[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-50967/jose as postponed for buster
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Mon May 20 02:21:11 BST 2024
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33bcd586 by Utkarsh Gupta at 2024-05-20T06:50:50+05:30
Mark CVE-2023-50967/jose as postponed for buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20761,6 +20761,7 @@ CVE-2023-51444 (GeoServer is an open source software server written in Java that
NOT-FOR-US: GeoServer
CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...)
- jose 13-1 (bug #1067457)
+ [buster] - jose <postponed> (DoS via a large p2c value but still appears minor; similar to CVE-2023-50966)
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md
NOTE: https://github.com/latchset/jose/issues/151
NOTE: Fixed by: https://github.com/latchset/jose/commit/4ee7708bf6dbfaa712749f081eec1f0d122fa001 (v13)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bcd58601e7a09f4416e53323dcb3e8288bc56a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bcd58601e7a09f4416e53323dcb3e8288bc56a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240520/982b9e6e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list