[Git][security-tracker-team/security-tracker][master] CVE-2023-49582/apr: Ignore in bullseye

Sat Nov 23 22:33:19 GMT 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab3c6889 by Adrian Bunk at 2024-11-24T00:32:25+02:00
CVE-2023-49582/apr: Ignore in bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23633,9 +23633,11 @@ CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devi
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
 	- apr 1.7.5-1 (bug #1080375)
 	[bookworm] - apr 1.7.2-3+deb12u1
-	[bullseye] - apr <postponed> (Minor issue; can be fixed in next update)
+	[bullseye] - apr <ignored> (binary packages not affected due to APR_USE_SHMEM_SHMGET=1)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
 	NOTE: https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
+	NOTE: Exposed by: https://github.com/apache/apr/commit/dcdd7daaef7ee6c077a4769a5bec1fbc11e5611f (trunk)
+	NOTE: Exposed by: https://github.com/apache/apr/commit/ebd6c401ccceea461a929122526caacf9c9e7b1d (1.7.1-rc1)
 	NOTE: Fixed by: https://github.com/apache/apr/commit/501072062dfcbc459f5d1e576113d17c7de84d5a (trunk)
 	NOTE: Fixed by: https://github.com/apache/apr/commit/36ea6d5a2bfc480dd8032cc8651e6793552bc2aa (1.7.5)
 CVE-2024-44942 (In the Linux kernel, the following vulnerability has been resolved:  f ...)


=====================================
data/dla-needed.txt
=====================================
@@ -34,10 +34,6 @@ ansible
   NOTE: 20241120: Waiting for release by Lee testsuite is ok
   NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed
 --
-apr (Adrian Bunk)
-  NOTE: 20241121: Added by Front-Desk (Beuc)
-  NOTE: 20241121: Follow fixes from bookworm 12.8 (CVE-2023-49582) (Beuc/front-desk)
---
 avahi (Adrian Bunk)
   NOTE: 20241119: Added by Front-Desk (Beuc)
   NOTE: 20241119: Multiple CVEs now fixed upstream: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054880#12



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3c6889f1eb92abab588cc57f578128eec34f09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3c6889f1eb92abab588cc57f578128eec34f09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241123/06bfab75/attachment.htm>
