[Git][security-tracker-team/security-tracker][master] Triage CVE-2023-48795/dropbear for buster.

Guilhem Moulin (@guilhem) guilhem at debian.org
Fri Jan 26 14:23:20 GMT 2024 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b28985fd by Guilhem Moulin at 2024-01-26T14:52:29+01:00
Triage CVE-2023-48795/dropbear for buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7186,6 +7186,7 @@ CVE-2023-32230 (An improper handling of a malformed API request to an API server
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
 	{DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+	[buster] - dropbear <not-affected> (ChaCha20-Poly1305 support introduced in 2020.79; *-EtM not supported as of 2022.83)
 	- dropbear 2022.83-4 (bug #1059001)
 	[bookworm] - dropbear <no-dsa> (Minor issue)
 	[bullseye] - dropbear <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -75,9 +75,6 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk)
 --
-dropbear (guilhem)
-  NOTE: 20231219: Added by Front-Desk (ta)
---
 edk2
   NOTE: 20231230: Added by Front-Desk (lamby)
   NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b28985fd3876c234124649177e37a6031ae0c300

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b28985fd3876c234124649177e37a6031ae0c300
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240126/02729d42/attachment.htm>

More information about the debian-security-tracker-commits mailing list