[Git][security-tracker-team/security-tracker][master] CVE-2023-49582/apr: Ignore in bullseye

Sat, 23 Nov 2024 14:33:29 -0800 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab3c6889 by Adrian Bunk at 2024-11-24T00:32:25+02:00
CVE-2023-49582/apr: Ignore in bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23633,9 +23633,11 @@ CVE-2024-28077 (A denial-of-service issue was 
discovered on certain GL-iNet devi
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on 
Unix pla ...)
        - apr 1.7.5-1 (bug #1080375)
        [bookworm] - apr 1.7.2-3+deb12u1
-       [bullseye] - apr <postponed> (Minor issue; can be fixed in next update)
+       [bullseye] - apr <ignored> (binary packages not affected due to 
APR_USE_SHMEM_SHMGET=1)
        NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
        NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
+       NOTE: Exposed by: 
https://github.com/apache/apr/commit/dcdd7daaef7ee6c077a4769a5bec1fbc11e5611f 
(trunk)
+       NOTE: Exposed by: 
https://github.com/apache/apr/commit/ebd6c401ccceea461a929122526caacf9c9e7b1d 
(1.7.1-rc1)
        NOTE: Fixed by: 
https://github.com/apache/apr/commit/501072062dfcbc459f5d1e576113d17c7de84d5a 
(trunk)
        NOTE: Fixed by: 
https://github.com/apache/apr/commit/36ea6d5a2bfc480dd8032cc8651e6793552bc2aa 
(1.7.5)
 CVE-2024-44942 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)


=====================================
data/dla-needed.txt
=====================================
@@ -34,10 +34,6 @@ ansible
   NOTE: 20241120: Waiting for release by Lee testsuite is ok
   NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more 
upstream backport work needed
 --
-apr (Adrian Bunk)
-  NOTE: 20241121: Added by Front-Desk (Beuc)
-  NOTE: 20241121: Follow fixes from bookworm 12.8 (CVE-2023-49582) 
(Beuc/front-desk)
---
 avahi (Adrian Bunk)
   NOTE: 20241119: Added by Front-Desk (Beuc)
   NOTE: 20241119: Multiple CVEs now fixed upstream: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054880#12



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3c6889f1eb92abab588cc57f578128eec34f09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3c6889f1eb92abab588cc57f578128eec34f09
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to