[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-2401{0,1,2}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 27 06:12:43 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ef932ba by Salvatore Bonaccorso at 2025-04-27T07:11:20+02:00
Update status for CVE-2023-2401{0,1,2}

The CVE assignments were for the same issue for different vendors, of
which the CVE-2023-24010 is associated with eProsima DDS (fastdds)
product.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197243,11 +197243,12 @@ CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity
 	NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
 	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/4324f0ac59f8225aa44bc5034df60dbeccd1d334 (v2.9.7)
 CVE-2023-24012 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
-	TODO: check
+	NOT-FOR-US: OpenDDS
 CVE-2023-24011 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
-	TODO: check
+	NOT-FOR-US: ZettaScale DDS
 CVE-2023-24010 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
-	TODO: check
+	- fastdds <unfixed>
+	NOTE: https://github.com/ros2/sros2/issues/282
 CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ef932ba934d403067588c09ab2be07abd69f31d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ef932ba934d403067588c09ab2be07abd69f31d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250427/c47668ab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list