Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4fe188bf by Salvatore Bonaccorso at 2023-08-24T22:25:06+02:00 Drop information on CVE-2023-38288 and CVE-2023-38289 RedHat as assigning CNA now rejected both with Rejected Reason: Not a Security Issue. which seems to contradict the discussion around https://bugzilla.redhat.com/show_bug.cgi?id=2224971#c8 . For now follow the CNA decision on the CVE rejection and why so there were not assigned two new CVEs. - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -4058,18 +4058,10 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window NOT-FOR-US: Vasion CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) NOT-FOR-US: Vasion -CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c] +CVE-2023-38289 REJECTED - {DLA-3513-1} - - tiff 4.5.1+git230720-1 - NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592 - NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee -CVE-2023-38288 [libtiff: integer overflow in tiffcp.c] +CVE-2023-38288 REJECTED - {DLA-3513-1} - - tiff 4.5.1+git230720-1 - NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 - NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591 CVE-2023-3870 REJECTED CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...) ===================================== data/DLA/list ===================================== @@ -88,7 +88,7 @@ {CVE-2023-33201} [buster] - bouncycastle 1.60-1+deb10u1 [31 Jul 2023] DLA-3513-1 tiff - security update - {CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-38288 CVE-2023-38289} + {CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966} [buster] - tiff 4.1.0+git191117-2~deb10u8 [31 Jul 2023] DLA-3512-1 linux-5.10 - security update {CVE-2023-2156 CVE-2023-3390 CVE-2023-3610 CVE-2023-20593 CVE-2023-31248 CVE-2023-35001} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe188bf632e84ccd8fd580b5fc3cba8e4caeeaa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe188bf632e84ccd8fd580b5fc3cba8e4caeeaa You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits