[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2023-36201 as ignored for buster

Anton Gladky (@gladk) Sun, 09 Jul 2023 11:45:47 -0700


Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
53d95b27 by Anton Gladky at 2023-07-09T20:45:19+02:00
Mark CVE-2023-36201 as ignored for buster

- - - - -
ebd698e1 by Anton Gladky at 2023-07-09T20:45:19+02:00
Mark CVE-2023-3523 as EOL for buster (gpac)

- - - - -
2533cd69 by Anton Gladky at 2023-07-09T20:45:19+02:00
LTS: Add node-tough-cookie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,6 +109,7 @@ CVE-2023-36256 (The Online Examination System Project 1.0 
version is vulnerable
 CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an 
attacker  ...)
        - iotjs <removed>
        [bullseye] - iotjs <ignored> (Minor issue)
+       [buster] - iotjs <ignored> (Minor issue)
        NOTE: https://github.com/jerryscript-project/jerryscript/issues/5026
 CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk 
Plus MSP  ...)
        NOT-FOR-US: Zoho
@@ -160,6 +161,7 @@ CVE-2023-3523 (Out-of-bounds Read in GitHub repository 
gpac/gpac prior to 2.2.2.
        - gpac <unfixed>
        NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
        NOTE: 
https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96
+       [buster] - gpac <end-of-life> (EOL in buster LTS)
 CVE-2023-3456 (Vulnerability of kernel raw address leakage in the  hang 
detector modu ...)
        NOT-FOR-US: Huawei
 CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A 
crafted U ...)


=====================================
data/dla-needed.txt
=====================================
@@ -103,6 +103,9 @@ linux (Ben Hutchings)
 mediawiki (Markus Koschany)
   NOTE: 20230701: Added by Front-Desk (ta)
 --
+node-tough-cookie
+  NOTE: 20230709: Added by Front-Desk (gladk)
+--
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific 
CVE-2022-47951 backport that introduces regression
@@ -132,6 +135,9 @@ openjdk-11 (Emilio)
   NOTE: 20230612: sid updated, preparing backport (pochu)
   NOTE: 20230627: waiting for DSA (pochu)
 --
+pandoc
+  NOTE: 20230709: Added by Front-Desk (gladk)
+--
 php-dompdf (rouca)
   NOTE: 20230618: Added by Front-Desk (opal)
   NOTE: 20230618: Low priority but higher than to not fix it.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00404a33424169134995001a541dfecc28fd17a8...2533cd69dae703e8ebb5ec18e44b2b682bcf950d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00404a33424169134995001a541dfecc28fd17a8...2533cd69dae703e8ebb5ec18e44b2b682bcf950d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2023-36201 as ignored for buster

Reply via email to