Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 309f620a by Thorsten Alteholz at 2023-05-07T10:47:37+02:00 mark CVEs for gss-ntlmssp as no-dsa for Buster - - - - - f85dc448 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00 add libfastjson - - - - - 03619494 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00 update note - - - - - 85011540 by Thorsten Alteholz at 2023-05-07T10:47:38+02:00 mark CVE-2023-30861 as postponed for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1563,6 +1563,7 @@ CVE-2023-2167 RESERVED CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...) - flask <unfixed> + [buster] - flask <postponed> (Minor issue) NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5) NOTE: https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d (2.3.2) @@ -17391,6 +17392,7 @@ CVE-2023-25568 CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp <no-dsa> (Minor issue) + [buster] - gss-ntlmssp <no-dsa> (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0) CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) @@ -17402,6 +17404,7 @@ CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp <no-dsa> (Minor issue) + [buster] - gss-ntlmssp <no-dsa> (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0) CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) @@ -17413,6 +17416,7 @@ CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp <no-dsa> (Minor issue) + [buster] - gss-ntlmssp <no-dsa> (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0) CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...) ===================================== data/dla-needed.txt ===================================== @@ -86,6 +86,10 @@ hdf5 (tobi) NOTE: 20230506: tried to triageā¦ seems to be that only sensible way forward would be to update to a newer version in the 1.10.x NOTE: 20230506: line. Still then, state of CVEs are unknown if they have been fixed. 1.10.11 is scheduled for September. (tobi) -- +libfastjson (Thorsten Alteholz) + NOTE: 20230507: Programming language: C. + NOTE: 20230507: the CVE was fixed in json-c already +-- linux (Ben Hutchings) NOTE: 20230111: Programming language: C -- @@ -212,7 +216,7 @@ rainloop ring (Thorsten Alteholz) NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git - NOTE: 20230423: move CVEs appeared + NOTE: 20230507: testing package -- ruby-loofah NOTE: 20221231: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits