[Git][security-tracker-team/security-tracker][master] 6 commits: Triage libcrypto++ CVE as no-dsa for Buster.

Markus Koschany (@apo) apo at debian.org
Mon Jan 15 14:03:20 GMT 2024 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
307fc42f by Markus Koschany at 2024-01-15T15:02:54+01:00
Triage libcrypto++ CVE as no-dsa for Buster.

Minor issues

- - - - -
e6e036e0 by Markus Koschany at 2024-01-15T15:02:56+01:00
CVE-2023-37117,liblivemedia: Mark Buster as ignored

Minor issue

- - - - -
5861332b by Markus Koschany at 2024-01-15T15:02:57+01:00
CVE-2024-0217,packagekit: Mark Buster as ignored

Minor issue

- - - - -
5c88fac8 by Markus Koschany at 2024-01-15T15:02:57+01:00
Add php-phpseclib to dla-needed.txt

- - - - -
87aeee20 by Markus Koschany at 2024-01-15T15:02:57+01:00
Add phpseclib to dla-needed.txt

- - - - -
b1c9809e by Markus Koschany at 2024-01-15T15:02:58+01:00
CVE-2023-51713,proftpd-dfsg: Buster is no-dsa

Minor issue

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -448,6 +448,7 @@ CVE-2023-40250 (Buffer Copy without Checking Size of Input ('Classic Buffer Over
 	NOT-FOR-US: Hancom
 CVE-2023-37117 (A heap-use-after-free vulnerability was found in live555 version 2023. ...)
 	- liblivemedia <removed>
+	[buster] - liblivemedia <ignored> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2023-June/022331.html
 CVE-2023-36842 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
@@ -2218,6 +2219,7 @@ CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some condition
 	- packagekit <unfixed> (bug #1060016)
 	[bookworm] - packagekit <no-dsa> (Minor issue)
 	[bullseye] - packagekit <no-dsa> (Minor issue)
+	[buster] - packagekit <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256624
 	NOTE: Reducing impact via: https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 (v1.2.7)
 CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable  ...)
@@ -3849,6 +3851,7 @@ CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte o
 	- proftpd-dfsg 1.3.8.a+dfsg-1
 	[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
 	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
+	[buster] - proftpd-dfsg <no-dsa> (Minor issue)
 	NOTE: https://github.com/proftpd/proftpd/issues/1683
 	NOTE: https://github.com/proftpd/proftpd/commit/1376d8ccc0966d1ce9a1c76b32c6a9ca61bbe67f (v1.3.9rc1)
 	NOTE: https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 (v1.3.8a)
@@ -4989,16 +4992,19 @@ CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allow
 	- libcrypto++ <unfixed> (bug #1059312)
 	[bookworm] - libcrypto++ <no-dsa> (Minor issue)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
+	[buster] - libcrypto++ <no-dsa> (Minor issue)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1249
 CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to  ...)
 	- libcrypto++ <unfixed> (bug #1059311)
 	[bookworm] - libcrypto++ <no-dsa> (Minor issue)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
+	[buster] - libcrypto++ <no-dsa> (Minor issue)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1248
 CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...)
 	- libcrypto++ <unfixed> (bug #1059310)
 	[bookworm] - libcrypto++ <no-dsa> (Minor issue)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
+	[buster] - libcrypto++ <no-dsa> (Minor issue)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1247
 CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...)
 	NOT-FOR-US: Redpanda


=====================================
data/dla-needed.txt
=====================================
@@ -168,6 +168,12 @@ nvidia-cuda-toolkit
 paramiko (tobi)
   NOTE: 20231225: Added by Front-Desk (ta)
 --
+php-phpseclib
+  NOTE: 20240114: Added by Front-Desk (apo)
+--
+phpseclib
+  NOTE: 20240114: Added by Front-Desk (apo)
+--
 putty
   NOTE: 20231224: Added by Front-Desk (ta)
   NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/770f6309c626cce57af1d61a098bc4177462b6b4...b1c9809e51889076bbc11b788cf51fa2ab9ca472

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/770f6309c626cce57af1d61a098bc4177462b6b4...b1c9809e51889076bbc11b788cf51fa2ab9ca472
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240115/2cbfd534/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list