[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-36811/borgbackup: follow stable triage for buster

Sylvain Beucler (@beuc) beuc at debian.org
Sat Dec 2 20:57:08 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fae62075 by Sylvain Beucler at 2023-12-02T21:56:34+01:00
CVE-2023-36811/borgbackup: follow stable triage for buster

- - - - -
6a117129 by Sylvain Beucler at 2023-12-02T21:56:35+01:00
CVE-2023-37271,CVE-2023-41039/restrictedpython: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14905,6 +14905,7 @@ CVE-2023-41039 (RestrictedPython is a restricted execution environment for Pytho
 	- restrictedpython 6.2-1
 	[bookworm] - restrictedpython <no-dsa> (Minor issue)
 	[bullseye] - restrictedpython <no-dsa> (Minor issue)
+	[buster] - restrictedpython <postponed> (Minor issue, no rdeps)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
 	NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
 CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
@@ -20988,6 +20989,7 @@ CVE-2023-36811 (borgbackup is an opensource, deduplicating archiver with compres
 	- borgbackup 1.2.5-1
 	[bookworm] - borgbackup <ignored> (Minor issue)
 	[bullseye] - borgbackup <ignored> (Minor issue)
+	[buster] - borgbackup <ignored> (Minor issue)
 	NOTE: https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99
 	NOTE: https://github.com/borgbackup/borg/commit/a2ee13fd341dcd004b4a06b17d6f2fc759327861
 	NOTE: https://github.com/borgbackup/borg/commit/bfead4b288833f890523d8881797ff6b345edaf9
@@ -21716,6 +21718,7 @@ CVE-2023-37271 (RestrictedPython is a tool that helps to define a subset of the
 	- restrictedpython 6.2-1 (bug #1041429)
 	[bookworm] - restrictedpython <no-dsa> (Minor issue)
 	[bullseye] - restrictedpython <no-dsa> (Minor issue)
+	[buster] - restrictedpython <postponed> (Minor issue, no rdeps)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh
 	NOTE: https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 (master)
 	NOTE: https://github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002 (5.3)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a36de19cb67e81be08752dd69be71f9e8a8b6843...6a11712929c8b609d801cf58db5a9613578aaa51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a36de19cb67e81be08752dd69be71f9e8a8b6843...6a11712929c8b609d801cf58db5a9613578aaa51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231202/ca91918a/attachment.htm>

More information about the debian-security-tracker-commits mailing list