[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2023-32784 in keepass2 for buster LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue May 23 18:19:46 BST 2023 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ce0fae9 by Chris Lamb at 2023-05-23T10:15:56-07:00
Triage CVE-2023-32784 in keepass2 for buster LTS.

- - - - -
2f365699 by Chris Lamb at 2023-05-23T10:16:19-07:00
Triage CVE-2023-2700 in libvirt for buster LTS.

- - - - -
04bc010f by Chris Lamb at 2023-05-23T10:16:39-07:00
Triage CVE-2023-30300 in wabt for buster LTS.

- - - - -
a54866e9 by Chris Lamb at 2023-05-23T10:17:04-07:00
Triage CVE-2023-29579 in yasm for buster LTS.

- - - - -
a7ba4eab by Chris Lamb at 2023-05-23T10:18:16-07:00
Triage CVE-2023-2731 & CVE-2023-30086 in tiff for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -389,6 +389,7 @@ CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda O
 CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...)
 	- tiff 4.5.0-6 (bug #1036282)
 	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
 CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -649,6 +650,7 @@ CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW
 CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleartext ma ...)
 	- keepass2 <unfixed>
 	[bullseye] - keepass2 <no-dsa> (Minor issue)
+	[buster] - keepass2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/vdohney/keepass-password-dumper
 	NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
 CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep thro ...)
@@ -657,6 +659,7 @@ CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers
 	[experimental] - libvirt 9.3.0-1
 	- libvirt <unfixed> (bug #1036297)
 	[bullseye] - libvirt <no-dsa> (Minor issue)
+	[buster] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0)
 CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -4646,6 +4649,7 @@ CVE-2023-30301
 CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes an infin ...)
 	- wabt <unfixed> (bug #1035686)
 	[bullseye] - wabt <no-dsa> (Minor issue)
+	[buster] - wabt <no-dsa> (Minor issue)
 	NOTE: https://github.com/WebAssembly/wabt/issues/2180
 	NOTE: https://github.com/WebAssembly/wabt/pull/2183
 	NOTE: https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c
@@ -5078,6 +5082,7 @@ CVE-2023-30087 (Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows
 CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local  ...)
 	- tiff 4.5.0-2
 	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/538
 	NOTE: Likely fixed by: https://gitlab.com/libtiff/libtiff/-/merge_requests/385
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1)
@@ -6151,6 +6156,7 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation vi
 CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
 	- yasm <unfixed> (bug #1035951)
 	[bullseye] - yasm <no-dsa> (Minor issue)
+	[buster] - yasm <no-dsa> (Minor issue)
 	NOTE: https://github.com/yasm/yasm/issues/214
 CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
 	NOT-FOR-US: MP4v2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c986b3ca8bc6afca6a52d3509214dc0914839801...a7ba4eab2685117033fad9723cd3bd19977e9053

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c986b3ca8bc6afca6a52d3509214dc0914839801...a7ba4eab2685117033fad9723cd3bd19977e9053
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/d6c7eaa8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list