[Git][security-tracker-team/security-tracker][master] Update notes for sysstat CVEs

Thu, 18 May 2023 05:20:53 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
64582bbf by Salvatore Bonaccorso at 2023-05-18T14:20:09+02:00
Update notes for sysstat CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,9 @@
 CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer 
overflow in che ...)
        - sysstat <unfixed>
+       [bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 
not applied)
        NOTE: https://github.com/sysstat/sysstat/pull/360
        NOTE: 
https://github.com/sysstat/sysstat/commit/954ff2e2673cef48f0ed44668c466eab041db387
+       NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
 CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and 
resultant use-a ...)
        - linux 6.1.25-1
        [bullseye] - linux 5.10.178-1
@@ -57226,6 +57228,7 @@ CVE-2022-39377 (sysstat is a set of system performance 
tools for the Linux opera
        [bullseye] - sysstat <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
        NOTE: 
https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540
 (v12.7.1)
+       NOTE: The original fix is incomplete and opens up CVE-2023-33204.
 CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI 
is a Fre ...)
        - glpi <removed> (unimportant)
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to