[Git][security-tracker-team/security-tracker][master] Reserve DLA-3562-1 for orthanc
Anton Gladky (@gladk)
gladk at debian.org
Tue Sep 12 05:42:15 BST 2023
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b315e37b by Anton Gladky at 2023-09-12T06:41:50+02:00
Reserve DLA-3562-1 for orthanc
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9853,7 +9853,6 @@ CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.
CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...)
{DSA-5473-1}
- orthanc 1.12.1+dfsg-1 (bug #1040597)
- [buster] - orthanc <no-dsa> (Requires new configuration variable)
NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled configuration and
NOTE: a check in ExportInstanceFile (OrthancRestResources.cpp); the default value
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Sep 2023] DLA-3562-1 orthanc - security update
+ {CVE-2023-33466}
+ [buster] - orthanc 1.5.6+dfsg-1+deb10u1
[11 Sep 2023] DLA-3561-1 node-cookiejar - security update
{CVE-2022-25901}
[buster] - node-cookiejar 2.0.1-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -156,11 +156,6 @@ openjdk-11 (Emilio)
NOTE: 20230802: update prepared for new CPU, waiting for DSA and checking
NOTE: 20230802: whether to change jtreg version (pochu)
--
-orthanc (gladk)
- NOTE: 20230812: Added by Front-Desk (Beuc)
- NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/41
- NOTE: 20230812: Check DSA-5473-1 (Beuc/front-desk)
---
poppler
NOTE: 20230908: Added by Front-Desk (lamby)
NOTE: 20230908: Added due to CVE-2020-23804. However, please check CVE-2020-18839
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315e37b22361d185fcb3974d805fc81871bd5c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315e37b22361d185fcb3974d805fc81871bd5c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/1cbb07cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list