[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 17 19:49:10 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f4d703c by Moritz Muehlenhoff at 2023-06-17T20:48:41+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1989,6 +1989,7 @@ CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has b
 	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer  ...)
 	- opensc 0.23.0-0.3 (bug #1037021)
+	[bullseye] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/issues/2785
 	NOTE: https://github.com/OpenSC/OpenSC/pull/2787
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a
@@ -2928,6 +2929,7 @@ CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
 	- qt6-base 6.4.2+dfsg-8
 	- qtbase-opensource-src 5.15.8+dfsg-10
 	- qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
+	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
 	NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000413.html
 	NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
@@ -20714,6 +20716,7 @@ CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5
 CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...)
 	- gpac <unfixed> (bug #1034890)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
 	NOT-FOR-US: PHPCrazy
@@ -21268,6 +21271,7 @@ CVE-2023-0779 (At the most basic level, an invalid pointer can be input that cra
 	NOT-FOR-US: Zephyr
 CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...)
 	- libpod 4.3.1+ds1-7 (bug #1032099)
+	[bullseye] - libpod <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
 	NOTE: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8
 CVE-2023-25678
@@ -26833,6 +26837,7 @@ CVE-2023-0359
 	RESERVED
 CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
 	- gpac <unfixed> (bug #1033116)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
 	NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
@@ -129558,6 +129563,7 @@ CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0)
 CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1910
@@ -130870,6 +130876,7 @@ CVE-2021-40943 (In Bento4 1.6.0-638, there is a null pointer reference in the fu
 	NOT-FOR-US: Bento4
 CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1908
 	NOTE: https://github.com/gpac/gpac/commit/da37ec8582266983d0ec4b7550ec907401ec441e (v2.0.0)
@@ -131703,6 +131710,7 @@ CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attac
 	NOTE: https://github.com/gpac/gpac/commit/b09c75dc2d4bf68ac447daa71e72365aa30231a9 (v2.0.0)
 CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1879
 	NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0)
@@ -131800,6 +131808,7 @@ CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability
 	NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb (v2.0.0)
 CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1891



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d703c9c444beb042ab2a51fec2c79314ddfda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d703c9c444beb042ab2a51fec2c79314ddfda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230617/e1cd8fa5/attachment.htm>


More information about the debian-security-tracker-commits mailing list