Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 754a8d46 by Salvatore Bonaccorso at 2023-10-28T17:50:15+02:00 Add two nats-server issues (one covering as well in nkeys) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,16 @@ +CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption] + - golang-github-nats-io-nkeys <unfixed> + [bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + [bullseye] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + [buster] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + - nats-server <unfixed> + [bookworm] - nats-server <not-affected> (Vulnerable code not present) + NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt + NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9 +CVE-2023-XXXX [Adding accounts for just the system account adds auth bypass] + - nats-server 2.10.3-1 + NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt + NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 CVE-2023-5056 NOT-FOR-US: Skupper CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/754a8d46df0cfbe3c5c7dc43623a3b5d6ee13744 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/754a8d46df0cfbe3c5c7dc43623a3b5d6ee13744 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
