[Git][security-tracker-team/security-tracker][master] Reverted decision to mark CVEs as ignored back to no-dsa for buster.

Ola Lundqvist (@opal) opal at debian.org
Tue Mar 12 19:08:03 GMT 2024 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9aadc7a2 by Ola Lundqvist at 2024-03-12T20:07:38+01:00
Reverted decision to mark CVEs as ignored back to no-dsa for buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16541,7 +16541,7 @@ CVE-2023-52322 (ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x befo
 	- spip 4.1.13+dfsg-1 (bug #1059331)
 	[bookworm] - spip 4.1.9+dfsg-1+deb12u4
 	[bullseye] - spip 3.2.11-3+deb11u10
-	[buster] - spip <ignored> (Minor issue)
+	[buster] - spip <no-dsa> (Minor issue)
 	NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr
 	NOTE: https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb
 CVE-2023-7059 (A vulnerability was found in SourceCodester School Visitor Log e-Book  ...)
@@ -27660,7 +27660,7 @@ CVE-2023-46586
 	- weborf 1.0-1 (bug #1054417)
 	[bookworm] - weborf 0.19-2.1+deb12u1
 	[bullseye] - weborf 0.17-3+deb11u1
-	[buster] - weborf <ignored> (Minor issue)
+	[buster] - weborf <no-dsa> (Minor issue)
 	NOTE: https://github.com/ltworf/weborf/pull/88
 	NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0)
 CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and  ...)
@@ -67400,7 +67400,7 @@ CVE-2023-0843
 CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...)
 	- node-xml2js 0.4.23+~cs15.4.0+dfsg-7 (bug #1034148)
 	[bullseye] - node-xml2js 0.2.8-1+deb11u1
-	[buster] - node-xml2js <ignored> (Minor issue)
+	[buster] - node-xml2js <no-dsa> (Minor issue)
 	NOTE: https://fluidattacks.com/advisories/myers/
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
@@ -174617,7 +174617,7 @@ CVE-2021-42344
 CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...)
 	- dask.distributed 2021.09.1+ds.1-2
 	[bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
-	[buster] - dask.distributed <ignored> (Minor issue; unreproducible with <2.0)
+	[buster] - dask.distributed <no-dsa> (Minor issue; unreproducible with <2.0)
 	NOTE: https://github.com/dask/distributed/pull/5427
 	NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
 	NOTE: Likely introduced in https://github.com/quasiben/distributed/commit/fd31ecca8017bae845a73d468de0376c02363fab
@@ -504571,7 +504571,7 @@ CVE-2016-1244 (The extractTree function in unADF allows remote attackers to exec
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <ignored> (Minor issue)
+	[buster] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
@@ -504579,7 +504579,7 @@ CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <ignored> (Minor issue)
+	[buster] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aadc7a2025ae1660d066cf78615d8cac3be2cad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aadc7a2025ae1660d066cf78615d8cac3be2cad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240312/15f450ec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list