Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 117a941f by Salvatore Bonaccorso at 2023-11-13T21:29:14+01:00 Mark CVE-2023-46894 as unimportant with a reationale from maintainer - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -333,8 +333,12 @@ CVE-2023-47237 (Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson CVE-2023-47110 (blockreassurance adds an information block aimed at offering helpful i ...) NOT-FOR-US: blockreassurance CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view sensitiv ...) - - esptool <unfixed> (bug #1055773) + - esptool <unfixed> (bug #1055773; unimportant) NOTE: https://github.com/espressif/esptool/issues/926 + NOTE: Old revisions of one of the supported chipsets were using AES ECB for secure + NOTE: boot and flash encryption, but newer ones have switched to newer cryptographic + NOTE: algorithms. esptool keeps support for the older algorithms, in order to keep + NOTE: the ability to work with older revisions of the hardware. CVE-2023-46743 (application-collabora is an integration of Collabora Online in XWiki. ...) NOT-FOR-US: XWiki CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits