[Git][security-tracker-team/security-tracker][master] Consider two Linux CVEs as unimportant after kernel-sec triage
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 25 06:16:42 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e378fc0e by Salvatore Bonaccorso at 2024-12-25T07:16:10+01:00
Consider two Linux CVEs as unimportant after kernel-sec triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -92002,8 +92002,9 @@ CVE-2024-0675 (Vulnerability of improper checking for unusual or exceptional con
CVE-2024-0674 (Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machin ...)
NOT-FOR-US: Lamassu Bitcoin ATM Douro machines
CVE-2024-0564 (A flaw was found in the Linux kernel's memory deduplication mechanism. ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258514
+ NOTE: Inherent design limitation, can be avoided by not using KSM
CVE-2023-6943 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe ...)
NOT-FOR-US: Mitsubishi
CVE-2023-6942 (Missing Authentication for Critical Function vulnerability in Mitsubis ...)
@@ -164750,11 +164751,10 @@ CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and esc
CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...)
- - linux <unfixed>
- [bookworm] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
- [bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+ - linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
NOTE: https://www.willsroot.io/2022/12/entrybleed.html
+ NOTE: Ignored upstream and KASLR is not expected to be resistant to local attacks.
CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...)
NOT-FOR-US: SAP
CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e378fc0e4e2f49216e0ff7d805e6f4a99ba017bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e378fc0e4e2f49216e0ff7d805e6f4a99ba017bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/63e7af91/attachment.htm>
More information about the debian-security-tracker-commits
mailing list