Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e7ef3de by Salvatore Bonaccorso at 2023-06-23T23:08:28+02:00
Track fixed version for two c-ares issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5476,7 +5476,7 @@ CVE-2023-31148 (An Improper Input Validation
vulnerability in the Schweitzer E
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom
or RtlGe ...)
[experimental] - c-ares 1.19.1-1
- - c-ares <unfixed> (unimportant)
+ - c-ares 1.19.1-2 (unimportant)
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
NOTE:
https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5
(cares-1_19_1)
NOTE: Any Debian system/port provides /dev/urandom
@@ -5533,7 +5533,7 @@ CVE-2023-31125 (Engine.IO is the implementation of
transport-based cross-browser
NOT-FOR-US: Engine.IO
CVE-2023-31124 (c-ares is an asynchronous resolver library. When
cross-compiling c-are ...)
[experimental] - c-ares 1.19.1-1
- - c-ares <unfixed> (unimportant)
+ - c-ares 1.19.1-2 (unimportant)
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
NOTE:
https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d
(cares-1_19_1)
NOTE: No impact on binaries shipped by Debian
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7ef3de229e35943495e137a298eccd5eeb3bdc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e7ef3de229e35943495e137a298eccd5eeb3bdc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
