[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2023-48795 as no-dsa for proftpd-dfsg in Buster

Sun Dec 24 00:04:42 GMT 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9883cbe5 by Thorsten Alteholz at 2023-12-24T01:04:13+01:00
mark CVE-2023-48795 as no-dsa for proftpd-dfsg in Buster

- - - - -
dc1a125e by Thorsten Alteholz at 2023-12-24T01:04:15+01:00
mark CVE-2023-48795 as no-dsa for erlang in Buster

- - - - -
fe68ad6c by Thorsten Alteholz at 2023-12-24T01:04:16+01:00
mark CVE-2023-51704 as postponed

- - - - -
f90c2ea0 by Thorsten Alteholz at 2023-12-24T01:04:18+01:00
mark temporary entry as no-dsa for spip in Buster

- - - - -
e6a8ae29 by Thorsten Alteholz at 2023-12-24T01:04:20+01:00
mark CVE-2023-4255 as no-dsa for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -179,6 +179,7 @@ CVE-2023-XXXX [XSS issue fixed in 4.1.13 upstream]
 	- spip 4.1.13+dfsg-1 (bug #1059331)
 	[bookworm] - spip <no-dsa> (Minor issue)
 	[bullseye] - spip <no-dsa> (Minor issue)
+	[buster] - spip <no-dsa> (Minor issue)
 CVE-2023-7059 (A vulnerability was found in SourceCodester School Visitor Log e-Book  ...)
 	NOT-FOR-US: SourceCodester School Visitor Log e-Book
 CVE-2023-7058 (A vulnerability was found in SourceCodester Simple Student Attendance  ...)
@@ -224,6 +225,7 @@ CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x thro
 	- mediawiki <unfixed>
 	[bookworm] - mediawiki <postponed> (Minor issue, fix along in next update)
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along in next update)
+	[buster] - mediawiki <postponed> (Minor issue, fix along in next update)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
 	NOTE: https://phabricator.wikimedia.org/T347726
 CVE-2023-51380 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
@@ -415,6 +417,7 @@ CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has be
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4255 (An out-of-bounds write issue has been discovered in the backspace hand ...)
 	- w3m <unfixed> (bug #1059265)
+	[buster] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
 	NOTE: https://github.com/tats/w3m/issues/268
 	NOTE: https://github.com/tats/w3m/pull/273
@@ -1228,6 +1231,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
 	[bookworm] - erlang <no-dsa> (Minor issue)
 	[bullseye] - erlang <no-dsa> (Minor issue)
+	[buster] - erlang <no-dsa> (Minor issue)
 	- filezilla 3.66.4-1
 	- golang-go.crypto <unfixed> (bug #1059003)
 	- jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58)
@@ -1241,6 +1245,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
 	[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
 	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
 	- proftpd-mod-proxy 0.9.3-1 (bug #1059290)
 	[bookworm] - proftpd-mod-proxy <no-dsa> (Minor issue)
 	[bullseye] - proftpd-mod-proxy <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e4968a1025a798e289cbd35cb50cd7267fe92f09...e6a8ae29b8ddd7e6187c4f307ce8c56f376d6b4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e4968a1025a798e289cbd35cb50cd7267fe92f09...e6a8ae29b8ddd7e6187c4f307ce8c56f376d6b4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231224/c8b29ad9/attachment.htm>
