Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: ddcfe06e by Thorsten Alteholz at 2023-10-15T23:45:11+02:00 add nss - - - - - 499d634b by Thorsten Alteholz at 2023-10-15T23:51:27+02:00 mark CVE-2023-32724 as not-affected for Buster - - - - - 86489cea by Thorsten Alteholz at 2023-10-15T23:53:58+02:00 mark CVE-2023-32722 as not-affected for Buster - - - - - 5ef916c9 by Thorsten Alteholz at 2023-10-16T00:06:49+02:00 add libspf2 - - - - - 90379fe3 by Thorsten Alteholz at 2023-10-16T00:12:05+02:00 mark CVE-2023-5371 as no-dsa for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -357,12 +357,14 @@ CVE-2023-3781 (there is a possible use-after-free write due to improper locking. NOT-FOR-US: Android CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) - zabbix <unfixed> (bug #1053877) + [buster] - zabbix <not-affected> (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23391 CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) - zabbix <unfixed> (bug #1053877) NOTE: https://support.zabbix.com/browse/ZBX-23230 CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) - zabbix <unfixed> (bug #1053877) + [buster] - zabbix <not-affected> (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...) - zabbix <unfixed> (bug #1053877) @@ -1732,6 +1734,7 @@ CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCo NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...) - wireshark 4.0.10-1 + [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) ===================================== data/dla-needed.txt ===================================== @@ -117,6 +117,9 @@ libreswan NOTE: 20230909: all due to code refactoring. I intend to package the version NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo) -- +libspf2 (Thorsten Alteholz) + NOTE: 20231016: Added by Front-Desk (ta) +-- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- @@ -149,6 +152,9 @@ nova NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. (lamby) -- +nss + NOTE: 20231015: Added by Front-Desk (ta) +-- nvidia-cuda-toolkit NOTE: 20230514: Added by Front-Desk (utkarsh) NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have @@ -238,6 +244,9 @@ suricata (Adrian Bunk) trafficserver NOTE: 20231011: Added by Front-Desk (ta) -- +zabbix + NOTE: 20231015: Added by Front-Desk (ta) +-- zookeeper NOTE: 20231014: Added by Front-Desk (ta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abcc50cf5611995a272b0b2e064f85011b0f89f0...90379fe3ef6eda70fabcf6009e58c372c434f686 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abcc50cf5611995a272b0b2e064f85011b0f89f0...90379fe3ef6eda70fabcf6009e58c372c434f686 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits