Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16c3addf by Bastien Roucariès at 2023-08-03T11:01:47+00:00
Mark chef debian package not-affected by CVE-2023-28864
Chef-server upstream package was removed from chef debian package in 201207
after reintroduction of chef in 201205
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17220,6 +17220,7 @@ CVE-2023-28865
RESERVED
CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker
to expl ...)
- chef <removed>
+ [buster] - chef <not-affected> (chef package does not include upstream
chef-server)
NOTE:
https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation
NOTE:
https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42
NOTE: Fixed by:
https://github.com/chef/chef-server/commit/985dfee99044ff477dbc08462b6d69add70f8608
(15.7.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c3addf684ddf5da8d7aa9d7fc751415fbcd4a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c3addf684ddf5da8d7aa9d7fc751415fbcd4a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
