[Git][security-tracker-team/security-tracker][master] mark salt CVEs as EOL in Buster

Wed, 31 Jan 2024 09:11:33 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f96d344 by Thorsten Alteholz at 2024-01-31T18:11:02+01:00
mark salt CVEs as EOL in Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16585,6 +16585,7 @@ CVE-2015-20110 (JHipster generator-jhipster before 
2.23.0 allows a timing attack
        NOT-FOR-US: JHipster generator-jhipster
 CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
        - salt <unfixed> (bug #1055179)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
 CVE-2023-5844 (Unverified Password Change in GitHub repository 
pimcore/admin-ui-class ...)
        NOT-FOR-US: Pimcore admin-ui-classic-bundle
@@ -38886,6 +38887,7 @@ CVE-2023-28370 (Open redirect vulnerability in Tornado 
versions 6.3.1 and earlie
        [bullseye] - python-tornado <no-dsa> (Minor issue)
        [buster] - python-tornado <no-dsa> (Minor issue)
        - salt <unfixed> (bug #1059297)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
 (v6.3.2)
 CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) 
contains an ...)
        NOT-FOR-US: Wacom Tablet Driver installer
@@ -82399,9 +82401,11 @@ CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass 
authentication vulnerabil
        NOT-FOR-US: VMware
 CVE-2023-20898 (Git Providers can read from the wrong environment because they 
get the ...)
        - salt <unfixed> (bug #1051504)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/
 CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion 
return. ...)
        - salt <unfixed> (bug #1051504)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/
        NOTE: https://github.com/saltstack/salt/issues/64061
 CVE-2023-20896 (The VMware vCenter Server contains an out-of-bounds read 
vulnerability ...)
@@ -147000,6 +147004,7 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 
5.3.18, 5.2.0 - 5.2.20, and
        NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 
3002.9, 3 ...)
        - salt <unfixed> (bug #1013872)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/
        NOTE: Fixed by: 
https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8
 (v3004.2)
 CVE-2022-22966 (An authenticated, high privileged malicious actor with network 
access  ...)
@@ -147066,6 +147071,7 @@ CVE-2022-22942 (The vmwgfx driver contains a local 
privilege escalation vulnerab
        NOTE: 
https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c
 CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 
3002.8, 3 ...)
        - salt 3004.1+dfsg-1 (bug #1008945)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-release/
 CVE-2022-22940
        RESERVED
@@ -147077,12 +147083,15 @@ CVE-2022-22937
        RESERVED
 CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 
3002.8, 3 ...)
        - salt 3004.1+dfsg-1 (bug #1008945)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-release/
 CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 
3002.8, 3 ...)
        - salt 3004.1+dfsg-1 (bug #1008945)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-release/
 CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 
3002.8, 3 ...)
        - salt 3004.1+dfsg-1 (bug #1008945)
+       [buster] - salt <end-of-life> (EOL in buster LTS)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-release/
 CVE-2022-22933
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f96d34453fa4332920f6e98dad250086ad9eb6b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f96d34453fa4332920f6e98dad250086ad9eb6b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to