[Git][security-tracker-team/security-tracker][master] Document more fixing commits for exim4 DLA-3938-1

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ee1ea48 by Markus Koschany at 2024-10-29T00:59:44+01:00
Document more fixing commits for exim4 DLA-3938-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -98194,6 +98194,7 @@ CVE-2023-42119 (Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerabili
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
 	NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
+	NOTE: Fixed by https://git.exim.org/exim.git/commitdiff/f6b1f8e7d642
 CVE-2023-42118 (Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. Th ...)
 	- libspf2 <unfixed> (bug #1053870)
 	[bookworm] - libspf2 <postponed> (Revisit once upstream and ZDI status is clarfied)
@@ -98221,6 +98222,8 @@ CVE-2023-42117 (Exim Improper Neutralization of Special Elements Remote Code Exe
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
 	NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
+	NOTE: Fixed by https://git.exim.org/exim.git/commit/a95acb1c19c2e3600ef327c71318e33316d34440
+	NOTE: Fixed by https://git.exim.org/exim.git/commit/654056e44fc93a0ee7c09d1228933e8af6862206
 CVE-2023-42116 (Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution  ...)
 	{DSA-5512-1 DLA-3599-1}
 	- exim4 4.97~RC1-2
@@ -164520,6 +164523,10 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic.
 	[buster] - exim4 <no-dsa> (Minor issue)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2915
 	NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
+	NOTE: Important follow-up fixes:
+	NOTE: https://git.exim.org/exim.git/commit/d8ecc7bf97934a1e2244788c610c958cacd740bd
+	NOTE: https://git.exim.org/exim.git/commit/158dff9936e36a2d31d037d3988b9353458d6471
+	NOTE: https://git.exim.org/exim.git/commit/32da6327e434e986a18b75a84f2d8c687ba14619
 CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3557



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee1ea484eb6843cb75830ffb868a1a977b46be2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee1ea484eb6843cb75830ffb868a1a977b46be2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241029/733e3edb/attachment.htm>