[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2023-42118 as postponed for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 19 11:27:16 GMT 2023 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbdc482f by Thorsten Alteholz at 2023-11-19T12:25:47+01:00
mark CVE-2023-42118 as postponed for Buster

- - - - -
5e55e16e by Thorsten Alteholz at 2023-11-19T12:26:57+01:00
mark CVE for libspf2 as postponed and remove entry from dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8906,6 +8906,7 @@ CVE-2023-42118 [Exim libspf2 Integer Underflow Remote Code Execution Vulnerabili
 	- libspf2 <unfixed> (bug #1053870)
 	[bookworm] - libspf2 <postponed> (Revisit once upstream and ZDI status is clarfied)
 	[bullseye] - libspf2 <postponed> (Revisit once upstream and ZDI status is clarfied)
+	[buster] - libspf2 <postponed> (Revisit once upstream and ZDI status is clarfied)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=3032
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5


=====================================
data/dla-needed.txt
=====================================
@@ -110,10 +110,6 @@ libreswan
   NOTE: 20230909: all due to code refactoring. I intend to package the version
   NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo)
 --
-libspf2 (Thorsten Alteholz)
-  NOTE: 20231016: Added by Front-Desk (ta)
-  NOTE: 20231105: upstream does not know yet, whether available patch is enough (ta)
---
 libstb (Adrian Bunk)
   NOTE: 20231029: Added by Front-Desk (gladk)
   NOTE: 20231029: A lot of open CVEs. Maybe duplicates.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b8b8eb6080ec483c17a1f397419ea0ea8bc65...5e55e16e5064fa8a8d6d1253fcf65fe9e98fd4d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b8b8eb6080ec483c17a1f397419ea0ea8bc65...5e55e16e5064fa8a8d6d1253fcf65fe9e98fd4d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231119/17aea4e5/attachment.htm>

More information about the debian-security-tracker-commits mailing list