Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: dd3396f4 by Thorsten Alteholz at 2023-08-17T23:19:24+02:00 add libreswan - - - - - d89edf09 by Thorsten Alteholz at 2023-08-17T23:27:57+02:00 mark CVE-2023-37543 as no-dsa for Buster - - - - - 6bda3cd2 by Thorsten Alteholz at 2023-08-17T23:35:57+02:00 mark CVE-2023-40225 as not-affected for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -832,6 +832,7 @@ CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x an - haproxy 2.6.15-1 (bug #1043502) [bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA) [bullseye] - haproxy <postponed> (Minor issue, fix along with future DSA) + [buster] - haproxy <not-affected> (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/2237 NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...) @@ -955,6 +956,7 @@ CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference - cacti <unfixed> [bookworm] - cacti <no-dsa> (Minor issue) [bullseye] - cacti <no-dsa> (Minor issue) + [buster] - cacti <no-dsa> (Minor issue) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj NOTE: https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed TODO: check details once GHSA-4x82-8w8m-w8hj accessible, 1.2.6 does not seem correct, reporter claims 1.2.25 wich is not released ===================================== data/dla-needed.txt ===================================== @@ -89,6 +89,9 @@ intel-microcode (utkarsh) NOTE: 20230815: https://salsa.debian.org/lts-team/packages/intel-microcode/-/commits/releases/buster NOTE: 20230815: waiting for hmh to review. (utkarsh) -- +libreswan + NOTE: 20230817: Added by Front-Desk (ta) +-- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ca787868baa231e16c7683eb8060e9df63cca89...6bda3cd25a83f41bea12b0ae259366c82cff5e42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ca787868baa231e16c7683eb8060e9df63cca89...6bda3cd25a83f41bea12b0ae259366c82cff5e42 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits