[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2023-51767 in openssh for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Dec 28 17:28:30 GMT 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65e9905c by Chris Lamb at 2023-12-28T17:24:38+00:00
Triage CVE-2023-51767 in openssh for buster LTS.
- - - - -
8466d112 by Chris Lamb at 2023-12-28T17:25:29+00:00
Triage CVE-2023-7104 in sqlite3 for buster LTS.
- - - - -
30249332 by Chris Lamb at 2023-12-28T17:27:03+00:00
data/dla-needed.txt: Triage kodi for buster LTS (CVE-2021-42917)
- - - - -
b99caa35 by Chris Lamb at 2023-12-28T17:27:54+00:00
data/dla-needed.txt: Triage dask.distributed for buster LTS (CVE-2021-42343)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -214,6 +214,7 @@ CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and clas
- sqlite3 3.43.1-1
[bookworm] - sqlite3 <no-dsa> (Minor issue)
[bullseye] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/forum/forumpost/5bcbf4571c
NOTE: Fixed by: https://sqlite.org/src/info/0e4e7a05c4204b47
CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...)
@@ -376,6 +377,7 @@ CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might a
- openssh <unfixed> (bug #1059393)
[bookworm] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
[bullseye] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
+ [buster] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
NOTE: https://arxiv.org/abs/2309.02545
CVE-2023-51766 (Exim through 4.97 allows SMTP smuggling in certain configurations. Rem ...)
- exim4 4.97-3 (bug #1059387)
=====================================
data/dla-needed.txt
=====================================
@@ -53,6 +53,10 @@ cinder
cjson (Thorsten Alteholz)
NOTE: 20231225: Added by Front-Desk (ta)
--
+dask.distributed
+ NOTE: 20231228: Added by Front-Desk (lamby)
+ NOTE: 20231228: CVE-2021-42343 fixed in bullseye via DSA or point release. (lamby)
+--
docker.io
NOTE: 20230303: Added by Front-Desk (Beuc)
NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk)
@@ -104,6 +108,10 @@ keystone
knot-resolver
NOTE: 20231029: Added by Front-Desk (gladk)
--
+kodi
+ NOTE: 20231228: Added by Front-Desk (lamby)
+ NOTE: 20231228: CVE-2021-42917 was postponed in 2021; fixed in bullseye via DSA or point release. (lamby)
+--
libde265 (Thorsten Alteholz)
NOTE: 20231224: Added by Front-Desk (ta)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1376f504d3baf9021b2e783cd2f5dd4c26b9ea3...b99caa35b9e556c7eb34c507754e4c93f94d026c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1376f504d3baf9021b2e783cd2f5dd4c26b9ea3...b99caa35b9e556c7eb34c507754e4c93f94d026c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231228/caac6a4c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list