Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab006b54 by Adrian Bunk at 2024-03-04T14:52:44+02:00
CVE-2023-7216/cpio: upstream considers it normal behavior
I am leaving the final assessment/decision about this CVE to the
security team.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7034,7 +7034,8 @@ CVE-2024-0323 (Use of a Broken or Risky Cryptographic
Algorithm vulnerability in
CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility.
This iss ...)
- cpio <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249901
- NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-02/msg00000.html
+ NOTE: Upstream considers it normal behavior:
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of
service attac ...)
NOT-FOR-US: Ember ZNet
CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in
the SVG ...)
=====================================
data/dla-needed.txt
=====================================
@@ -65,6 +65,7 @@ composer (rouca)
--
cpio
NOTE: 20240303: Added by Front-Desk (apo)
+ NOTE: 20240304: Likely no work to do since upstream considers CVE-2023-7216
normal behavior. (bunk)
--
curl
NOTE: 20231229: Added by Front-Desk (lamby)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab006b54bd62ef52555abed33f92c94fbf1817fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab006b54bd62ef52555abed33f92c94fbf1817fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
