Add CVE-2023-39194/linux

author: Salvatore Bonaccorso <carnil@debian.org> 2023-10-05 09:18:59 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-10-05 09:19:30 +0200
commit: 0622be262b3e65489ce4a55a308419bf1659d4c8 (patch)
tree: d5fd2ca31d53eac814cb35280ba86bfd1f014122 /data
parent: 829a49cfab143e76b4bbdf891ddf579091cc9d07 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 5cad887448..e8962f9df2 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -86,6 +86,11 @@ CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting versi
 	TODO: check
 CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...)
 	TODO: check
+CVE-2023-39194 [net: xfrm: Fix xfrm_address_filter OOB read]
+	- linux 6.4.13-1
+	[bookworm] - linux 6.1.52-1
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
+	NOTE: https://git.kernel.org/linus/dfa73c17d55b921e1d4e154976de35317e43a93a (6.5-rc7)
 CVE-2023-39193 [netfilter: xt_sctp: validate the flag_info count]
 	- linux 6.5.3-1
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1491/
diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt
index 7644f08b4c..f1c2a560c7 100644
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -228,6 +228,8 @@ CVE-2023-44469
 	[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5
 CVE-2021-38185
 	[bullseye] - cpio 2.13+dfsg-7.1~deb11u1
+CVE-2023-39194
+	[bullseye] - linux 5.10.197-1
 CVE-2023-39193
 	[bullseye] - linux 5.10.197-1
 CVE-2023-39192
author	Salvatore Bonaccorso <carnil@debian.org>	2023-10-05 09:18:59 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-10-05 09:19:30 +0200
commit	0622be262b3e65489ce4a55a308419bf1659d4c8 (patch)
tree	d5fd2ca31d53eac814cb35280ba86bfd1f014122 /data
parent	829a49cfab143e76b4bbdf891ddf579091cc9d07 (diff)