[Git][security-tracker-team/security-tracker][master] Update information on glib2.0 issues mentioning the regression CVEs

Wed Aug 2 14:33:27 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b906c49 by Salvatore Bonaccorso at 2023-08-02T15:32:56+02:00
Update information on glib2.0 issues mentioning the regression CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14870,6 +14870,12 @@ CVE-2013-10024 (A vulnerability has been found in Exit Strategy Plugin 1.55 and
 	NOT-FOR-US: WordPress plugin
 CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It has bee ...)
 	NOT-FOR-US: WordPress plugin
+CVE-2023-32636
+	- glib2.0 <not-affected> (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied)
+	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+CVE-2023-32643
+	- glib2.0 <not-affected> (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied)
+	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
 CVE-2023-32665 [GVariant deserialisation does not match spec for non-normal data]
 	- glib2.0 2.74.4-1
 	[bullseye] - glib2.0 <no-dsa> (Minor issue)
@@ -14877,7 +14883,7 @@ CVE-2023-32665 [GVariant deserialisation does not match spec for non-normal data
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
 	NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
-	NOTE: Be careful. Original fix introduces new bugs.
+	NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
 CVE-2023-32611 [g_variant_byteswap() can take a long time with some non-normal inputs]
@@ -14887,7 +14893,8 @@ CVE-2023-32611 [g_variant_byteswap() can take a long time with some non-normal i
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
 	NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
-	NOTE: Be careful. Original fix introduces new bugs.
+	NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636
+
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
 CVE-2023-29499 [GVariant offset table entry size is not checked in is_normal()]
@@ -14897,7 +14904,7 @@ CVE-2023-29499 [GVariant offset table entry size is not checked in is_normal()]
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
 	NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
-	NOTE: Be careful. Original fix introduces new bugs.
+	NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
 CVE-2023-29493



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b906c49ba1819dc8b70b47bfa4929f1671b8c87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b906c49ba1819dc8b70b47bfa4929f1671b8c87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230802/3db5ccc6/attachment.htm>
