Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04feb135 by Salvatore Bonaccorso at 2023-06-26T10:41:51+02:00
CVE-2023-36661 assigned for xmltooling issue
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,8 +8,6 @@ CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT)
4.6.4 before 4.6.5
TODO: check
CVE-2023-36662 (The TechTime User Management components for Atlassian products
allow s ...)
TODO: check
-CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and
Shibboleth ...)
- TODO: check
CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows
memory ...)
TODO: check
CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online
Store 1. ...)
@@ -1366,11 +1364,8 @@ CVE-2023-29167 (Out-of-bound reads vulnerability exists
in FRENIC RHC Loader v1.
NOT-FOR-US: FRENIC RHC Loader
CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC
Loader ...)
NOT-FOR-US: FRENIC RHC Loader
-CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access]
+CVE-2023-36661 [Parsing of KeyInfo elements can cause remote resource access]
- xmltooling 3.2.4-1 (bug #1037948)
- [bookworm] - xmltooling 3.2.3-1+deb12u1
- [bullseye] - xmltooling 3.2.0-3+deb11u1
- [buster] - xmltooling 3.0.4-1+deb10u2
NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt
NOTE:
https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=6080f6343f98fec085bc0fd746913ee418cc9d30
CVE-2023-33991 (SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754,
SAP_UI 7 ...)
=====================================
data/DLA/list
=====================================
@@ -20,6 +20,7 @@
{CVE-2023-33476}
[buster] - minidlna 1.2.1+dfsg-2+deb10u4
[21 Jun 2023] DLA-3464-1 xmltooling - security update
+ {CVE-2023-36661}
[buster] - xmltooling 3.0.4-1+deb10u2
[21 Jun 2023] DLA-3463-1 opensc - security update
{CVE-2019-6502 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781
CVE-2021-42782 CVE-2023-2977}
=====================================
data/DSA/list
=====================================
@@ -26,6 +26,7 @@
[bullseye] - libx11 2:1.7.2-1+deb11u1
[bookworm] - libx11 2:1.8.4-2+deb12u1
[18 Jun 2023] DSA-5432-1 xmltooling - security update
+ {CVE-2023-36661}
[bookworm] - xmltooling 3.2.3-1+deb12u1
[bullseye] - xmltooling 3.2.0-3+deb11u1
[16 Jun 2023] DSA-5431-1 sofia-sip - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04feb135409baf0e6a51846c537eef049f044c0e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04feb135409baf0e6a51846c537eef049f044c0e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
