[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 28 21:12:33 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80610b94 by security tracker role at 2024-04-28T20:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,190 +1,208 @@
-CVE-2024-26928 [smb: client: fix potential UAF in cifs_debug_files_proc_show()]
+CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2024-4293 (A vulnerability classified as problematic was found in PHPGurukul Doct ...)
+	TODO: check
+CVE-2024-4292 (A vulnerability classified as critical has been found in Contemporary  ...)
+	TODO: check
+CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for  ...)
+	TODO: check
+CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...)
+	TODO: check
+CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...)
+	TODO: check
+CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...)
+	TODO: check
+CVE-2022-48685 (An issue was discovered in Logpoint 7.1 before 7.1.2. The daily execut ...)
+	TODO: check
+CVE-2022-48684 (An issue was discovered in Logpoint before 7.1.1. Template injection w ...)
+	TODO: check
+CVE-2024-26928 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.85-1
 	NOTE: https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3)
-CVE-2024-26927 [ASoC: SOF: Add some bounds checking to firmware data]
+CVE-2024-26927 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.7.12-1
 	[bookworm] - linux 6.1.85-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/98f681b0f84cfc3a1d83287b77697679e0398306 (6.9-rc1)
-CVE-2022-48668 [smb3: fix temporary data corruption in collapse range]
+CVE-2022-48668 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4)
-CVE-2022-48667 [smb3: fix temporary data corruption in insert range]
+CVE-2022-48667 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4)
-CVE-2022-48666 [scsi: core: Fix a use-after-free]
+CVE-2022-48666 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8fe4ce5836e932f5766317cb651c1ff2a4cd0506 (6.0-rc5)
-CVE-2022-48665 [exfat: fix overflow for large capacity partition]
+CVE-2022-48665 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62 (6.0-rc7)
-CVE-2022-48664 [btrfs: fix hang during unmount when stopping a space reclaim worker]
+CVE-2022-48664 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/a362bb864b8db4861977d00bd2c3222503ccc34b (6.0-rc7)
-CVE-2022-48663 [gpio: mockup: fix NULL pointer dereference when removing debugfs]
+CVE-2022-48663 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68 (6.0-rc7)
-CVE-2022-48662 [drm/i915/gem: Really move i915_gem_context.link under ref protection]
+CVE-2022-48662 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d119888b09bd567e07c6b93a07f175df88857e02 (6.0-rc7)
-CVE-2022-48661 [gpio: mockup: Fix potential resource leakage when register a chip]
+CVE-2022-48661 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/02743c4091ccfb246f5cdbbe3f44b152d5d12933 (6.0-rc7)
-CVE-2022-48660 [gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully]
+CVE-2022-48660 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/69bef19d6b9700e96285f4b4e28691cda3dcd0d1 (6.0-rc7)
-CVE-2022-48659 [mm/slub: fix to return errno if kmalloc() fails]
+CVE-2022-48659 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/7e9c323c52b379d261a72dc7bd38120a761a93cd (6.0-rc7)
-CVE-2022-48658 [mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.]
+CVE-2022-48658 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e45cc288724f0cfd497bb5920bcfa60caa335729 (6.0-rc7)
-CVE-2022-48657 [arm64: topology: fix possible overflow in amu_fie_setup()]
+CVE-2022-48657 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.158-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d4955c0ad77dbc684fc716387070ac24801b8bca (6.0-rc7)
-CVE-2022-48656 [dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()]
+CVE-2022-48656 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e (6.0-rc7)
-CVE-2022-48655 [firmware: arm_scmi: Harden accesses to the reset domains]
+CVE-2022-48655 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.0.2-1
 	NOTE: https://git.kernel.org/linus/e9076ffbcaed5da6c182b144ef9f6e24554af268 (6.0-rc7)
-CVE-2022-48654 [netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()]
+CVE-2022-48654 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 (6.0-rc7)
-CVE-2022-48653 [ice: Don't double unplug aux on peer initiated reset]
+CVE-2022-48653 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/23c619190318376769ad7b61504c2ea0703fb783 (6.0-rc7)
-CVE-2022-48652 [ice: Fix crash by keep old cfg when update TCs more than queues]
+CVE-2022-48652 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a509702cac95a8b450228a037c8542f57e538e5b (6.0-rc7)
-CVE-2022-48651 [ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header]
+CVE-2022-48651 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/81225b2ea161af48e093f58e8dfee6d705b16af4 (6.0-rc7)
-CVE-2022-48650 [scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()]
+CVE-2022-48650 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/601be20fc6a1b762044d2398befffd6bf236cebf (6.0-rc7)
-CVE-2022-48649 [mm/slab_common: fix possible double free of kmem_cache]
+CVE-2022-48649 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d71608a877362becdc94191f190902fac1e64d35 (6.0-rc7)
-CVE-2022-48648 [sfc: fix null pointer dereference in efx_hard_start_xmit]
+CVE-2022-48648 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0a242eb2913a4aa3d6fbdb86559f27628e9466f3 (6.0-rc7)
-CVE-2022-48647 [sfc: fix TX channel offset when using legacy interrupts]
+CVE-2022-48647 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f232af4295653afa4ade3230462b3be15ad16419 (6.0-rc7)
-CVE-2022-48646 [sfc/siena: fix null pointer dereference in efx_hard_start_xmit]
+CVE-2022-48646 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa (6.0-rc7)
-CVE-2022-48645 [net: enetc: deny offload of tc-based TSN features on VF interfaces]
+CVE-2022-48645 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42 (6.0-rc7)
-CVE-2022-48644 [net/sched: taprio: avoid disabling offload when it was never enabled]
+CVE-2022-48644 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/db46e3a88a09c5cf7e505664d01da7238cd56c92 (6.0-rc7)
-CVE-2022-48643 [netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()]
+CVE-2022-48643 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd (6.0-rc7)
-CVE-2022-48642 [netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()]
+CVE-2022-48642 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9a4d6dd554b86e65581ef6b6638a39ae079b17ac (6.0-rc7)
-CVE-2022-48641 [netfilter: ebtables: fix memory leak when blob is malformed]
+CVE-2022-48641 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/62ce44c4fff947eebdf10bb582267e686e6835c9 (6.0-rc7)
-CVE-2022-48640 [bonding: fix NULL deref in bond_rr_gen_slave_id]
+CVE-2022-48640 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0e400d602f46360752e4b32ce842dba3808e15e6 (6.0-rc7)
-CVE-2022-48639 [net: sched: fix possible refcount leak in tc_new_tfilter()]
+CVE-2022-48639 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c2e1cfefcac35e0eea229e148c8284088ce437b5 (6.0-rc7)
-CVE-2022-48638 [cgroup: cgroup_get_from_id() must check the looked-up kn is a directory]
+CVE-2022-48638 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/df02452f3df069a59bc9e69c84435bf115cb6e37 (6.0-rc7)
-CVE-2022-48637 [bnxt: prevent skb UAF after handing over to PTP worker]
+CVE-2022-48637 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c31f26c8f69f776759cbbdfb38e40ea91aa0dd65 (6.0-rc7)
-CVE-2022-48636 [s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup]
+CVE-2022-48636 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/db7ba07108a48c0f95b74fabbfd5d63e924f992d (6.0-rc7)
-CVE-2022-48635 [fsdax: Fix infinite loop in dax_iomap_rw()]
+CVE-2022-48635 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.0.2-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3 (6.0-rc7)
-CVE-2022-48634 [drm/gma500: Fix BUG: sleeping function called from invalid context errors]
+CVE-2022-48634 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/63e37a79f7bd939314997e29c2f5a9f0ef184281 (6.0-rc6)
-CVE-2022-48633 [drm/gma500: Fix WARN_ON(lock->magic != lock) error]
+CVE-2022-48633 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.0.2-1
 	NOTE: https://git.kernel.org/linus/b6f25c3b94f2aadbf5cbef954db4073614943d74 (6.0-rc6)
-CVE-2022-48632 [i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()]
+CVE-2022-48632 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/de24aceb07d426b6f1c59f33889d6a964770547b (6.0-rc7)
-CVE-2022-48631 [ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0]
+CVE-2022-48631 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/29a5b8a137ac8eb410cc823653a29ac0e7b7e1b0 (6.0-rc7)
@@ -6231,10 +6249,12 @@ CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow a
 	NOTE: Proposed fix: https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775
 	NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0)
 CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...)
+	{DLA-3797-1}
 	- frr <unfixed>
 	NOTE: https://github.com/FRRouting/frr/pull/15640
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...)
+	{DLA-3797-1}
 	- frr <unfixed>
 	NOTE: https://github.com/FRRouting/frr/pull/15628
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
@@ -21999,6 +22019,7 @@ CVE-2024-24774 (Mattermost Jira Plugin handling subscriptions fails to check the
 CVE-2024-23319 (Mattermost Jira Plugin fails to protect against logout CSRF allowing a ...)
 	NOT-FOR-US: Mattermost Jira Plugin
 CVE-2024-22119 (The cause of vulnerability is improper validation of form input field  ...)
+	{DLA-3798-1}
 	- zabbix 1:6.0.24+dfsg-1
 	NOTE: https://support.zabbix.com/browse/ZBX-24070
 	NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/d5b73ddafc2b91376c0d74027b5f727cea6f9c29 (4.0.0alpha1)
@@ -39955,12 +39976,14 @@ CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts XM
 CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...)
+	{DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/pull/12951
 	NOTE: https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0)
 	NOTE: https://github.com/FRRouting/frr/pull/12956
 	NOTE: https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5)
 CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri ...)
+	{DLA-3797-1}
 	- frr 8.4.4-1
 	[bookworm] - frr 8.4.4-1.1~deb12u1
 	NOTE: https://github.com/FRRouting/frr/pull/12884
@@ -40028,12 +40051,14 @@ CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS v
 	- roundcube 1.6.5+dfsg-1 (bug #1055421)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5)
 CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
+	{DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b
 	NOTE: https://github.com/FRRouting/frr/pull/14716
 	NOTE: https://github.com/FRRouting/frr/pull/14861 (backport to 9.0)
 	NOTE: https://github.com/FRRouting/frr/pull/14735 (backport to 9.1)
 CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
+	{DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf
 CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...)
@@ -41413,10 +41438,12 @@ CVE-2023-5139 (Potential buffer overflow vulnerability at the following location
 CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization bypass b ...)
 	NOT-FOR-US: admin panel for Obl.ong
 CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)
+	{DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch)
 CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It mishandles  ...)
+	{DLA-3797-1}
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch)
@@ -129410,6 +129437,7 @@ CVE-2022-37037
 CVE-2022-37036
 	RESERVED
 CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1016978)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/11698
@@ -160793,26 +160821,31 @@ CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The
 	NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
 	NOTE: https://git.kernel.org/linus/23f57406b82de51809d5812afd96f210f8b627f3
 CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10503
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26128)
 CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10502
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26129)
 CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10487
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10494
 CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10505
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10566
 CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
 	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10507



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80610b94121689548277279a04f2f7a9085ff7a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80610b94121689548277279a04f2f7a9085ff7a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240428/b8de58e5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list