[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVEs for gss-ntlmssp as no-dsa for Buster

Thorsten Alteholz (@alteholz) Sun, 07 May 2023 01:48:18 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
309f620a by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
mark CVEs for gss-ntlmssp as no-dsa for Buster

- - - - -
f85dc448 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
add libfastjson

- - - - -
03619494 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
update note

- - - - -
85011540 by Thorsten Alteholz at 2023-05-07T10:47:38+02:00
mark CVE-2023-30861 as postponed for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1563,6 +1563,7 @@ CVE-2023-2167
        RESERVED
 CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When 
all of the ...)
        - flask <unfixed>
+       [buster] - flask <postponed> (Minor issue)
        NOTE: 
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq
        NOTE: 
https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d
 (2.2.5)
        NOTE: 
https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d
 (2.3.2)
@@ -17391,6 +17392,7 @@ CVE-2023-25568
 CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that 
implements  ...)
        - gss-ntlmssp 1.2.0-1 (bug #1031369)
        [bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+       [buster] - gss-ntlmssp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4
 (v1.2.0)
 CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that 
implement ...)
@@ -17402,6 +17404,7 @@ CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for 
the GSSAPI library that imp
 CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that 
implement ...)
        - gss-ntlmssp 1.2.0-1 (bug #1031369)
        [bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+       [buster] - gss-ntlmssp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64
 (v1.2.0)
 CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that 
implement ...)
@@ -17413,6 +17416,7 @@ CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for 
the GSSAPI library that imp
 CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that 
implement ...)
        - gss-ntlmssp 1.2.0-1 (bug #1031369)
        [bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+       [buster] - gss-ntlmssp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf
        NOTE: 
https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd
 (v1.2.0)
 CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of 
DataHub pr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -86,6 +86,10 @@ hdf5 (tobi)
   NOTE: 20230506: tried to triage… seems to be that only sensible way forward 
would be to update to a newer version in the 1.10.x
   NOTE: 20230506: line. Still then, state of CVEs are unknown if they have 
been fixed. 1.10.11 is scheduled for September. (tobi)
 --
+libfastjson (Thorsten Alteholz)
+  NOTE: 20230507: Programming language: C.
+  NOTE: 20230507: the CVE was fixed in json-c already
+--
 linux (Ben Hutchings)
   NOTE: 20230111: Programming language: C
 --
@@ -212,7 +216,7 @@ rainloop
 ring (Thorsten Alteholz)
   NOTE: 20221120: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
-  NOTE: 20230423: move CVEs appeared
+  NOTE: 20230507: testing package
 --
 ruby-loofah
   NOTE: 20221231: Programming language: Ruby.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVEs for gss-ntlmssp as no-dsa for Buster

Reply via email to