Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ddcfe06e by Thorsten Alteholz at 2023-10-15T23:45:11+02:00
add nss
- - - - -
499d634b by Thorsten Alteholz at 2023-10-15T23:51:27+02:00
mark CVE-2023-32724 as not-affected for Buster
- - - - -
86489cea by Thorsten Alteholz at 2023-10-15T23:53:58+02:00
mark CVE-2023-32722 as not-affected for Buster
- - - - -
5ef916c9 by Thorsten Alteholz at 2023-10-16T00:06:49+02:00
add libspf2
- - - - -
90379fe3 by Thorsten Alteholz at 2023-10-16T00:12:05+02:00
mark CVE-2023-5371 as no-dsa for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -357,12 +357,14 @@ CVE-2023-3781 (there is a possible use-after-free write
due to improper locking.
NOT-FOR-US: Android
CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This
leads to ...)
- zabbix <unfixed> (bug #1053877)
+ [buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23391
CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
- zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23230
CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer
overflow ...)
- zabbix <unfixed> (bug #1053877)
+ [buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23390
CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in
the Maps ...)
- zabbix <unfixed> (bug #1053877)
@@ -1732,6 +1734,7 @@ CVE-2023-5373 (A vulnerability classified as critical has
been found in SourceCo
NOT-FOR-US: SourceCodester Online Computer and Laptop Store
CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and
3.6.0 to 3. ...)
- wireshark 4.0.10-1
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html
CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers
are po ...)
=====================================
data/dla-needed.txt
=====================================
@@ -117,6 +117,9 @@ libreswan
NOTE: 20230909: all due to code refactoring. I intend to package the version
NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the
fix. (apo)
--
+libspf2 (Thorsten Alteholz)
+ NOTE: 20231016: Added by Front-Desk (ta)
+--
linux (Ben Hutchings)
NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
--
@@ -149,6 +152,9 @@ nova
NOTE: 20230302: zigo currently has no time and requests the LTS team to do
it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder. (lamby)
--
+nss
+ NOTE: 20231015: Added by Front-Desk (ta)
+--
nvidia-cuda-toolkit
NOTE: 20230514: Added by Front-Desk (utkarsh)
NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have
@@ -238,6 +244,9 @@ suricata (Adrian Bunk)
trafficserver
NOTE: 20231011: Added by Front-Desk (ta)
--
+zabbix
+ NOTE: 20231015: Added by Front-Desk (ta)
+--
zookeeper
NOTE: 20231014: Added by Front-Desk (ta)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abcc50cf5611995a272b0b2e064f85011b0f89f0...90379fe3ef6eda70fabcf6009e58c372c434f686
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abcc50cf5611995a272b0b2e064f85011b0f89f0...90379fe3ef6eda70fabcf6009e58c372c434f686
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
