[Git][security-tracker-team/security-tracker][master] Remove source package listings from CVE-2023-33460 with no security impact

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
230e1c66 by Salvatore Bonaccorso at 2023-06-25T20:55:48+02:00
Remove source package listings from CVE-2023-33460 with no security impact

Might not yet be complete, but for the one removed there is no security
impact from the memory leak in the embedded yajl copy.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2057,15 +2057,11 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
 	[bullseye] - yajl <no-dsa> (Minor issue)
 	[buster] - yajl <postponed> (Minor issue)
 	NOTE: https://github.com/lloyd/yajl/issues/250
-	- argyll <unfixed>
 	- burp <unfixed>
-	- collada2gltf <unfixed>
 	- crun <unfixed>
 	- epic-base <unfixed>
-	- lnav <unfixed>
 	- r-cran-jsonlite <unfixed>
 	- ruby-yajl <unfixed>
-	- whitedb <unfixed>
 CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...)
 	NOT-FOR-US: Sogou Workflow
 CVE-2023-33381 (A command injection vulnerability was found in the ping functionality  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/230e1c66b5df3f8c29e672b74bd7dc66274d7e24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/230e1c66b5df3f8c29e672b74bd7dc66274d7e24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230625/353998b0/attachment.htm>