[Git][security-tracker-team/security-tracker][master] Reference RUSTSEC advisory for CVE-2023-42456
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 9 20:07:54 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9183979a by Salvatore Bonaccorso at 2023-11-09T21:06:37+01:00
Reference RUSTSEC advisory for CVE-2023-42456
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8303,6 +8303,7 @@ CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT
NOT-FOR-US: plone.rest
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to ...)
- rust-sudo-rs <not-affected> (Fixed with first upload to Debian in unstable)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0069.html
NOTE: https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354
NOTE: https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d (v0.2.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/11/02/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9183979af0b8f2ee63cc26bac151306da88936b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9183979af0b8f2ee63cc26bac151306da88936b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231109/bd03f3f6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list