Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ac31b02 by Markus Koschany at 2023-09-06T00:15:44+02:00
Reserve DSA-5490-1 aom
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2023-39515 (Cacti is an open source operational
monitoring and fault managem
- cacti <unfixed>
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
CVE-2023-39514 (Cacti is an open source operational monitoring and fault
management fr ...)
- - cacti <unfixed>
+ - cacti <unfixed>
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
CVE-2023-39513 [Cross-Site Scripting vulnerability with Device Name when
debugging data queries]
- cacti <unfixed>
@@ -17518,7 +17518,7 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4
driver that supports core
NOT-FOR-US: Snowflake JDBC
CVE-2023-30534 [Insecure deserialization of filter data]
RESERVED
- - cacti <unfixed>
+ - cacti <unfixed>
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype
Pollution via ...)
NOT-FOR-US: SheetJS
@@ -191763,7 +191763,6 @@ CVE-2020-36136 (SQL Injection vulnerability in cskaza
cszcms version 1.2.9, allo
NOT-FOR-US: cskaza cszcms
CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer
dereference via th ...)
- aom 3.2.0-1
- [bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <no-dsa> (Minor issue)
NOTE:
https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949
(v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
@@ -191776,7 +191775,6 @@ CVE-2020-36134 (AOM v2.0.1 was discovered to contain
a segmentation violation vi
NOTE: Fixed by:
https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb
(v2.1.0-rc1)
CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow
via the ...)
- aom 3.2.0-1
- [bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
NOTE:
https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85
(v3.2.0-rc1)
@@ -191784,13 +191782,11 @@ CVE-2020-36132
RESERVED
CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow
via the c ...)
- aom 3.2.0-1
- [bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <no-dsa> (Minor issue)
NOTE:
https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949
(v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer
dereference via th ...)
- aom 3.2.0-1
- [bullseye] - aom <no-dsa> (Minor issue)
[buster] - aom <no-dsa> (Minor issue)
NOTE:
https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0
(v2.1.0-rc1)
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Sep 2023] DSA-5490-1 aom - security update
+ {CVE-2020-36130 CVE-2020-36131 CVE-2020-36133 CVE-2020-36135
CVE-2021-30473 CVE-2021-30474 CVE-2021-30475}
+ [bullseye] - aom 1.0.0.errata1-3+deb11u1
[04 Sep 2023] DSA-5489-1 file - security update
{CVE-2022-48554}
[bullseye] - file 1:5.39-3+deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-aom/oldstable (apo)
--
cinder/oldstable
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ac31b023d3f06d5e1b69207ec5c0c3cb767d5eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ac31b023d3f06d5e1b69207ec5c0c3cb767d5eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
