[Git][security-tracker-team/security-tracker][master] axis spu/ospu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 17 19:10:02 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
764f9c12 by Moritz Mühlenhoff at 2023-10-17T20:08:19+02:00
axis spu/ospu
- - - - -
3 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -402,9 +402,8 @@ CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19
NOT-FOR-US: IBM
CVE-2023-41914
- slurm-wlm 23.02.6-1
- - slurm-wlm-contrib 23.02.6-1
- [bookworm] - slurm-wlm-contrib <no-dsa> (Contrib not supported)
NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA
+ NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm
CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...)
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...)
@@ -6350,6 +6349,8 @@ CVE-2023-2453 (There is insufficient sanitization of tainted file names that are
NOT-FOR-US: PHP-Fusion
CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
- axis 1.4-29 (bug #1051288)
+ [bookworm] - axis <no-dsa> (Minor issue)
+ [bullseye] - axis <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1
NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210
CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests]
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -74,3 +74,5 @@ CVE-2023-26136
[bullseye] - node-tough-cookie 4.0.0-2+deb11u1
CVE-2023-26132
[bullseye] - node-dottie 2.0.2-4+deb11u1
+CVE-2023-40743
+ [bullseye] - axis 1.4-28+deb11u1
=====================================
data/next-point-update.txt
=====================================
@@ -6,3 +6,5 @@ CVE-2023-3153
[bookworm] - ovn 23.03.1-1~deb12u1
CVE-2023-43040
[bookworm] - ceph 16.2.11+ds-2+deb12u1
+CVE-2023-40743
+ [bookworm] - axis 1.4-28+deb12u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f9c124be0772779e2d6fca9c0195e75a121cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764f9c124be0772779e2d6fca9c0195e75a121cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231017/20a31b2f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list