[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVEs for gpac as EOL in Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Dec 9 23:40:57 GMT 2023 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dff9ed60 by Thorsten Alteholz at 2023-12-10T00:25:45+01:00
mark CVEs for gpac as EOL in Buster

- - - - -
52c1cae8 by Thorsten Alteholz at 2023-12-10T00:27:32+01:00
mark CVE-2023-49284 as no-dsa for Buster

- - - - -
917a5171 by Thorsten Alteholz at 2023-12-10T00:38:00+01:00
mark CVE-2023-49464 CVE-2023-49463 CVE-2023-49462 CVE-2023-49460 as not-affected for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,6 +24,7 @@ CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials
 	NOT-FOR-US: IBM
 CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in Buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2652
 	NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
 	NOTE: https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521
@@ -31,6 +32,7 @@ CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167
 	NOT-FOR-US: DrayTek Vigor167
 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in Buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2669
 	NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
 CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...)
@@ -269,6 +271,7 @@ CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violati
 	- libheif <unfixed>
 	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/strukturag/libheif/issues/1044
 	NOTE: https://github.com/strukturag/libheif/pull/1049
 	NOTE: https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287
@@ -276,16 +279,19 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violati
 	- libheif <unfixed>
 	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/strukturag/libheif/issues/1042
 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...)
 	- libheif <unfixed>
 	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/strukturag/libheif/issues/1043
 CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...)
 	- libheif <unfixed>
 	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/strukturag/libheif/issues/1046
 CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...)
 	NOT-FOR-US: Tenda
@@ -798,6 +804,7 @@ CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS,
 	- fish <unfixed> (bug #1057455)
 	[bookworm] - fish <no-dsa> (Minor issue)
 	[bullseye] - fish <no-dsa> (Minor issue)
+	[buster] - fish <no-dsa> (Minor issue)
 	NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f
 	NOTE: https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 (3.6.2)
 CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to request chang ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231209/643e5235/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list