Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 08d4ab66 by Salvatore Bonaccorso at 2023-08-13T12:20:25+02:00 Revert "Mark CVE-2023-26590 as not-affected" This reverts commit 4009500a2ff716b394a38b09c42a73cbe257228f. The correct entry should be note the version including the fix landing in unstable, and separately if still in the supported suites in the security-tracker a respective suite entry. Additionally a note should clarify why this CVE is fixed by a particular change from the different CVE. - - - - - b04805f9 by Salvatore Bonaccorso at 2023-08-13T12:20:57+02:00 Revert "Mark CVE-2023-34432 as not affected" This reverts commit b13f24703fd76432c9930e121d4a21e867eb71ee. The correct entry should be note the version including the fix landing in unstable, and separately if still in the supported suites in the security-tracker a respective suite entry. Additionally a note should clarify why this CVE is fixed by a particular change from the different CVE. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4904,10 +4904,9 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - - sox <not-affected> (fixed by fix of CVE-2021-23159 and CVE-2021-23172) + - sox <unfixed> (bug #1041110) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ - NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2021-23159.patch CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) @@ -4941,10 +4940,9 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - - sox <not-affected> (Fixed by CVE-2022-31650 patch) + - sox <unfixed> (bug #1041113) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ - NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) NOT-FOR-US: Dynacase CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits