[Git][security-tracker-team/security-tracker][master] 2 commits: Unify style for some notes

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 9 20:25:30 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db6749c3 by Salvatore Bonaccorso at 2023-08-09T21:22:44+02:00
Unify style for some notes

- - - - -
fba58211 by Salvatore Bonaccorso at 2023-08-09T21:23:52+02:00
CVE-2023-20569: Reference followup for 4th Gen AMD EPYC processors via #1043381

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16353,7 +16353,7 @@ CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Ge
 	[buster] - zabbix <not-affected> (vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-22981
 	NOTE: Patches links: https://support.zabbix.com/browse/ZBX-22720
-	NOTE: vulnerable geopmap widget introduced in version 6.0.0alpha6 with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2
+	NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6)
 CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...)
 	- zabbix <unfixed>
 	[bullseye] - zabbix <not-affected> (5.x not affected)
@@ -54548,7 +54548,7 @@ CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow a
 	NOTE: 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan),
 	NOTE: further update for 4th gen EPYC CPUs to follow in later releases.
 	NOTE: Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and
-	NOTE: Bergamo (Family=0x19 Model=0xa0) with:
+	NOTE: Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381):
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f
 	NOTE: https://comsec.ethz.ch/research/microarch/inception/
 	NOTE: https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf
@@ -56952,8 +56952,8 @@ CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintai
 	[bullseye] - zabbix <ignored> (Minor issue)
 	[buster] - zabbix <ignored> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22050
-	NOTE: Patches: for 4.0.45rc1 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa58889ba54b2350e211a5f315baabbaf7228045
-	NOTE: for 5.0.30rc1 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e
+	NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa58889ba54b2350e211a5f315baabbaf7228045 (4.0.45rc1)
+	NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e (5.0.30rc1)
 CVE-2022-43514 (A vulnerability has been identified in Automation License Manager V5 ( ...)
 	NOT-FOR-US: Automation License Manager
 CVE-2022-43513 (A vulnerability has been identified in Automation License Manager V5 ( ...)
@@ -270352,7 +270352,7 @@ CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with un
 	NOTE: https://support.zabbix.com/browse/ZBX-16551
 	NOTE: https://support.zabbix.com/browse/ZBXNEXT-1898
 	NOTE: https://www.zabbix.com/documentation/5.0/manual/introduction/whatsnew500#stronger_cryptography_for_passwords
-	NOTE: patch for 5.0.0: https://github.com/zabbix/zabbix/commit/3c4b81c66da
+	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/0bc1a41104cf747edbda6d2c84c7ade9d714fb30 (5.0.0alpha1)
 CVE-2020-1784
 	RESERVED
 CVE-2020-1783
@@ -279529,8 +279529,9 @@ CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&dash
 	NOTE: Disputed by upstream, closed as not a security bug.
 	NOTE: Guest account is disabled by default starting in 4.0.15rc1, 4.4.2rc1 and
 	NOTE: 5.0.0alpha1 (Cf. https://support.zabbix.com/browse/ZBXNEXT-5532)
-	NOTE: Patch to disable default user by default, for 5.0.0alpha1: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/9fd6f1c35
-	NOTE: and for 4.0.15rc: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/cd3921882
+	NOTE: Patch to disable default user by default:
+	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/9fd6f1c35 (5.0.0alpha1)
+	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/cd3921882 (4.0.15rc1)
 CVE-2019-17381
 	RESERVED
 CVE-2019-17380 (cPanel before 82.0.15 allows self XSS in the WHM Update Preferences in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d39481247db7f5d33200ff32ca1f64203922543...fba582111255373e28b5ae666622a7a0e85fa708

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d39481247db7f5d33200ff32ca1f64203922543...fba582111255373e28b5ae666622a7a0e85fa708
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230809/e53f0c2b/attachment.htm>

More information about the debian-security-tracker-commits mailing list