[Git][security-tracker-team/security-tracker][master] CVE-2023-25809 does not affect Buster
Daniel Leidert (@dleidert)
dleidert at debian.org
Tue Apr 30 00:06:53 BST 2024
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92dbe571 by Daniel Leidert at 2024-04-30T01:05:10+02:00
CVE-2023-25809 does not affect Buster
The code is not present and seems to be in the code handling cgroup2 mounts.
That code was added later, and these mountpoints are ignored anyway.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -82265,7 +82265,7 @@ CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior
CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...)
- runc 1.1.5+ds1-1
[bullseye] - runc <no-dsa> (Minor issue)
- [buster] - runc <postponed> (Minor issue)
+ [buster] - runc <not-affected> (Vulnerable code not present)
NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5)
CVE-2023-25808
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92dbe5710671af12c19e714a34a39ad3c32971fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92dbe5710671af12c19e714a34a39ad3c32971fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240429/ba9f2197/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list