Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b906c49 by Salvatore Bonaccorso at 2023-08-02T15:32:56+02:00
Update information on glib2.0 issues mentioning the regression CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14870,6 +14870,12 @@ CVE-2013-10024 (A vulnerability has been found in Exit
Strategy Plugin 1.55 and
NOT-FOR-US: WordPress plugin
CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It
has bee ...)
NOT-FOR-US: WordPress plugin
+CVE-2023-32636
+ - glib2.0 <not-affected> (Incomplete fixes for CVE-2023-29499,
CVE-2023-32611 and CVE-2023-32665 not applied)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
+CVE-2023-32643
+ - glib2.0 <not-affected> (Incomplete fixes for CVE-2023-29499,
CVE-2023-32611 and CVE-2023-32665 not applied)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
CVE-2023-32665 [GVariant deserialisation does not match spec for non-normal
data]
- glib2.0 2.74.4-1
[bullseye] - glib2.0 <no-dsa> (Minor issue)
@@ -14877,7 +14883,7 @@ CVE-2023-32665 [GVariant deserialisation does not match
spec for non-normal data
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74,
3125 backport)
NOTE: Merge commit for glib-2-74:
https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf
(2.74.4)
- NOTE: Be careful. Original fix introduces new bugs.
+ NOTE: Be careful. Original fix introduces new bugs, resulting in
CVE-2023-32643 and CVE-2023-32636
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-32611 [g_variant_byteswap() can take a long time with some non-normal
inputs]
@@ -14887,7 +14893,8 @@ CVE-2023-32611 [g_variant_byteswap() can take a long
time with some non-normal i
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74,
3125 backport)
NOTE: Merge commit for glib-2-74:
https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf
(2.74.4)
- NOTE: Be careful. Original fix introduces new bugs.
+ NOTE: Be careful. Original fix introduces new bugs, resulting in
CVE-2023-32643 and CVE-2023-32636
+
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-29499 [GVariant offset table entry size is not checked in is_normal()]
@@ -14897,7 +14904,7 @@ CVE-2023-29499 [GVariant offset table entry size is not
checked in is_normal()]
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74,
3125 backport)
NOTE: Merge commit for glib-2-74:
https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf
(2.74.4)
- NOTE: Be careful. Original fix introduces new bugs.
+ NOTE: Be careful. Original fix introduces new bugs, resulting in
CVE-2023-32643 and CVE-2023-32636
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)
CVE-2023-29493
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b906c49ba1819dc8b70b47bfa4929f1671b8c87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b906c49ba1819dc8b70b47bfa4929f1671b8c87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
