[Git][security-tracker-team/security-tracker][master] Reserve DLA-3613-1 for curl

Emilio Pozuelo Monfort (@pochu) Wed, 11 Oct 2023 04:44:09 -0700


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
17dc31e4 by Emilio Pozuelo Monfort at 2023-10-11T13:43:30+02:00
Reserve DLA-3613-1 for curl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -29879,7 +29879,6 @@ CVE-2023-28322 (An information disclosure vulnerability 
exists in curl <v8.1.0 w
 CVE-2023-28321 (An improper certificate validation vulnerability exists in 
curl <v8.1. ...)
        - curl 7.88.1-10 (bug #1036239)
        [bullseye] - curl 7.74.0-1.3+deb11u9
-       [buster] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2023-28321.html
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/9631fa740708b1890197fad01e25b34b7e8eb80e 
(curl-7_12_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/199f2d440d8659b42670c1b796220792b01a97bf 
(curl-8_1_0)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Oct 2023] DLA-3613-1 curl - security update
+       {CVE-2023-28321 CVE-2023-38546}
+       [buster] - curl 7.64.0-4+deb10u7
 [08 Oct 2023] DLA-3612-1 lemonldap-ng - security update
        {CVE-2023-44469}
        [buster] - lemonldap-ng 2.0.2+ds-7+deb10u10


=====================================
data/dla-needed.txt
=====================================
@@ -54,11 +54,6 @@ cinder
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, 
python-os-brick, nova and cinder.
 --
-curl (Emilio)
-  NOTE: 20231007: Added by Front-Desk (Beuc)
-  NOTE: 20231007: Follow fixes from bullseye 11.8 (3 CVEs) (Beuc/front-desk)
-  NOTE: 20231007: upcoming high severity CVE (pochu)
---
 dbus (Emilio)
   NOTE: 20231007: Added by Front-Desk (Beuc)
   NOTE: 20231007: Follow fixes from bullseye 11.8 (1 CVE) (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17dc31e495d3853edfcc5c005e4bf8422ad495cd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17dc31e495d3853edfcc5c005e4bf8422ad495cd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3613-1 for curl

Reply via email to