[Git][security-tracker-team/security-tracker][master] CVE-2022-24048/mariadb

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
341136ff by Bastien Roucariès at 2024-07-30T11:54:04+00:00
CVE-2022-24048/mariadb

According to upstream same fix than CVE-2022-2405[1-2]

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197056,7 +197056,7 @@ CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privil
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
 	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
-	NOTE: According to upstream same fix than CVE-2022-24051
+	NOTE: According to upstream same fix than CVE-2022-24051, CVE-2022-24048
 CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalation Vuln ...)
 	- mariadb-10.6 1:10.6.7-1
 	- mariadb-10.5 <removed>
@@ -197066,7 +197066,7 @@ CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalatio
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-	NOTE: According to upstream same fix than CVE-2022-24052
+	NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24048
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
 	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
 CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vul ...)
@@ -197088,6 +197088,9 @@ CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privi
 	[buster] - mariadb-10.3 1:10.3.34-0+deb10u1
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
+	NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24051
+	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
+	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
 CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
 	NOT-FOR-US: BMC Track-It!
 CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341136ff6bf4c89cf501276f5b6b96c7f989104a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341136ff6bf4c89cf501276f5b6b96c7f989104a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/8024c5cd/attachment-0001.htm>