[Git][security-tracker-team/security-tracker][master] 6 commits: CVE-2023-39358,CVE-2023-39360/cacti: buster not-affected + more links

Sylvain Beucler (@beuc) beuc at debian.org
Thu Nov 30 12:39:59 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2cd83ad by Sylvain Beucler at 2023-11-30T13:36:14+01:00
CVE-2023-39358,CVE-2023-39360/cacti: buster not-affected + more links

- - - - -
5c29eb62 by Sylvain Beucler at 2023-11-30T13:36:16+01:00
CVE-2023-39366/cacti: all the code path for the CVE vector appears to be present and similar, re-mark for fix in bullseye & buster

- - - - -
c52977ca by Sylvain Beucler at 2023-11-30T13:36:18+01:00
CVE-2023-39510/cacti: buster not-affected + introductory commit

- - - - -
ebbc8845 by Sylvain Beucler at 2023-11-30T13:37:18+01:00
CVE-2023-39511/cacti: buster not-affected + patch + introductory commit

- - - - -
dc86d26e by Sylvain Beucler at 2023-11-30T13:37:27+01:00
CVE-2023-39512/cacti: buster not-affected + introductory commit

- - - - -
70f06ace by Sylvain Beucler at 2023-11-30T13:37:27+01:00
CVE-2023-39514/cacti: buster not-affected + introductory commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13191,7 +13191,10 @@ CVE-2023-39511 (Cacti is an open source operational monitoring and fault managem
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42
+	NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25)
+	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/9d3495abdc86f40bc7fa9767fcf0136db5b6179a (release/1.2.20)
 CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...)
 	NOT-FOR-US: Apache Superset
 CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...)
@@ -13397,8 +13400,10 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
 	NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
+	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17)
 CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...)
 	{DSA-5550-1}
 	- cacti 1.2.25+ds1-1
@@ -13410,18 +13415,21 @@ CVE-2023-39512 (Cacti is an open source operational monitoring and fault managem
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
 	NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
+	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17)
 CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...)
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
 	NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
+	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20)
 CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...)
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
-	[bullseye] - cacti <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
 	NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
 CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...)
@@ -13451,8 +13459,11 @@ CVE-2023-39360 (Cacti is an open source operational monitoring and fault managem
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
-	NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
+	NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25)
+	NOTE: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa (release/1.2.25)
+	NOTE: Introduced by: https://github.com/cacti/cacti/commit/bf292d5d57c2afa108f65198074cd82a40c13fd3 (release/1.2.17)
 CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...)
 	{DSA-5550-1}
 	- cacti 1.2.25+ds1-1
@@ -13462,9 +13473,11 @@ CVE-2023-39358 (Cacti is an open source operational monitoring and fault managem
 	- cacti 1.2.25+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u1
 	[bullseye] - cacti <not-affected> (Vulnerable code not present)
+	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
 	NOTE: https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d
 	NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82
+	NOTE: Introduced by: https://github.com/cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20)
 CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...)
 	{DSA-5550-1}
 	- cacti 1.2.25+ds1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6334abbefc82472b9ee0f8fde9b58e4b6d3f7bb1...70f06acec6c06bb617c5bc25e1b061057562a1eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6334abbefc82472b9ee0f8fde9b58e4b6d3f7bb1...70f06acec6c06bb617c5bc25e1b061057562a1eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231130/8d2d9216/attachment.htm>

More information about the debian-security-tracker-commits mailing list