[Git][security-tracker-team/security-tracker][master] Add new Slurm issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc34bf28 by Salvatore Bonaccorso at 2023-12-14T07:27:40+01:00
Add new Slurm issues

Note that upstream only supports the series from 22.05.y onwards. So for
those issues known to affect 22.05.y and fixed in 22.05.11 changes are
there that the older series are affected as well.

Where it was clear that is affect only 23.02.y and 23.11.y the
respective older versions were marked as not-affected.

Finergrained triage will happen once the fixing commits can be deduced.

Link: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-49934 [SQL Injection]
+       - slurm-wlm <not-affected> (Vulnerable code introduced in 23.11 series)
+       - slurm-llnl <not-affected> (Vulnerable code introduced in 23.11 series)
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49933 [Slurm Protocol Message Extension]
+       - slurm-wlm <unfixed>
+       - slurm-llnl <removed>
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49937 [Slurm Protocol Double Free]
+       - slurm-wlm <unfixed>
+       - slurm-llnl <removed>
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49936 [Slurm NULL Pointer Dereference]
+       - slurm-wlm <unfixed>
+       - slurm-llnl <removed>
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49938 [Slurm Arbitrary File Overwrite]
+       - slurm-wlm <unfixed>
+       - slurm-llnl <removed>
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49935 [Slurmd Message Integrity Bypass]
+       - slurm-wlm <unfixed>
+       [bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later)
+       [bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later)
+       - slurm-llnl <not-affected> (Vulnerable code introduced later)
+       NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
 CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks 
PAN-OS sof ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks 
PAN-OS so ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc34bf28a630ad928b3b175bb7ef5040111e52a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc34bf28a630ad928b3b175bb7ef5040111e52a6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits