[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage (and also updates some older libstd entries)
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Aug 15 11:49:43 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aefa3287 by Moritz Muehlenhoff at 2023-08-15T12:49:12+02:00
bookworm/bullseye triage (and also updates some older libstd entries)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,12 +29,15 @@ CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-
CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ...)
- qemu <unfixed>
[bookworm] - qemu <not-affected> (Vulnerable code intoduced later)
+ [bullseye] - qemu <not-affected> (Vulnerable code intoduced later)
[buster] - qemu <not-affected> (Vulnerable code intoduced later)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1815
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 (v8.1.0-rc3)
CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set names even ...)
- xterm 382-2
+ [bookworm] - xterm <no-dsa> (Minor issue)
+ [bullseye] - xterm <no-dsa> (Minor issue)
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...)
TODO: check
@@ -205,10 +208,13 @@ CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license
NOT-FOR-US: Snow Software
CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
- fastdds 2.9.1+ds-1
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg
NOTE: https://github.com/eProsima/Fast-DDS/issues/3236
CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
- fastdds 2.10.1+ds-2
+ [bookworm] - fastdds <no-dsa> (Minor issue)
+ [bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
NOTE: https://github.com/eProsima/Fast-DDS/issues/3422
CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
@@ -342,6 +348,8 @@ CVE-2023-XXXX [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Real
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5)
CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...)
- haproxy 2.6.15-1 (bug #1043502)
+ [bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA)
+ [bullseye] - haproxy <postponed> (Minor issue, fix along with future DSA)
NOTE: https://github.com/haproxy/haproxy/issues/2237
NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856
CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -1122,6 +1130,8 @@ CVE-2023-39977
REJECTED
CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long ...)
- libqb 2.0.8-1
+ [bookworm] - libqb <no-dsa> (Minor issue)
+ [bullseye] - libqb <no-dsa> (Minor issue)
NOTE: https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 (v2.0.8)
NOTE: https://github.com/ClusterLabs/libqb/pull/490
CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior to vers ...)
@@ -73141,6 +73151,7 @@ CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privil
NOT-FOR-US: Microsoft
CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html
CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
@@ -108460,23 +108471,17 @@ CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved
CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: MyBatis plus
CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
- - libstb <unfixed> (unimportant)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/1287
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
- NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore
- NOTE: cannot bounds check it.
CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
- - libstb <unfixed> (unimportant)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/1288
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
- NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore
- NOTE: cannot bounds check it.
CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
- - libstb <unfixed> (unimportant)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/1286
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
- NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore
- NOTE: cannot bounds check it.
CVE-2022-25513
RESERVED
CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...)
@@ -188559,12 +188564,14 @@ CVE-2020-36025
CVE-2020-36024 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
{DLA-3528-1}
- poppler 22.08.0-2
+ [bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/748
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 (poppler-21.01.0)
CVE-2020-36023 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
{DLA-3528-1}
- poppler 22.08.0-2
+ [bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/744
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/238dc045beeeb1eb619f3fb6cb699ba36813222d (poppler-21.01.0)
@@ -257488,33 +257495,33 @@ CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_D
NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744
NOTE: Crash in CLI tool, no security impact
CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- - libstb <unfixed> (unimportant; bug #949560)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/865
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (unimportant; bug #949559)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/869
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
- - libstb <unfixed> (unimportant; bug #949558)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/867
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (unimportant; bug #949557)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/868
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
- - libstb <unfixed> (unimportant; bug #949556)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/863
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (unimportant; bug #949555)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/866
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- - libstb <unfixed> (unimportant; bug #949554)
+ NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
+ NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
NOTE: https://github.com/nothings/stb/issues/867
- NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...)
NOT-FOR-US: Broadcom
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefa3287d465d20a69eac71594abd0321448493f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefa3287d465d20a69eac71594abd0321448493f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230815/73bf2f0a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list