[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-0809,mosquitto: Buster is not affected
Markus Koschany (@apo)
apo at debian.org
Sun Oct 1 18:41:26 BST 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d271c1b5 by Markus Koschany at 2023-10-01T19:37:00+02:00
CVE-2023-0809,mosquitto: Buster is not affected
The vulnerable code was introduced later. mosq_cs_new function is already used.
- - - - -
dcf602a7 by Markus Koschany at 2023-10-01T19:38:15+02:00
CVE-2023-3592,mosquitto: Buster is not affected
The vulnerable code was introduced later. property_broker.c was added in
November 2018 and the code was not present in other files before
https://github.com/eclipse/mosquitto/commit/d5108956bf99507d521246959913bc650133d971#diff-21faf3c608ab100dac4ee821522de6ccf68e2b672fc8829b9c5042b63da5742b
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35563,10 +35563,12 @@ CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayse
CVE-2023-0809
RESERVED
- mosquitto 2.0.17-1
+ [buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad
CVE-2023-3592
- mosquitto 2.0.17-1
+ [buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa (v2.0.16)
CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_540 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64bb6ce217b2e3fe952c2f72d03fd430e41177c1...dcf602a7d088f2870b42ae2b497a0e937ad5f8c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64bb6ce217b2e3fe952c2f72d03fd430e41177c1...dcf602a7d088f2870b42ae2b497a0e937ad5f8c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231001/703b41ef/attachment.htm>
More information about the debian-security-tracker-commits
mailing list