[Git][security-tracker-team/security-tracker][master] 2 commits: mathtex: follow bullseye triage for buster

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f29a01e by Sylvain Beucler at 2024-01-27T16:14:19+01:00
mathtex: follow bullseye triage for buster

- - - - -
cc3aee24 by Sylvain Beucler at 2024-01-27T16:27:31+01:00
mbedtls: follow bullseye triage for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -546,26 +546,31 @@ CVE-2023-51889 (Stack Overflow vulnerability in the validate() function in Matht
 	- mathtex <unfixed> (bug #1061520)
 	[bookworm] - mathtex <no-dsa> (Minor issue)
 	[bullseye] - mathtex <no-dsa> (Minor issue)
+	[buster] - mathtex <postponed> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
 CVE-2023-51888 (Buffer Overflow vulnerability in the nomath() function in Mathtex v.1. ...)
 	- mathtex <unfixed> (bug #1061520)
 	[bookworm] - mathtex <no-dsa> (Minor issue)
 	[bullseye] - mathtex <no-dsa> (Minor issue)
+	[buster] - mathtex <postponed> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
 CVE-2023-51887 (Command Injection vulnerability in Mathtex v.1.05 and before allows a  ...)
 	- mathtex <unfixed> (bug #1061520)
 	[bookworm] - mathtex <no-dsa> (Minor issue)
 	[bullseye] - mathtex <no-dsa> (Minor issue)
+	[buster] - mathtex <postponed> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
 CVE-2023-51886 (Buffer Overflow vulnerability in the main() function in Mathtex 1.05 a ...)
 	- mathtex <unfixed> (bug #1061520)
 	[bookworm] - mathtex <no-dsa> (Minor issue)
 	[bullseye] - mathtex <no-dsa> (Minor issue)
+	[buster] - mathtex <postponed> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
 CVE-2023-51885 (Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a re ...)
 	- mathtex <unfixed> (bug #1061520)
 	[bookworm] - mathtex <no-dsa> (Minor issue)
 	[bullseye] - mathtex <no-dsa> (Minor issue)
+	[buster] - mathtex <postponed> (Minor issue)
 	NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
 CVE-2023-51702 (Since version 5.2.0, when using deferrable mode with the path of a Kub ...)
 	- airflow <itp> (bug #819700)
@@ -1167,8 +1172,10 @@ CVE-2024-23744 (An issue was discovered in Mbed TLS 3.5.1. There is persistent h
 	- mbedtls <unfixed>
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
+	[buster] - mbedtls <postponed> (Minor issue)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8694
 	NOTE: https://github.com/Mbed-TLS/mbedtls/pull/8595
+	NOTE: Likely specific to 3.5.1: https://github.com/Mbed-TLS/mbedtls/issues/8694#issuecomment-1889411367
 CVE-2024-22113 (Open redirect vulnerability in Access analysis CGI An-Analyzer release ...)
 	NOT-FOR-US: Access analysis CGI An-Analyzer
 CVE-2024-21484 (Versions of the package jsrsasign before 11.0.0 are vulnerable to Obse ...)
@@ -1195,6 +1202,7 @@ CVE-2023-52353 (An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ss
 	- mbedtls <unfixed>
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
+	[buster] - mbedtls <postponed> (Minor issue)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654
 CVE-2023-47352 (Technicolor TC8715D devices have predictable default WPA2 security pas ...)
 	NOT-FOR-US: Technicolor



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bccd6ab6277b6ff6be6504fef604e8a3662e8b1...cc3aee24a8fb0168bfb5a7708b16ee881408d94d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bccd6ab6277b6ff6be6504fef604e8a3662e8b1...cc3aee24a8fb0168bfb5a7708b16ee881408d94d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240127/7e00ec6e/attachment.htm>