[Git][security-tracker-team/security-tracker][master] CVE-2022-24048/mariadb

Tue, 30 Jul 2024 04:55:06 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
341136ff by Bastien Roucariès at 2024-07-30T11:54:04+00:00
CVE-2022-24048/mariadb

According to upstream same fix than CVE-2022-2405[1-2]

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197056,7 +197056,7 @@ CVE-2022-24052 (MariaDB CONNECT Storage Engine 
Heap-based Buffer Overflow Privil
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
        NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
        NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
-       NOTE: According to upstream same fix than CVE-2022-24051
+       NOTE: According to upstream same fix than CVE-2022-24051, CVE-2022-24048
 CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege 
Escalation Vuln ...)
        - mariadb-10.6 1:10.6.7-1
        - mariadb-10.5 <removed>
@@ -197066,7 +197066,7 @@ CVE-2022-24051 (MariaDB CONNECT Storage Engine Format 
String Privilege Escalatio
        NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-       NOTE: According to upstream same fix than CVE-2022-24052
+       NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24048
        NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
        NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
 CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege 
Escalation Vul ...)
@@ -197088,6 +197088,9 @@ CVE-2022-24048 (MariaDB CONNECT Storage Engine 
Stack-based Buffer Overflow Privi
        [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
        NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
+       NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24051
+       NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
+       NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
 CVE-2022-24047 (This vulnerability allows remote attackers to bypass 
authentication on ...)
        NOT-FOR-US: BMC Track-It!
 CVE-2022-24046 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341136ff6bf4c89cf501276f5b6b96c7f989104a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341136ff6bf4c89cf501276f5b6b96c7f989104a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to