[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 30 08:49:47 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4973ede0 by Moritz Muehlenhoff at 2023-11-30T09:49:24+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -70,6 +70,8 @@ CVE-2023-35137 (An improper authentication vulnerability in the authentication m
 	TODO: check
 CVE-2023-6378 (A serialization vulnerability in logback receiver component part of  l ...)
 	- logback <unfixed>
+	[bookworm] - logback <no-dsa> (Minor issue)
+	[bullseye] - logback <no-dsa> (Minor issue)
 	NOTE: https://logback.qos.ch/news.html#1.3.12
 CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...)
 	NOT-FOR-US: Progress MOVEit Transfer
@@ -191,6 +193,8 @@ CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, whi
 	NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=178cea76b1c9d9413afa6961b6a4576fcb5b26fa (v2.3.31)
 CVE-2023-45286 (A race condition in go-resty can result in HTTP request body disclosur ...)
 	- golang-github-go-resty-resty <unfixed>
+	[bookworm] - golang-github-go-resty-resty <no-dsa> (Minor issue)
+	[bullseye] - golang-github-go-resty-resty <no-dsa> (Minor issue)
 	NOTE: https://github.com/go-resty/resty/issues/743
 	NOTE: https://github.com/go-resty/resty/issues/739
 	NOTE: https://github.com/go-resty/resty/pull/745


=====================================
data/dsa-needed.txt
=====================================
@@ -36,7 +36,7 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-nghttp2
+nghttp2 (jmm)
 --
 nodejs
   maintainer proposed to follow the upstream 18.x LTS branch
@@ -55,8 +55,7 @@ python3.11/stable (carnil)
 --
 python3.9/oldstable
 --
-rabbitmq-server
-  Maintainer suggested to release fixes for CVE-2023-46118 via DSA
+rabbitmq-server (jmm)
 --
 redmine/stable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4973ede0bfa564ecbab5a4a8c54d2a28d1c8a5e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4973ede0bfa564ecbab5a4a8c54d2a28d1c8a5e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231130/13784a42/attachment.htm>

More information about the debian-security-tracker-commits mailing list