[Git][security-tracker-team/security-tracker][master] Track fixes for libxml2 via experimental
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 19 05:25:29 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13fbaaf0 by Salvatore Bonaccorso at 2023-12-19T06:24:50+01:00
Track fixes for libxml2 via experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12859,12 +12859,13 @@ CVE-2023-40631 (In Dialer, there is a possible missing permission check. This co
CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...)
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...)
+ [experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1053629)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
- NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5
CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...)
@@ -18736,13 +18737,14 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
+ [experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
- NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
- NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 (v2.12.0)
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129 (v2.12.0)
CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...)
NOT-FOR-US: authentik
CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fbaaf05d7b15a6c9300ea0d5e5563c4db739d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fbaaf05d7b15a6c9300ea0d5e5563c4db739d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/501bd7b8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list