[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Apr 10 18:51:29 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6e1434c by Moritz Muehlenhoff at 2023-04-10T19:51:03+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2249,22 +2249,22 @@ CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html]
NOTE: https://github.com/mvdnes/spin-rs/issues/148
CVE-2023-29421 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...)
[experimental] - bzip3 1.2.3-1
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/issues/94
NOTE: https://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d (1.2.3)
CVE-2023-29420 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...)
[experimental] - bzip3 1.2.3-1
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/commit/bb06deb85f1c249838eb938e0dab271d4194f8fa (1.2.3)
NOTE: https://github.com/kspalaiologos/bzip3/issues/92
CVE-2023-29419 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...)
[experimental] - bzip3 1.2.3-1
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3)
NOTE: https://github.com/kspalaiologos/bzip3/issues/92
CVE-2023-29418 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...)
[experimental] - bzip3 1.2.3-1
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d (1.2.3)
NOTE: https://github.com/kspalaiologos/bzip3/issues/92
CVE-2023-29417 (** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.2.2. T ...)
@@ -2272,11 +2272,11 @@ CVE-2023-29417 (** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.
NOTE: https://github.com/kspalaiologos/bzip3/issues/97
NOTE: Issue between library and example code not correctly using the API
CVE-2023-29416 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_dec ...)
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff (1.3.0)
NOTE: https://github.com/kspalaiologos/bzip3/issues/92
CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial ...)
- - bzip3 <unfixed>
+ - bzip3 <unfixed> (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/issues/95
NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465
CVE-2023-29414
@@ -2573,7 +2573,7 @@ CVE-2023-29325
CVE-2023-29324
RESERVED
CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...)
- - opensmtpd <unfixed>
+ - opensmtpd <unfixed> (bug #1034178)
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
CVE-2023-29322
RESERVED
@@ -3551,7 +3551,7 @@ CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534
NOTE: https://hackerone.com/reports/1679267
CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...)
- - nextcloud-desktop <unfixed>
+ - nextcloud-desktop <unfixed> (bug #1034184)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8
NOTE: https://github.com/nextcloud/desktop/pull/5560
CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
@@ -3921,12 +3921,12 @@ CVE-2023-1657
CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...)
NOT-FOR-US: ForgeRock
CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4
CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14
NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da
@@ -4177,7 +4177,7 @@ CVE-2023-22308
CVE-2023-1625 [information leak in API]
RESERVED
[experimental] - heat 1:20.0.0~rc1-1
- - heat <unfixed>
+ - heat <unfixed> (bug #1034186)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1)
@@ -4347,7 +4347,7 @@ CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classi
CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...)
NOT-FOR-US: novel-plus
CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...)
- - radare2 <unfixed>
+ - radare2 <unfixed> (bug #1034180)
NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2
NOTE: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f
CVE-2023-1604
@@ -4656,7 +4656,7 @@ CVE-2023-1546
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
- teampass <itp> (bug #730180)
CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1034179)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
{DSA-5379-1}
@@ -5293,7 +5293,7 @@ CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-bo
CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...)
NOT-FOR-US: Watchdog Anti-Virus
CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2386
NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
@@ -5302,12 +5302,12 @@ CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified
CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...)
NOT-FOR-US: MP4v2
CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2387
NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9
CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2388
NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463
@@ -5722,7 +5722,7 @@ CVE-2023-28373
CVE-2023-28372
RESERVED
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...)
- - stellarium <unfixed>
+ - stellarium <unfixed> (bug #1034183)
NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7
NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78
NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
@@ -5851,7 +5851,7 @@ CVE-2023-28340
CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...)
- doas <removed>
[bullseye] - doas <no-dsa> (Minor issue)
- - opendoas <unfixed>
+ - opendoas <unfixed> (bug #1034185)
NOTE: https://github.com/Duncaen/OpenDoas/issues/106
NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/4
NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been
@@ -8629,7 +8629,7 @@ CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime'
NOT-FOR-US: wasmtime
CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
[experimental] - owslib 0.28.1-1~exp1
- - owslib <unfixed>
+ - owslib <unfixed> (bug #1034182)
NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063
CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...)
NOT-FOR-US: Goutil
@@ -13098,7 +13098,7 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices throu
CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...)
NOT-FOR-US: DIAEnergie
CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...)
- - nomad <unfixed>
+ - nomad <unfixed> (bug #1034181)
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292
CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e1434c3844609d166331db969853fe1a8bfa85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e1434c3844609d166331db969853fe1a8bfa85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/c327cd37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list