Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49b65454 by Salvatore Bonaccorso at 2023-12-24T22:05:05+01:00
Update information for CVE-2023-37536
The initial triaging of this CVE was likely specific for HCL, but the
available information now makes it associate with xerces-c directly
rather than "the use of xerces-c in a HCL" product.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13167,7 +13167,10 @@ CVE-2023-44997 (Cross-Site Request Forgery (CSRF)
vulnerability in Nitin Rathod
CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to
2.1.1.0 a ...)
NOT-FOR-US: e-Gov Client Application
CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform
allows remo ...)
- NOT-FOR-US: HCL
+ - xerces-c 3.2.4+debian-1
+ NOTE: https://github.com/apache/xerces-c/pull/51
+ NOTE: https://issues.apache.org/jira/browse/XERCESC-2241
+ NOTE: Fixed by:
https://github.com/apache/xerces-c/commit/1296a40db07308dbaac32494469f609b00cdfaf3
(v3.2.4)
CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment
Scheduler 3.0. ...)
NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the
"theme" par ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b65454d1e25e6c3ad220cea7181007d26943d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b65454d1e25e6c3ad220cea7181007d26943d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
