[Git][security-tracker-team/security-tracker][master] Reserve DLA-3347-1 for spip
Guilhem Moulin (@guilhem)
guilhem at debian.org
Mon Feb 27 20:03:21 GMT 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
928a6497 by Guilhem Moulin at 2023-02-27T21:03:02+01:00
Reserve DLA-3347-1 for spip
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7420,6 +7420,7 @@ CVE-2023-0480
CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
- spip 4.1.7+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u6
+ [buster] - spip 3.2.4-1+deb10u10
NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,5 @@
+[27 Feb 2023] DLA-3347-1 spip - security update
+ [buster] - spip 3.2.4-1+deb10u10
[27 Feb 2023] DLA-3346-1 python-werkzeug - security update
{CVE-2023-23934 CVE-2023-25577}
[buster] - python-werkzeug 0.14.1+dfsg1-4+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -287,11 +287,6 @@ samba (Lee Garrett)
NOTE: 20220904: Special attention: High popcon! Used in many servers.
NOTE: 20220904: Many postponed or open CVE in general. (apo)
--
-spip (guilhem)
- NOTE: 20230206: Programming language: PHP.
- NOTE: 20230206: Special attention: Please contact maintainer regarding VCS usage
- NOTE: 20230206: VCS: https://salsa.debian.org/debian/spip.git
---
sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/928a6497887b20d3d686d8b42a08d41fdbae2eba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/928a6497887b20d3d686d8b42a08d41fdbae2eba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/ebf9c9bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list