[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2023-28862 in lemonldap-ng for buster LTS.

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6cb1cf6 by Chris Lamb at 2023-03-30T09:52:15+01:00
Triage CVE-2023-28862 in lemonldap-ng for buster LTS.

- - - - -
f5af24b3 by Chris Lamb at 2023-03-30T09:52:49+01:00
Triage CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466 in openssl for buster LTS.

- - - - -
5229c1d3 by Chris Lamb at 2023-03-30T09:53:12+01:00
Triage CVE-2023-25809 in runc for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -528,6 +528,7 @@ CVE-2023-28862
 	RESERVED
 	- lemonldap-ng 2.16.1+ds-1
 	[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+	[buster] - lemonldap-ng <no-dsa> (Minor issue)
 CVE-2023-28861
 	RESERVED
 CVE-2023-28860
@@ -9350,6 +9351,7 @@ CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior
 CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...)
 	- runc 1.1.5+ds1-1
 	[bullseye] - runc <no-dsa> (Minor issue)
+	[buster] - runc <no-dsa> (Minor issue)
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
 	NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5)
 CVE-2023-25808
@@ -13436,18 +13438,21 @@ CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly
 CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
 	- openssl <unfixed>
 	[bullseye] - openssl <no-dsa> (Minor issue)
+	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
 CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
 	- openssl <unfixed>
 	[bullseye] - openssl <no-dsa> (Minor issue)
+	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable)
 CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
 	- openssl <unfixed>
 	[bullseye] - openssl <no-dsa> (Minor issue)
+	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230322.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b (OpenSSL_1_1_1-stable)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df...5229c1d32501fd0cc33b60fb84d306135ad867e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df...5229c1d32501fd0cc33b60fb84d306135ad867e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/843ba696/attachment-0001.htm>