[Git][security-tracker-team/security-tracker][master] 3 commits: Add new glibc issues

Tue Jan 30 18:28:41 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45c3df71 by Salvatore Bonaccorso at 2024-01-30T19:06:19+01:00
Add new glibc issues

- - - - -
e4e04086 by Salvatore Bonaccorso at 2024-01-30T19:09:30+01:00
Add upstream commit references for glibc issues

- - - - -
27430779 by Salvatore Bonaccorso at 2024-01-30T19:23:55+01:00
Reserve DSA number for glibc update

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,20 @@
+CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+	- glibc <unfixed>
+	[bullseye] - glibc <not-affected> (Vulnerable code not present)
+	[buster] - glibc <not-affected> (Vulnerable code not present)
+	NOTE: https://www.qualys.com/2024/01/30/syslog
+	NOTE: Introducecd by: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
+	NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da
+CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+	- glibc <unfixed>
+	[bullseye] - glibc <not-affected> (Vulnerable code not present)
+	[buster] - glibc <not-affected> (Vulnerable code not present)
+	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd
+CVE-2023-6780 [syslog: Fix integer overflow in __vsyslog_internal]
+	- glibc <unfixed>
+	[bullseye] - glibc <not-affected> (Vulnerable code not present)
+	[buster] - glibc <not-affected> (Vulnerable code not present)
+	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ddf542da94caf97ff43cc2875c88749880b7259b
 CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2024] DSA-5611-1 glibc - security update
+	{CVE-2023-6246 CVE-2023-6779 CVE-2023-6780}
+	[bookworm] - glibc 2.36-9+deb12u4
 [29 Jan 2024] DSA-5610-1 redis - security update
 	{CVE-2022-24834 CVE-2023-36824 CVE-2023-41053 CVE-2023-41056 CVE-2023-45145}
 	[bookworm] - redis 5:7.0.15-1~deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c29e94b6a287921a65fa6d21ca0c7d70b346cde...274307791d29026060c6abec504a979cf053372e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c29e94b6a287921a65fa6d21ca0c7d70b346cde...274307791d29026060c6abec504a979cf053372e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240130/cf99524c/attachment.htm>
