[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-46737/cosign

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7652fab0 by Salvatore Bonaccorso at 2026-01-10T09:55:37+01:00
Update status for CVE-2023-46737/cosign

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -239360,7 +239360,9 @@ CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in
 CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In  ...)
 	NOT-FOR-US: Squidex
 CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...)
-	NOT-FOR-US: Cosign
+	- cosign <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9
+	NOTE: Fixed by: https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f (v2.2.1)
 CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...)
 	NOT-FOR-US: Group-Office CRM
 CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7652fab0ae94514f3c90dfe66ff21a8d6833e77c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7652fab0ae94514f3c90dfe66ff21a8d6833e77c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/25b52a9c/attachment-0001.htm>