[Git][security-tracker-team/security-tracker][master] Reserve DLA-3692-1 for curl
Adrian Bunk (@bunk)
bunk at debian.org
Tue Dec 19 07:16:20 GMT 2023
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72c00733 by Adrian Bunk at 2023-12-19T09:16:03+02:00
Reserve DLA-3692-1 for curl
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -42187,7 +42187,6 @@ CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and a
CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0 when do ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl 7.74.0-1.3+deb11u9
- [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28322.html
NOTE: Introduced by: https://github.com/curl/curl/commit/546572da0457f37c698c02d0a08d90fdfcbeedec (curl-7_7)
NOTE: Fixed by: https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de6c5e61272c496b (curl-8_1_0)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Dec 2023] DLA-3692-1 curl - security update
+ {CVE-2023-28322 CVE-2023-46218}
+ [buster] - curl 7.64.0-4+deb10u8
[18 Dec 2023] DLA-3691-1 spip - security update
[buster] - spip 3.2.4-1+deb10u12
[17 Dec 2023] DLA-3686-2 xorg-server - security update
=====================================
data/dla-needed.txt
=====================================
@@ -56,10 +56,6 @@ cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
--
-curl (Adrian Bunk)
- NOTE: 20231210: Added by Front-Desk (ta)
- NOTE: 20231210: maybe also take care of https://lists.debian.org/debian-lts/2023/12/msg00020.html
---
docker.io
NOTE: 20230303: Added by Front-Desk (Beuc)
NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c0073304accd5e3a9db27db1f469312dcf78e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c0073304accd5e3a9db27db1f469312dcf78e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/5428593e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list