[Git][security-tracker-team/security-tracker][master] Add some info to the glib2.0 CVE-2023-24593 and co notes
Santiago R.R. (@santiago)
santiago at debian.org
Sat Jul 8 20:13:28 BST 2023
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9138438a by Santiago Ruano Rincón at 2023-07-08T16:13:01-03:00
Add some info to the glib2.0 CVE-2023-24593 and co notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11538,31 +11538,31 @@ CVE-2023-32665 [GVariant deserialisation does not match spec for non-normal data
[bullseye] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2121
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
NOTE: Be careful. Original fix introduces new bugs.
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-32611 [g_variant_byteswap() can take a long time with some non-normal inputs]
- glib2.0 2.74.4-1
[bullseye] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2797
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
NOTE: Be careful. Original fix introduces new bugs.
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-29499 [GVariant offset table entry size is not checked in is_normal()]
- glib2.0 2.74.4-1
[bullseye] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2794
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
NOTE: Be careful. Original fix introduces new bugs.
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-29493
RESERVED
CVE-2023-29492 (Novi Survey before 8.9.43676 allows remote attackers to execute arbitr ...)
@@ -14106,22 +14106,22 @@ CVE-2023-25180
[bullseye] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
NOTE: Be careful. Original fix introduces new bugs.
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-24593
RESERVED
- glib2.0 2.74.4-1
[bullseye] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
NOTE: Be careful. Original fix introduces new bugs.
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...)
NOT-FOR-US: Rebuild
CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9138438acb8bf876dca2ad1be50202d12810ca66
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9138438acb8bf876dca2ad1be50202d12810ca66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230708/4ba95108/attachment.htm>
More information about the debian-security-tracker-commits
mailing list