[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-40462 as NFU
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Dec 31 05:59:17 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e507c93 by Salvatore Bonaccorso at 2023-12-31T06:54:25+01:00
Mark CVE-2023-40462 as NFU
The vulnerability report states that "one issue has two CVE IDs because
it affects TinyXML independently (CVE-2023-34194) and as used by
ACEmanager (CVE-2023-40462).
With that and given both CVEs are listed under the same issue in the
Table 2, it looks safe to assume that CVE-2023-40462 is the ACEmanager
specific CVE, while CVE-2023-34194 is for the underlying part in
tinyxml.
This is as well inline with the product association given in the CVE
entry from MITRE.
Link: https://www.forescout.com/resources/sierra21-vulnerabilities
Link: https://www.cve.org/CVERecord?id=CVE-2023-40462
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5066,8 +5066,7 @@ CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcod
CVE-2023-40463 (When configured in debugging mode by an authenticated user with adm ...)
NOT-FOR-US: ALEOS
CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not perform ...)
- - tinyxml <unfixed> (bug #1059315)
- NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
+ NOT-FOR-US: TinyXML use in ACEManager component of ALEOS (relates to CVE-2023-34194 in src:tinyxml)
CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an authen ...)
NOT-FOR-US: ALEOS
CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not validat ...)
=====================================
data/DLA/list
=====================================
@@ -2,7 +2,7 @@
{CVE-2023-7101}
[buster] - libspreadsheet-parseexcel-perl 0.6500-1+deb10u1
[31 Dec 2023] DLA-3701-1 tinyxml - security update
- {CVE-2023-34194 CVE-2023-40462}
+ {CVE-2023-34194}
[buster] - tinyxml 2.6.2-4+deb10u2
[30 Dec 2023] DLA-3700-1 cjson - security update
{CVE-2023-50471}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e507c932b999df48f808969c00f07a638e3357b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e507c932b999df48f808969c00f07a638e3357b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231231/11fc817e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list