[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-37536

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49b65454 by Salvatore Bonaccorso at 2023-12-24T22:05:05+01:00
Update information for CVE-2023-37536

The initial triaging of this CVE was likely specific for HCL, but the
available information now makes it associate with xerces-c directly
rather than "the use of xerces-c in a HCL" product.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13167,7 +13167,10 @@ CVE-2023-44997 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod
 CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to 2.1.1.0 a ...)
 	NOT-FOR-US: e-Gov Client Application
 CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remo ...)
-	NOT-FOR-US: HCL
+	- xerces-c 3.2.4+debian-1
+	NOTE: https://github.com/apache/xerces-c/pull/51
+	NOTE: https://issues.apache.org/jira/browse/XERCESC-2241
+	NOTE: Fixed by: https://github.com/apache/xerces-c/commit/1296a40db07308dbaac32494469f609b00cdfaf3 (v3.2.4)
 CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment Scheduler 3.0.  ...)
 	NOT-FOR-US: PHPJabbers Appointment Scheduler
 CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b65454d1e25e6c3ad220cea7181007d26943d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b65454d1e25e6c3ad220cea7181007d26943d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231224/1a644b7e/attachment.htm>