diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2023-03-03 20:18:19 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-03-03 20:18:19 +0100 |
| commit | 3e27f1951a27e432d4d5fc3d94206adc600fafb9 (patch) | |
| tree | b35394f5da8bef7a20c7b4bfc85f7f215e8d45a8 /data | |
| parent | 9501e698ef0205aff58f2d2f92aabaa73856ca72 (diff) | |
bookworm triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 84 | ||||
| -rw-r--r-- | data/embedded-code-copies | 1 |
2 files changed, 21 insertions, 64 deletions
diff --git a/data/CVE/list b/data/CVE/list index c99d024550..69308ddc84 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -29488,9 +29488,10 @@ CVE-2022-44036 (** DISPUTED ** In b2evolution 7.2.5, if configured with admins_c CVE-2022-44035 RESERVED CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) - - linux <unfixed> + - linux <unfixed> (unimportant) NOTE: https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/ NOTE: https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/ + NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-44033 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) - linux <unfixed> (unimportant) NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ @@ -56854,7 +56855,7 @@ CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability that NOT-FOR-US: NVFLARE CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnera ...) [experimental] - nvidia-cuda-toolkit 11.8.0-1 - - nvidia-cuda-toolkit <unfixed> (bug #1021625) + - nvidia-cuda-toolkit 11.8.0-2 (bug #1021625) [bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported) [buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373 @@ -69827,9 +69828,7 @@ CVE-2022-30046 RESERVED CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #1014389) - - scilab <unfixed> (bug #1014391) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #1014391) - netcdf 1:4.9.0-1 [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -137211,9 +137210,7 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi {DLA-2705-1} - mapcache <unfixed> (unimportant; bug #989363) [stretch] - mapcache <no-dsa> (Minor issue) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -137856,9 +137853,7 @@ CVE-2021-31349 (The usage of an internal HTTP header created an authentication b CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -137871,9 +137866,7 @@ CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -138172,9 +138165,7 @@ CVE-2021-31230 CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -140292,9 +140283,7 @@ CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injectio CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -151056,10 +151045,7 @@ CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated En NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -151071,10 +151057,7 @@ CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -151086,10 +151069,7 @@ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -235646,10 +235626,7 @@ CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -235661,10 +235638,7 @@ CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -235676,10 +235650,7 @@ CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -235691,10 +235662,7 @@ CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -235706,10 +235674,7 @@ CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -238797,10 +238762,7 @@ CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project n NOT-FOR-US: Archery CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -238812,10 +238774,7 @@ CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The functi NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) @@ -238827,10 +238786,7 @@ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache <unfixed> (unimportant; bug #989363) - - scilab <unfixed> (bug #989364) - [bullseye] - scilab <no-dsa> (Minor issue) - [buster] - scilab <no-dsa> (Minor issue) - [stretch] - scilab <no-dsa> (Minor issue) + - scilab <unfixed> (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf <ignored> (Minor issue) [buster] - netcdf <ignored> (Minor issue) diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 3da39554d9..858c4a8371 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -3543,6 +3543,7 @@ ezxml (not packaged in Debian; no ITP) - mapcache <unfixed> (embed; bug #989363) NOTE: mapcache only uses ezxml to parse config file, doesn't trust any trust boundary, no need to file bugs - scilab <unfixed> (embed; bug #989364) + NOTE: scilab only uses it to load scicos/xcos schemas, negligible security impact libstb - goxel 0.10.6-2 (embed; bug #949552) |