[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-6349 and CVE-2023-44488

Tue, 28 May 2024 05:07:07 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bfddebb7 by Salvatore Bonaccorso at 2024-05-28T14:06:11+02:00
Update information for CVE-2023-6349 and CVE-2023-44488

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,8 +77,12 @@ CVE-2024-0851 (Improper Neutralization of Special Elements 
used in an SQL Comman
        NOT-FOR-US: Grup Arge Energy and Control Systems Smartpower
 CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a 
frame that  ...)
        - libvpx 1.13.1-2
+       [bookworm] - libvpx 1.12.0-1+deb12u2
+       [bullseye] - libvpx 1.9.0-1+deb11u2
+       [buster] - libvpx 1.7.0-3+deb10u2
        NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642
        NOTE: Fixed by: 
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
 (v1.13.1)
+       NOTE: Same upstream commit as CVE-2023-44488
 CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code 
execution can ...)
        NOTE: Disputed GNOME Shell issue
 CVE-2022-4969 (A vulnerability, which was classified as critical, has been 
found in b ...)
@@ -59551,6 +59555,7 @@ CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles 
widths, leading to a cras
        NOTE: 
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f
 (main)
        NOTE: 
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
 (v1.13.1)
        NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4
+       NOTE: Same commit as CVE-2023-6349
 CVE-2022-4956 (A vulnerability classified as critical has been found in 
Caphyon Advan ...)
        NOT-FOR-US: Caphyon Advanced Installer
 CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository 
thorsten/phpmyfa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to