Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
228f3630 by Thorsten Alteholz at 2023-08-19T00:35:25+02:00
mark CVE-2023-40359 as no-dsa for Buster
- - - - -
5754ac62 by Thorsten Alteholz at 2023-08-19T00:40:23+02:00
mark CVE-2023-4413 as no-dsa for Buster
- - - - -
22b8191c by Thorsten Alteholz at 2023-08-19T00:46:49+02:00
add python-mechanicalsoup
- - - - -
fd067cd0 by Thorsten Alteholz at 2023-08-19T01:00:22+02:00
mark CVE-2023-39976 as not-addected for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,6 +8,7 @@ CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit
Hunter 1.4.4/1.4.6.
- rkhunter <unfixed>
[bookworm] - rkhunter <no-dsa> (Minor issue)
[bullseye] - rkhunter <no-dsa> (Minor issue)
+ [buster] - rkhunter <no-dsa> (Minor issue)
NOTE:
https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7
CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L
EN_V9.3.5u.6146_B2020102 ...)
NOT-FOR-US: TOTOLINK
@@ -612,6 +613,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting
for character-set name
- xterm 382-2
[bookworm] - xterm <no-dsa> (Minor issue)
[bullseye] - xterm <no-dsa> (Minor issue)
+ [buster] - xterm <no-dsa> (Minor issue)
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A
user ent ...)
NOT-FOR-US: Maxscale
@@ -1721,6 +1723,7 @@ CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8
allows a buffer overflow vi
- libqb 2.0.8-1
[bookworm] - libqb <no-dsa> (Minor issue)
[bullseye] - libqb <no-dsa> (Minor issue)
+ [buster] - libqb <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
(v2.0.8)
NOTE: https://github.com/ClusterLabs/libqb/pull/490
CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior
to vers ...)
=====================================
data/dla-needed.txt
=====================================
@@ -148,6 +148,9 @@ python-glance-store
NOTE: 20230705: pushed a patched version to:
https://salsa.debian.org/lts-team/packages/python-glance-store (jspricke)
NOTE: 20230705: upstream patch looks fine to me but should probably be
tested and released together with the other affected packages. (jspricke)
--
+python-mechanicalsoup
+ NOTE: 20230819: Added by Front-Desk (ta)
+--
python-os-brick
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82507747f4977d38a8e817192a856370ee8973f7...fd067cd0c991ccea80b9d433beed4c56f717c902
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82507747f4977d38a8e817192a856370ee8973f7...fd067cd0c991ccea80b9d433beed4c56f717c902
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
