[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-38473 CVE-2023-38472 CVE-2023-38471 CVE-2023-38470...
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Thu Oct 12 22:27:53 BST 2023
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d45a939 by Thorsten Alteholz at 2023-10-12T23:25:19+02:00
mark CVE-2023-38473 CVE-2023-38472 CVE-2023-38471 CVE-2023-38470 CVE-2023-38469 as postponed minor issue for Buster
- - - - -
3cfa0e18 by Thorsten Alteholz at 2023-10-12T23:31:27+02:00
mark CVE-2023-43643 as no-dsa for Buster
- - - - -
3a46a423 by Thorsten Alteholz at 2023-10-12T23:35:33+02:00
mark CVE-2023-3430 as no-dsa for Buster
- - - - -
3f7ebff2 by Thorsten Alteholz at 2023-10-12T23:40:05+02:00
mark CVE-2023-42822 as no-dsa for Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1061,6 +1061,7 @@ CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansin
- libowasp-antisamy-java <unfixed>
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2
NOTE: https://github.com/nahsra/antisamy/commit/05c52b98bb845b8175b8406bd2f391ce334a05d6 (v1.7.4)
CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open source ...)
@@ -1445,6 +1446,7 @@ CVE-2023-3430
- openimageio 2.4.13.0+dfsg-1
[bookworm] - openimageio <no-dsa> (Minor issue)
[bullseye] - openimageio <no-dsa> (Minor issue)
+ [buster] - openimageio <no-dsa> (Minor issue)
NOTE: https://github.com/OpenImageIO/oiio/issues/3840
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0)
@@ -1452,24 +1454,28 @@ CVE-2023-38473
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/lathiat/avahi/issues/451
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
CVE-2023-38472
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/lathiat/avahi/issues/452
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
CVE-2023-38471
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/lathiat/avahi/issues/453
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
CVE-2023-38470
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/lathiat/avahi/issues/454
NOTE: https://github.com/lathiat/avahi/pull/457
NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
@@ -2762,6 +2768,7 @@ CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to
- xrdp <unfixed> (bug #1053284)
[bookworm] - xrdp <no-dsa> (Minor issue)
[bullseye] - xrdp <no-dsa> (Minor issue)
+ [buster] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9...3f7ebff2301fccdae2bdc202e3767c221f4e3388
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9...3f7ebff2301fccdae2bdc202e3767c221f4e3388
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231012/b359e0ca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list