[Git][security-tracker-team/security-tracker][master] Add CVE-2022-48538/cacti
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 23 20:09:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f18a142b by Salvatore Bonaccorso at 2023-08-23T21:07:25+02:00
Add CVE-2022-48538/cacti
Mark this one as unimportant with the following reasoning: The issue is
only relevant when cacti is running with php8.2, which is bookworm and
above. Cacti in bookworm contains already the fix. For the older suites,
while sourcewise the issue might be present, it is not in the respective
suite due to unaavailability of php8.2 in official Debian repository.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -177,7 +177,10 @@ CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/004194253242af71adf5b70e151a7e89bb776eee (6.9.11-46)
CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web login fu ...)
- TODO: check
+ - cacti 1.2.23+ds1-1 (unimportant)
+ NOTE: https://github.com/Cacti/cacti/issues/5189
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9b53889c340031be67b62006a516e847b3793dcb (release/1.2.23)
+ NOTE: Only an issue when running with PHP8.2.
CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...)
TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18a142b5cee2cd1b6c78b9fbba31b1598d3acb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18a142b5cee2cd1b6c78b9fbba31b1598d3acb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/734c148b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list