[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2023-23009/libreswan: buster not-affected

Sylvain Beucler (@beuc) beuc at debian.org
Sat Mar 4 10:53:37 GMT 2023



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bf58e19 by Sylvain Beucler at 2023-03-04T11:32:42+01:00
CVE-2023-23009/libreswan: buster not-affected

- - - - -
81736cb9 by Sylvain Beucler at 2023-03-04T11:47:39+01:00
CVE-2022-40664,CVE-2023-22602/shiro: buster postponed

- - - - -
674a7c89 by Sylvain Beucler at 2023-03-04T11:49:41+01:00
CVE-2022-25927/node-ua-parser-js: buster postponed

- - - - -
465dc3be by Sylvain Beucler at 2023-03-04T11:51:48+01:00
CVE-2022-4645/tiff: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12593,6 +12593,7 @@ CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgnite
 CVE-2023-23009 (Libreswan 4.9 allows remote attackers to cause a denial of service (as ...)
 	{DSA-5368-1}
 	- libreswan 4.9-2 (bug #1031821)
+	[buster] - libreswan <not-affected> (3.x not vulnerable)
 	NOTE: https://github.com/libreswan/libreswan/issues/954
 	NOTE: https://libreswan.org/security/CVE-2023-23009/CVE-2023-23009.txt
 CVE-2023-23008
@@ -14262,6 +14263,7 @@ CVE-2023-22602 (When using Apache Shiro before 1.11.0 together with Spring Boot
 	- shiro <unfixed> (bug #1029039)
 	[bookworm] - shiro <no-dsa> (Minor issue)
 	[bullseye] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro <postponed> (Minor issue, cf. #1029039)
 	NOTE: https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl
 CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
 	NOT-FOR-US: InHand Networks InRouter
@@ -16151,6 +16153,7 @@ CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd
 CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...)
 	{DSA-5333-1}
 	- tiff 4.4.0-5
+	[buster] - tiff <postponed> (Minor issue, OOB read / DoS)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. ...)
@@ -40621,6 +40624,7 @@ CVE-2022-40664 (Apache Shiro before 1.10.0, Authentication Bypass Vulnerability
 	- shiro <unfixed> (bug #1021671)
 	[bookworm] - shiro <no-dsa> (Minor issue)
 	[bullseye] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro <postponed> (Minor issue, too little detail)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/12/1
 CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: NIKON
@@ -81909,6 +81913,7 @@ CVE-2022-25928
 CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
 	- node-ua-parser-js <unfixed>
 	[bullseye] - node-ua-parser-js <no-dsa> (Minor issue)
+	[buster] - node-ua-parser-js <postponed> (Minor issue, ReDoS)
 	NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
 	NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bfbe42892613ded781485d30cb8949fe3542506...465dc3bea23eddee5b72909cc1be73036cc2f72d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bfbe42892613ded781485d30cb8949fe3542506...465dc3bea23eddee5b72909cc1be73036cc2f72d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230304/56d39de8/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list