[Git][security-tracker-team/security-tracker][master] CVE-2023-3732{7,8,9}/gst* assigned in meanwhile

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08e6dce2 by Salvatore Bonaccorso at 2023-07-24T09:06:03+02:00
CVE-2023-3732{7,8,9}/gst* assigned in meanwhile

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3158,28 +3158,22 @@ CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683
 	NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on  ...)
 	NOT-FOR-US: Sealos
-CVE-2023-XXXX [Heap overwrite in PGS subtitle overlay decoder]
+CVE-2023-37329 [Heap overwrite in PGS subtitle overlay decoder]
 	- gst-plugins-bad1.0 1.22.4-1
-	[bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
-	[bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1
 	- gst-plugins-bad0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0003.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d
-CVE-2023-XXXX [Integer overflow leading to heap overwrite in FLAC image tag handling]
+CVE-2023-37327 [Integer overflow leading to heap overwrite in FLAC image tag handling]
 	- gst-plugins-good1.0 1.22.4-1
-	[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1
-	[bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2
 	- gst-plugins-good0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0001.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556
-CVE-2023-XXXX [Heap overwrite in subtitle parsing]
+CVE-2023-37328 [Heap overwrite in subtitle parsing]
 	- gst-plugins-base1.0 1.22.4-1
-	[bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1
-	[bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0002.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch


=====================================
data/DSA/list
=====================================
@@ -43,12 +43,15 @@
 	[bullseye] - ghostscript 9.53.3~dfsg-7+deb11u5
 	[bookworm] - ghostscript 10.0.0~dfsg-11+deb12u1
 [02 Jul 2023] DSA-5445-1 gst-plugins-good1.0 - security update
+	{CVE-2023-37327}
 	[bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2
 	[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1
 [02 Jul 2023] DSA-5444-1 gst-plugins-bad1.0 - security update
+	{CVE-2023-37329}
 	[bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1
 	[bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
 [02 Jul 2023] DSA-5443-1 gst-plugins-base1.0 - security update
+	{CVE-2023-37328}
 	[bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1
 	[bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1
 [29 Jun 2023] DSA-5442-1 flask - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230724/1dbfb3a0/attachment-0001.htm>