[Git][security-tracker-team/security-tracker][master] Add some upstream tag meta information to upstream commits
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 29 17:10:46 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98b9b7de by Salvatore Bonaccorso at 2024-10-29T18:10:16+01:00
Add some upstream tag meta information to upstream commits
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28108,8 +28108,8 @@ CVE-2024-39930 (The built-in SSH server of Gogs through 0.13.0 allows argument i
CVE-2024-39929 (Exim through 4.97.1 misparses a multiline RFC 2231 header filename, an ...)
{DSA-5728-1}
- exim4 4.98~RC3-2 (bug #1075785)
- NOTE: https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357
- NOTE: https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b
+ NOTE: https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357 (exim-4.98-RC3)
+ NOTE: https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b (exim-4.98-RC3)
NOTE: https://bugs.exim.org/show_bug.cgi?id=3099#c4
CVE-2024-39211 (Kaiten 57.128.8 allows remote attackers to enumerate user accounts via ...)
NOT-FOR-US: Kaiten
@@ -82669,9 +82669,9 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/C
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
NOTE: https://bugs.exim.org/show_bug.cgi?id=3063
NOTE: https://exim.org/static/doc/security/CVE-2023-51766.txt
- NOTE: https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
- NOTE: https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4
- NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
+ NOTE: https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5 (exim-4.98-RC0)
+ NOTE: https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4 (exim-4.98-RC0)
+ NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca (exim-4.98-RC0)
CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configuration ...)
{DLA-3829-1}
- sendmail 8.18.1-1 (bug #1059386)
@@ -98576,7 +98576,7 @@ CVE-2023-42119 (Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerabili
NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
- NOTE: Fixed by https://git.exim.org/exim.git/commitdiff/f6b1f8e7d642
+ NOTE: Fixed by: https://git.exim.org/exim.git/commitdiff/f6b1f8e7d642f82d830a71b78699a4349e0158e1 (exim-4.96.2)
CVE-2023-42118 (Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. Th ...)
- libspf2 <unfixed> (bug #1053870)
[bookworm] - libspf2 <postponed> (Revisit once upstream and ZDI status is clarfied)
@@ -98604,24 +98604,25 @@ CVE-2023-42117 (Exim Improper Neutralization of Special Elements Remote Code Exe
NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
- NOTE: Fixed by https://git.exim.org/exim.git/commit/a95acb1c19c2e3600ef327c71318e33316d34440
- NOTE: Fixed by https://git.exim.org/exim.git/commit/654056e44fc93a0ee7c09d1228933e8af6862206
+ NOTE: Fixed by: https://git.exim.org/exim.git/commit/a95acb1c19c2e3600ef327c71318e33316d34440 (exim-4.96.2)
+ NOTE: Fixed by: https://git.exim.org/exim.git/commit/654056e44fc93a0ee7c09d1228933e8af6862206 (exim-4.96.2)
CVE-2023-42116 (Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution ...)
{DSA-5512-1 DLA-3599-1}
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3000
- NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/936e342d560e218c2aee5cb2295be925c27c2106
+ NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/936e342d560e218c2aee5cb2295be925c27c2106 (exim-4.96.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42115 (Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. Thi ...)
{DSA-5512-1}
+
- exim4 4.97~RC1-2
[buster] - exim4 <not-affected> (External authenticator support was introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
NOTE: https://bugs.exim.org/show_bug.cgi?id=2999
- NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/955f1203c15be96fa84b5331fa2a5cb2e556b9a9
+ NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/955f1203c15be96fa84b5331fa2a5cb2e556b9a9 (exim-4.96.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
@@ -98630,7 +98631,7 @@ CVE-2023-42114 (Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vu
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3001
- NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/ccf9816f54fb04ab5508eb8c7f00b08bc3531297
+ NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/ccf9816f54fb04ab5508eb8c7f00b08bc3531297 (exim-4.96.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
@@ -164903,11 +164904,11 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic.
- exim4 4.96-4
[buster] - exim4 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2915
- NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
+ NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 (exim-4.97-RC0)
NOTE: Important follow-up fixes:
- NOTE: https://git.exim.org/exim.git/commit/d8ecc7bf97934a1e2244788c610c958cacd740bd
- NOTE: https://git.exim.org/exim.git/commit/158dff9936e36a2d31d037d3988b9353458d6471
- NOTE: https://git.exim.org/exim.git/commit/32da6327e434e986a18b75a84f2d8c687ba14619
+ NOTE: https://git.exim.org/exim.git/commit/d8ecc7bf97934a1e2244788c610c958cacd740bd (exim-4.97-RC0)
+ NOTE: https://git.exim.org/exim.git/commit/158dff9936e36a2d31d037d3988b9353458d6471 (exim-4.97-RC0)
+ NOTE: https://git.exim.org/exim.git/commit/32da6327e434e986a18b75a84f2d8c687ba14619 (exim-4.97-RC0)
CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3557
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b9b7de9a0ca861f3b8b9403b12a58ddae161b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b9b7de9a0ca861f3b8b9403b12a58ddae161b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241029/d3b8b5d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list