[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2023-28100 & CVE-2023-28101 in flatpak for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Mar 29 10:03:25 BST 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b585ca5c by Chris Lamb at 2023-03-29T10:01:31+01:00
Triage CVE-2023-28100 & CVE-2023-28101 in flatpak for buster LTS.
- - - - -
08eacb79 by Chris Lamb at 2023-03-29T10:02:04+01:00
Triage CVE-2022-38745 in libreoffice for buster LTS.
- - - - -
1cbc6468 by Chris Lamb at 2023-03-29T10:02:32+01:00
Triage CVE-2023-27102 & CVE-2023-27103 in libde265 for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2906,10 +2906,12 @@ CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In
CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033098)
[bullseye] - flatpak <no-dsa> (Minor issue)
+ [buster] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033099)
[bullseye] - flatpak <no-dsa> (Minor issue)
+ [buster] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
NOT-FOR-US: OpenSIPS
@@ -5834,11 +5836,13 @@ CVE-2023-27104
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...)
- libde265 <unfixed> (bug #1033257)
[bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/394
NOTE: https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995
CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...)
- libde265 <unfixed> (bug #1033257)
[bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/393
NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1
CVE-2023-27101
@@ -50232,6 +50236,7 @@ CVE-2022-38746
CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...)
- libreoffice 1:7.3.1-1
[bullseye] - libreoffice <no-dsa> (Minor issue)
+ [buster] - libreoffice <no-dsa> (Minor issue)
NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745
CVE-2022-2993 (There is an error in the condition of the last if-statement in the fun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5db9b2e449d961bf39407d7d6b6f5d2882018e15...1cbc64681023300de7e9414a11c728b567f670e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5db9b2e449d961bf39407d7d6b6f5d2882018e15...1cbc64681023300de7e9414a11c728b567f670e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230329/abfa2919/attachment.htm>
More information about the debian-security-tracker-commits
mailing list