[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-33460

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f22eb4c8 by Salvatore Bonaccorso at 2023-07-12T21:15:55+02:00
Update information on CVE-2023-33460

For this minor issue do not bother going extra rounds and just consider
the issue fixed only in 2.1.0-5 but still make a note to clarify the
version bump.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4348,11 +4348,12 @@ CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user ca
 	NOT-FOR-US: Harmonic NSG 9000-6G devices
 CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...)
 	{DLA-3492-1 DLA-3478-1}
-	- yajl 2.1.0-3.1 (bug #1039984)
+	- yajl 2.1.0-5 (bug #1039984)
 	[bookworm] - yajl <no-dsa> (Minor issue)
 	[bullseye] - yajl <no-dsa> (Minor issue)
 	NOTE: https://github.com/lloyd/yajl/issues/250
 	NOTE: Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0)
+	NOTE: The original fix uploaded as 2.1.0-3.1 was incomplete.
 	- burp <unfixed>
 	[buster] - burp <postponed> (Minor issue; fix only after newer releases got a fix)
 	- crun <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22eb4c896d66035c5caa0cad7c8de061c9e5d10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22eb4c896d66035c5caa0cad7c8de061c9e5d10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230712/5236a8c1/attachment.htm>