[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 10 19:18:21 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9780b83 by Moritz Muehlenhoff at 2023-03-10T20:17:49+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2580,28 +2580,28 @@ CVE-2023-27121
 CVE-2023-27120
 	RESERVED
 CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
-	- wabt <unfixed> (unimportant)
+	- wabt <unfixed> (unimportant; bug #1032669)
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/WebAssembly/wabt/issues/1990
 CVE-2023-27118
 	RESERVED
 CVE-2023-27117 (WebAssembly v1.0.29 was discovered to contain a heap overflow via the  ...)
-	- wabt <unfixed> (unimportant)
+	- wabt <unfixed> (unimportant; bug #1032669)
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/WebAssembly/wabt/issues/1989
 CVE-2023-27116 (WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleT ...)
-	- wabt <unfixed> (unimportant)
+	- wabt <unfixed> (unimportant; bug #1032669)
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/WebAssembly/wabt/issues/1984
 	NOTE: https://github.com/WebAssembly/wabt/pull/2119
 	NOTE: https://github.com/WebAssembly/wabt/commit/8a7b7497bdf78f9099f8d5a3a2c9bde87ddd52da
 CVE-2023-27115 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
-	- wabt <unfixed> (unimportant)
+	- wabt <unfixed> (unimportant; bug #1032669)
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/WebAssembly/wabt/issues/1938
 	NOTE: https://github.com/WebAssembly/wabt/issues/1992
 CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault via the  ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1032667)
 	NOTE: https://github.com/radareorg/radare2/issues/21363
 	NOTE: https://github.com/radareorg/radare2/commit/13308c9aad79f9c7a3507ce549fe270103e8ceea
 CVE-2023-27113
@@ -14154,7 +14154,7 @@ CVE-2023-0198
 CVE-2023-0197
 	RESERVED
 CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...)
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1032668)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
 CVE-2023-0195
@@ -14163,7 +14163,7 @@ CVE-2023-0194
 	RESERVED
 CVE-2023-0193
 	RESERVED
-	- nvidia-cuda-toolkit <unfixed>
+	- nvidia-cuda-toolkit <unfixed> (bug #1032668)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
 CVE-2023-0192
@@ -126309,7 +126309,7 @@ CVE-2021-36491
 CVE-2021-36490
 	RESERVED
 CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...)
-	- allegro4.4 <unfixed>
+	- allegro4.4 <unfixed> (bug #1032670)
 	- allegro5 2:5.2.8.0+dfsg-1
 	[bullseye] - allegro5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/liballeg/allegro5/issues/1251
@@ -133889,7 +133889,7 @@ CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfi
 CVE-2021-33392
 	RESERVED
 CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...)
-	- tidy-html5 <unfixed>
+	- tidy-html5 <unfixed> (bug #1032665)
 	[bullseye] - tidy-html5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/htacg/tidy-html5/issues/946
 	NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b
@@ -133940,7 +133940,7 @@ CVE-2021-33369
 CVE-2021-33368
 	RESERVED
 CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to  ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1032666)
 	[bookworm] - freeimage <no-dsa> (Minor issue)
 	[bullseye] - freeimage <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/
@@ -135336,7 +135336,7 @@ CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potentia
 CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars.  ...)
 	NOT-FOR-US: Node hbs
 CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...)
-	- mootols <unfixed>
+	- mootols <unfixed> (bug #1032664)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
 CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
 	NOT-FOR-US: Express-handlebars



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9780b83ea9b7efd0b49126113d4fff16484f0f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9780b83ea9b7efd0b49126113d4fff16484f0f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/e7f251bb/attachment.htm>


More information about the debian-security-tracker-commits mailing list