[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 2 14:58:17 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e39d7c7d by Moritz Mühlenhoff at 2024-02-02T15:57:35+01:00
bookworm/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -505,6 +505,8 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value
TODO: check details
CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...)
- opensc <unfixed>
+ [bookworm] - opensc <no-dsa> (Minor issue)
+ [bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
NOTE: https://github.com/OpenSC/OpenSC/pull/2948
@@ -950,9 +952,13 @@ CVE-2024-0959 (A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has b
NOT-FOR-US: StanfordVL GibsonEnv
CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x b ...)
- mbedtls 2.28.7-1
+ [bookworm] - mbedtls <no-dsa> (Minor issue)
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ...)
- mbedtls 2.28.7-1
+ [bookworm] - mbedtls <no-dsa> (Minor issue)
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
@@ -6433,6 +6439,8 @@ CVE-2023-50837 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 ...)
- jline3 <unfixed> (bug #1059726)
+ [bookworm] - jline3 <no-dsa> (Minor issue)
+ [bullseye] - jline3 <no-dsa> (Minor issue)
NOTE: https://github.com/jline/jline3/issues/909
NOTE: https://github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb (jline-parent-3.25.0)
TODO: check if jline 3.x specific or affects as well src:jline2, src:jline
=====================================
data/dsa-needed.txt
=====================================
@@ -74,6 +74,8 @@ ruby-sinatra/oldstable
--
ruby-tzinfo/oldstable
--
+runc
+--
salt/oldstable
--
samba/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39d7c7d67994189971fb6a5071413c28eb8a893
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39d7c7d67994189971fb6a5071413c28eb8a893
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240202/e8eb9ff8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list