[Git][security-tracker-team/security-tracker][master] Add CVE-2022-48538/cacti

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 23 20:09:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f18a142b by Salvatore Bonaccorso at 2023-08-23T21:07:25+02:00
Add CVE-2022-48538/cacti

Mark this one as unimportant with the following reasoning: The issue is
only relevant when cacti is running with php8.2, which is bookworm and
above. Cacti in bookworm contains already the fix. For the older suites,
while sourcewise the issue might be present, it is not in the respective
suite due to unaavailability of php8.2 in official Debian repository.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -177,7 +177,10 @@ CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remo
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/004194253242af71adf5b70e151a7e89bb776eee (6.9.11-46)
 CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web login fu ...)
-	TODO: check
+	- cacti 1.2.23+ds1-1 (unimportant)
+	NOTE: https://github.com/Cacti/cacti/issues/5189
+	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9b53889c340031be67b62006a516e847b3793dcb (release/1.2.23)
+	NOTE: Only an issue when running with PHP8.2.
 CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...)
 	TODO: check
 CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18a142b5cee2cd1b6c78b9fbba31b1598d3acb5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18a142b5cee2cd1b6c78b9fbba31b1598d3acb5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/734c148b/attachment.htm>

More information about the debian-security-tracker-commits mailing list