[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-38408,openssh: triage as no-dsa for Buster

Sun, 30 Jul 2023 08:11:47 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e1b48a3 by Markus Koschany at 2023-07-30T17:11:21+02:00
CVE-2023-38408,openssh: triage as no-dsa for Buster

Requires specific conditions like forwarding and an already compromised system.

- - - - -
f99b7d3a by Markus Koschany at 2023-07-30T17:11:22+02:00
CVE-2023-37769,pixman: triage Buster as no-dsa

Minor issue. Affects only a test executable.

- - - - -
cd0354a8 by Markus Koschany at 2023-07-30T17:11:23+02:00
CVE-2022-40896,pygments: Buster is no-dsa

Minor issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,6 +916,7 @@ CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH 
before 9.3p2 has an
        - openssh 1:9.3p2-1 (bug #1042460)
        [bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions 
and forwarding was always subject to caution warning)
        [bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions 
and forwarding was always subject to caution warning)
+       [buster] - openssh <no-dsa> (Minor issue; needs specific conditions and 
forwarding was always subject to caution warning)
        NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
        NOTE: 
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
        NOTE: 
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
@@ -1310,6 +1311,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was 
discovered to contain a FPE
        - pixman <unfixed>
        [bookworm] - pixman <no-dsa> (Minor issue)
        [bullseye] - pixman <no-dsa> (Minor issue)
+       [buster] - pixman <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)
        NOT-FOR-US: Open Enclave
@@ -62456,6 +62458,7 @@ CVE-2022-40896 (A ReDoS issue was discovered in 
pygments/lexers/smithy.py in pyg
        - pygments 2.15.1+dfsg-1
        [bookworm] - pygments <no-dsa> (Minor issue)
        [bullseye] - pygments <no-dsa> (Minor issue)
+       [buster] - pygments <no-dsa> (Minor issue)
        NOTE: 
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
        NOTE: https://github.com/pygments/pygments/issues/2356
        NOTE: https://github.com/pygments/pygments/issues/2355



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to