Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7e1b48a3 by Markus Koschany at 2023-07-30T17:11:21+02:00 CVE-2023-38408,openssh: triage as no-dsa for Buster Requires specific conditions like forwarding and an already compromised system. - - - - - f99b7d3a by Markus Koschany at 2023-07-30T17:11:22+02:00 CVE-2023-37769,pixman: triage Buster as no-dsa Minor issue. Affects only a test executable. - - - - - cd0354a8 by Markus Koschany at 2023-07-30T17:11:23+02:00 CVE-2022-40896,pygments: Buster is no-dsa Minor issue - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -916,6 +916,7 @@ CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an - openssh 1:9.3p2-1 (bug #1042460) [bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning) [bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning) + [buster] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning) NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9 NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a @@ -1310,6 +1311,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE - pixman <unfixed> [bookworm] - pixman <no-dsa> (Minor issue) [bullseye] - pixman <no-dsa> (Minor issue) + [buster] - pixman <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) NOT-FOR-US: Open Enclave @@ -62456,6 +62458,7 @@ CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pyg - pygments 2.15.1+dfsg-1 [bookworm] - pygments <no-dsa> (Minor issue) [bullseye] - pygments <no-dsa> (Minor issue) + [buster] - pygments <no-dsa> (Minor issue) NOTE: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ NOTE: https://github.com/pygments/pygments/issues/2356 NOTE: https://github.com/pygments/pygments/issues/2355 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits