[Git][security-tracker-team/security-tracker][master] openvswitch DSA

Thu Mar 14 13:20:32 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e98d947 by Moritz Mühlenhoff at 2024-03-14T14:20:15+01:00
openvswitch DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12380,7 +12380,7 @@ CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerab
 	NOT-FOR-US: StrangeBee TheHive
 CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...)
 	- openvswitch 2.17.2-4
-	[bullseye] - openvswitch <no-dsa> (Minor issue)
+	[bullseye] - openvswitch 2.15.0+ds1-2+deb11u5
 	[buster] - openvswitch <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/openvswitch/ovs-issues/issues/315
 	NOTE: https://github.com/openvswitch/ovs/commit/3168f328c78cf6e4b3022940452673b0e49f7620 (v2.17.0)
@@ -32079,8 +32079,6 @@ CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter
 CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...)
 	{DLA-3734-1}
 	- openvswitch 3.1.2-1
-	[bookworm] - openvswitch <no-dsa> (Minor issue)
-	[bullseye] - openvswitch <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
 	NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2)
 	NOTE: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c (v3.2.0)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[14 Mar 2024] DSA-5640-1 openvswitch - security update
+	{CVE-2023-3966 CVE-2023-5366}
+	[bullseye] - openvswitch 2.15.0+ds1-2+deb11u5
+	[bookworm] - openvswitch 3.1.0-2+deb12u1
 [13 Mar 2024] DSA-5639-1 chromium - security update
 	{CVE-2024-2400}
 	[bookworm] - chromium 122.0.6261.128-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -54,9 +54,6 @@ nodejs
 --
 opennds/stable
 --
-openvswitch (jmm)
-  Maintainer sent debdiff for CVE-2023-3966, but there are other CVE fixes which might be piggy backed.
---
 php-cas/oldstable
 --
 php-dompdf-svg-lib/stable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e98d947f346241b5513a6c70629e8ec73a1b55b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e98d947f346241b5513a6c70629e8ec73a1b55b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/6154d2a3/attachment-0001.htm>
