[Git][security-tracker-team/security-tracker][master] triage of older issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 11 08:44:34 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e79b6fd9 by Moritz Muehlenhoff at 2024-11-11T09:44:22+01:00
triage of older issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107443,11 +107443,11 @@ CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions
NOT-FOR-US: Notepad++
CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...)
- cargo <unfixed> (bug #1059305)
- [bookworm] - cargo <no-dsa> (Minor issue)
+ [bookworm] - cargo <ignored> (Minor issue)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <no-dsa> (Minor issue)
- rust-cargo 0.76.0-1 (bug #1059306)
- [bookworm] - rust-cargo <no-dsa> (Minor issue)
+ [bookworm] - rust-cargo <ignored> (Minor issue)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <no-dsa> (Minor issue)
NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p
@@ -110378,11 +110378,11 @@ CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL inj
NOT-FOR-US: ai-dev aitable
CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...)
- cargo <unfixed> (bug #1043553)
- [bookworm] - cargo <no-dsa> (Minor issue)
+ [bookworm] - cargo <ignored> (Minor issue)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <postponed> (Minor issue, hard to exploit)
- rust-cargo 0.76.0-1 (bug #1043554)
- [bookworm] - rust-cargo <no-dsa> (Minor issue)
+ [bookworm] - rust-cargo <ignored> (Minor issue)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <postponed> (Minor issue, hard to exploit)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -136797,13 +136797,11 @@ CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable
CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
NOT-FOR-US: collection.js
CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...)
- - configobj 5.0.8-2 (bug #1034152)
- [bookworm] - configobj <no-dsa> (Minor issue)
- [bullseye] - configobj <no-dsa> (Minor issue)
- [buster] - configobj <no-dsa> (Minor issue)
+ - configobj 5.0.8-2 (bug #1034152; unimportant)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
NOTE: https://github.com/DiffSK/configobj/issues/232
NOTE: https://github.com/DiffSK/configobj/pull/236
+ NOTE: Negligible security impact
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...)
@@ -260341,7 +260339,7 @@ CVE-2021-36490
RESERVED
CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...)
- allegro4.4 <unfixed> (bug #1032670)
- [bookworm] - allegro4.4 <no-dsa> (Minor issue)
+ [bookworm] - allegro4.4 <ignored> (Minor issue)
[bullseye] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro4.4 <no-dsa> (Minor issue)
- allegro5 2:5.2.8.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79b6fd9b2b0f18e3e40cf957f932b3741344cc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79b6fd9b2b0f18e3e40cf957f932b3741344cc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241111/0625bf5d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list