[Git][security-tracker-team/security-tracker][master] triage for older busybox issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Oct 28 16:54:50 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dd4c2a1 by Moritz Muehlenhoff at 2024-10-28T17:53:58+01:00
triage for older busybox issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87779,19 +87779,19 @@ CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (upda
NOT-FOR-US: PrestaShop module
CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...)
- busybox <unfixed> (bug #1059053)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874
CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...)
- busybox <unfixed> (bug #1059052)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871
CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...)
- busybox <unfixed> (bug #1059051)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868
@@ -102820,10 +102820,11 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr
NOTE: https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd (v2.7.2)
CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...)
- busybox <unfixed> (bug #1055307)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=16033
CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
NOT-FOR-US: Free and Open Source Inventory Management System
CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...)
@@ -144502,11 +144503,11 @@ CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execu
NOT-FOR-US: Rukovoditel
CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...)
- busybox <unfixed> (bug #1059049)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15216
- NOTE: https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209
+ NOTE: https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 (incomplete)
CVE-2022-48173
RESERVED
CVE-2022-48172
@@ -205308,12 +205309,11 @@ CVE-2022-28393
CVE-2022-28392
RESERVED
CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...)
- - busybox <unfixed> (bug #1010264)
- [bookworm] - busybox <no-dsa> (Minor issue)
- [bullseye] - busybox <no-dsa> (Minor issue)
- [buster] - busybox <no-dsa> (Minor issue)
- [stretch] - busybox <no-dsa> (Minor issue)
+ - busybox <not-affected> (Specific to running busybox on musl instead of glibc)
NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=15922
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=14811
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1198092#c3
CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...)
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.17.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd4c2a1006ffd130e1e49fb464debccb590a82d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd4c2a1006ffd130e1e49fb464debccb590a82d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241028/f377b9ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list