[Git][security-tracker-team/security-tracker][master] Reserve DLA-3648-1 for tang
Chris Lamb (@lamby)
lamby at debian.org
Tue Nov 7 12:04:53 GMT 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61677687 by Chris Lamb at 2023-11-07T12:04:04+00:00
Reserve DLA-3648-1 for tang
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32164,7 +32164,6 @@ CVE-2023-1672 (A race condition exists in the Tang server functionality for key
- tang 14-1 (bug #1038119)
[bookworm] - tang 11-2+deb12u1
[bullseye] - tang 8-3+deb11u2
- [buster] - tang <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
NOTE: https://census-labs.com/news/2023/06/15/race-tang/
CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed handler ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Nov 2023] DLA-3648-1 tang - security update
+ {CVE-2023-1672}
+ [buster] - tang 7-1+deb10u2
[07 Nov 2023] DLA-3647-1 trapperkeeper-webserver-jetty9-clojure - security update
[buster] - trapperkeeper-webserver-jetty9-clojure 1.7.0-2+deb10u2
[05 Nov 2023] DLA-3646-1 open-vm-tools - security update
=====================================
data/dla-needed.txt
=====================================
@@ -244,10 +244,6 @@ suricata (Adrian Bunk)
NOTE: 20230731: Still reviewing+testing CVEs. (bunk)
NOTE: 20231016: Still reviewing+testing CVEs. (bunk)
--
-tang (Chris Lamb)
- NOTE: 20231103: Added by Front-Desk (lamby)
- NOTE: 20231103: Sync with stable. (lamby)
---
vlc
NOTE: 20231106: Added by Front-Desk (pochu)
NOTE: 20231106: Follow bullseye and update to 3.0.20 (pochu)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6167768762e88384e00ad022546a0c126f3f716e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6167768762e88384e00ad022546a0c126f3f716e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/1d38e4d2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list