[Git][security-tracker-team/security-tracker][master] 2 commits: Slightly re-arrange notes and more consistent ordering of source packages

Wed Dec 20 12:44:57 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d4f068e by Salvatore Bonaccorso at 2023-12-20T13:38:04+01:00
Slightly re-arrange notes and more consistent ordering of source packages

- - - - -
22ef534f by Salvatore Bonaccorso at 2023-12-20T13:44:16+01:00
Reference backport to 1.3.8 series for proftpd commit for CVE-2023-48795

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -494,9 +494,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
 	- openssh 1:9.6p1-1
 	- paramiko <unfixed> (bug #1059006)
-	- putty 0.80-1
 	- proftpd-dfsg <unfixed>
 	- proftpd-mod-proxy <unfixed>
+	- putty 0.80-1
 	- python-asyncssh <unfixed> (bug #1059007)
 	- tinyssh <unfixed> (bug #1059058)
 	- trilead-ssh2 <unfixed>
@@ -519,6 +519,10 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1)
 	NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337
+	NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760
+	NOTE: proftpd: https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682 (v1.3.9rc2)
+	NOTE: proftpd: https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b (v1.3.8b)
+	NOTE: proftpd-mod-proxy: https://github.com/Castaglia/proftpd-mod_proxy/issues/257
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb (0.80)
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e (0.80)
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62 (0.80)
@@ -527,12 +531,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367 (0.80)
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb (0.80)
 	NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46 (0.80)
-	NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81
 	NOTE: asyncssh: https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
 	NOTE: asyncssh: https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b (v2.14.2)
-	NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760
-	NOTE: proftpd: https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682 (v1.3.9rc2)
-	NOTE: proftpd-mod-proxy: https://github.com/Castaglia/proftpd-mod_proxy/issues/257
+	NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81
 CVE-2023-41314 (The api /api/snapshot and /api/get_log_file would allow unauthenticate ...)
 	NOT-FOR-US: Apache Doris
 CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dede44ed820a5c333abbc956e131a8821c27cf3c...22ef534f9b2ad47f4f6fac3b6191ef8d045591d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dede44ed820a5c333abbc956e131a8821c27cf3c...22ef534f9b2ad47f4f6fac3b6191ef8d045591d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/2954b245/attachment.htm>
