Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3288ad78 by Salvatore Bonaccorso at 2023-10-19T21:27:38+02:00 Update status for CVE-2023-37543 after feedback from upstream It is a very unfortunate situation that the fix is not pinpointed. Upstream believes 1.2.6 fixes the issue. Exceptionally update the status according to the current discussion. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10126,14 +10126,14 @@ CVE-2023-37734 (EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to con CVE-2023-37625 (A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 all ...) - netbox <itp> (bug #1017079) CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for ...) - - cacti <unfixed> - [bookworm] - cacti <no-dsa> (Minor issue) - [bullseye] - cacti <no-dsa> (Minor issue) + - cacti 1.2.6+ds1-1 [buster] - cacti <no-dsa> (Minor issue) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj NOTE: https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed NOTE: https://github.com/Cacti/cacti/issues/5523 - TODO: check details once GHSA-4x82-8w8m-w8hj accessible, 1.2.6 does not seem correct, reporter claims 1.2.25 wich is not released + NOTE: Not possible to pinpoint exact fix, but upstream confirms that the fix is in + NOTE: 1.2.6 upstream, cf. https://github.com/Cacti/cacti/issues/5523#issuecomment-1768240843 + NOTE: and surrounding questions. CVE-2023-37388 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudi ...) NOT-FOR-US: WordPress plugin CVE-2023-37069 (Code-Projects Online Hospital Management System V1.0 is vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3288ad78351071f170dd4da4d70a8a95065cb1ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3288ad78351071f170dd4da4d70a8a95065cb1ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits