[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 20 21:22:46 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8df1691 by Moritz Muehlenhoff at 2023-11-20T22:22:29+01:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6542,8 +6542,12 @@ CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This lea
- zabbix <unfixed> (bug #1053877)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23391
+ NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0)
+ NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0)
CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
- zabbix <unfixed> (bug #1053877)
+ [bookworm] - zabbix <no-dsa> (Minor issue)
+ [bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-23230
NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...)
@@ -10995,6 +10999,7 @@ CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run
NOT-FOR-US: PaperCut
CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...)
- libcommons-compress-java 1.24.0-1 (bug #1052065)
+ [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
[bullseye] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
[buster] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
@@ -51544,6 +51549,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_
NOTE: https://github.com/upx/upx/issues/631
CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...)
- upx-ucl <unfixed> (bug #1033258)
+ [bullseye] - upx-ucl <no-dsa> (Minor issue)
[buster] - upx-ucl <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
@@ -62772,6 +62778,8 @@ CVE-2022-41985 (An authentication bypass vulnerability exists in the Authenticat
NOT-FOR-US: uC-FTPs
CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...)
- derby <unfixed>
+ [bookworm] - derby <no-dsa> (Minor issue)
+ [bullseye] - derby <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/DERBY-7147
NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3
CVE-2022-46336
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/eceb7627/attachment.htm>
More information about the debian-security-tracker-commits
mailing list