[Git][security-tracker-team/security-tracker][master] Reserve DLA-3613-1 for curl
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Oct 11 12:43:51 BST 2023
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17dc31e4 by Emilio Pozuelo Monfort at 2023-10-11T13:43:30+02:00
Reserve DLA-3613-1 for curl
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -29879,7 +29879,6 @@ CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0 w
CVE-2023-28321 (An improper certificate validation vulnerability exists in curl <v8.1. ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl 7.74.0-1.3+deb11u9
- [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28321.html
NOTE: Introduced by: https://github.com/curl/curl/commit/9631fa740708b1890197fad01e25b34b7e8eb80e (curl-7_12_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/199f2d440d8659b42670c1b796220792b01a97bf (curl-8_1_0)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Oct 2023] DLA-3613-1 curl - security update
+ {CVE-2023-28321 CVE-2023-38546}
+ [buster] - curl 7.64.0-4+deb10u7
[08 Oct 2023] DLA-3612-1 lemonldap-ng - security update
{CVE-2023-44469}
[buster] - lemonldap-ng 2.0.2+ds-7+deb10u10
=====================================
data/dla-needed.txt
=====================================
@@ -54,11 +54,6 @@ cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
--
-curl (Emilio)
- NOTE: 20231007: Added by Front-Desk (Beuc)
- NOTE: 20231007: Follow fixes from bullseye 11.8 (3 CVEs) (Beuc/front-desk)
- NOTE: 20231007: upcoming high severity CVE (pochu)
---
dbus (Emilio)
NOTE: 20231007: Added by Front-Desk (Beuc)
NOTE: 20231007: Follow fixes from bullseye 11.8 (1 CVE) (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17dc31e495d3853edfcc5c005e4bf8422ad495cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17dc31e495d3853edfcc5c005e4bf8422ad495cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231011/adc10cfc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list