[Git][security-tracker-team/security-tracker][master] CVE-2022-24903/rsyslog: documentation relationship with CVE-2018-16881

Sylvain Beucler (@beuc) beuc at debian.org
Thu May 19 07:30:41 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81941f17 by Sylvain Beucler at 2022-05-19T08:30:21+02:00
CVE-2022-24903/rsyslog: documentation relationship with CVE-2018-16881

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17689,6 +17689,7 @@ CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules for
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/05/3
 	NOTE: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
 	NOTE: https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f (v8.2204.1)
+	NOTE: Introduced partially by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2 (v8.27.0, CVE-2018-16881)
 CVE-2022-24902 (TkVideoplayer is a simple library to play video files in tkinter. Unco ...)
 	NOT-FOR-US: TkVideoplayer
 CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple Game Cen ...)
@@ -244599,6 +244600,7 @@ CVE-2018-16881 (A denial of service vulnerability was found in rsyslog in the im
 	[jessie] - rsyslog <not-affected> (Vulnerable code introduced in 8.13.1)
 	NOTE: Fixed by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
 	NOTE: Introduced by: https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6
+	NOTE: Fix introduces CVE-2022-24903
 CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in the [vh ...)
 	- linux 4.19.20-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81941f17c0ca4d7272fb654828bec46d2b998c97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81941f17c0ca4d7272fb654828bec46d2b998c97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220519/a78c9e02/attachment.htm>

More information about the debian-security-tracker-commits mailing list