[Git][security-tracker-team/security-tracker][master] triage of older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 5 15:01:46 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1c882bb by Moritz Muehlenhoff at 2024-11-05T15:58:16+01:00
triage of older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -95879,6 +95879,8 @@ CVE-2023-46332 (WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in
 	[bullseye] - wabt <no-dsa> (Minor issue)
 	[buster] - wabt <no-dsa> (Minor issue)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2311
+	NOTE: https://github.com/WebAssembly/wabt/pull/2432
+	NOTE: https://github.com/WebAssembly/wabt/commit/38524984d5a15c433fe111b1367d74c910dbb677
 CVE-2023-46331 (WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegm ...)
 	- wabt <unfixed> (unimportant)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2310
@@ -112310,7 +112312,7 @@ CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v
 	NOT-FOR-US: Food Ordering System
 CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...)
 	- sqlfluff 2.3.5-1 (bug #1041428)
-	[bookworm] - sqlfluff <no-dsa> (Minor issue)
+	[bookworm] - sqlfluff <ignored> (Minor issue)
 	NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
 	NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
 CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)
@@ -117435,7 +117437,7 @@ CVE-2023-2481 (Compiler removal of buffer clearing in     sli_se_opaque_import_k
 CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...)
 	{DLA-3434-1}
 	- sysstat 12.6.1-2 (bug #1036294)
-	[bookworm] - sysstat <no-dsa> (Minor issue)
+	[bookworm] - sysstat <ignored> (Minor issue, limited to 32 bit archs)
 	[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 not applied)
 	NOTE: https://github.com/sysstat/sysstat/pull/360
 	NOTE: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
@@ -242701,7 +242703,7 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
 	NOTE: Memory leak in GUI application, no security impact
 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...)
 	- vtk9 9.1.0+really9.1.0+dfsg2-8 (bug #1031877)
-	[bookworm] - vtk9 <no-dsa> (Minor issue)
+	[bookworm] - vtk9 <ignored> (Minor issue)
 	[bullseye] - vtk9 <no-dsa> (Minor issue)
 	- vtk7 <removed> (bug #1034844)
 	[bullseye] - vtk7 <no-dsa> (Minor issue)
@@ -265971,11 +265973,11 @@ CVE-2021-33392
 	RESERVED
 CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...)
 	- tidy-html5 <unfixed> (bug #1032665)
-	[bookworm] - tidy-html5 <no-dsa> (Minor issue)
+	[bookworm] - tidy-html5 <ignored> (Minor issue)
 	[bullseye] - tidy-html5 <no-dsa> (Minor issue)
 	[buster] - tidy-html5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/htacg/tidy-html5/issues/946
-	NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b
+	NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b (5.9.8-next)
 CVE-2021-33390 (dpic 2021.04.10 has a use-after-free in thedeletestringbox() function  ...)
 	- dpic 2021.11.01-1 (unimportant)
 	NOTE: https://gitlab.com/aplevich/dpic/-/issues/10
@@ -318150,7 +318152,7 @@ CVE-2020-25659 (python-cryptography 3.2 is vulnerable to Bleichenbacher timing a
 	NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)
 CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher timing at ...)
 	- python-rsa <unfixed> (bug #974685)
-	[bookworm] - python-rsa <no-dsa> (Minor issue)
+	[bookworm] - python-rsa <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - python-rsa <no-dsa> (Minor issue)
 	[buster] - python-rsa <no-dsa> (Minor issue)
 	[stretch] - python-rsa <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c882bb2876a88647c86ffb73d9dd197f66f792

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c882bb2876a88647c86ffb73d9dd197f66f792
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241105/61164631/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list