[Git][security-tracker-team/security-tracker][master] 5 commits: update note

Thorsten Alteholz (@alteholz) alteholz at debian.org
Fri Oct 13 22:52:34 BST 2023



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07d55dab by Thorsten Alteholz at 2023-10-13T23:06:58+02:00
update note

- - - - -
23027e79 by Thorsten Alteholz at 2023-10-13T23:10:08+02:00
mark issues for gpac as EOL

- - - - -
e74c539a by Thorsten Alteholz at 2023-10-13T23:23:54+02:00
add ceph

- - - - -
7d18fc32 by Thorsten Alteholz at 2023-10-13T23:59:58+02:00
add h2o

- - - - -
b20658ac by Thorsten Alteholz at 2023-10-14T00:02:02+02:00
add nghttp

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -290,6 +290,7 @@ CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file
 	NOT-FOR-US: Juniper
 CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
 	- gpac <unfixed> (bug #1053878)
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2567
 	NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06
 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...)
@@ -319,6 +320,7 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior
 	NOT-FOR-US: KernelSU
 CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
 	- gpac <unfixed> (bug #1053878)
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
 	NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
 CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...)


=====================================
data/dla-needed.txt
=====================================
@@ -50,6 +50,9 @@ cairosvg
   NOTE: 20230323: Added by Front-Desk (gladk)
   NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert/inactive)
 --
+ceph
+  NOTE: 20231013: Added by Front-Desk (ta)
+--
 cinder
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
@@ -89,6 +92,10 @@ freerdp2 (tobi)
 --
 gst-plugins-bad1.0 (Thorsten Alteholz)
   NOTE: 20230928: Added by Frond-Desk (ola)
+  NOTE: 20231013: testing package
+--
+h2o
+  NOTE: 20231013: Added by Front-Desk (ta)
 --
 i2p
   NOTE: 20230809: Added by Front-Desk (Beuc)
@@ -126,6 +133,9 @@ mosquitto (Markus Koschany)
   NOTE: 20230924: Added by Front-Desk (apo)
   NOTE: 20231009: Waiting for upstream clarification how to proceed with open CVE. (apo)
 --
+nghttp2
+  NOTE: 20231014: Added by Front-Desk (ta)
+--
 node-webpack
   NOTE: 20231005: Added by Front-Desk (Beuc)
   NOTE: 20231005: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/0fbd566c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list