bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 02 Feb 2024 06:58:32 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e39d7c7d by Moritz Mühlenhoff at 2024-02-02T15:57:35+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -505,6 +505,8 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce 
while writing a value
        TODO: check details
 CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption 
padding re ...)
        - opensc <unfixed>
+       [bookworm] - opensc <no-dsa> (Minor issue)
+       [bullseye] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
        NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
        NOTE: https://github.com/OpenSC/OpenSC/pull/2948
@@ -950,9 +952,13 @@ CVE-2024-0959 (A vulnerability was found in StanfordVL 
GibsonEnv 0.3.1. It has b
        NOT-FOR-US: StanfordVL GibsonEnv
 CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 
and 3.x b ...)
        - mbedtls 2.28.7-1
+       [bookworm] - mbedtls <no-dsa> (Minor issue)
+       [bullseye] - mbedtls <no-dsa> (Minor issue)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
 CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x 
before 3 ...)
        - mbedtls 2.28.7-1
+       [bookworm] - mbedtls <no-dsa> (Minor issue)
+       [bullseye] - mbedtls <no-dsa> (Minor issue)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
 CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        NOT-FOR-US: WordPress plugin
@@ -6433,6 +6439,8 @@ CVE-2023-50837 (Improper Neutralization of Special 
Elements used in an SQL Comma
        NOT-FOR-US: WordPress plugin
 CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy 
v3.24.1 ...)
        - jline3 <unfixed> (bug #1059726)
+       [bookworm] - jline3 <no-dsa> (Minor issue)
+       [bullseye] - jline3 <no-dsa> (Minor issue)
        NOTE: https://github.com/jline/jline3/issues/909
        NOTE: 
https://github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb 
(jline-parent-3.25.0)
        TODO: check if jline 3.x specific or affects as well src:jline2, 
src:jline


=====================================
data/dsa-needed.txt
=====================================
@@ -74,6 +74,8 @@ ruby-sinatra/oldstable
 --
 ruby-tzinfo/oldstable
 --
+runc
+--
 salt/oldstable
 --
 samba/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39d7c7d67994189971fb6a5071413c28eb8a893

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39d7c7d67994189971fb6a5071413c28eb8a893
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to