[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-25104/iortcw: buster end-of-life

Sylvain Beucler (@beuc) beuc at debian.org
Fri Mar 3 15:53:39 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd644ef8 by Sylvain Beucler at 2023-03-03T16:48:06+01:00
CVE-2019-25104/iortcw: buster end-of-life

- - - - -
cc047d3e by Sylvain Beucler at 2023-03-03T16:52:26+01:00
CVE-2022-25901/node-cookiejar: buster postponed

- - - - -
d6725b60 by Sylvain Beucler at 2023-03-03T16:52:59+01:00
CVE-2023-25155/redis: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3746,6 +3746,7 @@ CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCo
 CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...)
 	- iortcw <unfixed> (bug #1031732)
 	[bullseye] - iortcw <no-dsa> (Minor issue)
+	[buster] - iortcw <end-of-life> (games are not supported in LTS)
 	NOTE: https://github.com/rtcwcoop/rtcwcoop/pull/45
 	NOTE: Reported against a version based on iortcw, but seems missing in iortcw
 CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...)
@@ -6466,6 +6467,7 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impos
 CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
 	- redis <unfixed> (bug #1032279)
 	[bullseye] - redis <no-dsa> (Minor issue)
+	[buster] - redis <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
 	NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9)
 CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...)
@@ -81787,6 +81789,7 @@ CVE-2022-25902
 CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...)
 	- node-cookiejar 2.1.4+~2.1.2-1
 	[bullseye] - node-cookiejar <no-dsa> (Minor issue)
+	[buster] - node-cookiejar <postponed> (Minor issue, ReDoS)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
 	NOTE: https://github.com/bmeck/node-cookiejar/pull/39
 	NOTE: https://github.com/bmeck/node-cookiejar/commit/eaa00021caf6ae09449dde826108153b578348e5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9c2cc69cbac3ef5d0cf41c9bd355a435c015ce7...d6725b60ee87a5077c039c334aab49ab4b1ca580

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9c2cc69cbac3ef5d0cf41c9bd355a435c015ce7...d6725b60ee87a5077c039c334aab49ab4b1ca580
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/7466fae9/attachment.htm>

More information about the debian-security-tracker-commits mailing list