[Git][security-tracker-team/security-tracker][master] 5 commits: update note
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Fri Oct 13 22:52:34 BST 2023
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
07d55dab by Thorsten Alteholz at 2023-10-13T23:06:58+02:00
update note
- - - - -
23027e79 by Thorsten Alteholz at 2023-10-13T23:10:08+02:00
mark issues for gpac as EOL
- - - - -
e74c539a by Thorsten Alteholz at 2023-10-13T23:23:54+02:00
add ceph
- - - - -
7d18fc32 by Thorsten Alteholz at 2023-10-13T23:59:58+02:00
add h2o
- - - - -
b20658ac by Thorsten Alteholz at 2023-10-14T00:02:02+02:00
add nghttp
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -290,6 +290,7 @@ CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file
NOT-FOR-US: Juniper
CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
- gpac <unfixed> (bug #1053878)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2567
NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06
CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...)
@@ -319,6 +320,7 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior
NOT-FOR-US: KernelSU
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
- gpac <unfixed> (bug #1053878)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...)
=====================================
data/dla-needed.txt
=====================================
@@ -50,6 +50,9 @@ cairosvg
NOTE: 20230323: Added by Front-Desk (gladk)
NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert/inactive)
--
+ceph
+ NOTE: 20231013: Added by Front-Desk (ta)
+--
cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
@@ -89,6 +92,10 @@ freerdp2 (tobi)
--
gst-plugins-bad1.0 (Thorsten Alteholz)
NOTE: 20230928: Added by Frond-Desk (ola)
+ NOTE: 20231013: testing package
+--
+h2o
+ NOTE: 20231013: Added by Front-Desk (ta)
--
i2p
NOTE: 20230809: Added by Front-Desk (Beuc)
@@ -126,6 +133,9 @@ mosquitto (Markus Koschany)
NOTE: 20230924: Added by Front-Desk (apo)
NOTE: 20231009: Waiting for upstream clarification how to proceed with open CVE. (apo)
--
+nghttp2
+ NOTE: 20231014: Added by Front-Desk (ta)
+--
node-webpack
NOTE: 20231005: Added by Front-Desk (Beuc)
NOTE: 20231005: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a47ba1251cdf9515d90a78f8123be8029e0de43...b20658ac2409e932b918b063ceaac71395c73e1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/0fbd566c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list