[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 9 08:10:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a213767 by security tracker role at 2023-02-09T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-25612
+ RESERVED
+CVE-2023-25177
+ RESERVED
+CVE-2023-24014
+ RESERVED
+CVE-2023-0756
+ RESERVED
+CVE-2023-0755
+ RESERVED
+CVE-2023-0754
+ RESERVED
+CVE-2015-10076
+ RESERVED
CVE-2023-25611
RESERVED
CVE-2023-25610
@@ -24,8 +38,8 @@ CVE-2023-0753
RESERVED
CVE-2023-0752
RESERVED
-CVE-2023-0751
- RESERVED
+CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse the ...)
+ TODO: check
CVE-2023-0750
RESERVED
CVE-2023-0749
@@ -1142,18 +1156,18 @@ CVE-2023-25170
RESERVED
CVE-2023-25169
RESERVED
-CVE-2023-25168
- RESERVED
-CVE-2023-25167
- RESERVED
-CVE-2023-25166
- RESERVED
-CVE-2023-25165
- RESERVED
-CVE-2023-25164
- RESERVED
-CVE-2023-25163
- RESERVED
+CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...)
+ TODO: check
+CVE-2023-25167 (Discourse is an open source discussion platform. In affected versions ...)
+ TODO: check
+CVE-2023-25166 (formula is a math and string formula parser. In versions prior to 3.0. ...)
+ TODO: check
+CVE-2023-25165 (Helm is a tool that streamlines installing and managing Kubernetes app ...)
+ TODO: check
+CVE-2023-25164 (Tinacms is a Git-backed headless content management system with suppor ...)
+ TODO: check
+CVE-2023-25163 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
CVE-2023-25162
RESERVED
CVE-2023-25161
@@ -1176,10 +1190,10 @@ CVE-2023-25153
RESERVED
CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...)
TODO: check
-CVE-2023-25151
- RESERVED
-CVE-2023-25150
- RESERVED
+CVE-2023-25151 (opentelemetry-go-contrib is a collection of extensions for OpenTelemet ...)
+ TODO: check
+CVE-2023-25150 (Nextcloud office/richdocuments is an office suit for the nextcloud ser ...)
+ TODO: check
CVE-2023-25149
RESERVED
CVE-2023-25148
@@ -3992,11 +4006,13 @@ CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5
CVE-2022-48280
RESERVED
CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
+ {DLA-3313-1}
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770
CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
+ {DLA-3313-1}
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html
@@ -4004,6 +4020,7 @@ CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737
CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
+ {DLA-3313-1}
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html
@@ -4017,11 +4034,13 @@ CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/9322
NOTE: Vulnerable dissector introduced with https://gitlab.com/wireshark/wireshark/-/commit/a87e56aa79f62ba8967e63da9d408e464596cd85 (first released with version 3.0.0)
CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
+ {DLA-3313-1}
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766
CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
+ {DLA-3313-1}
- wireshark 4.0.3-1
[bullseye] - wireshark <postponed> (Minor issue, fix along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html
@@ -5932,12 +5951,12 @@ CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager p
NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress
CVE-2023-0252 (The Contextual Related Posts WordPress plugin before 3.3.1 does not va ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0251
- RESERVED
-CVE-2023-0250
- RESERVED
-CVE-2023-0249
- RESERVED
+CVE-2023-0251 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...)
+ TODO: check
+CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...)
+ TODO: check
+CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...)
+ TODO: check
CVE-2023-0248
RESERVED
CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...)
@@ -10119,6 +10138,7 @@ CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0
CVE-2022-4744
RESERVED
CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...)
+ {DLA-3314-1}
- libsdl2 2.26.0+dfsg-1
[bullseye] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290
@@ -11216,8 +11236,8 @@ CVE-2022-47650
RESERVED
CVE-2022-47649
RESERVED
-CVE-2022-47648
- RESERVED
+CVE-2022-47648 (Bosch Security Systems B420 firmware 02.02.0001 employs IP based autho ...)
+ TODO: check
CVE-2022-47647
RESERVED
CVE-2022-47646
@@ -14544,6 +14564,7 @@ CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3
NOTE: https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6
NOTE: https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3
CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...)
+ {DLA-3313-1}
- wireshark 4.0.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html
@@ -17545,8 +17566,8 @@ CVE-2022-45984
RESERVED
CVE-2022-45983
RESERVED
-CVE-2022-45982
- RESERVED
+CVE-2022-45982 (thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulne ...)
+ TODO: check
CVE-2022-45981
RESERVED
CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
@@ -30276,8 +30297,8 @@ CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 a
TODO: check
CVE-2022-42437
RESERVED
-CVE-2022-42436
- RESERVED
+CVE-2022-42436 (IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could a ...)
+ TODO: check
CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0. ...)
NOT-FOR-US: IBM
CVE-2022-42433
@@ -35290,12 +35311,12 @@ CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ..
NOT-FOR-US: Qualcomm
CVE-2022-40515
RESERVED
-CVE-2022-40514
- RESERVED
-CVE-2022-40513
- RESERVED
-CVE-2022-40512
- RESERVED
+CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...)
+ TODO: check
+CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...)
+ TODO: check
+CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while processin ...)
+ TODO: check
CVE-2022-40511
RESERVED
CVE-2022-40510
@@ -35314,8 +35335,8 @@ CVE-2022-40504
RESERVED
CVE-2022-40503
RESERVED
-CVE-2022-40502
- RESERVED
+CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host. ...)
+ TODO: check
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2022-3180
@@ -39699,10 +39720,10 @@ CVE-2022-38780
RESERVED
CVE-2022-38779
RESERVED
-CVE-2022-38778
- RESERVED
-CVE-2022-38777
- RESERVED
+CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana’s third ...)
+ TODO: check
+CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
+ TODO: check
CVE-2022-38776
RESERVED
CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
@@ -52152,8 +52173,8 @@ CVE-2022-34352
RESERVED
CVE-2022-34351
RESERVED
-CVE-2022-34350
- RESERVED
+CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, ...)
+ TODO: check
CVE-2022-34349
RESERVED
CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...)
@@ -52770,10 +52791,10 @@ CVE-2022-XXXX [vlc issues fixed in 3.0.13]
[buster] - vlc 3.0.17.4-0+deb10u1
NOTE: https://www.videolan.org/security/sb-vlc3013.html
NOTE: Tracking issues fixed in DSA-5165-1 without CVEs
-CVE-2022-34146
- RESERVED
-CVE-2022-34145
- RESERVED
+CVE-2022-34146 (Transient DOS due to improper input validation in WLAN Host while pars ...)
+ TODO: check
+CVE-2022-34145 (Transient DOS due to buffer over-read in WLAN Host while parsing frame ...)
+ TODO: check
CVE-2022-34144
RESERVED
CVE-2022-34143
@@ -54836,8 +54857,8 @@ CVE-2022-33308
RESERVED
CVE-2022-33307
RESERVED
-CVE-2022-33306
- RESERVED
+CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing an inco ...)
+ TODO: check
CVE-2022-33305
RESERVED
CVE-2022-33304
@@ -54888,14 +54909,14 @@ CVE-2022-33282
RESERVED
CVE-2022-33281
RESERVED
-CVE-2022-33280
- RESERVED
-CVE-2022-33279
- RESERVED
+CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Bluetooth ...)
+ TODO: check
+CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...)
+ TODO: check
CVE-2022-33278
RESERVED
-CVE-2022-33277
- RESERVED
+CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...)
+ TODO: check
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
TODO: check
CVE-2022-33275
@@ -54906,8 +54927,8 @@ CVE-2022-33273
RESERVED
CVE-2022-33272
RESERVED
-CVE-2022-33271
- RESERVED
+CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...)
+ TODO: check
CVE-2022-33270
RESERVED
CVE-2022-33269
@@ -54952,18 +54973,18 @@ CVE-2022-33250
RESERVED
CVE-2022-33249
RESERVED
-CVE-2022-33248
- RESERVED
+CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...)
+ TODO: check
CVE-2022-33247
RESERVED
-CVE-2022-33246
- RESERVED
+CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...)
+ TODO: check
CVE-2022-33245
RESERVED
CVE-2022-33244
RESERVED
-CVE-2022-33243
- RESERVED
+CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC. ...)
+ TODO: check
CVE-2022-33242
RESERVED
CVE-2022-33241
@@ -54982,32 +55003,32 @@ CVE-2022-33235 (Information disclosure due to buffer over-read in WLAN firmware
NOT-FOR-US: Qualcomm
CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...)
NOT-FOR-US: Snapdragon
-CVE-2022-33233
- RESERVED
-CVE-2022-33232
- RESERVED
+CVE-2022-33233 (Memory corruption due to configuration weakness in modem wile sending ...)
+ TODO: check
+CVE-2022-33232 (Memory corruption due to buffer copy without checking size of input wh ...)
+ TODO: check
CVE-2022-33231
RESERVED
CVE-2022-33230
RESERVED
-CVE-2022-33229
- RESERVED
+CVE-2022-33229 (Information disclosure due to buffer over-read in Modem while using st ...)
+ TODO: check
CVE-2022-33228
RESERVED
CVE-2022-33227
RESERVED
CVE-2022-33226
RESERVED
-CVE-2022-33225
- RESERVED
+CVE-2022-33225 (Memory corruption due to use after free in trusted application environ ...)
+ TODO: check
CVE-2022-33224
RESERVED
CVE-2022-33223
RESERVED
CVE-2022-33222
RESERVED
-CVE-2022-33221
- RESERVED
+CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...)
+ TODO: check
CVE-2022-33220
RESERVED
CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...)
@@ -55016,8 +55037,8 @@ CVE-2022-33218 (Memory corruption in Automotive due to improper input validation
TODO: check
CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33216
- RESERVED
+CVE-2022-33216 (Transient Denial-of-service in Automotive due to improper input valida ...)
+ TODO: check
CVE-2022-33215
RESERVED
CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...)
@@ -76804,28 +76825,28 @@ CVE-2022-25740
RESERVED
CVE-2022-25739
RESERVED
-CVE-2022-25738
- RESERVED
+CVE-2022-25738 (Information disclosure in modem due to buffer over-red while performin ...)
+ TODO: check
CVE-2022-25737
RESERVED
CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25735
- RESERVED
-CVE-2022-25734
- RESERVED
-CVE-2022-25733
- RESERVED
-CVE-2022-25732
- RESERVED
+CVE-2022-25735 (Denial of service in modem due to missing null check while processing ...)
+ TODO: check
+CVE-2022-25734 (Denial of service in modem due to missing null check while processing ...)
+ TODO: check
+CVE-2022-25733 (Denial of service in modem due to null pointer dereference while proce ...)
+ TODO: check
+CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns client ...)
+ TODO: check
CVE-2022-25731
RESERVED
CVE-2022-25730
RESERVED
-CVE-2022-25729
- RESERVED
-CVE-2022-25728
- RESERVED
+CVE-2022-25729 (Memory corruption in modem due to improper length check while copying ...)
+ TODO: check
+CVE-2022-25728 (Information disclosure in modem due to buffer over-read while processi ...)
+ TODO: check
CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...)
NOT-FOR-US: Snapdragon
CVE-2022-25726
@@ -125968,6 +125989,7 @@ CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to o
CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...)
NOT-FOR-US: A-Tune OS tuning engine
CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple ...)
+ {DLA-3314-1}
- libsdl1.2 1.2.15+dfsg2-7 (bug #1014577)
[bullseye] - libsdl1.2 <no-dsa> (Minor issue)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
@@ -204139,13 +204161,13 @@ CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snap
CVE-2020-14411
RESERVED
CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...)
- {DLA-2536-1}
+ {DLA-3314-1 DLA-2536-1}
- libsdl1.2 <not-affected> (Only affects SDL2)
- libsdl2 2.0.14+dfsg2-2
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...)
- {DLA-2536-1}
+ {DLA-3314-1 DLA-2536-1}
- libsdl2 2.0.14+dfsg2-2
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
@@ -260555,6 +260577,7 @@ CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the li
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5)
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5)
CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...)
+ {DLA-3314-1}
- libsdl2 2.0.10+dfsg1-1
[stretch] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <no-dsa> (Minor issue)
@@ -260594,7 +260617,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
NOT-FOR-US: njs
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
- libsdl1.2 1.2.15+dfsg2-5
@@ -279127,7 +279150,7 @@ CVE-2019-7640
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...)
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279147,7 +279170,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279155,7 +279178,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279296,7 +279319,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279304,7 +279327,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279314,7 +279337,7 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279323,7 +279346,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279332,7 +279355,7 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279342,7 +279365,7 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -279353,7 +279376,7 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2804-1 DLA-1714-1 DLA-1713-1}
+ {DLA-3314-1 DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a213767a9b73542f9ddfc396c798723b406489a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a213767a9b73542f9ddfc396c798723b406489a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230209/20cc2845/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list