[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVEs for gpac as EOL in Buster

Thorsten Alteholz (@alteholz) Sat, 09 Dec 2023 15:41:05 -0800


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dff9ed60 by Thorsten Alteholz at 2023-12-10T00:25:45+01:00
mark CVEs for gpac as EOL in Buster

- - - - -
52c1cae8 by Thorsten Alteholz at 2023-12-10T00:27:32+01:00
mark CVE-2023-49284 as no-dsa for Buster

- - - - -
917a5171 by Thorsten Alteholz at 2023-12-10T00:38:00+01:00
mark CVE-2023-49464 CVE-2023-49463 CVE-2023-49462 CVE-2023-49460 as 
not-affected for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,6 +24,7 @@ CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 
stores user credentials
        NOT-FOR-US: IBM
 CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to 
cause a ...)
        - gpac <unfixed>
+       [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2652
        NOTE: 
https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
        NOTE: 
https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521
@@ -31,6 +32,7 @@ CVE-2023-47254 (An OS Command Injection in the CLI interface 
on DrayTek Vigor167
        NOT-FOR-US: DrayTek Vigor167
 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 
2.3-DEV-rev617-g671 ...)
        - gpac <unfixed>
+       [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2669
        NOTE: 
https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
 CVE-2023-6622 (A null pointer dereference vulnerability was found in 
nft_dynset_init( ...)
@@ -269,6 +271,7 @@ CVE-2023-49464 (libheif v1.17.5 was discovered to contain a 
segmentation violati
        - libheif <unfixed>
        [bookworm] - libheif <no-dsa> (Minor issue)
        [bullseye] - libheif <no-dsa> (Minor issue)
+       [buster] - libheif <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/strukturag/libheif/issues/1044
        NOTE: https://github.com/strukturag/libheif/pull/1049
        NOTE: 
https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287
@@ -276,16 +279,19 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to contain 
a segmentation violati
        - libheif <unfixed>
        [bookworm] - libheif <no-dsa> (Minor issue)
        [bullseye] - libheif <no-dsa> (Minor issue)
+       [buster] - libheif <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/strukturag/libheif/issues/1042
 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation 
violation via ...)
        - libheif <unfixed>
        [bookworm] - libheif <no-dsa> (Minor issue)
        [bullseye] - libheif <no-dsa> (Minor issue)
+       [buster] - libheif <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/strukturag/libheif/issues/1043
 CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation 
violation via ...)
        - libheif <unfixed>
        [bookworm] - libheif <no-dsa> (Minor issue)
        [bullseye] - libheif <no-dsa> (Minor issue)
+       [buster] - libheif <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/strukturag/libheif/issues/1046
 CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a 
command injec ...)
        NOT-FOR-US: Tenda
@@ -798,6 +804,7 @@ CVE-2023-49284 (fish is a smart and user-friendly command 
line shell for macOS,
        - fish <unfixed> (bug #1057455)
        [bookworm] - fish <no-dsa> (Minor issue)
        [bullseye] - fish <no-dsa> (Minor issue)
+       [buster] - fish <no-dsa> (Minor issue)
        NOTE: 
https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f
        NOTE: 
https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14
 (3.6.2)
 CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to 
request chang ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVEs for gpac as EOL in Buster

Reply via email to