[Git][security-tracker-team/security-tracker][master] add links to glibc advisories

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 1 09:54:27 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9181cb0 by Moritz Muehlenhoff at 2024-02-01T10:53:15+01:00
add links to glibc advisories

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -348,6 +348,7 @@ CVE-2023-6246 (A heap-based buffer overflow was found in the __vsyslog_internal
 	NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da
 	NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0001
 CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...)
 	{DSA-5611-1}
 	- glibc 2.37-15
@@ -356,6 +357,7 @@ CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsysl
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd
 	NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0002
 CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function of th ...)
 	{DSA-5611-1}
 	- glibc 2.37-15
@@ -364,6 +366,7 @@ CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ddf542da94caf97ff43cc2875c88749880b7259b
 	NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003
 CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
@@ -21783,6 +21786,7 @@ CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic l
 	NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12)
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
 	NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0004
 CVE-2023-43789 (A vulnerability was found in libXpm where a vulnerability exists due t ...)
 	{DSA-5516-1 DLA-3603-1}
 	- libxpm 1:3.5.17-1
@@ -23336,6 +23340,7 @@ CVE-2023-5156 (A flaw was found in the GNU C Library. A recent fix for CVE-2023-
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30884
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
 	NOTE: https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0005
 CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows events  ...)
 	NOT-FOR-US: Teedy
 CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers such as  ...)
@@ -24682,6 +24687,7 @@ CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the ge
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994
 	NOTE: When fixing this issue in older releases make sure to not open CVE-2023-5156.
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0003
 CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...)
 	- glibc 2.37-9 (bug #1051958)
 	[bookworm] - glibc 2.36-9+deb12u3
@@ -24693,6 +24699,7 @@ CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is calle
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7529346025a130fee483d42178b5c118da971bb (release/2.37/master branch)
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/25/1
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0002
 CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...)
 	{DLA-3710-1 DLA-3623-1}
 	- linux 6.5.6-1
@@ -60077,6 +60084,7 @@ CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow
 	- glibc <not-affected> (Vulnerable code introduced in 2.37)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
+	NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0001
 CVE-2023-25138
 	RESERVED
 CVE-2023-25137



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9181cb07a0f26029b4b15e218d66e2960346086

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9181cb07a0f26029b4b15e218d66e2960346086
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/cc677606/attachment.htm>


More information about the debian-security-tracker-commits mailing list