[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2014-7250 (kfreebsd-10) as end-of-life for buster.

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea883b0b by Ola Lundqvist at 2024-03-08T22:35:57+01:00
Marked CVE-2014-7250 (kfreebsd-10) as end-of-life for buster.

- - - - -
a3bbeff1 by Ola Lundqvist at 2024-03-08T22:35:58+01:00
CVE-2015-1554 concluded to be a minor for buster issue since it is not reproducible.

- - - - -
995adf46 by Ola Lundqvist at 2024-03-08T22:36:00+01:00
Decided that CVE-2023-39804 (tar) is worth fixing in buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19164,7 +19164,6 @@ CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lea
 	- tar 1.34+dfsg-1.3 (bug #1058079)
 	[bookworm] - tar 1.34+dfsg-1.2+deb12u1
 	[bullseye] - tar 1.34+dfsg-1+deb11u1
-	[buster] - tar <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 (v1.35)
 CVE-2023-6679 (A null pointer dereference vulnerability was found in dpll_pin_parent_ ...)
 	- linux <not-affected> (Vulnerable code not present)
@@ -528821,6 +528820,7 @@ CVE-2015-1401 (Improper Authentication vulnerability in the "LDAP / SSO Authenti
 	NOT-FOR-US: typo3 extension
 CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...)
 	- kgb-bot <undetermined> (low; bug #776424)
+	[buster] - kgb-bot <no-dsa> (Minor issue, not reproducible)
 	NOTE: 20190201: random crash still not reproducible
 CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js  ...)
 	NOT-FOR-US: sequelize
@@ -539383,6 +539383,7 @@ CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD pos
 	- kfreebsd-9 <undetermined>
 	[wheezy] - kfreebsd-9 <end-of-life> (Not supported in wheezy LTS)
 	- kfreebsd-10 <undetermined> (bug #778367)
+	[buster] - kfreebsd-10 <end-of-life> (Not supported in Jessie LTS)
 	[jessie] - kfreebsd-10 <end-of-life> (Not supported in Jessie LTS)
 CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, A ...)
 	NOT-FOR-US: Allied Telesis


=====================================
data/dla-needed.txt
=====================================
@@ -309,6 +309,12 @@ suricata (Adrian Bunk)
   NOTE: 20231016: Still reviewing+testing CVEs. (bunk)
   NOTE: 20231120: DLA coming soon. (bunk)
 --
+tar
+  NOTE: 20240308: Added by Front-Desk (opal)
+  NOTE: 20240308: It was previously no-dsa but since it has been fixed in
+  NOTE: 20240308: bullseye and the fix is trivial it is worth fixing in buster
+  NOTE: 20240308: too. Low priority though.
+--
 thunderbird (Emilio)
   NOTE: 20240306: Added by Front-Desk (opal)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4ec3f8d93fd654b975fb2b705e693414a8b5a38...995adf463cfec5b4b27b74b878f6ce372ede4419

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b4ec3f8d93fd654b975fb2b705e693414a8b5a38...995adf463cfec5b4b27b74b878f6ce372ede4419
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240308/624f3102/attachment-0001.htm>