[Git][security-tracker-team/security-tracker][master] triage older issues

Mon Nov 4 13:17:36 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
639bfaca by Moritz Muehlenhoff at 2024-11-04T14:17:08+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29432,7 +29432,7 @@ CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundatio
 	NOT-FOR-US: OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core
 CVE-2024-6501 (A flaw was found in NetworkManager. When a system running NetworkManag ...)
 	- network-manager <unfixed> (bug #1076294)
-	[bookworm] - network-manager <no-dsa> (Minor issue)
+	[bookworm] - network-manager <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - network-manager <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
 CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur in the o ...)
@@ -65972,7 +65972,7 @@ CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not p
 	NOT-FOR-US: Net::IPAddress::Util Perl module
 CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...)
 	- libnetwork-ipv4addr-perl <unfixed> (bug #1072178)
-	[bookworm] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
+	[bookworm] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libnetwork-ipv4addr-perl <no-dsa> (Minor issue)
 	[buster] - libnetwork-ipv4addr-perl <postponed> (Minor issue, revisit when fix is available)
 	NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
@@ -76648,7 +76648,7 @@ CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers
 	NOT-FOR-US: mailcow
 CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
 	- libowasp-antisamy-java <unfixed> (bug #1062846)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq
@@ -86740,10 +86740,10 @@ CVE-2023-50782 (A flaw was found in the python-cryptography package. This issue
 	NOTE: in unstable
 CVE-2023-50781 (A flaw was found in m2crypto. This issue may allow a remote attacker t ...)
 	- m2crypto <unfixed> (bug #1059292)
-	[bookworm] - m2crypto <no-dsa> (Minor issue)
+	[bookworm] - m2crypto <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - m2crypto <no-dsa> (Minor issue)
 	[buster] - m2crypto <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25657)
-	NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342
+	NOTE: https://todo.sr.ht/~mcepl/m2crypto/342
 	NOTE: https://people.redhat.com/~hkario/marvin/
 	NOTE: https://github.com/openssl/openssl/pull/13817
 	NOTE: CVE is for incomplete fix of CVE-2020-25657
@@ -98538,7 +98538,7 @@ CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged remot
 	NOT-FOR-US: SICK
 CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1054164)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2
@@ -110439,7 +110439,7 @@ CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JS
 	NOT-FOR-US: rswag
 CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...)
 	- netkit-rsh <removed> (bug #1039689)
-	[bookworm] - netkit-rsh <no-dsa> (Minor issue)
+	[bookworm] - netkit-rsh <ignored> (Minor issue)
 	[bullseye] - netkit-rsh <no-dsa> (Minor issue)
 	[buster] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...)
@@ -207505,7 +207505,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the
 	NOTE: https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e (v0.8.0)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1010154)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -207514,7 +207514,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
 	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1010154)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -261633,7 +261633,7 @@ CVE-2021-35044
 	RESERVED
 CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using  ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -501920,7 +501920,7 @@ CVE-2017-14736
 	RESERVED
 CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -535662,7 +535662,7 @@ CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in
 	NOT-FOR-US: dotCMS
 CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...)
 	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
-	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/639bfaca032bf0f6652bd097194f1098c9848c57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/639bfaca032bf0f6652bd097194f1098c9848c57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241104/956ae05b/attachment.htm>
