Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c8df1691 by Moritz Muehlenhoff at 2023-11-20T22:22:29+01:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6542,8 +6542,12 @@ CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This lea - zabbix <unfixed> (bug #1053877) [buster] - zabbix <not-affected> (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23391 + NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0) + NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0) CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) - zabbix <unfixed> (bug #1053877) + [bookworm] - zabbix <no-dsa> (Minor issue) + [bullseye] - zabbix <no-dsa> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-23230 NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x) CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) @@ -10995,6 +10999,7 @@ CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run NOT-FOR-US: PaperCut CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...) - libcommons-compress-java 1.24.0-1 (bug #1052065) + [bookworm] - libcommons-compress-java <no-dsa> (Minor issue) [bullseye] - libcommons-compress-java <not-affected> (Vulnerable code introduced later) [buster] - libcommons-compress-java <not-affected> (Vulnerable code introduced later) NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c @@ -51544,6 +51549,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_ NOTE: https://github.com/upx/upx/issues/631 CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...) - upx-ucl <unfixed> (bug #1033258) + [bullseye] - upx-ucl <no-dsa> (Minor issue) [buster] - upx-ucl <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381 NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 @@ -62772,6 +62778,8 @@ CVE-2022-41985 (An authentication bypass vulnerability exists in the Authenticat NOT-FOR-US: uC-FTPs CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...) - derby <unfixed> + [bookworm] - derby <no-dsa> (Minor issue) + [bullseye] - derby <no-dsa> (Minor issue) NOTE: https://issues.apache.org/jira/browse/DERBY-7147 NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3 CVE-2022-46336 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8df16913c86b0c6997fa87f1eb455d033b86d59 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits