[Git][security-tracker-team/security-tracker][master] CVE-2023-3247 assigned for recent PHP issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 14 17:56:00 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27bba13b by Salvatore Bonaccorso at 2023-06-14T18:55:17+02:00
CVE-2023-3247 assigned for recent PHP issue

Link: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22433,11 +22433,9 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerab
 	NOT-FOR-US: Apache sling-org-apache-sling-jcr-base
 CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
 	NOT-FOR-US: Siemens
-CVE-2023-XXXX [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP]
+CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP]
 	- php8.2 8.2.7-1
-	[bookworm] - php8.2 8.2.7-1~deb12u1
 	- php7.4 <removed>
-	[bullseye] - php7.4 7.4.33-1+deb11u4
 	NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
 	NOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6 (php-8.0.29)


=====================================
data/DSA/list
=====================================
@@ -2,8 +2,10 @@
 	{CVE-2023-27476}
 	[bullseye] - owslib 0.23.0-1+deb11u1
 [13 Jun 2023] DSA-5425-1 php8.2 - security update
+	{CVE-2023-3247}
 	[bookworm] - php8.2 8.2.7-1~deb12u1
 [13 Jun 2023] DSA-5424-1 php7.4 - security update
+	{CVE-2023-3247}
 	[bullseye] - php7.4 7.4.33-1+deb11u4
 [11 Jun 2023] DSA-5423-1 thunderbird - security update
 	{CVE-2023-34414 CVE-2023-34416}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27bba13be044554a65fb8af4a0812c9057899565

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27bba13be044554a65fb8af4a0812c9057899565
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/b5ecfa63/attachment.htm>

More information about the debian-security-tracker-commits mailing list