[Git][security-tracker-team/security-tracker][master] first batch of wastime RUSTSEC assignments and data fixes

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
969d3835 by Moritz Mühlenhoff at 2025-05-02T15:41:40+02:00
first batch of wastime RUSTSEC assignments and data fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -160518,7 +160518,8 @@ CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working with
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d (master)
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 (3.7.5)
 CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions fr ...)
-	NOT-FOR-US: Wasmtime
+	- rust-wasmtime 15.0.0+dfsg-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0091.html
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site  ...)
 	NOT-FOR-US: Froala Editor
 CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
@@ -189489,7 +189490,8 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and
 	NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1)
 	NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4)
 CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0093.html
 CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
 	{DSA-5426-1 DLA-3470-1}
 	[experimental] - owslib 0.28.1-1~exp1
@@ -234645,7 +234647,8 @@ CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to versi
 CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
 	NOT-FOR-US: wasmtime
 CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0102.html
 CVE-2022-39391
 	RESERVED
 CVE-2022-39390
@@ -276876,7 +276879,8 @@ CVE-2022-24792 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
 	NOTE: should only affect 32bit builds.
 CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0099.html
 CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...)
 	{DSA-5146-1 DLA-3083-1}
 	- puma 5.6.4-1 (bug #1008723)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/969d3835aa55e380af1ff5c00c89f53c42045ca1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/969d3835aa55e380af1ff5c00c89f53c42045ca1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/680e7114/attachment.htm>