Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c4ad9da by Salvatore Bonaccorso at 2023-10-03T19:02:28+02:00 Add CVE-2023-4911/glibc - - - - - 2ef48767 by Salvatore Bonaccorso at 2023-10-03T19:03:11+02:00 Track fixes glibc fixes previously pending for bookworm-pu - - - - - f7104b66 by Salvatore Bonaccorso at 2023-10-03T19:06:34+02:00 Add upstream commit reference for CVE-2023-4911 - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,8 @@ +CVE-2023-4911 [buffer overflow in dynamic loader's processing of the GLIBC_TUNABLES environment variable] + - glibc <unfixed> + [buster] - glibc <not-affected> (Vulnerable code introduced later) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa + NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt CVE-2023-43789 [libXpm: out of bounds read on XPM with corrupted colormap] - libxpm <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 @@ -2724,13 +2729,14 @@ CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_ine NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36) CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...) - glibc 2.37-10 - [bookworm] - glibc <no-dsa> (Minor issue) + [bookworm] - glibc 2.36-9+deb12u3 [bullseye] - glibc <no-dsa> (Minor issue) [buster] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843 NOTE: When fixing this issue in older releases make sure to not open CVE-2023-5156. CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...) - glibc 2.37-9 (bug #1051958) + [bookworm] - glibc 2.36-9+deb12u3 [bullseye] - glibc <not-affected> (Vulnerable code not present) [buster] - glibc <not-affected> (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30842 ===================================== data/next-point-update.txt ===================================== @@ -57,10 +57,6 @@ CVE-2023-38039 [bookworm] - curl 7.88.1-10+deb12u3 CVE-2023-43770 [bookworm] - roundcube 1.6.3+dfsg-1~deb12u1 -CVE-2023-4527 - [bookworm] - glibc 2.36-9+deb12u2 -CVE-2023-4806 - [bookworm] - glibc 2.36-9+deb12u2 CVE-2023-38559 [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u2 CVE-2023-43115 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170cf61c22811f68a6ccea95598950302780ebab...f7104b6649fb096a878bc147c12bd2972c275066 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170cf61c22811f68a6ccea95598950302780ebab...f7104b6649fb096a878bc147c12bd2972c275066 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
