[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2023-51767 in openssh for buster LTS.

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65e9905c by Chris Lamb at 2023-12-28T17:24:38+00:00
Triage CVE-2023-51767 in openssh for buster LTS.

- - - - -
8466d112 by Chris Lamb at 2023-12-28T17:25:29+00:00
Triage CVE-2023-7104 in sqlite3 for buster LTS.

- - - - -
30249332 by Chris Lamb at 2023-12-28T17:27:03+00:00
data/dla-needed.txt: Triage kodi for buster LTS (CVE-2021-42917)

- - - - -
b99caa35 by Chris Lamb at 2023-12-28T17:27:54+00:00
data/dla-needed.txt: Triage dask.distributed for buster LTS (CVE-2021-42343)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -214,6 +214,7 @@ CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and clas
 	- sqlite3 3.43.1-1
 	[bookworm] - sqlite3 <no-dsa> (Minor issue)
 	[bullseye] - sqlite3 <no-dsa> (Minor issue)
+	[buster] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/forum/forumpost/5bcbf4571c
 	NOTE: Fixed by: https://sqlite.org/src/info/0e4e7a05c4204b47
 CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...)
@@ -376,6 +377,7 @@ CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might a
 	- openssh <unfixed> (bug #1059393)
 	[bookworm] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
 	[bullseye] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
+	[buster] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
 	NOTE: https://arxiv.org/abs/2309.02545
 CVE-2023-51766 (Exim through 4.97 allows SMTP smuggling in certain configurations. Rem ...)
 	- exim4 4.97-3 (bug #1059387)


=====================================
data/dla-needed.txt
=====================================
@@ -53,6 +53,10 @@ cinder
 cjson (Thorsten Alteholz)
   NOTE: 20231225: Added by Front-Desk (ta)
 --
+dask.distributed
+  NOTE: 20231228: Added by Front-Desk (lamby)
+  NOTE: 20231228: CVE-2021-42343 fixed in bullseye via DSA or point release. (lamby)
+--
 docker.io
   NOTE: 20230303: Added by Front-Desk (Beuc)
   NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk)
@@ -104,6 +108,10 @@ keystone
 knot-resolver
   NOTE: 20231029: Added by Front-Desk (gladk)
 --
+kodi
+  NOTE: 20231228: Added by Front-Desk (lamby)
+  NOTE: 20231228: CVE-2021-42917 was postponed in 2021; fixed in bullseye via DSA or point release. (lamby)
+--
 libde265 (Thorsten Alteholz)
   NOTE: 20231224: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1376f504d3baf9021b2e783cd2f5dd4c26b9ea3...b99caa35b9e556c7eb34c507754e4c93f94d026c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1376f504d3baf9021b2e783cd2f5dd4c26b9ea3...b99caa35b9e556c7eb34c507754e4c93f94d026c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231228/caac6a4c/attachment-0001.htm>