Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64582bbf by Salvatore Bonaccorso at 2023-05-18T14:20:09+02:00
Update notes for sysstat CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,9 @@
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer
overflow in che ...)
- sysstat <unfixed>
+ [bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377
not applied)
NOTE: https://github.com/sysstat/sysstat/pull/360
NOTE:
https://github.com/sysstat/sysstat/commit/954ff2e2673cef48f0ed44668c466eab041db387
+ NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and
resultant use-a ...)
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
@@ -57226,6 +57228,7 @@ CVE-2022-39377 (sysstat is a set of system performance
tools for the Linux opera
[bullseye] - sysstat <no-dsa> (Minor issue)
NOTE:
https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
NOTE:
https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540
(v12.7.1)
+ NOTE: The original fix is incomplete and opens up CVE-2023-33204.
CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI
is a Fre ...)
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64582bbfb009a8c72a067a8738edb41846c86ae1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
