[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2022-48623 in libcpanel-json-xs-perl for buster LTS.

Sun Feb 18 18:32:18 GMT 2024


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae4bf3c6 by Chris Lamb at 2024-02-18T18:28:49+00:00
Triage CVE-2022-48623 in libcpanel-json-xs-perl for buster LTS.

- - - - -
635b6321 by Chris Lamb at 2024-02-18T18:29:28+00:00
Triage CVE-2024-25189 in libjwt for buster LTS.

- - - - -
4de01d7f by Chris Lamb at 2024-02-18T18:30:10+00:00
Triage CVE-2023-6110 in python-openstackclient for buster LTS.

- - - - -
76530924 by Chris Lamb at 2024-02-18T18:30:27+00:00
Triage CVE-2023-51774 in ruby-json-jwt for buster LTS.

- - - - -
e09c0619 by Chris Lamb at 2024-02-18T18:31:34+00:00
data/dla-needed.txt: Triage bind9 for buster LTS (re. CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517 & CVE-2023-5679)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1206,6 +1206,7 @@ CVE-2023-41703 (User ID references at mentions in document comments were not cor
 CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-boun ...)
 	- libcpanel-json-xs-perl 4.35-1
 	[bullseye] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
+	[buster] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/rurban/Cpanel-JSON-XS/issues/208
 	NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b (4.33)
 CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -1227,6 +1228,7 @@ CVE-2023-6110 [deleting a non existing access rule deletes another existing acce
 	- python-openstackclient <unfixed>
 	[bookworm] - python-openstackclient <no-dsa> (Minor issue)
 	[bullseye] - python-openstackclient <no-dsa> (Minor issue)
+	[buster] - python-openstackclient <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212960
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209607
 	NOTE: https://review.opendev.org/888697
@@ -1675,6 +1677,7 @@ CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify
 	- libjwt <unfixed> (bug #1063534)
 	[bookworm] - libjwt <no-dsa> (Minor issue)
 	[bullseye] - libjwt <no-dsa> (Minor issue)
+	[buster] - libjwt <no-dsa> (Minor issue)
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md
 	NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf (v1.17.0)
 	NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6 (v1.17.0)
@@ -9976,6 +9979,7 @@ CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allow
 	- ruby-json-jwt <unfixed>
 	[bookworm] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
 	[bullseye] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
+	[buster] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
 	NOTE: https://github.com/nov/json-jwt/issues/113
 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -34,6 +34,10 @@ atril
   NOTE: 20240121: Added by Front-Desk (apo)
   NOTE: 20240121: Decide whether it makes sense to disable comic feature or use libarchive instead.
 --
+bind9
+  NOTE: 20240218: Added by Front-Desk (lamby)
+  NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby)
+--
 cacti (Sylvain Beucler)
   NOTE: 20230906: Added by Front-Desk (lamby)
   NOTE: 20231205: Triaging CVEs backlog (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ae90d779787424cfbe534a40be8ad12965c908a...e09c06199691c435c54fd6da97463ac574d4e0fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ae90d779787424cfbe534a40be8ad12965c908a...e09c06199691c435c54fd6da97463ac574d4e0fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240218/958b02bb/attachment-0001.htm>
