Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 07d55dab by Thorsten Alteholz at 2023-10-13T23:06:58+02:00 update note - - - - - 23027e79 by Thorsten Alteholz at 2023-10-13T23:10:08+02:00 mark issues for gpac as EOL - - - - - e74c539a by Thorsten Alteholz at 2023-10-13T23:23:54+02:00 add ceph - - - - - 7d18fc32 by Thorsten Alteholz at 2023-10-13T23:59:58+02:00 add h2o - - - - - b20658ac by Thorsten Alteholz at 2023-10-14T00:02:02+02:00 add nghttp - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -290,6 +290,7 @@ CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file NOT-FOR-US: Juniper CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) - gpac <unfixed> (bug #1053878) + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2567 NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) @@ -319,6 +320,7 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior NOT-FOR-US: KernelSU CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac <unfixed> (bug #1053878) + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...) ===================================== data/dla-needed.txt ===================================== @@ -50,6 +50,9 @@ cairosvg NOTE: 20230323: Added by Front-Desk (gladk) NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert/inactive) -- +ceph + NOTE: 20231013: Added by Front-Desk (ta) +-- cinder NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. @@ -89,6 +92,10 @@ freerdp2 (tobi) -- gst-plugins-bad1.0 (Thorsten Alteholz) NOTE: 20230928: Added by Frond-Desk (ola) + NOTE: 20231013: testing package +-- +h2o + NOTE: 20231013: Added by Front-Desk (ta) -- i2p NOTE: 20230809: Added by Front-Desk (Beuc) @@ -126,6 +133,9 @@ mosquitto (Markus Koschany) NOTE: 20230924: Added by Front-Desk (apo) NOTE: 20231009: Waiting for upstream clarification how to proceed with open CVE. (apo) -- +nghttp2 + NOTE: 20231014: Added by Front-Desk (ta) +-- node-webpack NOTE: 20231005: Added by Front-Desk (Beuc) NOTE: 20231005: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits