Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3afd9bc by Thorsten Alteholz at 2023-12-09T00:35:00+01:00
mark busybox CVEs as no-dsa
- - - - -
50d9705b by Thorsten Alteholz at 2023-12-09T00:41:33+01:00
mark CVE-2023-5332 as no-dsa for Buster
- - - - -
9011e30f by Thorsten Alteholz at 2023-12-09T00:46:15+01:00
mark CVE-2023-49083 as not-affected for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1034,6 +1034,7 @@ CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm
Ltd Midgard GPU Userspa
CVE-2023-5332 (Patch in third party library Consul requires
'enable-script-checks' to ...)
- consul <removed>
[bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <no-dsa> (Minor issue)
NOTE: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171
NOTE:
https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations
CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer
overflows ...)
@@ -1909,6 +1910,7 @@ CVE-2023-49083 (cryptography is a package designed to
expose cryptographic primi
- python-cryptography <unfixed> (bug #1057108)
[bookworm] - python-cryptography <no-dsa> (Minor issue)
[bullseye] - python-cryptography <no-dsa> (Minor issue)
+ [buster] - python-cryptography <not-affected> (Vulnerable code
introduced later)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
NOTE: https://github.com/pyca/cryptography/pull/9926
NOTE:
https://github.com/pyca/cryptography/commit/1e7b4d074e14c4e694d3ce69ad6754a6039fd6ff
(main)
@@ -2122,21 +2124,25 @@ CVE-2023-42366 (A heap-buffer-overflow was discovered
in BusyBox v.1.36.1 in the
- busybox <unfixed>
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874
CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox
v.1.36.1 via ...)
- busybox <unfixed>
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871
CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows
attackers to ...)
- busybox <unfixed>
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868
CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf
function in ...)
- busybox <unfixed>
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865
CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in
Chamilo ...)
NOT-FOR-US: Chamilo LMS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01c38db3c923db34e3f9769de76eb0caa5d599f4...9011e30f8f086a7302c46ccb67c60a9ccafe85a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01c38db3c923db34e3f9769de76eb0caa5d599f4...9011e30f8f086a7302c46ccb67c60a9ccafe85a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
