[Git][security-tracker-team/security-tracker][master] triage for older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 3 20:06:22 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f5ca67b by Moritz Muehlenhoff at 2024-11-03T21:05:49+01:00
triage for older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91528,7 +91528,7 @@ CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed le
 	NOT-FOR-US: Hyperledger Fabric
 CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and fixes. The Ge ...)
 	- yt-dlp 2023.11.16-1 (bug #1055996)
-	[bookworm] - yt-dlp <no-dsa> (Minor issue)
+	[bookworm] - yt-dlp <ignored> (Minor issue)
 	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x
 	NOTE: https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb (2023.11.14)
 CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul  ...)
@@ -95232,7 +95232,7 @@ CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...)
 	- xorg-server <unfixed> (bug #1055426)
-	[bookworm] - xorg-server <no-dsa> (Minor issue)
+	[bookworm] - xorg-server <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - xorg-server <no-dsa> (Minor issue)
 	[buster] - xorg-server <no-dsa> (Minor issue)
 	NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
@@ -111971,10 +111971,10 @@ CVE-2023-35937 (Metersphere is an open source continuous testing platform. In ve
 	NOT-FOR-US: Metersphere
 CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites.  ...)
 	- yt-dlp 2023.07.06-1 (bug #1040595)
-	[bookworm] - yt-dlp <no-dsa> (Minor issue)
+	[bookworm] - yt-dlp <ignored> (Minor issue)
 	[bullseye] - yt-dlp <no-dsa> (Minor issue)
 	- youtube-dl <removed> (bug #1079502)
-	[bookworm] - youtube-dl <no-dsa> (Minor issue)
+	[bookworm] - youtube-dl <ignored> (Minor issue)
 	[bullseye] - youtube-dl <postponed> (Minor issue)
 	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
 	NOTE: https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
@@ -156396,7 +156396,7 @@ CVE-2022-4056
 	RESERVED
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...)
 	- xdg-utils <unfixed> (bug #1027160)
-	[bookworm] - xdg-utils <no-dsa> (Minor issue)
+	[bookworm] - xdg-utils <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - xdg-utils <no-dsa> (Minor issue)
 	[buster] - xdg-utils <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
@@ -285791,7 +285791,7 @@ CVE-2021-25744
 	RESERVED
 CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
 	- kubernetes <unfixed> (bug #1016441)
-	[bookworm] - kubernetes <no-dsa> (Minor issue)
+	[bookworm] - kubernetes <ignored> (Minor issue)
 	[bullseye] - kubernetes <no-dsa> (Minor issue)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/101695
 CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
@@ -319613,12 +319613,11 @@ CVE-2020-24905
 	RESERVED
 CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail version 2.5 ...)
 	- viagee 3.7-1 (bug #1051726)
-	[bookworm] - viagee <no-dsa> (Minor issue)
+	[bookworm] - viagee <ignored> (Minor issue)
 	- gnome-gmail <removed>
 	[bullseye] - gnome-gmail <no-dsa> (Minor issue)
 	[buster] - gnome-gmail <no-dsa> (Minor issue)
 	NOTE: https://github.com/davesteele/gnome-gmail/issues/84
-	NOTE: https://github.com/davesteele/viagee/commit/c961b7431018976abc9c964ce594b371fb84183e
 CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...)
 	NOT-FOR-US: Cute Editor for ASP.NET
 CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5ca67bd7e801704aec3d3ee728fbe4e8ec1274

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5ca67bd7e801704aec3d3ee728fbe4e8ec1274
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241103/da4a06a9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list