[Git][security-tracker-team/security-tracker][master] ATS references

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9e9932c by Moritz Muehlenhoff at 2023-10-23T12:25:14+02:00
ATS references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -973,6 +973,8 @@ CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution S
 CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	- trafficserver <unfixed>
 	NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
+	NOTE: https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.x)
+	NOTE: https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e (9.2.x)
 CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & Login an ...)
 	NOT-FOR-US: Phpgurukul
 CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registrati ...)
@@ -985,7 +987,10 @@ CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
 	NOT-FOR-US: IBM
 CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic Server with  ...)
 	- trafficserver <unfixed>
+	[bullseye] - trafficserver <not-affected> (Vulnerable code not present)
+	[buster] - trafficserver <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
+	NOTE: https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 (9.2.x)
 CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11. ...)
 	NOT-FOR-US: IBM
 CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
@@ -2417,6 +2422,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: ATS: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
 	NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0)
+	NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.x)
 	NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe
 	NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1)
 	NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44134.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9e9932cd49894e3b1bfe680ca588832fa58b266

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9e9932cd49894e3b1bfe680ca588832fa58b266
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/567b7d84/attachment.htm>