Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5965db88 by Guilhem Moulin at 2024-03-17T17:41:54+01:00 Triage CVE-2023-2700/libvirt for buster and bullseye. - - - - - 616a53f5 by Guilhem Moulin at 2024-03-17T17:51:29+01:00 Triage CVE-2019-20485/libvirt for buster. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -51087,9 +51087,10 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgre CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...) [experimental] - libvirt 9.3.0-1 - libvirt 9.0.0-4 (bug #1036297) - [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) + [bullseye] - libvirt <not-affected> (Vulnerable code not present) + [buster] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 + NOTE: Introduced in: https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088 (v7.7.0) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Lost and Found Information System @@ -291353,10 +291354,11 @@ CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow file NOT-FOR-US: Apache AsterixDB CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - libvirt 6.0.0-2 (low; bug #953078) - [buster] - libvirt <no-dsa> (Minor issue) + [buster] - libvirt <no-dsa> (Minor issue, intrusive to backport) [stretch] - libvirt <no-dsa> (Minor issue) [jessie] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) + NOTE: Disputed upstream: https://listman.redhat.com/archives/libvir-list/2019-December/msg00313.html CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) NOT-FOR-US: Swann CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits