Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
884a4888 by Salvatore Bonaccorso at 2023-05-07T21:31:37+02:00
Add note for CVE-2023-29491 on mitigation since 6.4-3 upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5191,6 +5191,9 @@ CVE-2023-29491 (ncurses before 6.4 20230408, when used by
a setuid application,
NOTE:
http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
NOTE:
https://github.com/ThomasDickey/ncurses-snapshots/commit/a6d3f92bb5bba1a71c7c3df39497abbe5fe999ff
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/12
+ NOTE: 6.4-3 upload configures with "--disable-root-environ" to disallow
loading of
+ NOTE: custom terminfo entries in setuid/setgid programs, mitigating the
impact of
+ NOTE: the vulnerability.
CVE-2023-29490
RESERVED
CVE-2023-29489 (An issue was discovered in cPanel before 11.109.9999.116. XSS
can occu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a4888d1a837f191a106c9e5a5acb44d212a9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a4888d1a837f191a106c9e5a5acb44d212a9c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
