Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: fcb78095 by Thorsten Alteholz at 2023-07-03T00:07:40+02:00 add yajl - - - - - fd0c9bcc by Thorsten Alteholz at 2023-07-03T00:07:41+02:00 mark CVE-2023-2861 as no-dsa for Buster - - - - - 430ae682 by Thorsten Alteholz at 2023-07-03T00:07:42+02:00 mark CVE-2023-3354 as no-dsa for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -445,6 +445,7 @@ CVE-2023-3354 [VNC: improper I/O watch removal in TLS handshake can lead to remo - qemu <unfixed> [bookworm] - qemu <no-dsa> (Minor issue) [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478 TODO: check, no details in RHBZ#2216478 on upstream status CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...) @@ -497,6 +498,7 @@ CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uplo NOT-FOR-US: WordPress plugin CVE-2023-2861 [9pfs: prevent opening special files] - qemu <unfixed> + [buster] - qemu <no-dsa> (Minor issue) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda CVE-2023-2860 [ipv6: sr: fix out-of-bounds read when setting HMAC data.] - linux 5.19.11-1 ===================================== data/dla-needed.txt ===================================== @@ -263,3 +263,6 @@ webkit2gtk (Emilio) NOTE: 20230606: https://lists.debian.org/debian-lts/2023/06/msg00005.html (pochu) NOTE: 20230627: will likely hold the update and mark as not-supported due to feedback (pochu) -- +yajl (tobi) + NOTE: 20230702: Added by Front-Desk (ta) +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab48cb7e37aa9475bb69485eab889d5f8f70bb5d...430ae6821506cd4290eacaa2d66eb4b328c866e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab48cb7e37aa9475bb69485eab889d5f8f70bb5d...430ae6821506cd4290eacaa2d66eb4b328c866e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits