[Git][security-tracker-team/security-tracker][master] 3 commits: Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.

Fri Jun 16 22:42:33 BST 2023


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
618740db by Ola Lundqvist at 2023-06-16T23:42:14+02:00
Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.

- - - - -
3682307e by Ola Lundqvist at 2023-06-16T23:42:16+02:00
Marked wireshark CVE-2023-0667 as no-dsa for buster following bullseye decision.

- - - - -
1679961e by Ola Lundqvist at 2023-06-16T23:42:16+02:00
Added syncthing to dla-needed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22674,6 +22674,7 @@ CVE-2023-0667 (Due to failure in validating the length provided by an attacker-c
 	{DSA-5429-1}
 	- wireshark 4.0.6-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://takeonme.org/cves/CVE-2023-0667.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086
 CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...)
@@ -36772,6 +36773,7 @@ CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL
 CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read  ...)
 	- nagvis 1:1.9.34-1
 	[bullseye] - nagvis <no-dsa> (Minor issue)
+	[buster] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a (nagvis-1.9.34)
 CVE-2022-46944
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -207,6 +207,9 @@ samba (Lee Garrett)
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
   NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee)
 --
+syncthing
+  NOTE: 20230616: Added by Front-Desk (opal)
+--
 webkit2gtk (Emilio)
   NOTE: 20230512: Re-added (pochu)
   NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178e878ea2a0dc1108234306f9dc67844d0ab7aa...1679961e87a6e74aaee6f44dd4c81105af295fd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178e878ea2a0dc1108234306f9dc67844d0ab7aa...1679961e87a6e74aaee6f44dd4c81105af295fd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/2f19f6ab/attachment-0001.htm>
