Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab60b94d by Adrian Bunk at 2023-03-30T14:41:10+03:00
hotspot is buster is not affected by CVE-2023-28144
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2994,6 +2994,7 @@ CVE-2023-28145
CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default
configura ...)
- hotspot <unfixed>
[bullseye] - hotspot <no-dsa> (Minor issue)
+ [buster] - hotspot <not-affected> (Vulnerable code not present,
introduced in 1.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8
NOTE: Introduced by:
https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb
(v1.3.0)
NOTE: Opt-In to allow privilege escalation (and disable by default):
=====================================
data/dla-needed.txt
=====================================
@@ -121,9 +121,6 @@ hdf5
NOTE: 20230318: Enrico did some work around hdf5* packaging in the past,
probably
NOTE: 20230318: sync w/ him. (utkarsh)
--
-hotspot
- NOTE: 20230324: Programming language: C++.
---
intel-microcode (tobi)
NOTE: 20230219: Programming language: Binary blob.
NOTE: 20230219: VCS:
https://salsa.debian.org/lts-team/packages/intel-microcode.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab60b94d9d4c95f07ce6928d75c660ffdba9fa20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab60b94d9d4c95f07ce6928d75c660ffdba9fa20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
