Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98c11711 by Colin Watson at 2023-12-20T14:21:24+00:00
CVE-2023-51384: buster/bullseye not-affected
Same reason as CVE-2023-28531.
- - - - -
ac8ae148 by Salvatore Bonaccorso at 2023-12-20T17:12:45+00:00
Merge branch 'CVE-2023-51384' into 'master'
CVE-2023-51384: buster/bullseye not-affected
See merge request security-tracker-team/security-tracker!156
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -425,6 +425,8 @@ CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command
injection might occur i
NOTE:
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
(V_9_6_P1)
CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination
constraints ca ...)
- openssh 1:9.6p1-1
+ [bullseye] - openssh <not-affected> (Vulnerable code introduced later;
per-hop destination constraints support added in OpenSSH 8.9)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later;
per-hop destination constraints support added in OpenSSH 8.9)
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
NOTE:
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
(V_9_6_P1)
CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki
Miyashita C ...)
@@ -41722,8 +41724,8 @@ CVE-2023-28532
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent
without ...)
- openssh 1:9.3p1-1 (bug #1033166)
[bookworm] - openssh <no-dsa> (Minor issue)
- [bullseye] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
- [buster] - openssh <not-affected> (Vulnerable code introduced later;
per-hop desination constraints support added in OpenSSH 8.9)
+ [bullseye] - openssh <not-affected> (Vulnerable code introduced later;
per-hop destination constraints support added in OpenSSH 8.9)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later;
per-hop destination constraints support added in OpenSSH 8.9)
NOTE:
https://github.com/openssh/openssh-portable/commit/54ac4ab2b53ce9fcb66b8250dee91c070e4167ed
(V_9_3_P1)
CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored
cross-site ...)
NOT-FOR-US: IBM
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7455e85bb5577a0b8869ab97ed5f6f046dbb36cc...ac8ae148fc969cc0ccc3158f559307189ff0a195
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7455e85bb5577a0b8869ab97ed5f6f046dbb36cc...ac8ae148fc969cc0ccc3158f559307189ff0a195
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
