Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6699b3e6 by Moritz Muehlenhoff at 2024-10-30T16:33:06+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -88843,11 +88843,12 @@ CVE-2023-5620 (The Web Push Notifications WordPress
plugin before 4.35.0 does no
NOT-FOR-US: WordPress plugin
CVE-2023-5616 [gnome-control-center incorrectly claims remote login is off]
- gnome-control-center <unfixed> (bug #1058624)
- [bookworm] - gnome-control-center <no-dsa> (Minor issue)
+ [bookworm] - gnome-control-center <postponed> (Minor issue, revisit
when fixed upstream)
[bullseye] - gnome-control-center <no-dsa> (Minor issue)
[buster] - gnome-control-center <no-dsa> (Minor issue)
NOTE:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577
- NOTE:
https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092
+ NOTE:
https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2462
+ NOTE:
https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092
(abandoned)
NOTE: TODO: check, potentially same incorrect checking of service and
socket status in budgie-control-center
CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32
does not h ...)
NOT-FOR-US: WordPress plugin
@@ -103478,7 +103479,7 @@ CVE-2023-39663 (Mathjax up to v2.7.9 was discovered
to contain two Regular expre
CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid
read mem ...)
[experimental] - aom 3.7.0-1~exp1
- aom 3.7.0-1
- [bookworm] - aom <no-dsa> (Minor issue)
+ [bookworm] - aom <ignored> (Minor issue)
[bullseye] - aom <not-affected> (Vulnerable code introduced later)
[buster] - aom <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3
@@ -109467,17 +109468,15 @@ CVE-2023-37849 (A DLL hijacking vulnerability in
Panda Security VPN for Windows
CVE-2023-37839 (An arbitrary file upload vulnerability in
/dede/file_manage_control.ph ...)
NOT-FOR-US: Dede CMS
CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer
overflo ...)
- - libjpeg <unfixed> (bug #1041103)
- [bookworm] - libjpeg <no-dsa> (Minor issue)
- [bullseye] - libjpeg <no-dsa> (Minor issue)
+ - libjpeg <unfixed> (bug #1041103; unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0
NOTE: Fixed by:
https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable
assertion ...)
- - libjpeg <unfixed> (bug #1041103)
- [bookworm] - libjpeg <no-dsa> (Minor issue)
- [bullseye] - libjpeg <no-dsa> (Minor issue)
+ - libjpeg <unfixed> (bug #1041103; unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1
NOTE: Fixed by:
https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were
discovered ...)
NOT-FOR-US: Tenda
CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were
discovered ...)
@@ -124403,7 +124402,7 @@ CVE-2023-29000 (The Nextcloud Desktop Client is a
tool to synchronize files from
NOTE: https://hackerone.com/reports/1679267
CVE-2023-28999 (Nextcloud is an open-source productivity platform. In
Nextcloud Deskto ...)
- nextcloud-desktop 3.9.0-1 (bug #1034184)
- [bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
+ [bookworm] - nextcloud-desktop <ignored> (Minor issue, too intrusive to
backport)
[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8
@@ -253733,15 +253732,15 @@ CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was
discovered to contain an infinite
[buster] - pdftk-java <no-dsa> (Minor issue)
- pdftk 2.02-5
- libitext-java 2.1.7-16 (bug #1059318)
- [bookworm] - libitext-java <no-dsa> (Minor issue)
+ [bookworm] - libitext-java <ignored> (Minor issue)
[bullseye] - libitext-java <no-dsa> (Minor issue)
[buster] - libitext-java <no-dsa> (Minor issue)
- libitext1-java <unfixed> (bug #1059319)
- [bookworm] - libitext1-java <no-dsa> (Minor issue)
+ [bookworm] - libitext1-java <ignored> (Minor issue)
[bullseye] - libitext1-java <no-dsa> (Minor issue)
[buster] - libitext1-java <no-dsa> (Minor issue)
- libitext5-java 5.5.13.3-4 (bug #1059320)
- [bookworm] - libitext5-java <no-dsa> (Minor issue)
+ [bookworm] - libitext5-java <ignored> (Minor issue)
[bullseye] - libitext5-java <no-dsa> (Minor issue)
[buster] - libitext5-java <no-dsa> (Minor issue)
NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
@@ -275268,8 +275267,8 @@ CVE-2021-29463 (Exiv2 is a command-line utility and
C++ library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of
UPnP de ...)
- pupnp <not-affected> (Fixed before initial upload to Debian after
source package rename)
- - pupnp-1.8 <unfixed> (bug #987326)
- [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
+ - pupnp-1.8 <removed> (bug #987326)
+ [bookworm] - pupnp-1.8 <ignored> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
@@ -278156,7 +278155,7 @@ CVE-2021-28303
RESERVED
CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the
denial o ...)
- pupnp <not-affected> (Fixed before initial upload to Debian after
source package rename)
- - pupnp-1.8 <unfixed> (bug #986833)
+ - pupnp-1.8 <removed> (bug #986833)
[bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
@@ -344163,8 +344162,8 @@ CVE-2020-13849 (The MQTT protocol 3.1.1 requires a
server to set a timeout value
CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows
remote attac ...)
{DLA-2585-1 DLA-2238-1}
- pupnp <not-affected> (Fixed before initial upload to Debian after
source package rename)
- - pupnp-1.8 <unfixed> (bug #962282)
- [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
+ - pupnp-1.8 <removed> (bug #962282)
+ [bookworm] - pupnp-1.8 <ignored> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
@@ -347171,8 +347170,8 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP
specification before 2020-
[buster] - gupnp 1.0.5-0+deb10u1
- minidlna 1.2.1+dfsg-3 (bug #976594)
- pupnp <not-affected> (Fixed before initial upload to Debian after
source package rename)
- - pupnp-1.8 <unfixed> (bug #983206)
- [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
+ - pupnp-1.8 <removed> (bug #983206)
+ [bookworm] - pupnp-1.8 <ignored> (Minor issue)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6699b3e6a8d7353177c9746acf36583a73022195
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6699b3e6a8d7353177c9746acf36583a73022195
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
