Vulnerable source packages in the testing suite

Candidates for DTSAs

Package	Bug	Urgency	Remote	Status
barbican	CVE-2023-1633	not yet assigned	?	unstable is vulnerable
	CVE-2023-1636	not yet assigned	?	unstable is vulnerable
chromium	CVE-2023-2929	not yet assigned	no	fixed in testing-security
	CVE-2023-2930	not yet assigned	no	fixed in testing-security
	CVE-2023-2931	not yet assigned	no	fixed in testing-security
	CVE-2023-2932	not yet assigned	no	fixed in testing-security
	CVE-2023-2933	not yet assigned	no	fixed in testing-security
	CVE-2023-2934	not yet assigned	no	fixed in testing-security
	CVE-2023-2935	not yet assigned	no	fixed in testing-security
	CVE-2023-2936	not yet assigned	no	fixed in testing-security
	CVE-2023-2937	not yet assigned	no	fixed in testing-security
	CVE-2023-2938	not yet assigned	no	fixed in testing-security
	CVE-2023-2939	not yet assigned	no	fixed in testing-security
	CVE-2023-2940	not yet assigned	no	fixed in testing-security
	CVE-2023-2941	not yet assigned	no	fixed in testing-security
	DSA-5418-1	not yet assigned	?	fixed in testing-security
cpp-httplib	CVE-2023-26130	not yet assigned	no	unstable is vulnerable
dav1d	CVE-2023-32570	not yet assigned	no	unstable is vulnerable
frr	CVE-2022-40302	not yet assigned	no	unstable is vulnerable
	CVE-2022-40318	not yet assigned	no	unstable is vulnerable
	CVE-2022-43681	not yet assigned	no	unstable is vulnerable
	CVE-2023-31489	not yet assigned	no	unstable is vulnerable
	CVE-2023-31490	not yet assigned	no	unstable is vulnerable
golang-1.19	CVE-2023-24539	not yet assigned	no	unstable is vulnerable
	CVE-2023-24540	not yet assigned	no	unstable is vulnerable
	CVE-2023-29400	not yet assigned	no	unstable is vulnerable
guestfs-tools	CVE-2022-2211	not yet assigned	no	fixed in testing-security
imagemagick	CVE-2023-1906	not yet assigned	no	unstable is vulnerable
janino	CVE-2023-33546	not yet assigned	no	unstable is vulnerable
linux	CVE-2020-36694	not yet assigned	no	unstable is vulnerable
	CVE-2021-3847	not yet assigned	no	unstable is vulnerable
	CVE-2021-3864	not yet assigned	no	unstable is vulnerable
	CVE-2023-0160	not yet assigned	?	unstable is vulnerable
	CVE-2023-0597	not yet assigned	no	unstable is vulnerable
	CVE-2023-1192	not yet assigned	?	unstable is vulnerable
	CVE-2023-1193	not yet assigned	?	unstable is vulnerable
	CVE-2023-1194	not yet assigned	?	unstable is vulnerable
	CVE-2023-2124	not yet assigned	no	unstable is vulnerable
	CVE-2023-2156	not yet assigned	no	unstable is vulnerable
	CVE-2023-2176	not yet assigned	no	unstable is vulnerable
	CVE-2023-2269	not yet assigned	no	unstable is vulnerable
	CVE-2023-2430	not yet assigned	?	unstable is vulnerable
	CVE-2023-2898	not yet assigned	no	unstable is vulnerable
	CVE-2023-23005	not yet assigned	no	unstable is vulnerable
	CVE-2023-31082	not yet assigned	no	unstable is vulnerable
	CVE-2023-31083	not yet assigned	no	unstable is vulnerable
	CVE-2023-31084	not yet assigned	no	unstable is vulnerable
	CVE-2023-32250	not yet assigned	?	unstable is vulnerable
	CVE-2023-32254	not yet assigned	?	unstable is vulnerable
	CVE-2023-34255	not yet assigned	no	unstable is vulnerable
	CVE-2023-34256	not yet assigned	no	unstable is vulnerable
minidlna	CVE-2023-33476	not yet assigned	no	unstable is vulnerable
openimageio	CVE-2023-22845	not yet assigned	no	unstable is vulnerable
	CVE-2023-24472	not yet assigned	no	unstable is vulnerable
	CVE-2023-24473	not yet assigned	no	unstable is vulnerable
openjdk-17	CVE-2023-21930	not yet assigned	no	unstable is vulnerable
	CVE-2023-21937	not yet assigned	no	unstable is vulnerable
	CVE-2023-21938	not yet assigned	no	unstable is vulnerable
	CVE-2023-21939	not yet assigned	no	unstable is vulnerable
	CVE-2023-21954	not yet assigned	no	unstable is vulnerable
	CVE-2023-21967	not yet assigned	no	unstable is vulnerable
	CVE-2023-21968	not yet assigned	no	unstable is vulnerable
python3.11	CVE-2023-24329	not yet assigned	no	unstable is vulnerable
	CVE-2023-27043	not yet assigned	no	unstable is vulnerable
qtbase-opensource-src-gles	CVE-2023-33285	not yet assigned	no	unstable is vulnerable
requests	CVE-2023-32681	not yet assigned	no	unstable is vulnerable
ring	CVE-2023-27585	not yet assigned	no	unstable is vulnerable
ruby3.1	CVE-2023-28755	not yet assigned	no	unstable is vulnerable
	CVE-2023-28756	not yet assigned	no	unstable is vulnerable
rubygems	CVE-2023-28755	not yet assigned	no	unstable is vulnerable
sysstat	CVE-2023-33204	not yet assigned	no	unstable is vulnerable
tomcat10	CVE-2023-28709	not yet assigned	no	unstable is vulnerable
webkit2gtk	CVE-2023-28204	not yet assigned	?	fixed in unstable
	CVE-2023-32373	not yet assigned	?	fixed in unstable
wireshark	CVE-2023-1161	not yet assigned	no	unstable is vulnerable
	CVE-2023-1992	not yet assigned	no	unstable is vulnerable
	CVE-2023-1993	not yet assigned	no	unstable is vulnerable
	CVE-2023-1994	not yet assigned	no	unstable is vulnerable
	CVE-2023-2857	not yet assigned	no	unstable is vulnerable
wordpress	CVE-2023-2745	not yet assigned	no	fixed in unstable
	TEMP-1036689-1CA7FB	not yet assigned	?	fixed in unstable

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.