Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0cc62fe2 by Salvatore Bonaccorso at 2023-09-29T21:56:40+02:00 Add clarifying information for three exim4 issues which are unfixed >From upstream: They are debatable and miss information required needing to fix those issues. Add oss-security reference to all of the open exim4 issues. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -205,25 +205,34 @@ CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commi CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: From upstream: Issue is ebatable or miss information upstream needs to address the issue. CVE-2023-42118 [Exim libspf2 Integer Underflow Remote Code Execution Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/ + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: From upstream: Issue is ebatable or miss information upstream needs to address the issue. TODO: check if should be in src:libspf2 or in exim4's usage CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1471/ + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: From upstream: Issue is ebatable or miss information upstream needs to address the issue. CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3000 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ NOTE: https://bugs.exim.org/show_bug.cgi?id=2999 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability] - exim4 <unfixed> NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3001 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 CVE-2023-40476 [Integer overflow in H.265 video parser leading to stack overwrite] - gst-plugins-bad1.0 <unfixed> - gst-plugins-bad0.10 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc62fe29883a8583522370f106777f5efa04484 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc62fe29883a8583522370f106777f5efa04484 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits