Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08d4ab66 by Salvatore Bonaccorso at 2023-08-13T12:20:25+02:00
Revert "Mark CVE-2023-26590 as not-affected"
This reverts commit 4009500a2ff716b394a38b09c42a73cbe257228f.
The correct entry should be note the version including the fix landing
in unstable, and separately if still in the supported suites in the
security-tracker a respective suite entry.
Additionally a note should clarify why this CVE is fixed by a particular
change from the different CVE.
- - - - -
b04805f9 by Salvatore Bonaccorso at 2023-08-13T12:20:57+02:00
Revert "Mark CVE-2023-34432 as not affected"
This reverts commit b13f24703fd76432c9930e121d4a21e867eb71ee.
The correct entry should be note the version including the fix landing
in unstable, and separately if still in the supported suites in the
security-tracker a respective suite entry.
Additionally a note should clarify why this CVE is fixed by a particular
change from the different CVE.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4904,10 +4904,9 @@ CVE-2023-35697 (Improper Restriction of Excessive
Authentication Attempts in the
CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an
unauthen ...)
NOT-FOR-US: SICK
CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the
lsx_read ...)
- - sox <not-affected> (fixed by fix of CVE-2021-23159 and CVE-2021-23172)
+ - sox <unfixed> (bug #1041110)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291
NOTE: https://sourceforge.net/p/sox/bugs/367/
- NOTE:
https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2021-23159.patch
CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to
1.0.7 con ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the
startrea ...)
@@ -4941,10 +4940,9 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin
through 3.3 does not imp
CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26590 (A floating point exception vulnerability was found in sox, in
the lsx_ ...)
- - sox <not-affected> (Fixed by CVE-2022-31650 patch)
+ - sox <unfixed> (bug #1041113)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279
NOTE: https://sourceforge.net/p/sox/bugs/370/
- NOTE:
https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch
CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified
as critic ...)
NOT-FOR-US: Dynacase
CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up
to 1.0. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
