[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-23649/cosign

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a583b3a5 by Salvatore Bonaccorso at 2026-01-10T09:38:58+01:00
Update status for CVE-2022-23649/cosign

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -369039,7 +369039,9 @@ CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage provid
 CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
 	NOT-FOR-US: Netmaker
 CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
-	NOT-FOR-US: Cosign
+	- cosign <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/sigstore/cosign/security/advisories/GHSA-ccxc-vr6p-4858
+	NOTE: Fixed by: https://github.com/sigstore/cosign/commit/96d410a6580e4e81d24d112a0855c70ca3fb5b49 (2.0.0-rc.1)
 CVE-2022-23648 (containerd is a container runtime available as a daemon for Linux and  ...)
 	{DSA-5091-1}
 	- containerd 1.6.1~ds1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a583b3a56a52c482f5513f1eb9021f87737f166d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a583b3a56a52c482f5513f1eb9021f87737f166d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/4e387f6b/attachment.htm>