[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-27534,curl: buster is no-dsa

Markus Koschany (@apo) apo at debian.org
Fri Apr 21 20:58:42 BST 2023



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37dff768 by Markus Koschany at 2023-04-21T21:57:38+02:00
CVE-2023-27534,curl: buster is no-dsa

Minor issue

- - - - -
1bcf7220 by Markus Koschany at 2023-04-21T21:58:32+02:00
Reserve DLA-3398-1 for curl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10252,6 +10252,7 @@ CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0
 CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implement ...)
 	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
+	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27534.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Apr 2023] DLA-3398-1 curl - security update
+	{CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538}
+	[buster] - curl 7.64.0-4+deb10u6
 [21 Apr 2023] DLA-3397-1 connman - security update
 	{CVE-2023-28488}
 	[buster] - connman 1.36-2.1~deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -56,12 +56,6 @@ consul
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git
   NOTE: 20230423: WIP, Fixed CVE-2018-19653 (abhijith)
 --
-curl (Markus Koschany)
-  NOTE: 20230321: Programming language: C.
-  NOTE: 20230321: VCS: https://salsa.debian.org/lts-team/packages/curl.git
-  NOTE: 20230321: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/curl.html
-  NOTE: 20230321: Special attention: High popcon! Roberto has some experience with the package..
---
 docker.io (gladk)
   NOTE: 20230303: Programming language: Go.
   NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c268dc569a122c034b560e896090301b004c016...1bcf72207413c81a6e2b49c345807903cc5d7d28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c268dc569a122c034b560e896090301b004c016...1bcf72207413c81a6e2b49c345807903cc5d7d28
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230421/aa61d42f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list