Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de96f629 by Thorsten Alteholz at 2023-05-07T01:15:15+02:00
mark CVE-2021-45423 as not-affected for Buster
- - - - -
b103816e by Thorsten Alteholz at 2023-05-07T01:17:40+02:00
mark CVE-2023-29323 as no-dsa for Buster
- - - - -
2d7c953d by Thorsten Alteholz at 2023-05-07T01:18:59+02:00
mark CVE-2022-48468 as no-dsa for Buster
- - - - -
2c4bc770 by Thorsten Alteholz at 2023-05-07T01:20:03+02:00
mark CVE-2023-31485 as no-dsa for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -163,6 +163,7 @@ CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub
repository vim/vim p
CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates
when con ...)
- libgitlab-api-v4-perl <unfixed> (bug #954051)
[bullseye] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
+ [buster] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57
CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when
downloading ...)
- perl <unfixed> (bug #1035109)
@@ -2566,6 +2567,7 @@ CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned
integer overflow in pars
[buster] - protobuf-c <no-dsa> (Minor issue)
- libsignal-protocol-c 2.3.3-3
[bullseye] - libsignal-protocol-c <no-dsa> (Minor issue)
+ [buster] - libsignal-protocol-c <no-dsa> (Minor issue)
NOTE:
https://github.com/protobuf-c/protobuf-c/commit/289f5c18b195aa43d46a619d1188709abbfa9c82
(v1.4.1)
NOTE:
https://github.com/protobuf-c/protobuf-c/commit/0d1fd124a4e0a07b524989f6e64410ff648fba61
(v1.4.1)
NOTE: https://github.com/protobuf-c/protobuf-c/pull/513
@@ -5792,6 +5794,7 @@ CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD
before 7.1 errata 024 an
- opensmtpd <unfixed> (bug #1034178)
[bookworm] - opensmtpd <no-dsa> (Minor issue)
[bullseye] - opensmtpd <no-dsa> (Minor issue)
+ [buster] - opensmtpd <no-dsa> (Minor issue)
NOTE:
https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
CVE-2023-29322
RESERVED
@@ -109787,6 +109790,7 @@ CVE-2021-45424
CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the
pe_exports f ...)
- pev 0.81-9 (bug #1034725)
[bullseye] - pev <no-dsa> (Minor issue, will be fixed in next point
release)
+ [buster] - pev <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/merces/libpe/issues/35
NOTE:
https://github.com/merces/libpe/commit/9b5fedc37ccbcd23695a0e97c0fe46c999e26100
NOTE:
https://github.com/merces/libpe/commit/8960f7d710c4d1a43badd2bbf273721248b864f8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a459575c659cf74601dc47911e34c88ae8f11eea...2c4bc770633c72d44f4e45a27a3462ca28ee7784
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a459575c659cf74601dc47911e34c88ae8f11eea...2c4bc770633c72d44f4e45a27a3462ca28ee7784
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
