[Git][security-tracker-team/security-tracker][master] Update notes for sysstat CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 18 13:20:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64582bbf by Salvatore Bonaccorso at 2023-05-18T14:20:09+02:00
Update notes for sysstat CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,9 @@
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...)
- sysstat <unfixed>
+ [bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 not applied)
NOTE: https://github.com/sysstat/sysstat/pull/360
NOTE: https://github.com/sysstat/sysstat/commit/954ff2e2673cef48f0ed44668c466eab041db387
+ NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
@@ -57226,6 +57228,7 @@ CVE-2022-39377 (sysstat is a set of system performance tools for the Linux opera
[bullseye] - sysstat <no-dsa> (Minor issue)
NOTE: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
NOTE: https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540 (v12.7.1)
+ NOTE: The original fix is incomplete and opens up CVE-2023-33204.
CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230518/4b0e6d27/attachment.htm>
More information about the debian-security-tracker-commits
mailing list