[Git][security-tracker-team/security-tracker][master] Mark chef debian package not-affected by CVE-2023-28864

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16c3addf by Bastien Roucariès at 2023-08-03T11:01:47+00:00
Mark chef debian package not-affected by CVE-2023-28864

Chef-server upstream package was removed from chef debian package in 201207 after reintroduction of chef in 201205

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17220,6 +17220,7 @@ CVE-2023-28865
 	RESERVED
 CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker to expl ...)
 	- chef <removed>
+	[buster] - chef <not-affected> (chef package does not include upstream chef-server)
 	NOTE: https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation
 	NOTE: https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42
 	NOTE: Fixed by: https://github.com/chef/chef-server/commit/985dfee99044ff477dbc08462b6d69add70f8608 (15.7.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c3addf684ddf5da8d7aa9d7fc751415fbcd4a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c3addf684ddf5da8d7aa9d7fc751415fbcd4a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/ee0fc20f/attachment.htm>