Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6310
| From | Salvatore Bonaccorso <carnil@debian.org> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: CVE-2023-41105 not fixed in bookworm |
| Date | 2024-03-10 15:00 +0100 |
| Message-ID | <IgrSy-fHGe-13@gated-at.bofh.it> (permalink) |
| References | <Id6hz-dEcv-5@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Hi, On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote: > Dear security team, > > May I ask why CVE-2023-41105 was marked as "<no-dsa> (Minor issue)"[1] ? > > As the CVE description says there are plausible cases where this can lead to > security issues. > > There is a backport available for python 3.11 and it seems most other > distros have patched this CVE. The current open issues for python3.11 in bookworm do not warrant a DSA on it's own, but that does not mean that they cannot be fixed (though someone needs to step up and do the work). The current three open CVEs CVE-2023-24329, CVE-2023-40217 and CVE-2023-41105 could be batched together and fixed in a point release (there is one upcoming on 2024-04-06, whith the window for uploads closing the preceeding weekend). Regards, Salvatore
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
CVE-2023-41105 not fixed in bookworm Richard van den Berg <richard@vdberg.org> - 2024-03-01 09:20 +0100
Re: CVE-2023-41105 not fixed in bookworm Salvatore Bonaccorso <carnil@debian.org> - 2024-03-10 15:00 +0100
Re: CVE-2023-41105 not fixed in bookworm StealthMode Hu <stealthmode1975@gmail.com> - 2024-03-10 22:30 +0100
Re: CVE-2023-41105 not fixed in bookworm piorunz <piorunz@gmx.com> - 2024-03-17 14:30 +0100
csiph-web