1. Forum
  2. Usenet
  3. LINUX.DEBIAN.SECURITY

  • CVE-2023-41105 not fixed in bookworm

    From Richard van den Berg@21:1/5 to All on Fri Mar 1 09:20:01 2024
    Dear security team,

    May I ask why CVE-2023-41105 was marked as "<no-dsa> (Minor issue)"[1] ?

    As the CVE description says there are plausible cases where this can
    lead to security issues.

    There is a backport available for python 3.11 and it seems most other
    distros have patched this CVE.

    Kind regards,

    Richard van den Berg

    1: https://security-tracker.debian.org/tracker/CVE-2023-41105

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Richard van den Berg on Sun Mar 10 15:00:02 2024
    Hi,

    On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote:
    Dear security team,

    May I ask why CVE-2023-41105 was marked as "<no-dsa> (Minor issue)"[1] ?

    As the CVE description says there are plausible cases where this can lead to security issues.

    There is a backport available for python 3.11 and it seems most other
    distros have patched this CVE.

    The current open issues for python3.11 in bookworm do not warrant a
    DSA on it's own, but that does not mean that they cannot be fixed
    (though someone needs to step up and do the work).

    The current three open CVEs CVE-2023-24329, CVE-2023-40217 and
    CVE-2023-41105 could be batched together and fixed in a point release
    (there is one upcoming on 2024-04-06, whith the window for uploads
    closing the preceeding weekend).

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From piorunz@21:1/5 to StealthMode Hu on Sun Mar 17 14:30:01 2024
    On 10/03/2024 21:23, StealthMode Hu wrote:
    Im just going to state this and let yall figure it out.

    Security Exploits / CVE?

    Look no matter what OS, or SOFTWARE you run on your electronics hardware.

    At the end of the day, Electronics has a fatal flaw. And cannot be secured.

    That flaw has been known about since Electronics was invented / discovered.

    And any notion of " Security " of electronics, or software operating on electronics.

    Is a delusional thought.

    Security is porous, as Steve Gibson would said. The harder you look, the
    more you find. However, it doesn't mean that "security is a delusional thought", that's false. Security is crucial. Think of security as an
    ongoing process, to patch up every leak as soon as we can, because every
    day there will be another hole though which water will start to seep.

    --
    With kindest regards, Piotr.

    ⢀⣴⠾⠻⢶⣦⠀
    ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
    ⠈⠳⣄⠀⠀⠀⠀

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)