[Git][security-tracker-team/security-tracker][master] Drop CVE-2023-32001 as rejected
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 27 07:58:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d61978d6 by Salvatore Bonaccorso at 2023-08-27T08:57:08+02:00
Drop CVE-2023-32001 as rejected
The CNA reason (Hackerone) is:
Rejected Reason: We issued this CVE pre-maturely, as we have
subsequently realized that this issue points out a problem that
there really is no safe measures around or protections for.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4823,14 +4823,8 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters ma
NOTE: https://github.com/openssl/openssl/commit/9e0094e2aa1b3428a12d5095132f133c078d3c3d (master)
NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0.10)
NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1v)
-CVE-2023-32001 (libcurl can be told to save cookie, HSTS and/or alt-svc data to files. ...)
- {DSA-5460-1}
- - curl 7.88.1-11 (bug #1041812)
- [bullseye] - curl <not-affected> (Vulnerable code not present)
- [buster] - curl <not-affected> (Vulnerable code not present)
- NOTE: https://curl.se/docs/CVE-2023-32001.html
- NOTE: Introduced at: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0)
- NOTE: Fixed by: https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde (curl-8_2_0)
+CVE-2023-32001
+ REJECTED
CVE-2023-3740 (Insufficient validation of untrusted input in Themes in Google Chrome ...)
{DSA-5456-1}
- chromium 115.0.5790.98-1
=====================================
data/DSA/list
=====================================
@@ -82,7 +82,6 @@
{CVE-2023-3390 CVE-2023-3610 CVE-2023-20593}
[bullseye] - linux 5.10.179-3
[26 Jul 2023] DSA-5460-1 curl - security update
- {CVE-2023-32001}
[bookworm] - curl 7.88.1-10+deb12u1
[25 Jul 2023] DSA-5459-1 amd64-microcode - security update
{CVE-2023-20593}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61978d6ee17a25ab0d8cff51f5bb61259d66d1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61978d6ee17a25ab0d8cff51f5bb61259d66d1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230827/50cfcab4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list