[Git][security-tracker-team/security-tracker][master] 3 commits: Added python-mechanize to dla-needed.

Ola Lundqvist (@opal) opal at debian.org
Thu Jun 15 21:24:07 BST 2023 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01c88224 by Ola Lundqvist at 2023-06-15T22:23:45+02:00
Added python-mechanize to dla-needed.

- - - - -
1b93beb5 by Ola Lundqvist at 2023-06-15T22:23:46+02:00
Marked rust-h2 CVE-2023-26964 as no-dsa (minor issue) for buster.

- - - - -
a3aae462 by Ola Lundqvist at 2023-06-15T22:23:48+02:00
Marked jackson-databind CVE-2023-35116 as no-dsa (minor issue) for buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,6 +89,7 @@ CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts pr
 	TODO: check
 CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers  ...)
 	- jackson-databind <unfixed>
+	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
 CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...)
 	TODO: check
@@ -17401,6 +17402,7 @@ CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a h
 	TODO: check
 CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
 	- rust-h2 0.3.13-2 (bug #1034723)
+	[buster] - rust-h2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/hyperium/hyper/issues/2877
 	NOTE: https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0034.html


=====================================
data/dla-needed.txt
=====================================
@@ -141,6 +141,9 @@ python-glance-store
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
 --
+python-mechanize
+  NOTE: 20230614: Added by Front-Desk (opal)
+--
 python-os-brick
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95f32127b4f4527bfec3a21ad4c836171d5aa0f...a3aae462df9892ff4ebd50712952c8d8e7c04e66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95f32127b4f4527bfec3a21ad4c836171d5aa0f...a3aae462df9892ff4ebd50712952c8d8e7c04e66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/79f822db/attachment.htm>

More information about the debian-security-tracker-commits mailing list