[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2023-0341 in editorconfig-core for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Feb 1 16:06:55 GMT 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05ecf8ae by Chris Lamb at 2023-02-01T08:05:23-08:00
Triage CVE-2023-0341 in editorconfig-core for buster LTS.
- - - - -
0433f650 by Chris Lamb at 2023-02-01T08:05:45-08:00
Triage CVE-2022-40152 in libwoodstox-java for buster LTS.
- - - - -
8df4ca80 by Chris Lamb at 2023-02-01T08:06:12-08:00
Triage CVE-2022-47021 in opusfile for buster LTS.
- - - - -
5bc2df27 by Chris Lamb at 2023-02-01T08:06:32-08:00
Triage CVE-2023-22745 in tpm2-tss for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3359,6 +3359,7 @@ CVE-2023-0342
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
- editorconfig-core 0.12.6-0.1
[bullseye] - editorconfig-core <no-dsa> (Minor issue)
+ [buster] - editorconfig-core <no-dsa> (Minor issue)
NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87
NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e
CVE-2023-0340
@@ -6342,6 +6343,7 @@ CVE-2023-22746
CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...)
- tpm2-tss <unfixed> (bug #1029369)
[bullseye] - tpm2-tss <no-dsa> (Minor issue)
+ [buster] - tpm2-tss <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5
NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67
CVE-2023-22744
@@ -12530,6 +12532,7 @@ CVE-2022-47022
CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...)
- opusfile <unfixed> (bug #1030049)
[bullseye] - opusfile <no-dsa> (Minor issue)
+ [buster] - opusfile <no-dsa> (Minor issue)
NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
NOTE: https://github.com/xiph/opusfile/issues/36
CVE-2022-47020
@@ -34338,6 +34341,7 @@ CVE-2022-40153
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libwoodstox-java <unfixed>
[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
+ [buster] - libwoodstox-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/issues/304
NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/666930ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list