Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13fbaaf0 by Salvatore Bonaccorso at 2023-12-19T06:24:50+01:00
Track fixes for libxml2 via experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12859,12 +12859,13 @@ CVE-2023-40631 (In Dialer, there is a possible
missing permission check. This co
CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version
23.09.1 a ...)
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only
occur after ...)
+ [experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1053629)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to
trigger)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
- NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
+ NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
(v2.12.0)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5
CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow
that can ...)
@@ -18736,13 +18737,14 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was
discovered to contain an invalid re
NOTE: For Debian this was initially fixed in Debian unstable with
3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an
out-of-bounds rea ...)
+ [experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
- NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
- NOTE: Followup:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129
+ NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
(v2.12.0)
+ NOTE: Followup:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129
(v2.12.0)
CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected
versions ...)
NOT-FOR-US: authentik
CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead
to unau ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fbaaf05d7b15a6c9300ea0d5e5563c4db739d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fbaaf05d7b15a6c9300ea0d5e5563c4db739d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
