Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
117a941f by Salvatore Bonaccorso at 2023-11-13T21:29:14+01:00
Mark CVE-2023-46894 as unimportant with a reationale from maintainer
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -333,8 +333,12 @@ CVE-2023-47237 (Cross-Site Request Forgery (CSRF)
vulnerability in Martin Gibson
CVE-2023-47110 (blockreassurance adds an information block aimed at offering
helpful i ...)
NOT-FOR-US: blockreassurance
CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view
sensitiv ...)
- - esptool <unfixed> (bug #1055773)
+ - esptool <unfixed> (bug #1055773; unimportant)
NOTE: https://github.com/espressif/esptool/issues/926
+ NOTE: Old revisions of one of the supported chipsets were using AES ECB
for secure
+ NOTE: boot and flash encryption, but newer ones have switched to newer
cryptographic
+ NOTE: algorithms. esptool keeps support for the older algorithms, in
order to keep
+ NOTE: the ability to work with older revisions of the hardware.
CVE-2023-46743 (application-collabora is an integration of Collabora Online in
XWiki. ...)
NOT-FOR-US: XWiki
CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao
Corp WP Hel ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
