[Git][security-tracker-team/security-tracker][master] Reserve DLA-3562-1 for orthanc

Tue Sep 12 05:42:15 BST 2023


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b315e37b by Anton Gladky at 2023-09-12T06:41:50+02:00
Reserve DLA-3562-1 for orthanc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9853,7 +9853,6 @@ CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.
 CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...)
 	{DSA-5473-1}
 	- orthanc 1.12.1+dfsg-1 (bug #1040597)
-	[buster] - orthanc <no-dsa> (Requires new configuration variable)
 	NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
 	NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled configuration and
 	NOTE: a check in ExportInstanceFile (OrthancRestResources.cpp); the default value


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Sep 2023] DLA-3562-1 orthanc - security update
+	{CVE-2023-33466}
+	[buster] - orthanc 1.5.6+dfsg-1+deb10u1
 [11 Sep 2023] DLA-3561-1 node-cookiejar - security update
 	{CVE-2022-25901}
 	[buster] - node-cookiejar 2.0.1-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -156,11 +156,6 @@ openjdk-11 (Emilio)
   NOTE: 20230802: update prepared for new CPU, waiting for DSA and checking
   NOTE: 20230802: whether to change jtreg version (pochu)
 --
-orthanc (gladk)
-  NOTE: 20230812: Added by Front-Desk (Beuc)
-  NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/41
-  NOTE: 20230812: Check DSA-5473-1 (Beuc/front-desk)
---
 poppler
   NOTE: 20230908: Added by Front-Desk (lamby)
   NOTE: 20230908: Added due to CVE-2020-23804. However, please check CVE-2020-18839



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315e37b22361d185fcb3974d805fc81871bd5c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315e37b22361d185fcb3974d805fc81871bd5c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/1cbb07cf/attachment.htm>
