[Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed update for 7zip via bookworm-pu

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 22 14:42:25 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e5e687c by Salvatore Bonaccorso at 2023-10-22T15:42:02+02:00
Track proposed update for 7zip via bookworm-pu

- - - - -
94b597e2 by Salvatore Bonaccorso at 2023-10-22T15:42:04+02:00
Mark 7zip issues as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22798,11 +22798,13 @@ CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Sof
 	NOT-FOR-US: Apache InLong
 CVE-2023-40481
 	- 7zip 23.01+dfsg-1
+	[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
 	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
 CVE-2023-31102
 	RESERVED
 	- 7zip 23.01+dfsg-1
+	[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
 	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
 CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...)


=====================================
data/next-point-update.txt
=====================================
@@ -10,3 +10,7 @@ CVE-2023-40743
 	[bookworm] - axis 1.4-28+deb12u1
 CVE-2023-45143
 	[bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2
+CVE-2023-40481
+	[bookworm] - 7zip 22.01+dfsg-8+deb12u1
+CVE-2023-31102
+	[bookworm] - 7zip 22.01+dfsg-8+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6eba7e744431548d1c6d9d6d15c1fbf0e8f16003...94b597e2ae977f2225eebc62859eec16ac59c969

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6eba7e744431548d1c6d9d6d15c1fbf0e8f16003...94b597e2ae977f2225eebc62859eec16ac59c969
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/e10c41de/attachment.htm>

More information about the debian-security-tracker-commits mailing list