[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2023-36201 as ignored for buster

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53d95b27 by Anton Gladky at 2023-07-09T20:45:19+02:00
Mark CVE-2023-36201 as ignored for buster

- - - - -
ebd698e1 by Anton Gladky at 2023-07-09T20:45:19+02:00
Mark CVE-2023-3523 as EOL for buster (gpac)

- - - - -
2533cd69 by Anton Gladky at 2023-07-09T20:45:19+02:00
LTS: Add node-tough-cookie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,6 +109,7 @@ CVE-2023-36256 (The Online Examination System Project 1.0 version is vulnerable
 CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker  ...)
 	- iotjs <removed>
 	[bullseye] - iotjs <ignored> (Minor issue)
+	[buster] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5026
 CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP  ...)
 	NOT-FOR-US: Zoho
@@ -160,6 +161,7 @@ CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
 	- gpac <unfixed>
 	NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
 	NOTE: https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 CVE-2023-3456 (Vulnerability of kernel raw address leakage in the  hang detector modu ...)
 	NOT-FOR-US: Huawei
 CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...)


=====================================
data/dla-needed.txt
=====================================
@@ -103,6 +103,9 @@ linux (Ben Hutchings)
 mediawiki (Markus Koschany)
   NOTE: 20230701: Added by Front-Desk (ta)
 --
+node-tough-cookie
+  NOTE: 20230709: Added by Front-Desk (gladk)
+--
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression
@@ -132,6 +135,9 @@ openjdk-11 (Emilio)
   NOTE: 20230612: sid updated, preparing backport (pochu)
   NOTE: 20230627: waiting for DSA (pochu)
 --
+pandoc
+  NOTE: 20230709: Added by Front-Desk (gladk)
+--
 php-dompdf (rouca)
   NOTE: 20230618: Added by Front-Desk (opal)
   NOTE: 20230618: Low priority but higher than to not fix it.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00404a33424169134995001a541dfecc28fd17a8...2533cd69dae703e8ebb5ec18e44b2b682bcf950d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00404a33424169134995001a541dfecc28fd17a8...2533cd69dae703e8ebb5ec18e44b2b682bcf950d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230709/9b16899b/attachment-0001.htm>