Overview

CVE-2023-26302

CVSS

Base: 3.5 Low CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Description

The fix is to update markdown-it-py to 2.2.0.

Overview

CVE-2022-3545
CVE-2022-3623
CVE-2022-45934
CVE-2022-4696
CVE-2023-0179
CVE-2022-36280
CVE-2022-41218
CVE-2022-47929
CVE-2023-23454
CVE-2023-23455)

CVSS

Base: 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 is the highest so going with that.

Description

Kernel is bad the fix is to update to 5.10.162-1

Overview

CVE-2023-0286
CVE-2022-2097
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215

CVE-2023-23931

CVSS

Base: 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Most don't have a score yet so will just leave High since that is the highest rank on these.

Description

The fix for OpenSSL is to update to 1.1.1n-0+deb11u4.

The fix for python-pkg is to update to 39.0.1.

Overview

CVE-2022-23491 - The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CVSS

No score yet

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from TrustCor from the root store. These are in the process of being removed from Mozillas trust store. TrustCors root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCors ownership also operated a business that produced spyware. Conclusions of Mozillas investigation can be found in the linked google group discussion. The fix is to bump package to 2022.12.07.

Overview

CVE-2023-0361

CVSS

Base: 5.2 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Doesnt seem to have a score yet.

Description

The fix is to update libgnutls30 to 3.7.1-5+deb11u3

Overview

CVE-2021-46848 - GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der

CVSS

Base: 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Description

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. Fix is to update to 4.16.0-2+deb11u1.

Should swap all of the workflows to use the new centralized ones: https://github.com/crushten/github_workflow_repo

Shall see how this goes lol.

Overview

CVE-2022-40897 - Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page.

CVSS

Base: 7.5 HIGH Trivy list this as high in the pipeline but there isnt a score yet.

Description

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py..

Overview

CVE-2022-43680 - In src:expat, an XML parsing C library, there is a use-after free
caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVSS

Base: 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

NVD doesnt have it rated yet but Trivy gives it a 7.5.

Description

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Fix is to update package to 2.2.10-2+deb11u5.

Overview

CVE-2022-42898 - krb5: integer overflow vulnerabilities in PAC parsing

CVSS

Base: 6.4 Medium CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Description

See Samba. The fix is to update to 1.18.3-6+deb11u3 versions of libkrb5support0, libkrb5-3, libk5crypto3 , and libgssapi-krb5-2 .

Hmm not sure about the reusable workflows. Its nice to have them but all the workflows just run independent of each other.

Maybe when the main repo gets setup can maybe handle it better. Not sure if a workflow can be dependent on another one.