[Git][security-tracker-team/security-tracker][master] apache2 DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 16 19:30:59 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e466e74 by Moritz Mühlenhoff at 2024-04-16T20:28:15+02:00
apache2 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -39354,16 +39354,12 @@ CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...)
- apache2 2.4.58-1
- [bookworm] - apache2 <no-dsa> (Minor issue)
- [bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...)
- apache2 2.4.58-1
- [bookworm] - apache2 <no-dsa> (Minor issue)
- [bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622
@@ -62180,8 +62176,6 @@ CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitH
NOT-FOR-US: Alf.io
CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...)
- apache2 2.4.58-1
- [bookworm] - apache2 <no-dsa> (Minor issue)
- [bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[16 Apr 2024] DSA-5662-1 apache2 - security update
+ {CVE-2023-31122 CVE-2023-38709 CVE-2023-43622 CVE-2023-45802 CVE-2024-24795 CVE-2024-27316}
+ [bullseye] - apache2 2.4.59-1~deb11u1
+ [bookworm] - apache2 2.4.59-1~deb12u1
[15 Apr 2024] DSA-5661-1 php8.2 - security update
{CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096}
[bookworm] - php8.2 8.2.18-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
-apache2 (jmm)
---
cryptojs
--
dav1d
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e466e744c1279408b3abfddd88f7825cf68f06b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e466e744c1279408b3abfddd88f7825cf68f06b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240416/c147af96/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list