[Git][security-tracker-team/security-tracker][master] triage for older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 29 14:10:20 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c04f245 by Moritz Muehlenhoff at 2024-10-29T15:09:07+01:00
triage for older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66683,7 +66683,7 @@ CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered t
 	NOT-FOR-US: Cypress Solutions CTM-200
 CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...)
 	- libgcrypt20 <unfixed> (bug #1065683)
-	[bookworm] - libgcrypt20 <no-dsa> (Minor issue)
+	[bookworm] - libgcrypt20 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libgcrypt20 <no-dsa> (Minor issue)
 	[buster] - libgcrypt20 <postponed> (Minor issue; side-channel timing attack)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
@@ -81918,7 +81918,7 @@ CVE-2023-50837 (Improper Neutralization of Special Elements used in an SQL Comma
 	NOT-FOR-US: WordPress plugin
 CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 ...)
 	- jline3 <unfixed> (bug #1059726)
-	[bookworm] - jline3 <no-dsa> (Minor issue)
+	[bookworm] - jline3 <ignored> (Minor issue)
 	[bullseye] - jline3 <no-dsa> (Minor issue)
 	- jline2 <not-affected> (Only affects 3.x)
 	- jline <not-affected> (Only affects 3.x)
@@ -114287,7 +114287,7 @@ CVE-2023-32310 (DataEase is an open source data visualization and analysis tool.
 	NOT-FOR-US: DataEase
 CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
 	- libeconf 0.5.2+dfsg1-1 (bug #1037333)
-	[bookworm] - libeconf <no-dsa> (Minor issue)
+	[bookworm] - libeconf <ignored> (Minor issue, no reverse deps)
 	[bullseye] - libeconf <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libeconf/issues/178
 	NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2)
@@ -139001,7 +139001,7 @@ CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovere
 	NOT-FOR-US: LuCI openwrt
 CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
 	- libelfin <unfixed> (bug #1033741)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/75
@@ -143941,7 +143941,7 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve
 	NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
 CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
 	- libeconf 0.5.2+dfsg1-1 (bug #1037333)
-	[bookworm] - libeconf <no-dsa> (Minor issue)
+	[bookworm] - libeconf <ignored> (Minor issue, no reverse deps)
 	[bullseye] - libeconf <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libeconf/issues/177
 	NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2)
@@ -318266,7 +318266,7 @@ CVE-2020-24828
 	RESERVED
 CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318274,7 +318274,7 @@ CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libe
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
 CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318282,7 +318282,7 @@ CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libel
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
 CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318290,7 +318290,7 @@ CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelf
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
 CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318298,7 +318298,7 @@ CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_ta
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
 CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318306,7 +318306,7 @@ CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
 CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)
@@ -318314,7 +318314,7 @@ CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
 CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
 	- libelfin <unfixed> (bug #1014122)
-	[bookworm] - libelfin <no-dsa> (Minor issue)
+	[bookworm] - libelfin <ignored> (Minor issue)
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
 	[stretch] - libelfin <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c04f24512c7d42059339c73fbc59ec0da17546f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c04f24512c7d42059339c73fbc59ec0da17546f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241029/e4e2f89a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list