
 	NOTE: https://tug.org/pipermail/tex-live/2023-August/049400.html
 	NOTE: Crash in CLI tool, negligible security impact
 CVE-2023-46047 (An issue in Sane 1.2.1 allows a local attacker to execute arbitrary co ...)
-	- sane-backends <unfixed>
+	- sane-backends <unfixed> (unimportant)
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/708
 	NOTE: https://gitlab.com/sane-project/backends/-/commit/fd7b83c8f7b4da4a9e1fb715d070aa2fd96832ff (1.3.0)
+	NOTE: Negligible security impact
 CVE-2023-46046 (An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference vi ...)
 	- minizinc 2.8.2+dfsg1-1 (unimportant)
 	NOTE: https://github.com/MiniZinc/libminizinc/issues/730
@@ -1355,11 +1357,13 @@ CVE-2023-45931 (Mesa 23.0.4 was discovered to contain a NULL pointer dereference
 	NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9859
 	NOTE: Disputed and no reasonable security impact proven
 CVE-2023-45929 (S-Lang 2.3.2 was discovered to contain a segmentation fault via the fu ...)
-	- slang2 <unfixed>
+	- slang2 <unfixed> (unimportant)
 	NOTE: http://lists.jedsoft.org/lists/slang-users/2023/0000002.html
+	NOTE: Negligible security impact
 CVE-2023-45927 (S-Lang 2.3.2 was discovered to contain an arithmetic exception via the ...)
-	- slang2 <unfixed>
+	- slang2 <unfixed> (unimportant)
 	NOTE: http://lists.jedsoft.org/lists/slang-users/2023/0000003.html
+	NOTE: Negligible security impact
 CVE-2023-45925 (GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain ...)
 	- mc <unfixed> (unimportant)
 	NOTE: https://midnight-commander.org/ticket/4484
@@ -1426,6 +1430,8 @@ CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
 	- wireshark <unfixed> (bug #1068111)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19695
 CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -32,9 +32,6 @@ gtkwave (jmm)
 --
 h2o (jmm)
 --
-intel-microcode (carnil)
-  Wailt for exposure in unstable in any case
---
 jetty9
 --
 libreswan (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39713a408d16f6f246957b1465d244055ea5aa5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39713a408d16f6f246957b1465d244055ea5aa5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240331/241aa199/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list