[Git][security-tracker-team/security-tracker][master] CVE-2023-7216/cpio: upstream considers it normal behavior

Adrian Bunk (@bunk) bunk at debian.org
Mon Mar 4 12:53:53 GMT 2024 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab006b54 by Adrian Bunk at 2024-03-04T14:52:44+02:00
CVE-2023-7216/cpio: upstream considers it normal behavior

I am leaving the final assessment/decision about this CVE to the
security team.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7034,7 +7034,8 @@ CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in
 CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...)
 	- cpio <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249901
-	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-02/msg00000.html
+	NOTE: Upstream considers it normal behavior:
+	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
 CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attac ...)
 	NOT-FOR-US: Ember ZNet
 CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...)


=====================================
data/dla-needed.txt
=====================================
@@ -65,6 +65,7 @@ composer (rouca)
 --
 cpio
   NOTE: 20240303: Added by Front-Desk (apo)
+  NOTE: 20240304: Likely no work to do since upstream considers CVE-2023-7216 normal behavior. (bunk)
 --
 curl
   NOTE: 20231229: Added by Front-Desk (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab006b54bd62ef52555abed33f92c94fbf1817fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab006b54bd62ef52555abed33f92c94fbf1817fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240304/a3c0a23b/attachment.htm>

More information about the debian-security-tracker-commits mailing list