Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6291efc5 by Tobias Frost at 2025-01-11T19:53:07+01:00
CVE-2023-42363/busyboy - triaging to identify introducing commit
Using the poc and git bisect to identify the first commit that triggers
the poc.
Very likely this is the source of the vulnerability, but no certain
proof it is, so not marking as "introduced by."
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -110332,7 +110332,8 @@ CVE-2023-42363 (A use-after-free vulnerability was
discovered in xasprintf funct
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865
- NOTE: The abov ticket contains a poc, poc triggers on bookworm but not
on bullseye.
+ NOTE: The above ticket contains a poc, poc triggers on bookworm but not
on bullseye.
+ NOTE: The poc starts triggering with
https://github.com/mirror/busybox/commit/a885ce1af05c4eaa5ebcf883cb3da3433ca1c48b
(1_34_0)
NOTE:
https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa
(1_37_0)
CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in
Chamilo ...)
NOT-FOR-US: Chamilo LMS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6291efc599ab21ce8b4422321c34eedf914567bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6291efc599ab21ce8b4422321c34eedf914567bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
