Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: d271c1b5 by Markus Koschany at 2023-10-01T19:37:00+02:00 CVE-2023-0809,mosquitto: Buster is not affected The vulnerable code was introduced later. mosq_cs_new function is already used. - - - - - dcf602a7 by Markus Koschany at 2023-10-01T19:38:15+02:00 CVE-2023-3592,mosquitto: Buster is not affected The vulnerable code was introduced later. property_broker.c was added in November 2018 and the code was not present in other files before https://github.com/eclipse/mosquitto/commit/d5108956bf99507d521246959913bc650133d971#diff-21faf3c608ab100dac4ee821522de6ccf68e2b672fc8829b9c5042b63da5742b - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -35563,10 +35563,12 @@ CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayse CVE-2023-0809 RESERVED - mosquitto 2.0.17-1 + [buster] - mosquitto <not-affected> (The vulnerable code was introduced later) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad CVE-2023-3592 - mosquitto 2.0.17-1 + [buster] - mosquitto <not-affected> (The vulnerable code was introduced later) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa (v2.0.16) CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_540 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64bb6ce217b2e3fe952c2f72d03fd430e41177c1...dcf602a7d088f2870b42ae2b497a0e937ad5f8c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64bb6ce217b2e3fe952c2f72d03fd430e41177c1...dcf602a7d088f2870b42ae2b497a0e937ad5f8c0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
