[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-6378/logback
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 4 19:53:37 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce3a34a1 by Salvatore Bonaccorso at 2023-12-04T20:52:55+01:00
Update information for CVE-2023-6378/logback
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -844,6 +844,9 @@ CVE-2023-6378 (A serialization vulnerability in logback receiver component part
[bullseye] - logback <no-dsa> (Minor issue)
[buster] - logback <postponed> (Minor issue, DoS)
NOTE: https://logback.qos.ch/news.html#1.3.12
+ NOTE: Fixed by: https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731 (v_1.3.12)
+ NOTE: Only exploitable f logback receiver component is deployed:
+ NOTE: https://logback.qos.ch/manual/receivers.html
CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3a34a1405a07f427208dcd8e891cdae8ec2f5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3a34a1405a07f427208dcd8e891cdae8ec2f5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231204/c6b8b734/attachment.htm>
More information about the debian-security-tracker-commits
mailing list