[Git][security-tracker-team/security-tracker][master] Marked CVEs for docker.io as no-dsa for buster and removed from dla-needed.
Ola Lundqvist (@opal)
opal at debian.org
Sat Mar 9 22:47:00 GMT 2024
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ebad433e by Ola Lundqvist at 2024-03-09T23:46:43+01:00
Marked CVEs for docker.io as no-dsa for buster and removed from dla-needed.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -57775,11 +57775,13 @@ CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop we
CVE-2023-28842 (Moby) is an open source container framework developed by Docker Inc. t ...)
- docker.io 20.10.24+dfsg1-1
[bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
CVE-2023-28841 (Moby is an open source container framework developed by Docker Inc. th ...)
- docker.io 20.10.24+dfsg1-1
[bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
NOTE: https://github.com/moby/moby/issues/43382
@@ -57787,6 +57789,7 @@ CVE-2023-28841 (Moby is an open source container framework developed by Docker I
CVE-2023-28840 (Moby is an open source container framework developed by Docker Inc. th ...)
- docker.io 20.10.24+dfsg1-1
[bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
NOTE: https://github.com/moby/moby/issues/43382
=====================================
data/dla-needed.txt
=====================================
@@ -63,14 +63,6 @@ curl
dnsmasq (dleidert)
NOTE: 20240303: Added by Front-Desk (apo)
--
-docker.io
- NOTE: 20230303: Added by Front-Desk (Beuc)
- NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk)
- NOTE: 20230424: Is in preparation. (gladk)
- NOTE: 20230706: ask for review testing https://lists.debian.org/debian-lts/2023/07/msg00013.html
- NOTE: 20230801: rouca and santiago testing the swarm overlay network (including current buster version)
- NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case
---
dogecoin
NOTE: 20230619: Added by Front-Desk (Beuc)
NOTE: 20230619: CVE-2021-37491 and CVE-2023-30769 seem forgotten by upstream,
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebad433e4d23b94ef7ae8f3671a991fbaca5ec97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebad433e4d23b94ef7ae8f3671a991fbaca5ec97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/34153842/attachment.htm>
More information about the debian-security-tracker-commits
mailing list