[Git][security-tracker-team/security-tracker][master] 2 commits: Add libx11 and libxpm to dsa-needed list

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 3 19:35:08 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7779542c by Salvatore Bonaccorso at 2023-10-03T20:28:33+02:00
Add libx11 and libxpm to dsa-needed list

- - - - -
d869ba57 by Salvatore Bonaccorso at 2023-10-03T20:34:22+02:00
Add new grub2 NTFS driver vulnerabilities

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
+	- grub2 2.12~rc1-11
+	NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
+CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass]
+	- grub2 2.12~rc1-11
+	NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
 CVE-2023-4911 [buffer overflow in dynamic loader's processing of the GLIBC_TUNABLES environment variable]
 	- glibc 2.37-12
 	[buster] - glibc <not-affected> (Vulnerable code introduced later)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,10 @@ libreswan (jmm)
 --
 libvpx (carnil)
 --
+libx11 (jmm)
+--
+libxpm (jmm)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96380cb3811243f3186881476dfa3a6f8fa9592b...d869ba572c99436e8caae40c275ee09826eab7be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96380cb3811243f3186881476dfa3a6f8fa9592b...d869ba572c99436e8caae40c275ee09826eab7be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231003/93a26fba/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list