[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 5 09:10:27 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09dbcfe3 by security tracker role at 2023-04-05T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2023-29383
+ RESERVED
+CVE-2023-29382
+ RESERVED
+CVE-2023-29381
+ RESERVED
+CVE-2023-29380
+ RESERVED
+CVE-2023-29379
+ RESERVED
+CVE-2023-29378
+ RESERVED
+CVE-2023-29377
+ RESERVED
+CVE-2023-29376
+ RESERVED
+CVE-2023-29375
+ RESERVED
+CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...)
+ TODO: check
+CVE-2023-29373
+ RESERVED
+CVE-2023-29372
+ RESERVED
+CVE-2023-29371
+ RESERVED
+CVE-2023-29370
+ RESERVED
+CVE-2023-29369
+ RESERVED
+CVE-2023-29368
+ RESERVED
+CVE-2023-29367
+ RESERVED
+CVE-2023-29366
+ RESERVED
+CVE-2023-29365
+ RESERVED
+CVE-2023-29364
+ RESERVED
+CVE-2023-29363
+ RESERVED
+CVE-2023-29362
+ RESERVED
+CVE-2023-29361
+ RESERVED
+CVE-2023-29360
+ RESERVED
+CVE-2023-29359
+ RESERVED
+CVE-2023-29358
+ RESERVED
+CVE-2023-29357
+ RESERVED
+CVE-2023-29356
+ RESERVED
+CVE-2023-29355
+ RESERVED
+CVE-2023-29354
+ RESERVED
+CVE-2023-29353
+ RESERVED
+CVE-2023-29352
+ RESERVED
+CVE-2023-29351
+ RESERVED
+CVE-2023-29350
+ RESERVED
+CVE-2023-29349
+ RESERVED
+CVE-2023-29348
+ RESERVED
+CVE-2023-29347
+ RESERVED
+CVE-2023-29346
+ RESERVED
+CVE-2023-29345
+ RESERVED
+CVE-2023-29344
+ RESERVED
+CVE-2023-29343
+ RESERVED
+CVE-2023-29342
+ RESERVED
+CVE-2023-29341
+ RESERVED
+CVE-2023-29340
+ RESERVED
+CVE-2023-29339
+ RESERVED
+CVE-2023-29338
+ RESERVED
+CVE-2023-29337
+ RESERVED
+CVE-2023-29336
+ RESERVED
+CVE-2023-29335
+ RESERVED
+CVE-2023-29334
+ RESERVED
+CVE-2023-29333
+ RESERVED
+CVE-2023-29332
+ RESERVED
+CVE-2023-29331
+ RESERVED
+CVE-2023-29330
+ RESERVED
+CVE-2023-29329
+ RESERVED
+CVE-2023-29328
+ RESERVED
+CVE-2023-29327
+ RESERVED
+CVE-2023-29326
+ RESERVED
+CVE-2023-29325
+ RESERVED
+CVE-2023-29324
+ RESERVED
+CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...)
+ TODO: check
+CVE-2023-29322
+ RESERVED
+CVE-2023-29321
+ RESERVED
+CVE-2023-29320
+ RESERVED
+CVE-2023-29319
+ RESERVED
+CVE-2023-29318
+ RESERVED
+CVE-2023-29317
+ RESERVED
+CVE-2023-29316
+ RESERVED
+CVE-2023-29315
+ RESERVED
+CVE-2023-29314
+ RESERVED
+CVE-2023-29313
+ RESERVED
+CVE-2023-29312
+ RESERVED
+CVE-2023-29311
+ RESERVED
+CVE-2023-29310
+ RESERVED
+CVE-2023-29309
+ RESERVED
+CVE-2023-29308
+ RESERVED
+CVE-2023-29307
+ RESERVED
+CVE-2023-29306
+ RESERVED
+CVE-2023-29305
+ RESERVED
+CVE-2023-29304
+ RESERVED
+CVE-2023-29303
+ RESERVED
+CVE-2023-29302
+ RESERVED
+CVE-2023-29301
+ RESERVED
+CVE-2023-29300
+ RESERVED
+CVE-2023-29299
+ RESERVED
+CVE-2023-29298
+ RESERVED
+CVE-2023-29297
+ RESERVED
+CVE-2023-29296
+ RESERVED
+CVE-2023-29295
+ RESERVED
+CVE-2023-29294
+ RESERVED
+CVE-2023-29293
+ RESERVED
+CVE-2023-29292
+ RESERVED
+CVE-2023-29291
+ RESERVED
+CVE-2023-29290
+ RESERVED
+CVE-2023-29289
+ RESERVED
+CVE-2023-29288
+ RESERVED
+CVE-2023-29287
+ RESERVED
+CVE-2023-29286
+ RESERVED
+CVE-2023-29285
+ RESERVED
+CVE-2023-29284
+ RESERVED
+CVE-2023-29283
+ RESERVED
+CVE-2023-29282
+ RESERVED
+CVE-2023-29281
+ RESERVED
+CVE-2023-29280
+ RESERVED
+CVE-2023-29279
+ RESERVED
+CVE-2023-29278
+ RESERVED
+CVE-2023-29277
+ RESERVED
+CVE-2023-29276
+ RESERVED
+CVE-2023-29275
+ RESERVED
+CVE-2023-29274
+ RESERVED
+CVE-2023-29273
+ RESERVED
+CVE-2023-1860
+ RESERVED
+CVE-2023-1859
+ RESERVED
+CVE-2023-1858
+ RESERVED
+CVE-2023-1857
+ RESERVED
+CVE-2023-1856
+ RESERVED
+CVE-2023-1855
+ RESERVED
+CVE-2023-1854
+ RESERVED
+CVE-2023-1853
+ RESERVED
+CVE-2023-1852
+ RESERVED
+CVE-2023-1851
+ RESERVED
+CVE-2023-1850
+ RESERVED
+CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...)
+ TODO: check
+CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...)
+ TODO: check
+CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll System 1.0 ...)
+ TODO: check
+CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll System ...)
+ TODO: check
+CVE-2023-1845 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1844
+ RESERVED
+CVE-2023-1843
+ RESERVED
+CVE-2023-1842
+ RESERVED
+CVE-2023-1841
+ RESERVED
CVE-2023-29272
RESERVED
CVE-2023-29271
@@ -150,34 +412,34 @@ CVE-2023-28384
RESERVED
CVE-2023-1824
RESERVED
-CVE-2023-1823
- RESERVED
-CVE-2023-1822
- RESERVED
-CVE-2023-1821
- RESERVED
-CVE-2023-1820
- RESERVED
-CVE-2023-1819
- RESERVED
-CVE-2023-1818
- RESERVED
-CVE-2023-1817
- RESERVED
-CVE-2023-1816
- RESERVED
-CVE-2023-1815
- RESERVED
-CVE-2023-1814
- RESERVED
-CVE-2023-1813
- RESERVED
-CVE-2023-1812
- RESERVED
-CVE-2023-1811
- RESERVED
-CVE-2023-1810
- RESERVED
+CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...)
+ TODO: check
+CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...)
+ TODO: check
+CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...)
+ TODO: check
+CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...)
+ TODO: check
+CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...)
+ TODO: check
+CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...)
+ TODO: check
+CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
+ TODO: check
+CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...)
+ TODO: check
+CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...)
+ TODO: check
+CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...)
+ TODO: check
+CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...)
+ TODO: check
+CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...)
+ TODO: check
+CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...)
+ TODO: check
CVE-2023-1809
RESERVED
CVE-2023-1808
@@ -794,8 +1056,8 @@ CVE-2023-29005
RESERVED
CVE-2023-29004
RESERVED
-CVE-2023-29003
- RESERVED
+CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framework offe ...)
+ TODO: check
CVE-2023-29002
RESERVED
CVE-2023-29001
@@ -1348,8 +1610,8 @@ CVE-2023-28855
RESERVED
CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...)
NOT-FOR-US: nophp
-CVE-2023-28853
- RESERVED
+CVE-2023-28853 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
CVE-2023-28852
RESERVED
CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...)
@@ -1370,12 +1632,12 @@ CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In
- nextcloud-server <itp> (bug #941708)
CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...)
NOT-FOR-US: PrestaShop
-CVE-2023-28842
- RESERVED
-CVE-2023-28841
- RESERVED
-CVE-2023-28840
- RESERVED
+CVE-2023-28842 (Moby) is an open source container framework developed by Docker Inc. t ...)
+ TODO: check
+CVE-2023-28841 (Moby is an open source container framework developed by Docker Inc. th ...)
+ TODO: check
+CVE-2023-28840 (Moby is an open source container framework developed by Docker Inc. th ...)
+ TODO: check
CVE-2023-28839
RESERVED
CVE-2023-28838
@@ -5803,14 +6065,14 @@ CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts S
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1130 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
-CVE-2023-27496
- RESERVED
+CVE-2023-27496 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
CVE-2023-27495
RESERVED
CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...)
NOT-FOR-US: Streamlit
-CVE-2023-27493
- RESERVED
+CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
CVE-2023-27492 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2023-27491 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
@@ -6140,7 +6402,8 @@ CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpr
NOT-FOR-US: flatpressblog
CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
NOT-FOR-US: flatpressblog
-CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+CVE-2023-1103
+ REJECTED
NOT-FOR-US: flatpressblog
CVE-2023-1102
RESERVED
@@ -10259,8 +10522,8 @@ CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1,
NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5 (v2.6.8)
NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27)
NOTE: Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2)
-CVE-2023-0835
- RESERVED
+CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...)
+ TODO: check
CVE-2023-0834
RESERVED
CVE-2023-25181
@@ -11085,8 +11348,8 @@ CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerde
NOT-FOR-US: Answer
CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
NOT-FOR-US: Answer
-CVE-2023-0738
- RESERVED
+CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
+ TODO: check
CVE-2023-0737
RESERVED
CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
@@ -14146,8 +14409,8 @@ CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/p
- pyload <itp> (bug #1001980)
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0486
- RESERVED
+CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
+ TODO: check
CVE-2023-0485
RESERVED
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg B ...)
@@ -14164,8 +14427,8 @@ CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the Dat
NOTE: https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b
CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.creat ...)
NOT-FOR-US: Quarkus
-CVE-2023-0480
- RESERVED
+CVE-2023-0480 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
+ TODO: check
CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...)
{DSA-5367-1 DLA-3347-1}
- spip 4.1.8+dfsg-1
@@ -16031,8 +16294,8 @@ CVE-2023-0384
RESERVED
CVE-2023-0383
RESERVED
-CVE-2023-0382
- RESERVED
+CVE-2023-0382 (User-controlled operations could have allowed Denial of Service in M-F ...)
+ TODO: check
CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...)
@@ -16155,8 +16418,8 @@ CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
-CVE-2023-0357
- RESERVED
+CVE-2023-0357 (Helpy version 2.8.0 allows an unauthenticated remote attacker to explo ...)
+ TODO: check
CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...)
NOT-FOR-US: SOCOMEC MODULYS GP Netvision
CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...)
@@ -16645,8 +16908,8 @@ CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been
NOT-FOR-US: saemorris TheRadSystem
CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
NOT-FOR-US: GitLab DAST API scanner
-CVE-2023-0325
- RESERVED
+CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker to expl ...)
+ TODO: check
CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -17085,8 +17348,8 @@ CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
-CVE-2023-0265
- RESERVED
+CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...)
+ TODO: check
CVE-2023-0264
RESERVED
NOT-FOR-US: Keycloak
@@ -38510,51 +38773,63 @@ CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeL
CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...)
+ {DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
NOTE: https://github.com/OpenImageIO/oiio/pull/3670
CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
NOTE: https://github.com/OpenImageIO/oiio/pull/3673
CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
NOTE: https://github.com/OpenImageIO/oiio/pull/3673
CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
NOTE: https://github.com/OpenImageIO/oiio/pull/3672
CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
NOTE: https://github.com/OpenImageIO/oiio/pull/3672
@@ -41742,6 +42017,7 @@ CVE-2022-42470
CVE-2022-42469
RESERVED
CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...)
+ {DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
@@ -41750,11 +42026,13 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile
CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...)
NOT-FOR-US: Siretta
CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...)
+ {DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
NOTE: https://github.com/OpenImageIO/oiio/pull/3632
CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b
@@ -43054,11 +43332,13 @@ CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaus
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...)
NOT-FOR-US: SonicJS
CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...)
+ {DLA-3382-1}
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
NOTE: Prerequisite: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d
NOTE: https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249
CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...)
+ {DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
NOTE: https://github.com/OpenImageIO/oiio/pull/3628
@@ -43075,6 +43355,7 @@ CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling o
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631
NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...)
+ {DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
NOTE: https://github.com/OpenImageIO/oiio/pull/3632
@@ -43084,6 +43365,7 @@ CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenI
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
NOTE: https://github.com/OpenImageIO/oiio/pull/3620
CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...)
+ {DLA-3382-1}
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
NOTE: https://github.com/OpenImageIO/oiio/pull/3624
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbcfe3de8f91d2fe9644ce08e5aeb6c32c79e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbcfe3de8f91d2fe9644ce08e5aeb6c32c79e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230405/fb751e16/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list