[Git][security-tracker-team/security-tracker][master] Update information on logback issues

Mon, 04 Dec 2023 12:23:48 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5be33738 by Salvatore Bonaccorso at 2023-12-04T21:22:47+01:00
Update information on logback issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,7 @@
 CVE-2023-6481 (A serialization vulnerability in logback receiver component 
part of  l ...)
-       TODO: check
+       - logback <not-affected> (Incomplte fix not applied)
+       NOTE: https://logback.qos.ch/news.html#1.3.14
+       NOTE: https://logback.qos.ch/news.html#1.2.13
 CVE-2023-6460 (A potential logging of the firestore key via logging within 
nodejs-fir ...)
        TODO: check
 CVE-2023-5768 (A vulnerability exists in the HCI IEC 60870-5-104 that affects 
the RTU ...)
@@ -889,8 +891,11 @@ CVE-2023-6378 (A serialization vulnerability in logback 
receiver component part
        [buster] - logback <postponed> (Minor issue, DoS)
        NOTE: https://logback.qos.ch/news.html#1.3.12
        NOTE: Fixed by: 
https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
 (v_1.3.12)
+       NOTE: Fixed by: 
https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
 (v_1.2.13)
        NOTE: Only exploitable if logback receiver component is deployed:
        NOTE: https://logback.qos.ch/manual/receivers.html
+       NOTE: When fixing the issue make sure to to not introduce CVE-2023-6481 
which is
+       NOTE: assigned for an incomplete fix for CVE-2023-6378.
 CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 
(14.0.9) ...)
        NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 
(14.0.9) ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5be33738cc3cc5e9740041dceab10784578571fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5be33738cc3cc5e9740041dceab10784578571fa
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to