[Git][security-tracker-team/security-tracker][master] 3 commits: Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.

Ola Lundqvist (@opal) Fri, 16 Jun 2023 14:42:49 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
618740db by Ola Lundqvist at 2023-06-16T23:42:14+02:00
Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.

- - - - -
3682307e by Ola Lundqvist at 2023-06-16T23:42:16+02:00
Marked wireshark CVE-2023-0667 as no-dsa for buster following bullseye decision.

- - - - -
1679961e by Ola Lundqvist at 2023-06-16T23:42:16+02:00
Added syncthing to dla-needed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22674,6 +22674,7 @@ CVE-2023-0667 (Due to failure in validating the length 
provided by an attacker-c
        {DSA-5429-1}
        - wireshark 4.0.6-1
        [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://takeonme.org/cves/CVE-2023-0667.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086
 CVE-2023-0666 (Due to failure in validating the length provided by an 
attacker-crafte ...)
@@ -36772,6 +36773,7 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was 
discovered to contain a SQL
 CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary 
file read  ...)
        - nagvis 1:1.9.34-1
        [bullseye] - nagvis <no-dsa> (Minor issue)
+       [buster] - nagvis <no-dsa> (Minor issue)
        NOTE: 
https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a
 (nagvis-1.9.34)
 CVE-2022-46944
        RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -207,6 +207,9 @@ samba (Lee Garrett)
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
   NOTE: 20230323: Still working on the long list of CVEs, will likely release 
an intermittent package first (lee)
 --
+syncthing
+  NOTE: 20230616: Added by Front-Desk (opal)
+--
 webkit2gtk (Emilio)
   NOTE: 20230512: Re-added (pochu)
   NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll 
have to EOL webkit (pochu)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178e878ea2a0dc1108234306f9dc67844d0ab7aa...1679961e87a6e74aaee6f44dd4c81105af295fd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178e878ea2a0dc1108234306f9dc67844d0ab7aa...1679961e87a6e74aaee6f44dd4c81105af295fd3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.

Reply via email to