[Git][security-tracker-team/security-tracker][master] CVE-2023-36661 assigned for xmltooling issue

Mon Jun 26 09:42:20 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04feb135 by Salvatore Bonaccorso at 2023-06-26T10:41:51+02:00
CVE-2023-36661 assigned for xmltooling issue

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,8 +8,6 @@ CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5
 	TODO: check
 CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...)
 	TODO: check
-CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...)
-	TODO: check
 CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory  ...)
 	TODO: check
 CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
@@ -1366,11 +1364,8 @@ CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.
 	NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader  ...)
 	NOT-FOR-US: FRENIC RHC Loader
-CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access]
+CVE-2023-36661 [Parsing of KeyInfo elements can cause remote resource access]
 	- xmltooling 3.2.4-1 (bug #1037948)
-	[bookworm] - xmltooling 3.2.3-1+deb12u1
-	[bullseye] - xmltooling 3.2.0-3+deb11u1
-	[buster] - xmltooling 3.0.4-1+deb10u2
 	NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt
 	NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=6080f6343f98fec085bc0fd746913ee418cc9d30
 CVE-2023-33991 (SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 7 ...)


=====================================
data/DLA/list
=====================================
@@ -20,6 +20,7 @@
 	{CVE-2023-33476}
 	[buster] - minidlna 1.2.1+dfsg-2+deb10u4
 [21 Jun 2023] DLA-3464-1 xmltooling - security update
+	{CVE-2023-36661}
 	[buster] - xmltooling 3.0.4-1+deb10u2
 [21 Jun 2023] DLA-3463-1 opensc - security update
 	{CVE-2019-6502 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 CVE-2023-2977}


=====================================
data/DSA/list
=====================================
@@ -26,6 +26,7 @@
 	[bullseye] - libx11 2:1.7.2-1+deb11u1
 	[bookworm] - libx11 2:1.8.4-2+deb12u1
 [18 Jun 2023] DSA-5432-1 xmltooling - security update
+	{CVE-2023-36661}
 	[bookworm] - xmltooling 3.2.3-1+deb12u1
 	[bullseye] - xmltooling 3.2.0-3+deb11u1
 [16 Jun 2023] DSA-5431-1 sofia-sip - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04feb135409baf0e6a51846c537eef049f044c0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04feb135409baf0e6a51846c537eef049f044c0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/27377242/attachment-0001.htm>
