Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08297450 by Ola Lundqvist at 2023-06-18T21:34:53+02:00
Marked gpac CVE-2023-3291 end-of-life.
- - - - -
f19d2d30 by Ola Lundqvist at 2023-06-18T21:34:54+02:00
Marked librabbitmq CVE-2023-35789 no-dsa for buster.
- - - - -
e7c1e16b by Ola Lundqvist at 2023-06-18T21:34:56+02:00
Marked nuget CVE-2023-29337 as postponed for buster.
- - - - -
43f72ef6 by Ola Lundqvist at 2023-06-18T21:34:57+02:00
Marked renderdoc CVE-2023-33865 as postponed for buster.
- - - - -
931ea83c by Ola Lundqvist at 2023-06-18T21:34:59+02:00
Marked php-react-http CVE-2023-26044 as no-dsa for buster.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,6 +28,7 @@ CVE-2023-35789 (An issue was discovered in the C AMQP client
library (aka rabbit
- librabbitmq <unfixed> (bug #1037322)
[bookworm] - librabbitmq <no-dsa> (Minor issue)
[bullseye] - librabbitmq <no-dsa> (Minor issue)
+ [buster] - librabbitmq <no-dsa> (Minor issue)
NOTE: https://github.com/alanxz/rabbitmq-c/issues/575
NOTE:
https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0
CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract
development. St ...)
@@ -92,6 +93,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to verify that
a secret provided
- mattermost-server <itp> (bug #823556)
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.2 ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
NOTE:
https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the
Linux kerne ...)
@@ -990,6 +992,7 @@ CVE-2020-36705 (The Adning Advertising plugin for WordPress
is vulnerable to arb
NOT-FOR-US: Adning Advertising plugin for WordPress
CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a
symlink ...)
- renderdoc <unfixed> (bug #1037208)
+ [buster] - renderdoc <postponed> (Can wait for next update)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -9906,6 +9909,7 @@ CVE-2023-29338 (Visual Studio Code Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
- nuget <unfixed>
+ [buster] - nuget <postponed> (Can wait for next update)
NOTE:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -20042,6 +20046,7 @@ CVE-2023-26045
RESERVED
CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and
server implem ...)
- php-react-http <removed>
+ [buster] - php-react-http <no-dsa> (Minor issue)
NOTE:
https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf
NOTE:
https://github.com/reactphp/http/commit/b3594f7936b92f9fc2d5f9e84dc01bdb95a72167
(v1.9.0)
TODO: check, is embedded inicinga-php-thirdparty,
icingaweb2-module-reactbundle possibly affected
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76306029fa98d8a35037fd5816c2465eacaa3997...931ea83cef1093b2aa3cbb44b921de8c6f16b7ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76306029fa98d8a35037fd5816c2465eacaa3997...931ea83cef1093b2aa3cbb44b921de8c6f16b7ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
