[Git][security-tracker-team/security-tracker][master] 5 commits: Marked gpac CVE-2023-3291 end-of-life.

Ola Lundqvist (@opal) opal at debian.org
Sun Jun 18 20:35:21 BST 2023 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08297450 by Ola Lundqvist at 2023-06-18T21:34:53+02:00
Marked gpac CVE-2023-3291 end-of-life.

- - - - -
f19d2d30 by Ola Lundqvist at 2023-06-18T21:34:54+02:00
Marked librabbitmq CVE-2023-35789 no-dsa for buster.

- - - - -
e7c1e16b by Ola Lundqvist at 2023-06-18T21:34:56+02:00
Marked nuget CVE-2023-29337 as postponed for buster.

- - - - -
43f72ef6 by Ola Lundqvist at 2023-06-18T21:34:57+02:00
Marked renderdoc CVE-2023-33865 as postponed for buster.

- - - - -
931ea83c by Ola Lundqvist at 2023-06-18T21:34:59+02:00
Marked php-react-http CVE-2023-26044 as no-dsa for buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,6 +28,7 @@ CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbit
 	- librabbitmq <unfixed> (bug #1037322)
 	[bookworm] - librabbitmq <no-dsa> (Minor issue)
 	[bullseye] - librabbitmq <no-dsa> (Minor issue)
+	[buster] - librabbitmq <no-dsa> (Minor issue)
 	NOTE: https://github.com/alanxz/rabbitmq-c/issues/575
 	NOTE: https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0
 CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract development. St ...)
@@ -92,6 +93,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
 	NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
 CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...)
@@ -990,6 +992,7 @@ CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arb
 	NOT-FOR-US: Adning Advertising plugin for WordPress
 CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a symlink ...)
 	- renderdoc <unfixed> (bug #1037208)
+	[buster] - renderdoc <postponed> (Can wait for next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -9906,6 +9909,7 @@ CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
 	- nuget <unfixed>
+	[buster] - nuget <postponed> (Can wait for next update)
 	NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
 CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -20042,6 +20046,7 @@ CVE-2023-26045
 	RESERVED
 CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...)
 	- php-react-http <removed>
+	[buster] - php-react-http <no-dsa> (Minor issue)
 	NOTE: https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf
 	NOTE: https://github.com/reactphp/http/commit/b3594f7936b92f9fc2d5f9e84dc01bdb95a72167 (v1.9.0)
 	TODO: check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76306029fa98d8a35037fd5816c2465eacaa3997...931ea83cef1093b2aa3cbb44b921de8c6f16b7ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76306029fa98d8a35037fd5816c2465eacaa3997...931ea83cef1093b2aa3cbb44b921de8c6f16b7ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230618/90c2527b/attachment.htm>

More information about the debian-security-tracker-commits mailing list