[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1999/libwebp

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 29 07:23:22 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbb533e4 by Salvatore Bonaccorso at 2023-04-29T08:22:33+02:00
Add CVE-2023-1999/libwebp

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2498,6 +2498,14 @@ CVE-2023-2000
 	RESERVED
 CVE-2023-1999
 	RESERVED
+	- firefox 112.0-1
+	- firefox-esr 102.10.0esr-1
+	- thunderbird 1:102.10.0-1
+	- libwebp <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 (not public)
 CVE-2023-1997
 	RESERVED
 CVE-2023-1996


=====================================
data/DLA/list
=====================================
@@ -2,7 +2,7 @@
 	{CVE-2023-25690 CVE-2023-27522}
 	[buster] - apache2 2.4.38-3+deb10u10
 [24 Apr 2023] DLA-3400-1 thunderbird - security update
-	{CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+	{CVE-2023-0547 CVE-2023-1945 CVE-2023-1999 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
 	[buster] - thunderbird 1:102.10.0-1~deb10u1
 [24 Apr 2023] DLA-3399-1 389-ds-base - security update
 	{CVE-2019-3883 CVE-2019-10224 CVE-2019-14824 CVE-2021-3514 CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850}
@@ -31,7 +31,7 @@
 	{CVE-2023-27530 CVE-2023-27539}
 	[buster] - ruby-rack 2.0.6-3+deb10u3
 [12 Apr 2023] DLA-3391-1 firefox-esr - security update
-	{CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+	{CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
 	[buster] - firefox-esr 102.10.0esr-1~deb10u1
 [12 Apr 2023] DLA-3390-1 zabbix - security update
 	{CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917 CVE-2022-24919 CVE-2022-35229 CVE-2022-35230}


=====================================
data/DSA/list
=====================================
@@ -2,7 +2,7 @@
 	{CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137}
 	[bullseye] - chromium 112.0.5615.138-1~deb11u1
 [22 Apr 2023] DSA-5392-1 thunderbird - security update
-	{CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+	{CVE-2023-0547 CVE-2023-1945 CVE-2023-1999 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
 	[bullseye] - thunderbird 1:102.10.0-1~deb11u1
 [20 Apr 2023] DSA-5391-1 libxml2 - security update
 	{CVE-2023-28484 CVE-2023-29469}
@@ -23,7 +23,7 @@
 	{CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823}
 	[bullseye] - chromium 112.0.5615.49-2~deb11u2
 [12 Apr 2023] DSA-5385-1 firefox-esr - security update
-	{CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+	{CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
 	[bullseye] - firefox-esr 102.10.0esr-1~deb11u1
 [10 Apr 2023] DSA-5384-1 openimageio - security update
 	{CVE-2022-36354 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb533e44d3db06dc3df782d839978653c8f85a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb533e44d3db06dc3df782d839978653c8f85a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/90109c15/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list