Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6cb1cf6 by Chris Lamb at 2023-03-30T09:52:15+01:00
Triage CVE-2023-28862 in lemonldap-ng for buster LTS.
- - - - -
f5af24b3 by Chris Lamb at 2023-03-30T09:52:49+01:00
Triage CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466 in openssl for buster
LTS.
- - - - -
5229c1d3 by Chris Lamb at 2023-03-30T09:53:12+01:00
Triage CVE-2023-25809 in runc for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -528,6 +528,7 @@ CVE-2023-28862
RESERVED
- lemonldap-ng 2.16.1+ds-1
[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+ [buster] - lemonldap-ng <no-dsa> (Minor issue)
CVE-2023-28861
RESERVED
CVE-2023-28860
@@ -9350,6 +9351,7 @@ CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring
tool. In versions prior
CVE-2023-25809 (runc is a CLI tool for spawning and running containers
according to th ...)
- runc 1.1.5+ds1-1
[bullseye] - runc <no-dsa> (Minor issue)
+ [buster] - runc <no-dsa> (Minor issue)
NOTE:
https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
NOTE:
https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5
(v1.1.5)
CVE-2023-25808
@@ -13436,18 +13438,21 @@ CVE-2023-0467 (The WP Dark Mode WordPress plugin
before 4.0.8 does not properly
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to
implicit ...)
- openssl <unfixed>
[bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
(OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying
certificates ...)
- openssl <unfixed>
[bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
- openssl <unfixed>
[bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
(OpenSSL_1_1_1-stable)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df...5229c1d32501fd0cc33b60fb84d306135ad867e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df...5229c1d32501fd0cc33b60fb84d306135ad867e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
