Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
807d258b by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
add runc
- - - - -
c8c4cf0d by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2024-23170 and CVE-2024-23775 as no-dsa for Buster
- - - - -
dbebde73 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2023-5992 as no-dsa for Buster
- - - - -
4451aac6 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2024-23831 as no-dsa for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -74,6 +74,7 @@ CVE-2024-23895 (A vulnerability has been reported in Cups
Easy (Purchase & Inven
NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system.
When a L ...)
- ledgersmb <unfixed> (bug #1062845)
+ [buster] - ledgersmb <no-dsa> (Minor issue)
NOTE:
https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm
NOTE:
https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165
CVE-2024-23824 (mailcow is a dockerized email package, with multiple
containers linked ...)
@@ -741,6 +742,7 @@ CVE-2023-5992 (A vulnerability was found in OpenSC where
PKCS#1 encryption paddi
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
[bullseye] - opensc <no-dsa> (Minor issue)
+ [buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
NOTE: https://github.com/OpenSC/OpenSC/pull/2948
@@ -1188,11 +1190,13 @@ CVE-2024-23775 (Integer Overflow vulnerability in Mbed
TLS 2.x before 2.28.7 and
- mbedtls 2.28.7-1
[bookworm] - mbedtls <no-dsa> (Minor issue)
[bullseye] - mbedtls <no-dsa> (Minor issue)
+ [buster] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x
before 3 ...)
- mbedtls 2.28.7-1
[bookworm] - mbedtls <no-dsa> (Minor issue)
[bullseye] - mbedtls <no-dsa> (Minor issue)
+ [buster] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
=====================================
data/dla-needed.txt
=====================================
@@ -215,6 +215,9 @@ ring
NOTE: 20230903: Added by Front-Desk (gladk)
NOTE: 20230928: will be likely hard to fix see
https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)
--
+runc
+ NOTE: 20240204: Added by Front-Desk (ta)
+--
samba
NOTE: 20230918: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
