[Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 30 21:12:22 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab7fd46b by security tracker role at 2023-04-30T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5001,7 +5001,7 @@ CVE-2023-29471 (Lightbend Alpakka Kafka before 5.0.0 logs its configuration as d
 CVE-2023-29470
 	RESERVED
 CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...)
-	{DSA-5391-1}
+	{DSA-5391-1 DLA-3405-1}
 	- libxml2 2.9.14+dfsg-1.2 (bug #1034437)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
@@ -8434,7 +8434,7 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log mes
 CVE-2023-28485
 	RESERVED
 CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...)
-	{DSA-5391-1}
+	{DSA-5391-1 DLA-3405-1}
 	- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
 	NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
@@ -10508,6 +10508,7 @@ CVE-2023-27854
 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...)
+	{DLA-3406-1}
 	- sniproxy <unfixed> (bug #1033752)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731
 	NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1)
@@ -54946,6 +54947,7 @@ CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rt
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
 CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame  ...)
+	{DSA-5394-1}
 	- ffmpeg 7:5.1-1
 	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1)
@@ -234258,6 +234260,7 @@ CVE-2020-10652
 CVE-2020-10651
 	RESERVED
 CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind through 2.9. ...)
+	{DLA-3407-1}
 	- jackson-databind 2.11.1-1
 	NOTE: https://github.com/advisories/GHSA-rpr3-cw39-3pxh
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2658



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7fd46be6b7a5d7fb915f6c0cdd8b0d45fab67b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7fd46be6b7a5d7fb915f6c0cdd8b0d45fab67b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230430/0f01ae0b/attachment.htm>
