Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c6e1434c by Moritz Muehlenhoff at 2023-04-10T19:51:03+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2249,22 +2249,22 @@ CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html] NOTE: https://github.com/mvdnes/spin-rs/issues/148 CVE-2023-29421 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/issues/94 NOTE: https://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d (1.2.3) CVE-2023-29420 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/bb06deb85f1c249838eb938e0dab271d4194f8fa (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29419 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29418 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29417 (** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.2.2. T ...) @@ -2272,11 +2272,11 @@ CVE-2023-29417 (** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1. NOTE: https://github.com/kspalaiologos/bzip3/issues/97 NOTE: Issue between library and example code not correctly using the API CVE-2023-29416 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_dec ...) - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff (1.3.0) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial ...) - - bzip3 <unfixed> + - bzip3 <unfixed> (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/issues/95 NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 CVE-2023-29414 @@ -2573,7 +2573,7 @@ CVE-2023-29325 CVE-2023-29324 RESERVED CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...) - - opensmtpd <unfixed> + - opensmtpd <unfixed> (bug #1034178) NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig CVE-2023-29322 RESERVED @@ -3551,7 +3551,7 @@ CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534 NOTE: https://hackerone.com/reports/1679267 CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...) - - nextcloud-desktop <unfixed> + - nextcloud-desktop <unfixed> (bug #1034184) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8 NOTE: https://github.com/nextcloud/desktop/pull/5560 CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) @@ -3921,12 +3921,12 @@ CVE-2023-1657 CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...) NOT-FOR-US: ForgeRock CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da @@ -4177,7 +4177,7 @@ CVE-2023-22308 CVE-2023-1625 [information leak in API] RESERVED [experimental] - heat 1:20.0.0~rc1-1 - - heat <unfixed> + - heat <unfixed> (bug #1034186) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621 NOTE: https://review.opendev.org/c/openstack/heat/+/868166 NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1) @@ -4347,7 +4347,7 @@ CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classi CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...) NOT-FOR-US: novel-plus CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...) - - radare2 <unfixed> + - radare2 <unfixed> (bug #1034180) NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 NOTE: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f CVE-2023-1604 @@ -4656,7 +4656,7 @@ CVE-2023-1546 CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...) - teampass <itp> (bug #730180) CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) - - qemu <unfixed> + - qemu <unfixed> (bug #1034179) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...) {DSA-5379-1} @@ -5293,7 +5293,7 @@ CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-bo CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...) NOT-FOR-US: Watchdog Anti-Virus CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2386 NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f @@ -5302,12 +5302,12 @@ CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...) NOT-FOR-US: MP4v2 CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2387 NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2388 NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 @@ -5722,7 +5722,7 @@ CVE-2023-28373 CVE-2023-28372 RESERVED CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...) - - stellarium <unfixed> + - stellarium <unfixed> (bug #1034183) NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7 NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78 NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb @@ -5851,7 +5851,7 @@ CVE-2023-28340 CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...) - doas <removed> [bullseye] - doas <no-dsa> (Minor issue) - - opendoas <unfixed> + - opendoas <unfixed> (bug #1034185) NOTE: https://github.com/Duncaen/OpenDoas/issues/106 NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/4 NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been @@ -8629,7 +8629,7 @@ CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime' NOT-FOR-US: wasmtime CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...) [experimental] - owslib 0.28.1-1~exp1 - - owslib <unfixed> + - owslib <unfixed> (bug #1034182) NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...) NOT-FOR-US: Goutil @@ -13098,7 +13098,7 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices throu CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...) NOT-FOR-US: DIAEnergie CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...) - - nomad <unfixed> + - nomad <unfixed> (bug #1034181) [bullseye] - nomad <no-dsa> (Minor issue) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e1434c3844609d166331db969853fe1a8bfa85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e1434c3844609d166331db969853fe1a8bfa85 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits