Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5965db88 by Guilhem Moulin at 2024-03-17T17:41:54+01:00
Triage CVE-2023-2700/libvirt for buster and bullseye.
- - - - -
616a53f5 by Guilhem Moulin at 2024-03-17T17:51:29+01:00
Triage CVE-2019-20485/libvirt for buster.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51087,9 +51087,10 @@ CVE-2023-32758 (giturlparse (aka git-url-parse)
through 1.2.2, as used in Semgre
CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw
ouccers due t ...)
[experimental] - libvirt 9.3.0-1
- libvirt 9.0.0-4 (bug #1036297)
- [bullseye] - libvirt <no-dsa> (Minor issue)
- [buster] - libvirt <no-dsa> (Minor issue)
+ [bullseye] - libvirt <not-affected> (Vulnerable code not present)
+ [buster] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
+ NOTE: Introduced in:
https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088
(v7.7.0)
NOTE: Fixed by:
https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
(v9.3.0)
CVE-2023-2699 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SourceCodester Lost and Found Information System
@@ -291353,10 +291354,11 @@ CVE-2020-9479 (When loading a UDF, a specially
crafted zip file could allow file
NOT-FOR-US: Apache AsterixDB
CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the
holding of a ...)
- libvirt 6.0.0-2 (low; bug #953078)
- [buster] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue, intrusive to backport)
[stretch] - libvirt <no-dsa> (Minor issue)
[jessie] - libvirt <not-affected> (Vulnerable code not present)
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc
(v6.0.0-rc1)
+ NOTE: Disputed upstream:
https://listman.redhat.com/archives/libvir-list/2019-December/msg00313.html
CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices,
raysharpdvr ap ...)
NOT-FOR-US: Swann
CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command
injection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
