[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-46136 as not affecting buster or bullseye

[Sean Whitton (@spwhitton)]

Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f5d9b03 by Sean Whitton at 2024-12-10T11:20:30+08:00
Mark CVE-2023-46136 as not affecting buster or bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105919,9 +105919,10 @@ CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an
 	[experimental] - python-werkzeug 3.0.1-1
 	- python-werkzeug 3.0.1-2 (bug #1054553)
 	[bookworm] - python-werkzeug <no-dsa> (Minor issue)
-	[bullseye] - python-werkzeug <no-dsa> (Minor issue)
-	[buster] - python-werkzeug <no-dsa> (Minor issue)
+	[bullseye] - python-werkzeug <not-affected> (Vulnerable code introduced later)
+	[buster] - python-werkzeug <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
+	NOTE: Introduced by: https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5 (2.0.0rc1)
 	NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1)
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys.  ...)
 	NOT-FOR-US: rs-stellar-strkey



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f5d9b037719b29fd7c767a10fcdba69464bd14c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f5d9b037719b29fd7c767a10fcdba69464bd14c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/2e9031b3/attachment.htm>