[Git][security-tracker-team/security-tracker][master] 4 commits: add runc

Sun Feb 4 12:48:47 GMT 2024


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
807d258b by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
add runc

- - - - -
c8c4cf0d by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2024-23170 and CVE-2024-23775 as no-dsa for Buster

- - - - -
dbebde73 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2023-5992 as no-dsa for Buster

- - - - -
4451aac6 by Thorsten Alteholz at 2024-02-04T13:48:27+01:00
mark CVE-2024-23831 as no-dsa for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,6 +74,7 @@ CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inven
 	NOT-FOR-US: Cups Easy (Purchase & Inventory)
 CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...)
 	- ledgersmb <unfixed> (bug #1062845)
+	[buster] - ledgersmb <no-dsa> (Minor issue)
 	NOTE: https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm
 	NOTE: https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165
 CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...)
@@ -741,6 +742,7 @@ CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption paddi
 	- opensc <unfixed>
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
 	NOTE: https://github.com/OpenSC/OpenSC/pull/2948
@@ -1188,11 +1190,13 @@ CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and
 	- mbedtls 2.28.7-1
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
 CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ...)
 	- mbedtls 2.28.7-1
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
 CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: WordPress plugin


=====================================
data/dla-needed.txt
=====================================
@@ -215,6 +215,9 @@ ring
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)
 --
+runc
+  NOTE: 20240204: Added by Front-Desk (ta)
+--
 samba
   NOTE: 20230918: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e643f07164a4f2ddd60d3f729c078424acbb2e68...4451aac6477d437cf2190097a5701e789f6367b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240204/7967d757/attachment.htm>
