Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2cd83ad by Sylvain Beucler at 2023-11-30T13:36:14+01:00
CVE-2023-39358,CVE-2023-39360/cacti: buster not-affected + more links
- - - - -
5c29eb62 by Sylvain Beucler at 2023-11-30T13:36:16+01:00
CVE-2023-39366/cacti: all the code path for the CVE vector appears to be
present and similar, re-mark for fix in bullseye & buster
- - - - -
c52977ca by Sylvain Beucler at 2023-11-30T13:36:18+01:00
CVE-2023-39510/cacti: buster not-affected + introductory commit
- - - - -
ebbc8845 by Sylvain Beucler at 2023-11-30T13:37:18+01:00
CVE-2023-39511/cacti: buster not-affected + patch + introductory commit
- - - - -
dc86d26e by Sylvain Beucler at 2023-11-30T13:37:27+01:00
CVE-2023-39512/cacti: buster not-affected + introductory commit
- - - - -
70f06ace by Sylvain Beucler at 2023-11-30T13:37:27+01:00
CVE-2023-39514/cacti: buster not-affected + introductory commit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13191,7 +13191,10 @@ CVE-2023-39511 (Cacti is an open source operational
monitoring and fault managem
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42
+ NOTE:
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
(release/1.2.25)
+ NOTE: Introduced by:
https://github.com/Cacti/cacti/commit/9d3495abdc86f40bc7fa9767fcf0136db5b6179a
(release/1.2.20)
CVE-2023-39265 (Apache Superset would allow for SQLite database connections to
be inco ...)
NOT-FOR-US: Apache Superset
CVE-2023-39264 (By default, stack traces for errors were enabled, which
resulted in th ...)
@@ -13397,8 +13400,10 @@ CVE-2023-39514 (Cacti is an open source operational
monitoring and fault managem
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
NOTE:
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
+ NOTE: Introduced by:
https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2
(release/1.2.17)
CVE-2023-39513 (Cacti is an open source operational monitoring and fault
management fr ...)
{DSA-5550-1}
- cacti 1.2.25+ds1-1
@@ -13410,18 +13415,21 @@ CVE-2023-39512 (Cacti is an open source operational
monitoring and fault managem
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
NOTE:
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
+ NOTE: Introduced by:
https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2
(release/1.2.17)
CVE-2023-39510 (Cacti is an open source operational monitoring and fault
management fr ...)
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
NOTE:
https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
+ NOTE: Introduced by:
https://github.com/Cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d
(release/1.2.20)
CVE-2023-39366 (Cacti is an open source operational monitoring and fault
management fr ...)
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
- [bullseye] - cacti <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
NOTE:
https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
CVE-2023-39365 (Cacti is an open source operational monitoring and fault
management fr ...)
@@ -13451,8 +13459,11 @@ CVE-2023-39360 (Cacti is an open source operational
monitoring and fault managem
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
- NOTE:
https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
+ NOTE:
https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
(release/1.2.25)
+ NOTE:
https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa
(release/1.2.25)
+ NOTE: Introduced by:
https://github.com/cacti/cacti/commit/bf292d5d57c2afa108f65198074cd82a40c13fd3
(release/1.2.17)
CVE-2023-39359 (Cacti is an open source operational monitoring and fault
management fr ...)
{DSA-5550-1}
- cacti 1.2.25+ds1-1
@@ -13462,9 +13473,11 @@ CVE-2023-39358 (Cacti is an open source operational
monitoring and fault managem
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
+ [buster] - cacti <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
NOTE:
https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d
NOTE:
https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82
+ NOTE: Introduced by:
https://github.com/cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d
(release/1.2.20)
CVE-2023-39357 (Cacti is an open source operational monitoring and fault
management fr ...)
{DSA-5550-1}
- cacti 1.2.25+ds1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6334abbefc82472b9ee0f8fde9b58e4b6d3f7bb1...70f06acec6c06bb617c5bc25e1b061057562a1eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6334abbefc82472b9ee0f8fde9b58e4b6d3f7bb1...70f06acec6c06bb617c5bc25e1b061057562a1eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
