[Git][security-tracker-team/security-tracker][master] CVE-2023-5157 does not affect galera-3

Adrian Bunk (@bunk) bunk at debian.org
Sun Nov 19 21:09:59 GMT 2023 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab1a574a by Adrian Bunk at 2023-11-19T23:08:49+02:00
CVE-2023-5157 does not affect galera-3

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9502,10 +9502,10 @@ CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting
 CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...)
 	- galera-4 26.4.13-1
 	[bullseye] - galera-4 <no-dsa> (Minor issue; can be fixed via point release)
-	- galera-3 <unfixed> (bug #1053476)
-	[bookworm] - galera-3 <no-dsa> (Minor issue)
-	[bullseye] - galera-3 <no-dsa> (Minor issue)
+	- galera-3 <not-affected> (vulnerable code not backported to galera-3)
 	NOTE: https://jira.mariadb.org/browse/MDEV-25068
+	NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8)
+	NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12)
 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files]
 	- ansible-core 2.14.11-1 (bug #1053693)
 	[bookworm] - ansible-core <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -77,11 +77,6 @@ freeimage (gladk)
 frr
   NOTE: 20231119: Added by Front-Desk (apo)
 --
-galera-3 (Adrian Bunk)
-  NOTE: 20231028: Added by Front-Desk (gladk)
-  NOTE: 20231028: Acc. to CVE notes the open issue is fixed in 26.4.12. Please, try to find a corresponding commit and try to backport it. Otherwise - no-dsa. (gladk)
-  NOTE: 20231113: Investigating whether vulnerability already existed before commit introducing current code. (bunk)
---
 gimp
   NOTE: 20231117: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a574a0c5803bbd25c888e13f04adbb94e875d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a574a0c5803bbd25c888e13f04adbb94e875d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231119/b491f6ad/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list