Re: CVE-2023-41105 not fixed in bookworm

Im just going to state this and let yall figure it out.

Security Exploits / CVE?

Look no matter what OS, or SOFTWARE you run on your electronics hardware.

At the end of the day, Electronics has a fatal flaw. And cannot be secured.

That flaw has been known about since Electronics was invented / discovered.

And any notion of " Security " of electronics, or software operating on electronics.

Is a delusional thought.

On Sun, Mar 10, 2024 at 9:59 AM Salvatore Bonaccorso <carnil@debian.org> wrote:

Hi,

On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote:
> Dear security team,
>
> May I ask why CVE-2023-41105 was marked as "<no-dsa> (Minor issue)"[1] ?
>
> As the CVE description says there are plausible cases where this can lead to
> security issues.
>
> There is a backport available for python 3.11 and it seems most other
> distros have patched this CVE.

The current open issues for python3.11 in bookworm do not warrant a
DSA on it's own, but that does not mean that they cannot be fixed
(though someone needs to step up and do the work).

The current three open CVEs CVE-2023-24329, CVE-2023-40217 and
CVE-2023-41105 could be batched together and fixed in a point release
(there is one upcoming on 2024-04-06, whith the window for uploads
closing the preceeding weekend).

Regards,
Salvatore

Reply to:

References:

CVE-2023-41105 not fixed in bookworm
- From: Richard van den Berg <richard@vdberg.org>
Re: CVE-2023-41105 not fixed in bookworm
- From: Salvatore Bonaccorso <carnil@debian.org>