Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 45c3df71 by Salvatore Bonaccorso at 2024-01-30T19:06:19+01:00 Add new glibc issues - - - - - e4e04086 by Salvatore Bonaccorso at 2024-01-30T19:09:30+01:00 Add upstream commit references for glibc issues - - - - - 27430779 by Salvatore Bonaccorso at 2024-01-30T19:23:55+01:00 Reserve DSA number for glibc update - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,20 @@ +CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal] + - glibc <unfixed> + [bullseye] - glibc <not-affected> (Vulnerable code not present) + [buster] - glibc <not-affected> (Vulnerable code not present) + NOTE: https://www.qualys.com/2024/01/30/syslog + NOTE: Introducecd by: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 + NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da +CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal] + - glibc <unfixed> + [bullseye] - glibc <not-affected> (Vulnerable code not present) + [buster] - glibc <not-affected> (Vulnerable code not present) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd +CVE-2023-6780 [syslog: Fix integer overflow in __vsyslog_internal] + - glibc <unfixed> + [bullseye] - glibc <not-affected> (Vulnerable code not present) + [buster] - glibc <not-affected> (Vulnerable code not present) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ddf542da94caf97ff43cc2875c88749880b7259b CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp <unfixed> NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 ===================================== data/DSA/list ===================================== @@ -1,3 +1,6 @@ +[30 Jan 2024] DSA-5611-1 glibc - security update + {CVE-2023-6246 CVE-2023-6779 CVE-2023-6780} + [bookworm] - glibc 2.36-9+deb12u4 [29 Jan 2024] DSA-5610-1 redis - security update {CVE-2022-24834 CVE-2023-36824 CVE-2023-41053 CVE-2023-41056 CVE-2023-45145} [bookworm] - redis 5:7.0.15-1~deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c29e94b6a287921a65fa6d21ca0c7d70b346cde...274307791d29026060c6abec504a979cf053372e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c29e94b6a287921a65fa6d21ca0c7d70b346cde...274307791d29026060c6abec504a979cf053372e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits