[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5455/freeipa

Wed Jan 10 20:56:29 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01c5b76d by Salvatore Bonaccorso at 2024-01-10T21:45:50+01:00
Add CVE-2023-5455/freeipa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,11 @@ CVE-2024-0310 (A content-security-policy vulnerability in ENS Control browser ex
 CVE-2023-6158 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5455 (A Cross-site request forgery vulnerability exists in ipa/session/login ...)
-	TODO: check
+	- freeipa <unfixed>
+	NOTE: https://www.freeipa.org/release-notes/4-10-3.html#highlights-in-4-10-3
+	NOTE: https://www.freeipa.org/release-notes/4-9-14.html#highlights-in-4-9-14
+	NOTE: Fixed by: https://pagure.io/freeipa/c/363fd5de98e883800ac08b2760e8c3150783e7e2 (release-4-10-3)
+	NOTE: Fixed by: https://pagure.io/freeipa/c/9b1a65fe3936c4d3fe237775e54f0249b740f23e (release-4-9-14)
 CVE-2023-51972 (Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vu ...)
 	NOT-FOR-US: Tenda
 CVE-2023-51971 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c5b76d2ff3a17bb9e56e20dfa41f7ca72f2b5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c5b76d2ff3a17bb9e56e20dfa41f7ca72f2b5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240110/edf8808c/attachment.htm>
