[Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)

Anton Gladky (@gladk) gladk at debian.org
Tue Oct 24 20:50:55 BST 2023



Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e794e0ed by Anton Gladky at 2023-10-24T21:20:34+02:00
Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)

- - - - -
b60ef744 by Anton Gladky at 2023-10-24T21:38:01+02:00
Mark CVE-2023-41914 as EOL for buster (slurm-llnl)

- - - - -
c594f8a6 by Anton Gladky at 2023-10-24T21:40:21+02:00
Add firefox-esr

- - - - -
944e210f by Anton Gladky at 2023-10-24T21:43:09+02:00
LTS: Add pmix

- - - - -
b6e80ee3 by Anton Gladky at 2023-10-24T21:49:32+02:00
LTS: add request-tracker4

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1207,6 +1207,7 @@ CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordP
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e
 	NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1
 CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
@@ -1508,6 +1509,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP hea
 	NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25)
 CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740
 	NOTE: https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc
 CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle Rental S ...)
@@ -1548,6 +1550,7 @@ CVE-2023-41914
 	- slurm-wlm 23.02.6-1
 	[bullseye] - slurm-wlm <postponed> (Very intrusive patch and upstream does not release patches for unsupported versions)
 	- slurm-llnl <removed>
+	[buster] - slurm-llnl <end-of-life> (EOL in buster LTS)
 	NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA
 	NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm
 CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...)


=====================================
data/dla-needed.txt
=====================================
@@ -58,6 +58,9 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk)
 --
+firefox-esr
+  NOTE: 20231024: Added by Front-Desk (gladk)
+--
 flatpak
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)
@@ -159,6 +162,9 @@ osslsigncode
 phppgadmin (Chris Lamb)
   NOTE: 20230925: Added by Front-Desk (apo)
 --
+pmix
+  NOTE: 20231024: Added by Front-Desk (gladk)
+--
 python-django (Chris Lamb)
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk)
@@ -189,6 +195,11 @@ rails
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh)
   NOTE: 20230828: want to rollout ruby-rack first. (utkarsh)
 --
+request-tracker4
+  NOTE: 20231024: Added by Front-Desk (gladk)
+  NOTE: 20231024: Please check the commit: https://github.com/bestpractical/rt/commit/a7a83dfdf591cd4d9f547048e89a5a310eeef32d
+  NOTE: 20231024: Please check the commit: https://github.com/bestpractical/rt/commit/afb7dcded721e27028e47b62e7e5ed8ffc492beb
+--
 ring
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/3fab167f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list