Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d4c6857 by Salvatore Bonaccorso at 2023-12-20T11:28:35+01:00
Update information on to be rejected CVE-2023-49355
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2390,11 +2390,12 @@ CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware
through 0.6.0 for Caddy
CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition
through 7 ...)
NOT-FOR-US: Hyland Alfresco Community Edition
CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a
one-byte out- ...)
- - jq <unfixed>
+ - jq 1.7.1-1
[bookworm] - jq <not-affected> (Vulnerable code not present)
[bullseye] - jq <not-affected> (Vulnerable code not present)
[buster] - jq <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md
+ NOTE: Duplicate of CVE-2023-50246 and requested to be rejected
CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution)
NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in
Debian)
CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation
in a prod ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d4c6857bd91d6aa858af3cffca4f1c660aae4f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d4c6857bd91d6aa858af3cffca4f1c660aae4f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
