Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 807d258b by Thorsten Alteholz at 2024-02-04T13:48:27+01:00 add runc - - - - - c8c4cf0d by Thorsten Alteholz at 2024-02-04T13:48:27+01:00 mark CVE-2024-23170 and CVE-2024-23775 as no-dsa for Buster - - - - - dbebde73 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00 mark CVE-2023-5992 as no-dsa for Buster - - - - - 4451aac6 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00 mark CVE-2024-23831 as no-dsa for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -74,6 +74,7 @@ CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inven NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...) - ledgersmb <unfixed> (bug #1062845) + [buster] - ledgersmb <no-dsa> (Minor issue) NOTE: https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm NOTE: https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...) @@ -741,6 +742,7 @@ CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption paddi - opensc <unfixed> [bookworm] - opensc <no-dsa> (Minor issue) [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685 NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 NOTE: https://github.com/OpenSC/OpenSC/pull/2948 @@ -1188,11 +1190,13 @@ CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and - mbedtls 2.28.7-1 [bookworm] - mbedtls <no-dsa> (Minor issue) [bullseye] - mbedtls <no-dsa> (Minor issue) + [buster] - mbedtls <no-dsa> (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/ CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ...) - mbedtls 2.28.7-1 [bookworm] - mbedtls <no-dsa> (Minor issue) [bullseye] - mbedtls <no-dsa> (Minor issue) + [buster] - mbedtls <no-dsa> (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin ===================================== data/dla-needed.txt ===================================== @@ -215,6 +215,9 @@ ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) -- +runc + NOTE: 20240204: Added by Front-Desk (ta) +-- samba NOTE: 20230918: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits