[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-25652 as no-dsa for Buster

Sun May 7 00:06:05 BST 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fa17816 by Thorsten Alteholz at 2023-05-07T00:54:35+02:00
mark CVE-2023-25652 as no-dsa for Buster

- - - - -
218bd853 by Thorsten Alteholz at 2023-05-07T00:55:07+02:00
mark CVE-2023-29007 as no-dsa for Buster

- - - - -
ecef4e62 by Thorsten Alteholz at 2023-05-07T01:01:20+02:00
mark CVE-2023-31484 as no-dsa for Buster

- - - - -
a459575c by Thorsten Alteholz at 2023-05-07T01:04:21+02:00
mark CVE-2023-2426 as no-dsa for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157,6 +157,7 @@ CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
 CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	- vim 2:9.0.1378-2 (bug #1035323)
 	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
 	NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499)
 CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
@@ -166,6 +167,7 @@ CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates wh
 CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading  ...)
 	- perl <unfixed> (bug #1035109)
 	[bullseye] - perl <no-dsa> (Minor issue)
+	[buster] - perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/andk/cpanpm/pull/175
 	NOTE: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)
 CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a di ...)
@@ -6786,6 +6788,7 @@ CVE-2023-29008 (The SvelteKit framework offers developers an option to create si
 CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
 	- git 1:2.40.1-1 (bug #1034835)
 	[bullseye] - git <no-dsa> (Minor issue)
+	[buster] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9)
 	NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a (v2.30.9)
@@ -17083,6 +17086,7 @@ CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Sign
 CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
 	- git 1:2.40.1-1 (bug #1034835)
 	[bullseye] - git <no-dsa> (Minor issue)
+	[buster] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
 CVE-2023-25651



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b0631c5b6e684c8d3c43160a7261623308ae1c7...a459575c659cf74601dc47911e34c88ae8f11eea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b0631c5b6e684c8d3c43160a7261623308ae1c7...a459575c659cf74601dc47911e34c88ae8f11eea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230506/f5a93fd6/attachment-0001.htm>
