[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2023-32784 in keepass2 for buster LTS.

Tue, 23 May 2023 10:20:00 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ce0fae9 by Chris Lamb at 2023-05-23T10:15:56-07:00
Triage CVE-2023-32784 in keepass2 for buster LTS.

- - - - -
2f365699 by Chris Lamb at 2023-05-23T10:16:19-07:00
Triage CVE-2023-2700 in libvirt for buster LTS.

- - - - -
04bc010f by Chris Lamb at 2023-05-23T10:16:39-07:00
Triage CVE-2023-30300 in wabt for buster LTS.

- - - - -
a54866e9 by Chris Lamb at 2023-05-23T10:17:04-07:00
Triage CVE-2023-29579 in yasm for buster LTS.

- - - - -
a7ba4eab by Chris Lamb at 2023-05-23T10:18:16-07:00
Triage CVE-2023-2731 & CVE-2023-30086 in tiff for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -389,6 +389,7 @@ CVE-2023-2738 (A vulnerability classified as critical has 
been found in Tongda O
 CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's 
LZWDecode() fun ...)
        - tiff 4.5.0-6 (bug #1036282)
        [bullseye] - tiff <no-dsa> (Minor issue)
+       [buster] - tiff <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
 CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
@@ -649,6 +650,7 @@ CVE-2023-31408 (Cleartext Storage of Sensitive Information 
in SICK FTMg AIR FLOW
 CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the 
cleartext ma ...)
        - keepass2 <unfixed>
        [bullseye] - keepass2 <no-dsa> (Minor issue)
+       [buster] - keepass2 <no-dsa> (Minor issue)
        NOTE: https://github.com/vdohney/keepass-password-dumper
        NOTE: 
https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
 CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in 
Semgrep thro ...)
@@ -657,6 +659,7 @@ CVE-2023-2700 (A vulnerability was found in libvirt. This 
security flaw ouccers
        [experimental] - libvirt 9.3.0-1
        - libvirt <unfixed> (bug #1036297)
        [bullseye] - libvirt <no-dsa> (Minor issue)
+       [buster] - libvirt <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
        NOTE: Fixed by: 
https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
 (v9.3.0)
 CVE-2023-2699 (A vulnerability, which was classified as critical, has been 
found in S ...)
@@ -4646,6 +4649,7 @@ CVE-2023-30301
 CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes 
an infin ...)
        - wabt <unfixed> (bug #1035686)
        [bullseye] - wabt <no-dsa> (Minor issue)
+       [buster] - wabt <no-dsa> (Minor issue)
        NOTE: https://github.com/WebAssembly/wabt/issues/2180
        NOTE: https://github.com/WebAssembly/wabt/pull/2183
        NOTE: 
https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c
@@ -5078,6 +5082,7 @@ CVE-2023-30087 (Buffer Overflow vulnerability found in 
Cesanta MJS v.1.26 allows
 CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows 
a local  ...)
        - tiff 4.5.0-2
        [bullseye] - tiff <no-dsa> (Minor issue)
+       [buster] - tiff <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/538
        NOTE: Likely fixed by: 
https://gitlab.com/libtiff/libtiff/-/merge_requests/385
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d
 (v4.5.0rc1)
@@ -6151,6 +6156,7 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to 
contain a segmentation vi
 CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack 
overflow via th ...)
        - yasm <unfixed> (bug #1035951)
        [bullseye] - yasm <no-dsa> (Minor issue)
+       [buster] - yasm <no-dsa> (Minor issue)
        NOTE: https://github.com/yasm/yasm/issues/214
 CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow 
via the  ...)
        NOT-FOR-US: MP4v2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c986b3ca8bc6afca6a52d3509214dc0914839801...a7ba4eab2685117033fad9723cd3bd19977e9053

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c986b3ca8bc6afca6a52d3509214dc0914839801...a7ba4eab2685117033fad9723cd3bd19977e9053
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to