Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
32522bfe by security tracker role at 2023-10-28T20:11:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t
hu60wap6. ...)
+ TODO: check
+CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption]
- golang-github-nats-io-nkeys <unfixed>
[bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable
code not present)
@@ -3148,6 +3154,7 @@ CVE-2023-5218 (Use after free in Site Isolation in Google
Chrome prior to 118.0.
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4421
+ {DLA-3634-1}
- nss 2:3.61-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1651411
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677
@@ -5417,7 +5424,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read
Information Disclosure Vu
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-40476 [Integer overflow in H.265 video parser leading to stack
overwrite]
- {DSA-5533-1}
+ {DSA-5533-1 DLA-3633-1}
- gst-plugins-bad1.0 <unfixed> (bug #1053259)
- gst-plugins-bad0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.html
@@ -5425,7 +5432,7 @@ CVE-2023-40476 [Integer overflow in H.265 video parser
leading to stack overwrit
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7
(1.22.6)
CVE-2023-40475 [Integer overflow leading to heap overwrite in MXF file
handling with AES3 audio]
- {DSA-5533-1}
+ {DSA-5533-1 DLA-3633-1}
- gst-plugins-bad1.0 <unfixed> (bug #1053260)
- gst-plugins-bad0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.html
@@ -5433,7 +5440,7 @@ CVE-2023-40475 [Integer overflow leading to heap
overwrite in MXF file handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4
(1.22.6)
CVE-2023-40474 [Integer overflow leading to heap overwrite in MXF file
handling with uncompressed video]
- {DSA-5533-1}
+ {DSA-5533-1 DLA-3633-1}
- gst-plugins-bad1.0 <unfixed> (bug #1053261)
- gst-plugins-bad0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html
@@ -222446,6 +222453,7 @@ CVE-2020-25649 (A flaw was found in FasterXML Jackson
Databind, where it did not
NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
NOTE:
https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59
(jackson-databind-2.11.0.rc1)
CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec)
message ...)
+ {DLA-3634-1}
- nss 2:3.58-1
[stretch] - nss <no-dsa> (Minor issue)
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32522bfedd44175ac10b7acedf37d38161296c5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32522bfedd44175ac10b7acedf37d38161296c5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
