diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-28 11:52:30 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-28 11:52:30 +0200 |
| commit | 616b899709e60c138ffd96a96ec061da24a0c52f (patch) | |
| tree | 78b1272e84182c6da33ec1f64ca44c9f83ee2463 /data | |
| parent | ad2aa3250959efd4cb1e63e15a81d7172ee48c09 (diff) | |
bullseye/bookworm triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 84c6b7704c..9119ff38a6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -54,7 +54,9 @@ CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote at NOT-FOR-US: Array AG OS CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) - tomcat10 <unfixed> + [bookworm] - tomcat10 <postponed> (Minor issue, fix along with future update) - tomcat9 9.0.70-2 + [bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update) - tomcat8 <removed> NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f NOTE: https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13) @@ -46229,8 +46231,11 @@ CVE-2022-47023 RESERVED CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to ca ...) - hwloc <unfixed> + [bookworm] - hwloc <no-dsa> (Minor issue) + [bullseye] - hwloc <no-dsa> (Minor issue) NOTE: https://github.com/open-mpi/hwloc/issues/544 - TODO: check, additionally openmpi and mpich embedd hwloc, but issue seems negligible + NOTE: https://github.com/open-mpi/hwloc/commit/eec84f84d4c4a7af6ed2c57ba95a9256e56e73b4 + NOTE: Additionally openmpi and mpich embedd hwloc, but issue seems negligible CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...) - opusfile 0.12-4 (bug #1030049) [bullseye] - opusfile <no-dsa> (Minor issue) @@ -59984,6 +59989,8 @@ CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function S NOTE: https://github.com/sass/libsass/issues/3178 CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...) - libsass <unfixed> + [bookworm] - libsass <no-dsa> (Minor issue) + [bullseye] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/3177 CVE-2022-43356 RESERVED @@ -68800,6 +68807,7 @@ CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...) - tiff 4.5.0-2 + [bullseye] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1) @@ -107155,6 +107163,8 @@ CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's a NOT-FOR-US: Liferay CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...) - libsass <unfixed> + [bookworm] - libsass <no-dsa> (Minor issue) + [bullseye] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/3174 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...) NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware @@ -118015,6 +118025,8 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a seg NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0) CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...) - djvulibre <unfixed> + [bookworm] - djvulibre <no-dsa> (Minor issue) + [bullseye] - djvulibre <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/344/ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 @@ -118025,6 +118037,8 @@ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0) CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...) - djvulibre <unfixed> + [bookworm] - djvulibre <no-dsa> (Minor issue) + [bullseye] - djvulibre <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/345/ CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) NOT-FOR-US: Sourcecodester @@ -221395,10 +221409,11 @@ CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_sp NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8) CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment function in o ...) - - nasm 2.16.01-1 + - nasm 2.16.01-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392637 NOTE: Introduced by: https://github.com/netwide-assembler/nasm/commit/98578071b9d71ecaa2344dd9c185237c1765041e (nasm-2.14rc1) NOTE: Fixed by: https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b (nasm-2.16rc1) + NOTE: Crash in CLI tool, no security impact CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...) NOT-FOR-US: Halo CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...) |