[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) Fri, 22 Nov 2024 00:12:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
77066342 by Moritz Muehlenhoff at 2024-11-22T09:10:01+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124185,12 +124185,12 @@ CVE-2023-2642 (A vulnerability classified as 
critical has been found in SourceCo
 CVE-2023-2641 (A vulnerability was found in SourceCodester Online Internship 
Manageme ...)
        NOT-FOR-US: SourceCodester Online Internship Management System
 CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The 
in-toto  ...)
-       - in-toto <unfixed> (bug #1035934)
-       [bookworm] - in-toto <no-dsa> (Minor issue)
-       [bullseye] - in-toto <no-dsa> (Minor issue)
+       - in-toto 2.0.0-1 (bug #1035934; unimportant)
        NOTE: 
https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf
        NOTE: 
https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59
 (v2.0.0)
        NOTE: 
https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325
 (v2.0.0)
+       NOTE: Negbligible security impact, that's just how hidden files work...
+       NOTE: Fixed version is the release which dropped support for parsing 
these files
 CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 
14.6-rc-1, ...)
        NOT-FOR-US: XWiki
 CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a 
heap-buff ...)
@@ -180450,11 +180450,12 @@ CVE-2022-40153
        REJECTED
 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to 
Denial of  ...)
        - libwoodstox-java <unfixed> (bug #1032089)
-       [bookworm] - libwoodstox-java <no-dsa> (Minor issue)
+       [bookworm] - libwoodstox-java <ignored> (Minor issue)
        [bullseye] - libwoodstox-java <no-dsa> (Minor issue)
        [buster] - libwoodstox-java <no-dsa> (Minor issue)
        NOTE: https://github.com/x-stream/xstream/issues/304
        NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
+       NOTE: 
https://github.com/FasterXML/woodstox/commit/7e93907e9c98270e76e20d55c4d35bd600edbb20
 (woodstox-core-5.4.0)
 CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to 
Denial o ...)
        - libxstream-java <unfixed> (unimportant)
        NOTE: https://github.com/x-stream/xstream/issues/304



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770663420051738a89e38da719f6f6442295896b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770663420051738a89e38da719f6f6442295896b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] triage older issues

Reply via email to