[Git][security-tracker-team/security-tracker][master] Track CVE-2023-473{59,60}/vlc and drop temporary tracking entry

Tue Nov 7 20:37:42 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30c8d28f by Salvatore Bonaccorso at 2023-11-07T21:36:45+01:00
Track CVE-2023-473{59,60}/vlc and drop temporary tracking entry

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,10 +52,6 @@ CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in
 	NOT-FOR-US: Tenda
 CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...)
 	NOT-FOR-US: Tenda
-CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...)
-	TODO: check
-CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...)
-	TODO: check
 CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In  ...)
 	TODO: check
 CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...)
@@ -732,10 +728,12 @@ CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of
 CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...)
 	- glpi <removed>
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m
-CVE-2023-XXXX [VLC: OOW in MMS URL parsing]
+CVE-2023-47360
+	- vlc 3.0.20-1
+	NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
+	NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
+CVE-2023-47359
 	- vlc 3.0.20-1
-	[bookworm] - vlc 3.0.20-0+deb12u1
-	[bullseye] - vlc 3.0.20-0+deb11u1
 	NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
 	NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
 CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as problem ...)


=====================================
data/DSA/list
=====================================
@@ -15,6 +15,7 @@
 	[bullseye] - chromium 119.0.6045.105-1~deb11u1
 	[bookworm] - chromium 119.0.6045.105-1~deb12u1
 [02 Nov 2023] DSA-5545-1 vlc - security update
+	{CVE-2023-47359 CVE-2023-47360}
 	[bullseye] - vlc 3.0.20-0+deb11u1
 	[bookworm] - vlc 3.0.20-0+deb12u1
 [31 Oct 2023] DSA-5544-1 zookeeper - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30c8d28f7965804781a26cf599d5af51005ee594

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30c8d28f7965804781a26cf599d5af51005ee594
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/7f144d33/attachment.htm>
