[Git][security-tracker-team/security-tracker][master] Dupicate for now information in CVE-2023-50569
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 25 21:48:12 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb00845a by Salvatore Bonaccorso at 2023-12-25T22:45:49+01:00
Dupicate for now information in CVE-2023-50569
MITRE CNA is contacted to resolve the issue by its conflict in the
assignments of the two CVEs. The MITRE assigned CVE was published
earlier than the GitHub CNA one, so it's possible that the
CVE-2023-50569 will be kept rather than CVE-2023-50250.
The resolution of this conflict is at this point in time still ongoing.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -252,8 +252,11 @@ CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident res
CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
NOT-FOR-US: ii2-authclient extension for Yii framework
CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...)
- - cacti <unfixed>
+ - cacti 1.2.26+ds1-1
+ [bullseye] - cacti <not-affected> (Vulnerable code introduced later)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE: https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf
+ NOTE: Introduced by: https://github.com/Cacti/cacti/commit/27a36d48e1cea172b0750c970324208b39d2bec5 (release/1.2.23)
NOTE: Exact same text as GHSA-xwqc-7jc4-xm73 / CVE-2023-50250.
CVE-2023-50259 (Medusa is an automatic video library manager for TV shows. Versions pr ...)
NOT-FOR-US: Medusa (not same as src:medusa)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb00845a44aded6a2184d27b009e9f56a240a2de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb00845a44aded6a2184d27b009e9f56a240a2de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/a0750e94/attachment.htm>
More information about the debian-security-tracker-commits
mailing list