Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fa17816 by Thorsten Alteholz at 2023-05-07T00:54:35+02:00
mark CVE-2023-25652 as no-dsa for Buster
- - - - -
218bd853 by Thorsten Alteholz at 2023-05-07T00:55:07+02:00
mark CVE-2023-29007 as no-dsa for Buster
- - - - -
ecef4e62 by Thorsten Alteholz at 2023-05-07T01:01:20+02:00
mark CVE-2023-31484 as no-dsa for Buster
- - - - -
a459575c by Thorsten Alteholz at 2023-05-07T01:04:21+02:00
mark CVE-2023-2426 as no-dsa for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -157,6 +157,7 @@ CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in
GitHub repository thorsten
CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- vim 2:9.0.1378-2 (bug #1035323)
[bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
NOTE:
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
(v9.0.1499)
CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates
when con ...)
@@ -166,6 +167,7 @@ CVE-2023-31485 (GitLab::API::v4 through 0.26 does not
verify TLS certificates wh
CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when
downloading ...)
- perl <unfixed> (bug #1035109)
[bullseye] - perl <no-dsa> (Minor issue)
+ [buster] - perl <no-dsa> (Minor issue)
NOTE: https://github.com/andk/cpanpm/pull/175
NOTE:
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0
(2.35-TRIAL)
CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17
has a di ...)
@@ -6786,6 +6788,7 @@ CVE-2023-29008 (The SvelteKit framework offers developers
an option to create si
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
+ [buster] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/[email protected]/
NOTE:
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
(v2.30.9)
NOTE:
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
(v2.30.9)
@@ -17083,6 +17086,7 @@ CVE-2023-25653 (node-jose is a JavaScript
implementation of the JSON Object Sign
CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
+ [buster] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/[email protected]/
NOTE:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
(v2.30.9)
CVE-2023-25651
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b0631c5b6e684c8d3c43160a7261623308ae1c7...a459575c659cf74601dc47911e34c88ae8f11eea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b0631c5b6e684c8d3c43160a7261623308ae1c7...a459575c659cf74601dc47911e34c88ae8f11eea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
