diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2023-07-03 17:30:39 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-07-03 17:30:39 +0200 |
| commit | ef1aa0ff91ef2e78571718f393da36113ea369d4 (patch) | |
| tree | bf1be0b96be1e34ab2c08df644080330e9e146a6 | |
| parent | ba86a805cbd01216c63d2f6cd3c87fa0ce9773bb (diff) | |
bullseye/bookworm triage
| -rw-r--r-- | data/CVE/list | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 002c1c8e17..dbd6498969 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1330,6 +1330,8 @@ CVE-2023-31410 (A remote unprivileged attacker can intercept the communication v NOT-FOR-US: SICK CVE-2023-2908 (A null pointer dereference issue was discovered in Libtiff's tif_dir.c ...) - tiff 4.5.1~rc3-1 + [bookworm] - tiff <no-dsa> (Minor issue) + [bullseye] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1) CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -19228,10 +19230,11 @@ CVE-2023-26967 RESERVED CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...) - tiff 4.5.1~rc3-1 + [bookworm] - tiff <no-dsa> (Minor issue) + [bullseye] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1) - TODO: check CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...) - tiff 4.5.1~rc3-1 [bookworm] - tiff <no-dsa> (Minor issue) @@ -104277,6 +104280,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation - epics-base <unfixed> (bug #1040159) - r-cran-jsonlite <unfixed> (bug #1040161) - xqilla <unfixed> (bug #1040164) + [bullseye] - xqilla <no-dsa> (Minor issue) NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 @@ -382008,6 +382012,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is - epics-base <unfixed> (bug #1040159) - r-cran-jsonlite <unfixed> (bug #1040161) - xqilla <unfixed> (bug #1040164) + [bullseye] - xqilla <no-dsa> (Minor issue) NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce NOTE: yail: https://github.com/lloyd/yajl/issues/248 |