[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Mark CVE-2023-26590 as not-affected"

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 13 11:21:28 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08d4ab66 by Salvatore Bonaccorso at 2023-08-13T12:20:25+02:00
Revert "Mark CVE-2023-26590 as not-affected"

This reverts commit 4009500a2ff716b394a38b09c42a73cbe257228f.

The correct entry should be note the version including the fix landing
in unstable, and separately if still in the supported suites in the
security-tracker a respective suite entry.

Additionally a note should clarify why this CVE is fixed by a particular
change from the different CVE.

- - - - -
b04805f9 by Salvatore Bonaccorso at 2023-08-13T12:20:57+02:00
Revert "Mark CVE-2023-34432 as not affected"

This reverts commit b13f24703fd76432c9930e121d4a21e867eb71ee.

The correct entry should be note the version including the fix landing
in unstable, and separately if still in the supported suites in the
security-tracker a respective suite entry.

Additionally a note should clarify why this CVE is fixed by a particular
change from the different CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4904,10 +4904,9 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the
 CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...)
 	NOT-FOR-US: SICK
 CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...)
-	- sox <not-affected> (fixed by fix of CVE-2021-23159 and CVE-2021-23172)
+	- sox <unfixed> (bug #1041110)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291
 	NOTE: https://sourceforge.net/p/sox/bugs/367/
-	NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2021-23159.patch
 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...)
 	NOT-FOR-US: Delta Electronics InfraSuite Device Master
 CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...)
@@ -4941,10 +4940,9 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp
 CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...)
-	- sox <not-affected> (Fixed by CVE-2022-31650 patch)
+	- sox <unfixed> (bug #1041113)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279
 	NOTE: https://sourceforge.net/p/sox/bugs/370/
-	NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch
 CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...)
 	NOT-FOR-US: Dynacase
 CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230813/e6164b70/attachment.htm>


More information about the debian-security-tracker-commits mailing list