[Git][security-tracker-team/security-tracker][master] Add references for c-ares issues

Mon May 22 20:15:11 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
396903fa by Salvatore Bonaccorso at 2023-05-22T21:13:53+02:00
Add references for c-ares issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,6 +2,7 @@ CVE-2023-32067
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed>
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
+	NOTE: https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae (cares-1_19_1)
 CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...)
 	TODO: check
 CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...)
@@ -1839,6 +1840,7 @@ CVE-2023-31147
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed> (unimportant)
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
+	NOTE: https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5 (cares-1_19_1)
 	NOTE: Any Debian system/port provides /dev/urandom
 CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
 	NOT-FOR-US: Vyper
@@ -1879,6 +1881,7 @@ CVE-2023-31130
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed>
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
+	NOTE: https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 (cares-1_19_1)
 CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
 	NOT-FOR-US: Contiki-NG
 CVE-2023-31128
@@ -1894,6 +1897,7 @@ CVE-2023-31124
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed> (unimportant)
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
+	NOTE: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d (cares-1_19_1)
 	NOTE: No impact on binaries shipped by Debian
 CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform  ...)
 	NOT-FOR-US: effectindex/tripreporter



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396903fae2d4f4c3092fa53b59de37f992c2cf55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396903fae2d4f4c3092fa53b59de37f992c2cf55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/b0fdeec6/attachment.htm>
