[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-1161: Note that it only partially affects <= bullseye

Adrian Bunk (@bunk) bunk at debian.org
Sat Apr 29 19:51:50 BST 2023 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92d458ca by Adrian Bunk at 2023-04-29T21:49:50+03:00
CVE-2023-1161: Note that it only partially affects <= bullseye

- - - - -
e18158d9 by Adrian Bunk at 2023-04-29T21:51:33+03:00
Reserve DLA-3402-1 for wireshark

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11467,9 +11467,10 @@ CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0
 	[experimental] - wireshark 4.0.5-1~exp1
 	- wireshark <unfixed> (bug #1033756)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
-	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839
+	NOTE: Only affects ISO 15765 dissector in bullseye and older,
+	NOTE: ISO 10681 support was added in 3.6
 CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository  ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-1159


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Apr 2023] DLA-3402-1 wireshark - security update
+	{CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994}
+	[buster] - wireshark 2.6.20-0+deb10u6
 [24 Apr 2023] DLA-3401-1 apache2 - security update
 	{CVE-2023-25690 CVE-2023-27522}
 	[buster] - apache2 2.4.38-3+deb10u10


=====================================
data/dla-needed.txt
=====================================
@@ -288,7 +288,3 @@ tinymce
   NOTE: 20221227: Programming language: PHP.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git
 --
-wireshark (Adrian Bunk)
-  NOTE: 20230420: Programming language: C.
-  NOTE: 20230420: VCS: https://salsa.debian.org/lts-team/packages/wireshark.git
---



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/08610bfbe0b720f30b44e2c335a713ed6f126bf9...e18158d932f7f54498e32f11ae7e722b06b8811f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/08610bfbe0b720f30b44e2c335a713ed6f126bf9...e18158d932f7f54498e32f11ae7e722b06b8811f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/496099b7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list