Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce3a34a1 by Salvatore Bonaccorso at 2023-12-04T20:52:55+01:00
Update information for CVE-2023-6378/logback
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -844,6 +844,9 @@ CVE-2023-6378 (A serialization vulnerability in logback
receiver component part
[bullseye] - logback <no-dsa> (Minor issue)
[buster] - logback <postponed> (Minor issue, DoS)
NOTE: https://logback.qos.ch/news.html#1.3.12
+ NOTE: Fixed by:
https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
(v_1.3.12)
+ NOTE: Only exploitable f logback receiver component is deployed:
+ NOTE: https://logback.qos.ch/manual/receivers.html
CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9
(14.0.9) ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9
(14.0.9) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3a34a1405a07f427208dcd8e891cdae8ec2f5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3a34a1405a07f427208dcd8e891cdae8ec2f5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
