[Git][security-tracker-team/security-tracker][master] triage older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 22 08:11:48 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77066342 by Moritz Muehlenhoff at 2024-11-22T09:10:01+01:00
triage older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124185,12 +124185,12 @@ CVE-2023-2642 (A vulnerability classified as critical has been found in SourceCo
 CVE-2023-2641 (A vulnerability was found in SourceCodester Online Internship Manageme ...)
 	NOT-FOR-US: SourceCodester Online Internship Management System
 CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto  ...)
-	- in-toto <unfixed> (bug #1035934)
-	[bookworm] - in-toto <no-dsa> (Minor issue)
-	[bullseye] - in-toto <no-dsa> (Minor issue)
+	- in-toto 2.0.0-1 (bug #1035934; unimportant)
 	NOTE: https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf
 	NOTE: https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59 (v2.0.0)
 	NOTE: https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325 (v2.0.0)
+	NOTE: Negbligible security impact, that's just how hidden files work...
+	NOTE: Fixed version is the release which dropped support for parsing these files
 CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, ...)
 	NOT-FOR-US: XWiki
 CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...)
@@ -180450,11 +180450,12 @@ CVE-2022-40153
 	REJECTED
 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of  ...)
 	- libwoodstox-java <unfixed> (bug #1032089)
-	[bookworm] - libwoodstox-java <no-dsa> (Minor issue)
+	[bookworm] - libwoodstox-java <ignored> (Minor issue)
 	[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
 	[buster] - libwoodstox-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/x-stream/xstream/issues/304
 	NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
+	NOTE: https://github.com/FasterXML/woodstox/commit/7e93907e9c98270e76e20d55c4d35bd600edbb20 (woodstox-core-5.4.0)
 CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
 	- libxstream-java <unfixed> (unimportant)
 	NOTE: https://github.com/x-stream/xstream/issues/304



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770663420051738a89e38da719f6f6442295896b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770663420051738a89e38da719f6f6442295896b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/c265738b/attachment.htm>

More information about the debian-security-tracker-commits mailing list