[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-51384: buster/bullseye not-affected
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 20 17:12:58 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98c11711 by Colin Watson at 2023-12-20T14:21:24+00:00
CVE-2023-51384: buster/bullseye not-affected
Same reason as CVE-2023-28531.
- - - - -
ac8ae148 by Salvatore Bonaccorso at 2023-12-20T17:12:45+00:00
Merge branch 'CVE-2023-51384' into 'master'
CVE-2023-51384: buster/bullseye not-affected
See merge request security-tracker-team/security-tracker!156
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -425,6 +425,8 @@ CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur i
NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...)
- openssh 1:9.6p1-1
+ [bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
NOTE: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (V_9_6_P1)
CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...)
@@ -41722,8 +41724,8 @@ CVE-2023-28532
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
- openssh 1:9.3p1-1 (bug #1033166)
[bookworm] - openssh <no-dsa> (Minor issue)
- [bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
- [buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
+ [bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
NOTE: https://github.com/openssh/openssh-portable/commit/54ac4ab2b53ce9fcb66b8250dee91c070e4167ed (V_9_3_P1)
CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site ...)
NOT-FOR-US: IBM
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7455e85bb5577a0b8869ab97ed5f6f046dbb36cc...ac8ae148fc969cc0ccc3158f559307189ff0a195
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7455e85bb5577a0b8869ab97ed5f6f046dbb36cc...ac8ae148fc969cc0ccc3158f559307189ff0a195
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/7c31e35a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list