[Git][security-tracker-team/security-tracker][master] CVE-2023-2283: Use full commit hash id

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 21 20:30:11 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1635ee12 by Salvatore Bonaccorso at 2023-05-21T21:29:36+02:00
CVE-2023-2283: Use full commit hash id

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1655,9 +1655,9 @@ CVE-2023-2283 [Authorization bypass in pki_verify_data_signature]
 	- libssh 0.10.5-1 (bug #1035832)
 	[buster] - libssh <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt
-	NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5)
-	NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5)
-	NOTE: Commit https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces vulnerable function (libssh-0.9.0)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5)
+	NOTE: Vulnerable function introduced with: https://git.libssh.org/projects/libssh.git/commit/?id=fd9446553b5e06c95c67945959b228e44c870b73 (libssh-0.9.0)
 CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
 	NOT-FOR-US: Devolutions
 CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230521/0384f57f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list