[Git][security-tracker-team/security-tracker][master] CVE-2023-2283: Use full commit hash id

Sun, 21 May 2023 12:30:20 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1635ee12 by Salvatore Bonaccorso at 2023-05-21T21:29:36+02:00
CVE-2023-2283: Use full commit hash id

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1655,9 +1655,9 @@ CVE-2023-2283 [Authorization bypass in 
pki_verify_data_signature]
        - libssh 0.10.5-1 (bug #1035832)
        [buster] - libssh <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt
-       NOTE: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d
 (libssh-0.10.5)
-       NOTE: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d
 (libssh-0.10.5)
-       NOTE: Commit 
https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces 
vulnerable function (libssh-0.9.0)
+       NOTE: Fixed by: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d
 (libssh-0.10.5)
+       NOTE: Fixed by: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d
 (libssh-0.10.5)
+       NOTE: Vulnerable function introduced with: 
https://git.libssh.org/projects/libssh.git/commit/?id=fd9446553b5e06c95c67945959b228e44c870b73
 (libssh-0.9.0)
 CVE-2023-2282 (Improper access control in the Web Login listener in 
Devolutions Remot ...)
        NOT-FOR-US: Devolutions
 CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related 
Websoc ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to