diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-31 06:54:25 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-31 06:54:25 +0100 |
commit | 7e507c932b999df48f808969c00f07a638e3357b (patch) | |
tree | cbf454856052180cf354217512e5bfee9f723b74 /data/DLA | |
parent | b1a1b40e7095d0781883559f014ea512a9b44609 (diff) |
Mark CVE-2023-40462 as NFU
The vulnerability report states that "one issue has two CVE IDs because
it affects TinyXML independently (CVE-2023-34194) and as used by
ACEmanager (CVE-2023-40462).
With that and given both CVEs are listed under the same issue in the
Table 2, it looks safe to assume that CVE-2023-40462 is the ACEmanager
specific CVE, while CVE-2023-34194 is for the underlying part in
tinyxml.
This is as well inline with the product association given in the CVE
entry from MITRE.
Link: https://www.forescout.com/resources/sierra21-vulnerabilities
Link: https://www.cve.org/CVERecord?id=CVE-2023-40462
Diffstat (limited to 'data/DLA')
-rw-r--r-- | data/DLA/list | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/DLA/list b/data/DLA/list index 85f3afe48a..b3289c9d79 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -2,7 +2,7 @@ {CVE-2023-7101} [buster] - libspreadsheet-parseexcel-perl 0.6500-1+deb10u1 [31 Dec 2023] DLA-3701-1 tinyxml - security update - {CVE-2023-34194 CVE-2023-40462} + {CVE-2023-34194} [buster] - tinyxml 2.6.2-4+deb10u2 [30 Dec 2023] DLA-3700-1 cjson - security update {CVE-2023-50471} |