[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Nov 11 19:26:11 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc3e62d7 by Moritz Muehlenhoff at 2025-11-11T20:25:44+01:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79153,7 +79153,7 @@ CVE-2023-52315
REJECTED
CVE-2025-2312 (A flaw was found in cifs-utils. When trying to obtain Kerberos credent ...)
- cifs-utils 2:7.2-1 (bug #1106242)
- [bookworm] - cifs-utils <no-dsa> (Minor issue; needs corresponding kernel change)
+ [bookworm] - cifs-utils <ignored> (Minor issue; needs corresponding kernel change)
[bullseye] - cifs-utils <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2352604
NOTE: Depends on change on kernel: https://git.kernel.org/linus/db363b0a1d9e6b9dc556296f1b1007aeb496a8cf (6.13-rc1)
@@ -190764,7 +190764,7 @@ CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OT
CVE-2024-2002 (A double-free vulnerability was found in libdwarf. In a multiply-corru ...)
[experimental] - dwarfutils 1:0.11.1-1~exp1
- dwarfutils 1:0.11.1-1 (bug #1065511)
- [bookworm] - dwarfutils <no-dsa> (Minor issue)
+ [bookworm] - dwarfutils <ignored> (Minor issue)
[bullseye] - dwarfutils <no-dsa> (Minor issue)
[buster] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
@@ -192171,7 +192171,7 @@ CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management
NOT-FOR-US: Projectworlds Visitor Management System
CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker ...)
- clojure 1.11.2-1 (bug #1071746)
- [bookworm] - clojure <no-dsa> (Minor issue)
+ [bookworm] - clojure <ignored> (Minor issue)
[bullseye] - clojure <no-dsa> (Minor issue)
[buster] - clojure <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-vr64-r9qj-h27f
@@ -232567,7 +232567,7 @@ CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Al
NOT-FOR-US: Teacher Subject Allocation System
CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1041097)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1041098)
@@ -255348,7 +255348,7 @@ CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creati
NOT-FOR-US: Vega
CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1034171)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1034172)
@@ -260585,7 +260585,7 @@ CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) device
NOT-FOR-US: RIOT-OS
CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1034171)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1034172)
@@ -268312,7 +268312,7 @@ CVE-2023-22487 (Flarum is a forum software for building communities. Using the m
NOT-FOR-US: Flarum
CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1033110)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1033111)
@@ -268333,7 +268333,7 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1033110)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1033111)
@@ -268353,7 +268353,7 @@ CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1033110)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1033111)
@@ -268373,7 +268373,7 @@ CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
NOTE: r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.13-1 (bug #1033110)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1033111)
@@ -298583,7 +298583,7 @@ CVE-2022-39210 (Nextcloud android is the official Android client for the Nextclo
NOT-FOR-US: Nextcloud android
CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm 0.29.0.gfm.6-2 (bug #1020588)
- [bookworm] - cmark-gfm <no-dsa> (Minor issue)
+ [bookworm] - cmark-gfm <ignored> (Minor issue)
[bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm 2024.11.20-1 (bug #1034887)
@@ -312633,7 +312633,7 @@ CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tiny
CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...)
[experimental] - dwarfutils 1:0.11.1-1~exp1
- dwarfutils 1:0.11.1-1 (bug #1014493)
- [bookworm] - dwarfutils <no-dsa> (Minor issue)
+ [bookworm] - dwarfutils <ignored> (Minor issue)
[bullseye] - dwarfutils <no-dsa> (Minor issue)
[buster] - dwarfutils <no-dsa> (Minor issue)
[stretch] - dwarfutils <no-dsa> (Minor issue)
@@ -318160,7 +318160,7 @@ CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Componen
CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...)
[experimental] - dwarfutils 1:0.11.1-1~exp1
- dwarfutils 1:0.11.1-1 (bug #1012515)
- [bookworm] - dwarfutils <no-dsa> (Minor issue)
+ [bookworm] - dwarfutils <ignored> (Minor issue)
[bullseye] - dwarfutils <no-dsa> (Minor issue)
[buster] - dwarfutils <no-dsa> (Minor issue)
[stretch] - dwarfutils <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc3e62d7cfc4154e5479a4285a3d7410b77136ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc3e62d7cfc4154e5479a4285a3d7410b77136ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/22bf23ea/attachment.htm>
More information about the debian-security-tracker-commits
mailing list