Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3baecc10 by Moritz Muehlenhoff at 2023-11-02T16:37:08+01:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -503,6 +503,8 @@ CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and
before is vulnerable to
NOT-FOR-US: PrestaShop module
CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion
in the c ...)
- mupdf 1.22.1+ds1-1
+ [bookworm] - mupdf <no-dsa> (Minor issue)
+ [bullseye] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706506
NOTE: Fixed by:
https://git.ghostscript.com/?p=mupdf.git;a=commit;h=c0015401693b58e2deb5d75c39f27bc1216e47c6
(1.22.0-rc1)
CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in
demos/hooks-targe ...)
@@ -6429,6 +6431,7 @@ CVE-2023-41074 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41073 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
@@ -6486,6 +6489,7 @@ CVE-2023-40451 (This issue was addressed with improved
iframe sandbox enforcemen
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-40450 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -6561,6 +6565,7 @@ CVE-2023-39434 (A use-after-free issue was addressed with
improved memory manage
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39233 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -6584,6 +6589,7 @@ CVE-2023-35074 (The issue was addressed with improved
memory handling. This issu
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MRV Tech Logging Administration Panel
@@ -7157,6 +7163,7 @@ CVE-2023-41993 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -8064,6 +8071,7 @@ CVE-2023-39928 (A use-after-free vulnerability exists in
the MediaRecorder API o
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1
contains ...)
- routinator <itp> (bug #929024)
@@ -8875,6 +8883,7 @@ CVE-2023-40397 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-40392 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
@@ -9109,6 +9118,7 @@ CVE-2023-32370 (A logic issue was addressed with improved
validation. This issue
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-32362 (Error handling was changed to not reveal sensitive
information. This i ...)
NOT-FOR-US: Apple
@@ -14681,6 +14691,7 @@ CVE-2023-38599 (A logic issue was addressed with
improved state management. This
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38598 (A use-after-free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
@@ -14690,6 +14701,7 @@ CVE-2023-38592 (A logic issue was addressed with
improved restrictions. This iss
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38590 (A buffer overflow issue was addressed with improved memory
handling. T ...)
NOT-FOR-US: Apple
@@ -14807,6 +14819,7 @@ CVE-2023-38611 (The issue was addressed with improved
memory handling. This issu
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38608 (The issue was addressed with additional permissions checks.
This issue ...)
NOT-FOR-US: Apple
@@ -14822,6 +14835,7 @@ CVE-2023-38600 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38597 (The issue was addressed with improved checks. This issue is
fixed in i ...)
{DSA-5468-1}
@@ -14829,6 +14843,7 @@ CVE-2023-38597 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38595 (The issue was addressed with improved checks. This issue is
fixed in i ...)
{DSA-5468-1}
@@ -14836,6 +14851,7 @@ CVE-2023-38595 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38594 (The issue was addressed with improved checks. This issue is
fixed in i ...)
{DSA-5468-1}
@@ -14843,6 +14859,7 @@ CVE-2023-38594 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
@@ -14854,6 +14871,7 @@ CVE-2023-38572 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38565 (A path handling issue was addressed with improved validation.
This iss ...)
NOT-FOR-US: Apple
@@ -14887,6 +14905,7 @@ CVE-2023-38133 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in
/libyasm ...)
- yasm <unfixed> (unimportant)
@@ -15523,6 +15542,7 @@ CVE-2023-37450 (The issue was addressed with improved
checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.4-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0006.html
NOTE:
https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07
CVE-2023-38200 (A flaw was found in Keylime. Due to their blocking nature, the
Keylime ...)
@@ -19138,6 +19158,7 @@ CVE-2023-32439 (A type confusion issue was addressed
with improved checks. This
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
CVE-2023-32435 (A memory corruption issue was addressed with improved state
management ...)
{DSA-5396-1}
@@ -19145,6 +19166,7 @@ CVE-2023-32435 (A memory corruption issue was addressed
with improved state mana
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
CVE-2023-32434 (An integer overflow was addressed with improved input
validation. This ...)
NOT-FOR-US: Apple
@@ -19200,6 +19222,7 @@ CVE-2023-32393 (The issue was addressed with improved
memory handling. This issu
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0006.html
CVE-2023-32392 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
@@ -22647,6 +22670,7 @@ CVE-2023-32373 (A use-after-free issue was addressed
with improved memory manage
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=254840
NOTE:
https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
@@ -34119,6 +34143,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed
with improved input validati
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930
NOTE:
https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
@@ -34138,6 +34163,7 @@ CVE-2023-28198 (A use-after-free issue was addressed
with improved memory manage
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-28197
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3baecc10afcf20d3fbb5ac9851f6cf28bd8e6bed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3baecc10afcf20d3fbb5ac9851f6cf28bd8e6bed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
