Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c637e03f by Salvatore Bonaccorso at 2023-12-07T21:24:27+01:00
Add CVE-2023-50164/libstruts1.2-java
Similarly as per CVE-2023-41835 this actually might be just not-affected
for the 1.2 series versions. It is though unclear if upstream just only
consider 2. versions onwards for advisories since the 1.2 based versions
were long deprecated and not supported. The information so in this CVE
entry might be wrong but safe on the side of marking it potentially
wrong as affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,9 @@ CVE-2023-6574 (A vulnerability was found in Beijing Baichuo
Smart S20 up to 2023
CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a
stored cr ...)
TODO: check
CVE-2023-50164 (An attacker can manipulate file upload params to enable paths
traversa ...)
- TODO: check
+ - libstruts1.2-java <removed>
+ NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
+ NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066
CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
TODO: check
CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
