[Git][security-tracker-team/security-tracker][master] Reserve DLA-4426-1 for osslsigncode

Abhijith PA (@abhijith) abhijith at debian.org
Tue Dec 30 05:25:32 GMT 2025 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
635cdf63 by Abhijith PA at 2025-12-30T10:55:06+05:30
Reserve DLA-4426-1 for osslsigncode

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -252348,7 +252348,6 @@ CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encrypti
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...)
 	{DLA-3693-1}
 	- osslsigncode 2.3.0-1 (bug #1035875)
-	[bullseye] - osslsigncode <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...)
 	NOT-FOR-US: Maxsite CMS


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Dec 2025] DLA-4426-1 osslsigncode - security update
+	{CVE-2023-36377}
+	[bullseye] - osslsigncode 2.5-4~deb11u1
 [29 Dec 2025] DLA-4425-1 python-django - security update
 	{CVE-2025-64459 CVE-2025-64460}
 	[bullseye] - python-django 2:2.2.28-1~deb11u10


=====================================
data/dla-needed.txt
=====================================
@@ -316,9 +316,6 @@ opencryptoki
   NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
   NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
 --
-osslsigncode (abhijith)
-  NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
---
 p7zip
   NOTE: 20251020: Added by Front-Desk (dleidert)
   NOTE: 20251020: I disagree with the low-severity ratings; but finding the patches might be a hard (dleidert/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635cdf63dfb35e840792a8abf5b22f4e6e6cabc3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635cdf63dfb35e840792a8abf5b22f4e6e6cabc3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/57316ec7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list