[Git][security-tracker-team/security-tracker][master] Reference upstream commits directly for python-werkzeug issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 14 07:22:05 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5434fb2 by Salvatore Bonaccorso at 2023-06-14T08:21:26+02:00
Reference upstream commits directly for python-werkzeug issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21125,7 +21125,9 @@ CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) fram
 CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
 	{DLA-3346-1}
 	- python-werkzeug 2.2.2-3 (bug #1031370)
-	NOTE: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 (2.2.3)
+	NOTE: https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b (2.2.3)
+	NOTE: https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9 (2.2.3)
+	NOTE: https://github.com/pallets/werkzeug/commit/babc8d9e8c9fa995ef26050698bc9b5a92803664 (2.2.3)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
 CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
 	NOT-FOR-US: Fastify plugin
@@ -25763,7 +25765,7 @@ CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.
 CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
 	{DLA-3346-1}
 	- python-werkzeug 2.2.2-3 (bug #1031370)
-	NOTE: https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028 (2.2.3)
+	NOTE: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 (2.2.3)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
 CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...)
 	NOT-FOR-US: OpenSearch Anomaly Detection



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5434fb24bd17bb9a83df102c868a6226547b5db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5434fb24bd17bb9a83df102c868a6226547b5db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/6f2cd85f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list