[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2023-28450 in dnsmasq for buster LTS.

Chris Lamb (@lamby) lamby at debian.org
Mon Mar 27 17:56:48 BST 2023



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd53905f by Chris Lamb at 2023-03-27T17:51:38+01:00
Triage CVE-2023-28450 in dnsmasq for buster LTS.

- - - - -
7c0ba429 by Chris Lamb at 2023-03-27T17:53:37+01:00
Triage CVE-2023-25564 & CVE-2023-25566 in gss-ntlmssp for buster LTS.

- - - - -
cbbed960 by Chris Lamb at 2023-03-27T17:55:33+01:00
Triage CVE-2022-43441 in node-sqlite3 for buster LTS.

- - - - -
3f14df8f by Chris Lamb at 2023-03-27T17:56:00+01:00
Triage CVE-2023-1350 in liferea for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1424,6 +1424,7 @@ CVE-2023-28451
 CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
 	- dnsmasq <unfixed> (bug #1033165)
 	[bullseye] - dnsmasq <no-dsa> (Minor issue)
+	[buster] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
 CVE-2023-1424
 	RESERVED
@@ -2527,6 +2528,7 @@ CVE-2023-1351 (A vulnerability classified as critical has been found in SourceCo
 CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critical. A ...)
 	- liferea 1.14.1-1 (bug #1032822)
 	[bullseye] - liferea <no-dsa> (Minor issue)
+	[buster] - liferea <no-dsa> (Minor issue)
 	NOTE: Introduced by: https://github.com/lwindolf/liferea/commit/b8288389820a3f510ef4b21684b22439c41d95a5 (v1.12.0)
 	NOTE: introduced by: https://github.com/lwindolf/liferea/commit/b67dbba73443ab7b36fcd3c78aa803e974c0f23e (v1.12.0)
 	NOTE: Fixed by: https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 (v1.14.1)
@@ -9866,6 +9868,7 @@ CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that imple
 CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
 	[bullseye] - gss-ntlmssp <not-affected> (Vulnerable code not present)
+	[buster] - gss-ntlmssp <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0)
 CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -9875,6 +9878,7 @@ CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp
 CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
 	[bullseye] - gss-ntlmssp <not-affected> (Vulnerable code not present)
+	[buster] - gss-ntlmssp <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0)
 CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -37222,6 +37226,7 @@ CVE-2022-43445
 CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...)
 	{DSA-5373-1}
 	- node-sqlite3 5.1.5+ds1-1
+	[buster] - node-sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
 	NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5)
 CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0938fb250c6380b9991e94baf8b65a0c21d6519...3f14df8f9ad4756270799114397ca251fadd0a84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0938fb250c6380b9991e94baf8b65a0c21d6519...3f14df8f9ad4756270799114397ca251fadd0a84
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230327/1eacd021/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list