[Git][security-tracker-team/security-tracker][master] 3 commits: Remove memcached from dla-needed.txt
Markus Koschany (@apo)
apo at debian.org
Sat Nov 4 23:19:11 GMT 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
334571c9 by Markus Koschany at 2023-11-05T00:13:24+01:00
Remove memcached from dla-needed.txt
- - - - -
d66194c5 by Markus Koschany at 2023-11-05T00:14:38+01:00
Triage CVE-2023-46852,CVE-2023-46853,memcached as not affected for Buster
The vulnerable code was introduced in later releases.
See
https://github.com/memcached/memcached/commit/d22b66483bce8843110795609386edc6ebf65b69
- - - - -
a6dea465 by Markus Koschany at 2023-11-05T00:17:30+01:00
Claim netty in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1092,11 +1092,13 @@ CVE-2023-46853 (In Memcached before 1.6.22, an off-by-one error exists when proc
- memcached 1.6.22-1
[bookworm] - memcached <no-dsa> (Minor issue)
[bullseye] - memcached <no-dsa> (Minor issue)
+ [buster] - memcached <not-affected> (The vulnerable code was introduced later)
NOTE: https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa (1.6.22)
CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when processing m ...)
- memcached 1.6.22-1
[bookworm] - memcached <no-dsa> (Minor issue)
[bullseye] - memcached <no-dsa> (Minor issue)
+ [buster] - memcached <not-affected> (The vulnerable code was introduced later)
NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22)
CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerabili ...)
- activemq <unfixed> (bug #1054909)
=====================================
data/dla-needed.txt
=====================================
@@ -132,14 +132,11 @@ lwip
mediawiki (guilhem)
NOTE: 20231011: Added by Front-Desk (ta)
--
-memcached (Markus Koschany)
- NOTE: 20231029: Added by Front-Desk (gladk)
---
mosquitto (Markus Koschany)
NOTE: 20230924: Added by Front-Desk (apo)
NOTE: 20231009: Waiting for upstream clarification how to proceed with open CVE. (apo)
--
-netty
+netty (Markus Koschany)
NOTE: 20231104: Added by Front-Desk (lamby)
NOTE: 20231104: For, at least, CVE-2023-44487. (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d0f985fa27b64648fbb9e89d112ba6386220cd...a6dea465fc1ab0e1751bff0880c481020624cd99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d0f985fa27b64648fbb9e89d112ba6386220cd...a6dea465fc1ab0e1751bff0880c481020624cd99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231104/5310b7c5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list