Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f39281b by Adrian Bunk at 2024-10-17T02:01:14+03:00
Reserve DLA-3922-1 for python-cryptography
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -84063,7 +84063,6 @@ CVE-2023-49090 (CarrierWave is a solution for file
uploads for Rails, Sinatra an
CVE-2023-49083 (cryptography is a package designed to expose cryptographic
primitives ...)
- python-cryptography 41.0.7-1 (bug #1057108)
[bookworm] - python-cryptography <no-dsa> (Minor issue)
- [bullseye] - python-cryptography <no-dsa> (Minor issue)
[buster] - python-cryptography <not-affected> (Vulnerable code
introduced later)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
NOTE: https://github.com/pyca/cryptography/pull/9926
@@ -135656,7 +135655,6 @@ CVE-2023-23932 (OpenDDS is an open source C++
implementation of the Object Manag
CVE-2023-23931 (cryptography is a package designed to expose cryptographic
primitives ...)
{DLA-3331-2 DLA-3331-1}
- python-cryptography 38.0.4-3 (bug #1031049)
- [bullseye] - python-cryptography <no-dsa> (Minor issue)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
NOTE:
https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696
CVE-2023-23930 (vantage6 is privacy preserving federated learning
infrastructure. Vers ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Oct 2024] DLA-3922-1 python-cryptography - security update
+ {CVE-2023-23931 CVE-2023-49083}
+ [bullseye] - python-cryptography 3.3.2-1+deb11u1
[16 Oct 2024] DLA-3921-1 apache2 - regression update
[bullseye] - apache2 2.4.62-1~deb11u2
[14 Oct 2024] DLA-3920-1 php7.4 - security update
=====================================
data/dla-needed.txt
=====================================
@@ -185,10 +185,6 @@ python-aiohttp
NOTE: 20240523: Added by oldstable Security Team (jmm)
NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
-python-cryptography (Adrian Bunk)
- NOTE: 20241015: Added by Front-Desk (santiago)
- NOTE: 20241015: CVE-2023-23931 was fixed in buster. Other CVEs
(CVE-2023-49083 and CVE-2024-26130) need to be fixed in bookworm first
(santiago/front-desk)
---
python-git (dleidert)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Follow fixes from buster DLA-3589-1, buster DLA-3502-1 and
bookworm 12.2 (3 CVEs) (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39281b36a86549bc0d4814b2b48c0a4336dd3d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39281b36a86549bc0d4814b2b48c0a4336dd3d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
