Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab7fd46b by security tracker role at 2023-04-30T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5001,7 +5001,7 @@ CVE-2023-29471 (Lightbend Alpakka Kafka before 5.0.0 logs
its configuration as d
CVE-2023-29470
RESERVED
CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing
empty d ...)
- {DSA-5391-1}
+ {DSA-5391-1 DLA-3405-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034437)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
@@ -8434,7 +8434,7 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape
control characters in log mes
CVE-2023-28485
RESERVED
CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD
schemas can l ...)
- {DSA-5391-1}
+ {DSA-5391-1 DLA-3405-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
NOTE: Related (but not strictly part of the CVE):
https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
(v2.10.4)
@@ -10508,6 +10508,7 @@ CVE-2023-27854
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and
prior ve ...)
NOT-FOR-US: OpenHarmony
CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of
wildcard bac ...)
+ {DLA-3406-1}
- sniproxy <unfixed> (bug #1033752)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731
NOTE:
https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583
(0.6.1)
@@ -54946,6 +54947,7 @@ CVE-2022-3110 (An issue was discovered in the Linux
kernel through 5.16-rc6. _rt
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
CVE-2022-3109 (An issue was discovered in the FFmpeg package, where
vp3_decode_frame ...)
+ {DSA-5394-1}
- ffmpeg 7:5.1-1
[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
(n5.1)
@@ -234258,6 +234260,7 @@ CVE-2020-10652
CVE-2020-10651
RESERVED
CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind
through 2.9. ...)
+ {DLA-3407-1}
- jackson-databind 2.11.1-1
NOTE: https://github.com/advisories/GHSA-rpr3-cw39-3pxh
NOTE: https://github.com/FasterXML/jackson-databind/issues/2658
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7fd46be6b7a5d7fb915f6c0cdd8b0d45fab67b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7fd46be6b7a5d7fb915f6c0cdd8b0d45fab67b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
