[Git][security-tracker-team/security-tracker][master] add links to glibc advisories
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 1 09:54:27 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9181cb0 by Moritz Muehlenhoff at 2024-02-01T10:53:15+01:00
add links to glibc advisories
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -348,6 +348,7 @@ CVE-2023-6246 (A heap-based buffer overflow was found in the __vsyslog_internal
NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0001
CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...)
{DSA-5611-1}
- glibc 2.37-15
@@ -356,6 +357,7 @@ CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsysl
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0002
CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function of th ...)
{DSA-5611-1}
- glibc 2.37-15
@@ -364,6 +366,7 @@ CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ddf542da94caf97ff43cc2875c88749880b7259b
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003
CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- python-aiohttp <unfixed>
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
@@ -21783,6 +21786,7 @@ CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic l
NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12)
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0004
CVE-2023-43789 (A vulnerability was found in libXpm where a vulnerability exists due t ...)
{DSA-5516-1 DLA-3603-1}
- libxpm 1:3.5.17-1
@@ -23336,6 +23340,7 @@ CVE-2023-5156 (A flaw was found in the GNU C Library. A recent fix for CVE-2023-
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30884
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
NOTE: https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0005
CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows events ...)
NOT-FOR-US: Teedy
CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers such as ...)
@@ -24682,6 +24687,7 @@ CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the ge
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994
NOTE: When fixing this issue in older releases make sure to not open CVE-2023-5156.
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0003
CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...)
- glibc 2.37-9 (bug #1051958)
[bookworm] - glibc 2.36-9+deb12u3
@@ -24693,6 +24699,7 @@ CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is calle
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7529346025a130fee483d42178b5c118da971bb (release/2.37/master branch)
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/25/1
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0002
CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...)
{DLA-3710-1 DLA-3623-1}
- linux 6.5.6-1
@@ -60077,6 +60084,7 @@ CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow
- glibc <not-affected> (Vulnerable code introduced in 2.37)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068
NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
+ NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0001
CVE-2023-25138
RESERVED
CVE-2023-25137
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9181cb07a0f26029b4b15e218d66e2960346086
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9181cb07a0f26029b4b15e218d66e2960346086
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/cc677606/attachment.htm>
More information about the debian-security-tracker-commits
mailing list