[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVEs for gss-ntlmssp as no-dsa for Buster

Sun May 7 09:48:04 BST 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
309f620a by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
mark CVEs for gss-ntlmssp as no-dsa for Buster

- - - - -
f85dc448 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
add libfastjson

- - - - -
03619494 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
update note

- - - - -
85011540 by Thorsten Alteholz at 2023-05-07T10:47:38+02:00
mark CVE-2023-30861 as postponed for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1563,6 +1563,7 @@ CVE-2023-2167
 	RESERVED
 CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...)
 	- flask <unfixed>
+	[buster] - flask <postponed> (Minor issue)
 	NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq
 	NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5)
 	NOTE: https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d (2.3.2)
@@ -17391,6 +17392,7 @@ CVE-2023-25568
 CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements  ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
 	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+	[buster] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0)
 CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -17402,6 +17404,7 @@ CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp
 CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
 	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+	[buster] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0)
 CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
@@ -17413,6 +17416,7 @@ CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that imp
 CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...)
 	- gss-ntlmssp 1.2.0-1 (bug #1031369)
 	[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
+	[buster] - gss-ntlmssp <no-dsa> (Minor issue)
 	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf
 	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0)
 CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -86,6 +86,10 @@ hdf5 (tobi)
   NOTE: 20230506: tried to triage… seems to be that only sensible way forward would be to update to a newer version in the 1.10.x
   NOTE: 20230506: line. Still then, state of CVEs are unknown if they have been fixed. 1.10.11 is scheduled for September. (tobi)
 --
+libfastjson (Thorsten Alteholz)
+  NOTE: 20230507: Programming language: C.
+  NOTE: 20230507: the CVE was fixed in json-c already
+--
 linux (Ben Hutchings)
   NOTE: 20230111: Programming language: C
 --
@@ -212,7 +216,7 @@ rainloop
 ring (Thorsten Alteholz)
   NOTE: 20221120: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
-  NOTE: 20230423: move CVEs appeared
+  NOTE: 20230507: testing package
 --
 ruby-loofah
   NOTE: 20221231: Programming language: Ruby.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d04f63a137ce79e97e43e499a0eb32e8277626f...85011540d8523a71d28f7db2291a921a89e48478
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230507/b0cd0bf1/attachment-0001.htm>
