[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about the work needed after upgrade of borgbackup.

Ola Lundqvist (@opal) Sun, 01 Oct 2023 12:29:43 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
345ff70f by Ola Lundqvist at 2023-10-01T19:18:20+00:00
Added a note about the work needed after upgrade of borgbackup.

- - - - -
66bd8cb9 by Ola Lundqvist at 2023-10-01T19:28:31+00:00
Marked a few CVEs as no-dsa for buster following decision for bullseye.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -257,6 +257,7 @@ CVE-2023-44469 (A Server-Side Request Forgery issue in the 
OpenID Connect Issuer
        - lemonldap-ng 2.17.1+ds-1
        [bookworm] - lemonldap-ng <no-dsa> (Minor issue)
        [bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+       [buster] - lemonldap-ng <no-dsa> (Minor issue)
        NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998
        NOTE: https://security.lauritz-holtmann.de/post/sso-security-ssrf/
 CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the 
Linux kernel ...)
@@ -1581,26 +1582,32 @@ CVE-2023-43377 (A cross-site scripting (XSS) 
vulnerability in /hoteldruid/visual
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in 
/hoteldruid/clienti.php  ...)
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL 
injection vul ...)
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
        - hoteldruid <unfixed> (bug #1052572)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
+       [buster] - hoteldruid <no-dsa> (Minor issue)
 CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a 
command  ...)
        NOT-FOR-US: D-Link
 CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a 
command  ...)
@@ -2455,6 +2462,7 @@ CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write]
 CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the 
gaih_inet fun ...)
        - glibc 2.36-3
        [bullseye] - glibc <no-dsa> (Minor issue)
+       [buster] - glibc <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
        NOTE: Fixed by: 
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215
 (glibc-2.36)
 CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the 
getaddr ...)
@@ -10449,6 +10457,7 @@ CVE-2023-36811 (borgbackup is an opensource, 
deduplicating archiver with compres
        NOTE: 
https://github.com/borgbackup/borg/commit/449cd51b73b0710a940af8cefe74793ce81563f4
        NOTE: 
https://github.com/borgbackup/borg/commit/f334ef1b4de2f8a359ededa41ce13358b81e63c1
        NOTE: 
https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811
+       NOTE: Requires significant work to check and repair a repo after the 
upgrade.
 CVE-2023-36466 (Discourse is an open source discussion platform. When editing 
a topic, ...)
        NOT-FOR-US: Discourse
 CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a 
Buffer Ove ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93bfc42850c9f06c82dc245db2e046ab3b68def0...66bd8cb9d6566f04fab416420beda244574afbe2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93bfc42850c9f06c82dc245db2e046ab3b68def0...66bd8cb9d6566f04fab416420beda244574afbe2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about the work needed after upgrade of borgbackup.

Reply via email to