[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 28 20:09:05 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18fcb4c0 by Moritz Muehlenhoff at 2024-05-28T21:08:38+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -20348,6 +20348,8 @@ CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary amoun
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	- golang-golang-x-net 1:0.23.0+dfsg-1
+	[bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
+	[bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/65051
 	NOTE: https://github.com/golang/go/commit/e55d7cf8435ba4e58d4a5694e63b391821d4ee9b (go1.22.2)
 	NOTE: https://github.com/golang/go/commit/ae5913347d15cf7d1f218916c22717e5739a9ea3 (go1.21.9)
@@ -24842,6 +24844,8 @@ CVE-2023-51444 (GeoServer is an open source software server written in Java that
 	NOT-FOR-US: GeoServer
 CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...)
 	- jose 13-1 (bug #1067457)
+	[bookworm] - jose <no-dsa> (Minor issue)
+	[bullseye] - jose <no-dsa> (Minor issue)
 	[buster] - jose <postponed> (DoS via a large p2c value but still appears minor; similar to CVE-2023-50966)
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md
 	NOTE: https://github.com/latchset/jose/issues/151


=====================================
data/dsa-needed.txt
=====================================
@@ -73,7 +73,7 @@ ruby2.7/oldstable
 --
 ruby-nokogiri/oldstable
 --
-ruby-rails-html-sanitizer
+ruby-rails-html-sanitizer/oldstable
 --
 ruby-sinatra/oldstable
   Maintainer posted packaging repository link with proposed changes for review



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18fcb4c06929cb67031002942443b6738ddcc3be

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18fcb4c06929cb67031002942443b6738ddcc3be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/96e47668/attachment.htm>

More information about the debian-security-tracker-commits mailing list