[Git][security-tracker-team/security-tracker][master] 6 commits: data/dla-needed.txt: Triage xorg-server for buster LTS (CVE-2023-6816,...

Chris Lamb (@lamby) lamby at debian.org
Wed Jan 17 10:55:01 GMT 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae90db2f by Chris Lamb at 2024-01-17T10:50:46+00:00
data/dla-needed.txt: Triage xorg-server for buster LTS (CVE-2023-6816, CVE-2024-0229 & CVE-2024-0408)

- - - - -
cc17a071 by Chris Lamb at 2024-01-17T10:51:32+00:00
Triage CVE-2023-44487 in grpc for buster LTS.

- - - - -
152b362e by Chris Lamb at 2024-01-17T10:52:00+00:00
Triage CVE-2023-52339 in libebml for buster LTS.

- - - - -
12e88488 by Chris Lamb at 2024-01-17T10:52:20+00:00
Triage CVE-2024-21647 in puma for buster LTS.

- - - - -
8d27bcc8 by Chris Lamb at 2024-01-17T10:52:42+00:00
Triage CVE-2023-52323 in pycryptodome for buster LTS.

- - - - -
55dff7d8 by Chris Lamb at 2024-01-17T10:54:05+00:00
Triage CVE-2023-48795 in trilead-ssh2 for buster LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1076,6 +1076,7 @@ CVE-2023-52339 (In libebml before 1.4.5, an integer overflow in MemIOCallback.cp
 	- libebml 1.4.5-1
 	[bookworm] - libebml <no-dsa> (Minor issue)
 	[bullseye] - libebml <no-dsa> (Minor issue)
+	[buster] - libebml <no-dsa> (Minor issue)
 	NOTE: https://github.com/Matroska-Org/libebml/issues/147
 	NOTE: https://github.com/Matroska-Org/libebml/pull/148
 	NOTE: https://github.com/Matroska-Org/libebml/commit/4d577f5c3e267b2988d56dafebc82dedb4c45506 (master)
@@ -2107,6 +2108,7 @@ CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for parall
 	- puma <unfixed> (bug #1060345)
 	[bookworm] - puma <no-dsa> (Minor issue)
 	[bullseye] - puma <no-dsa> (Minor issue)
+	[buster] - puma <no-dsa> (Minor issue)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
 	NOTE: https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d (v5.6.8)
 CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in pure Py ...)
@@ -2711,6 +2713,7 @@ CVE-2023-52323 (PyCryptodome and pycryptodomex before 3.19.1 allow side-channel
 	- pycryptodome <unfixed> (bug #1060059)
 	[bookworm] - pycryptodome <no-dsa> (Minor issue)
 	[bullseye] - pycryptodome <no-dsa> (Minor issue)
+	[buster] - pycryptodome <no-dsa> (Minor issue)
 	NOTE: https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd (v3.19.1)
 CVE-2023-52184 (Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Jo ...)
 	NOT-FOR-US: WordPress plugin
@@ -5591,6 +5594,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- trilead-ssh2 <unfixed> (bug #1059294)
 	[bookworm] - trilead-ssh2 <no-dsa> (Minor issue)
 	[bullseye] - trilead-ssh2 <no-dsa> (Minor issue)
+	[buster] - trilead-ssh2 <no-dsa> (Minor issue)
 	NOTE: https://terrapin-attack.com/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
 	NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
@@ -18134,6 +18138,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	- grpc <unfixed>
 	[bookworm] - grpc <no-dsa> (Minor issue)
 	[bullseye] - grpc <no-dsa> (Minor issue)
+	[buster] - grpc <no-dsa> (Minor issue)
 	- h2o 2.2.5+dfsg2-8 (bug #1054232)
 	- haproxy 1.8.13-1
 	- nginx 1.24.0-2 (unimportant; bug #1053770)


=====================================
data/dla-needed.txt
=====================================
@@ -273,6 +273,9 @@ wireshark (Adrian Bunk)
   NOTE: 20231204: DLA pending (bunk)
   NOTE: 20231218: Debugging a problem with the update. (bunk)
 --
+xorg-server
+  NOTE: 20240117: Added by Front-Desk (lamby)
+--
 zabbix (tobi)
   NOTE: 20231015: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/49ed17cb5052b4f944c755ba3c50ce1e07c78780...55dff7d87dc873a7d7bed1823c687f22f5f994f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/49ed17cb5052b4f944c755ba3c50ce1e07c78780...55dff7d87dc873a7d7bed1823c687f22f5f994f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240117/fac6f6b2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list