[Git][security-tracker-team/security-tracker][master] Expand commit ids for CVE-2023-3854{5,6}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 18 16:32:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59e1bcc7 by Salvatore Bonaccorso at 2023-10-18T17:31:31+02:00
Expand commit ids for CVE-2023-3854{5,6}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1151,15 +1151,15 @@ CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a ru
 	{DSA-5523-1 DLA-3613-1}
 	- curl 8.3.0-3
 	NOTE: https://curl.se/docs/CVE-2023-38546.html
-	NOTE: Fixed in https://github.com/curl/curl/commit/61275672b46d9abb32857404 (curl-8_4_0)
-	NOTE: Introduced in https://github.com/curl/curl/commit/74d5a6fb3b9a96d9f
+	NOTE: Introduced by: https://github.com/curl/curl/commit/74d5a6fb3b9a96d9fa51ba90996e94c878ebd151 (curl-7_9_1)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8 (curl-8_4_0)
 CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy  ...)
 	{DSA-5523-1}
 	- curl 8.3.0-3
 	[buster] - curl <not-affected> (Vulnerable code not present)
 	NOTE: https://curl.se/docs/CVE-2023-38545.html
-	NOTE: Fixed in https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147 (curl-8_4_0)
-	NOTE: Introduced in https://github.com/curl/curl/commit/4a4b63daaa (curl-7_69_0)
+	NOTE: Introduced by: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08 (curl-7_69_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147 (curl-8_4_0)
 	NOTE: https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
 CVE-2023-5499 (Information exposure vulnerability in Shenzhen Reachfar v28, the explo ...)
 	NOT-FOR-US: Shenzhen Reachfar



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59e1bcc7db89f0c718a4496f34edb8f246fa8022

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59e1bcc7db89f0c718a4496f34edb8f246fa8022
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231018/51ac950d/attachment.htm>

More information about the debian-security-tracker-commits mailing list