Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7779542c by Salvatore Bonaccorso at 2023-10-03T20:28:33+02:00 Add libx11 and libxpm to dsa-needed list - - - - - d869ba57 by Salvatore Bonaccorso at 2023-10-03T20:34:22+02:00 Add new grub2 NTFS driver vulnerabilities - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager] + - grub2 2.12~rc1-11 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html +CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass] + - grub2 2.12~rc1-11 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html CVE-2023-4911 [buffer overflow in dynamic loader's processing of the GLIBC_TUNABLES environment variable] - glibc 2.37-12 [buster] - glibc <not-affected> (Vulnerable code introduced later) ===================================== data/dsa-needed.txt ===================================== @@ -28,6 +28,10 @@ libreswan (jmm) -- libvpx (carnil) -- +libx11 (jmm) +-- +libxpm (jmm) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96380cb3811243f3186881476dfa3a6f8fa9592b...d869ba572c99436e8caae40c275ee09826eab7be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96380cb3811243f3186881476dfa3a6f8fa9592b...d869ba572c99436e8caae40c275ee09826eab7be You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
