Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c49b2bc by Moritz Muehlenhoff at 2024-01-02T12:13:50+01:00
bookworm/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -208,6 +208,7 @@ CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c
in CETIC-6LBR (aka 6lb
NOT-FOR-US: CETIC-6LBR (aka 6lbr)
CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain
security ...)
- sympa 6.2.66~dfsg-1
+ [bullseye] - sympa <no-dsa> (Minor issue)
NOTE: https://www.sympa.community/security/2021-001.html
NOTE: https://github.com/sympa-community/sympa/issues/1091
CVE-2023-7192 [netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack()]
@@ -689,6 +690,7 @@ CVE-2023-50038 (There is an arbitrary file upload
vulnerability in the backgroun
- textpattern <removed>
CVE-2023-49469 (Reflected Cross Site Scripting (XSS) vulnerability in Shaarli
v0.12.2, ...)
- shaarli 0.13.0+dfsg-1
+ [bookworm] - shaarli <no-dsa> (Minor issue)
NOTE: https://github.com/shaarli/Shaarli/issues/2038
NOTE:
https://github.com/shaarli/Shaarli/commit/326870f216ba52d80488cb4ba3fadcf1247d7cf8
(v0.13.0)
CVE-2023-49230 (An issue was discovered in Peplink Balance Two before 8.4.0. A
missing ...)
@@ -1062,6 +1064,8 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling
in certain PIPELINING/C
NOTE:
https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
CVE-2023-51765 (sendmail through at least 8.14.7 allows SMTP smuggling in
certain conf ...)
- sendmail <unfixed> (bug #1059386)
+ [bookworm] - sendmail <no-dsa> (Minor issue)
+ [bullseye] - sendmail <no-dsa> (Minor issue)
NOTE:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5
@@ -1133,14 +1137,20 @@ CVE-2023-50727 (Resque is a Redis-backed Ruby library
for creating background jo
CVE-2023-6937
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
CVE-2023-6936
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
CVE-2023-6935
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
+ [bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It
has been ...)
NOT-FOR-US: slawkens MyAAC
@@ -1314,6 +1324,8 @@ CVE-2023-6690 (A race condition in GitHub Enterprise
Server allowed an existing
NOT-FOR-US: GitHub Enterprise Server
CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte
out-of- ...)
- proftpd-dfsg 1.3.8.a+dfsg-1
+ [bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
+ [bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
NOTE: https://github.com/proftpd/proftpd/issues/1683
NOTE:
https://github.com/proftpd/proftpd/commit/1376d8ccc0966d1ce9a1c76b32c6a9ca61bbe67f
(v1.3.9rc1)
NOTE:
https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
(v1.3.8a)
@@ -2354,6 +2366,8 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM
support not present)
- openssh 1:9.6p1-1
- paramiko <unfixed> (bug #1059006)
+ [bookworm] - paramiko <no-dsa> (Minor issue)
+ [bullseye] - paramiko <no-dsa> (Minor issue)
- phpseclib 1.0.22-1
- php-phpseclib 2.0.46-1
- php-phpseclib3 3.0.35-1
@@ -3481,6 +3495,8 @@ CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability
in DedeBIZ v6.0.3 allow
NOT-FOR-US: DedeBIZ
CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption -
incomplete fix for CVE-2020-25659]
- python-cryptography <unfixed> (bug #1059308)
+ [bookworm] - python-cryptography <no-dsa> (Minor issue)
+ [bullseye] - python-cryptography <no-dsa> (Minor issue)
[buster] - python-cryptography <no-dsa> (Minor issue; it's an
incomplete fix of CVE-2020-25659)
NOTE: https://github.com/pyca/cryptography/issues/9785
NOTE: https://people.redhat.com/~hkario/marvin/
@@ -14319,6 +14335,7 @@ CVE-2023-44689 (e-Gov Client Application (Windows
version) versions prior to 2.1
CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform
allows remo ...)
{DLA-3704-1}
- xerces-c 3.2.4+debian-1
+ [bullseye] - xerces-c <no-dsa> (Minor issue)
NOTE: https://github.com/apache/xerces-c/pull/51
NOTE: https://issues.apache.org/jira/browse/XERCESC-2241
NOTE: Fixed by:
https://github.com/apache/xerces-c/commit/1296a40db07308dbaac32494469f609b00cdfaf3
(v3.2.4)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c49b2bc7112318fd22b65b664304d64c14afb54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c49b2bc7112318fd22b65b664304d64c14afb54
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
