[Git][security-tracker-team/security-tracker][master] Track cacti fixes via unstable upload

Mon, 25 Dec 2023 13:07:30 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63e2c3bb by Salvatore Bonaccorso at 2023-12-25T22:06:46+01:00
Track cacti fixes via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2023-51661 (Wasmer is a WebAssembly runtime that 
enables containers to run a
 CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation 
Platform  ...)
        NOT-FOR-US: Nautobot
 CVE-2023-51448 (Cacti provides an operational monitoring and fault management 
framewor ...)
-       - cacti <unfixed>
+       - cacti 1.2.26+ds1-1
        [bookworm] - cacti <not-affected> (Vulnerable code introduced later; 
Fix for CVE-2023-30534 not applied)
        [bullseye] - cacti <not-affected> (Vulnerable code introduced later; 
Fix for CVE-2023-30534 not applied)
        [buster] - cacti <not-affected> (Vulnerable code introduced later)
@@ -262,7 +262,7 @@ CVE-2023-50258 (Medusa is an automatic video library 
manager for TV shows. Versi
 CVE-2023-50254 (Deepin Linux's default document reader `deepin-reader` 
software suffer ...)
        - deepin-reader <itp> (bug #970218)
 CVE-2023-50250 (Cacti is an open source operational monitoring and fault 
management fr ...)
-       - cacti <unfixed>
+       - cacti 1.2.26+ds1-1
        [bullseye] - cacti <not-affected> (Vulnerable code introduced later)
        [buster] - cacti <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
@@ -282,12 +282,12 @@ CVE-2023-49356 (A stack buffer overflow vulnerability in 
MP3Gain v1.6.2 allows a
        NOTE: 
https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md
        NOTE: Likely the same and duplicate of CVE-2018-10777 and covered by 
the same fixes applied
 CVE-2023-49088 (Cacti is an open source operational monitoring and fault 
management fr ...)
-       - cacti <unfixed>
+       - cacti 1.2.26+ds1-1
        NOTE: Caused by an incomplete fix for CVE-2023-39515
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h 
(CVE-2023-39515)
 CVE-2023-49085 (Cacti provides an operational monitoring and fault management 
framewor ...)
-       - cacti <unfixed>
+       - cacti 1.2.26+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855
 CVE-2023-48704 (ClickHouse is an open-source column-oriented database 
management syste ...)
        - clickhouse <unfixed> (bug #1059367)
@@ -395,11 +395,11 @@ CVE-2023-49678 (Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL In
 CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL 
Injectio ...)
        NOT-FOR-US: Job Portal
 CVE-2023-49086 (Cacti is a robust performance and fault management framework 
and a fro ...)
-       - cacti <unfixed> (bug #1059254)
+       - cacti 1.2.26+ds1-1 (bug #1059254)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr
        NOTE: 
https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
 CVE-2023-49084 (Cacti is a robust performance and fault management framework 
and a fro ...)
-       - cacti <unfixed> (bug #1059254)
+       - cacti 1.2.26+ds1-1 (bug #1059254)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
        NOTE: 
https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
 CVE-2023-48723 (Student Result Management System v1.0 is vulnerable to 
multiple Unauth ...)
@@ -10104,7 +10104,7 @@ CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) 
Technology Limited A7000R v.4.1c
 CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows 
an attack ...)
        NOT-FOR-US: Contec SolarView Compact
 CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote 
attacker  ...)
-       - cacti <unfixed> (bug #1059286)
+       - cacti 1.2.26+ds1-1 (bug #1059286)
        [bookworm] - cacti <no-dsa> (Revisit when more details are available)
        [bullseye] - cacti <no-dsa> (Revisit when more details are available)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not 
public yet)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e2c3bbd038d1fe0b77819ff0dd9bbb9f0938bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e2c3bbd038d1fe0b77819ff0dd9bbb9f0938bb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to