[Git][security-tracker-team/security-tracker][master] Reference assigned CVEs for gst-plugins-ugly1.0 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 5 07:17:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10a0697b by Salvatore Bonaccorso at 2023-09-05T08:10:01+02:00
Reference assigned CVEs for gst-plugins-ugly1.0 issues

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3024,26 +3024,22 @@ CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before
 	NOT-FOR-US: Intel
 CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...)
 	NOT-FOR-US: Intel
-CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling]
+CVE-2023-38104 [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling]
 	- gst-plugins-ugly1.0 1.22.5-1 (bug #1043501)
-	[bookworm] - gst-plugins-ugly1.0 1.22.0-2+deb12u1
-	[bullseye] - gst-plugins-ugly1.0 1.18.4-2+deb11u1
-	[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u2
 	- gst-plugins-ugly0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0005.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/67e38cf47b7683586c24de18d8253029042dc72f
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eb89e0a13eeb59fc5bab787ded50faf6a50087e3 (1.22.5)
-CVE-2023-XXXX [ZDI-CAN-21443: Integer overflow leading to heap overwrite in RealMedia file handling]
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1008/
+CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in RealMedia file handling]
 	- gst-plugins-ugly1.0 1.22.5-1 (bug #1043501)
-	[bookworm] - gst-plugins-ugly1.0 1.22.0-2+deb12u1
-	[bullseye] - gst-plugins-ugly1.0 1.18.4-2+deb11u1
-	[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u2
 	- gst-plugins-ugly0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b268b27cd8ff0dda1fda71890cd414f4cb2096db
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/
 CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...)
 	- haproxy 2.6.15-1 (bug #1043502)
 	[bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA)


=====================================
data/DLA/list
=====================================
@@ -2,6 +2,7 @@
 	{CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4581 CVE-2023-4584}
 	[buster] - firefox-esr 102.15.0esr-1~deb10u1
 [31 Aug 2023] DLA-3552-1 gst-plugins-ugly1.0 - security update
+	{CVE-2023-38103 CVE-2023-38104}
 	[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u2
 [31 Aug 2023] DLA-3551-1 otrs2 - security update
 	{CVE-2019-11358 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13458 CVE-2019-16375 CVE-2019-18179 CVE-2019-18180 CVE-2020-1765 CVE-2020-1766 CVE-2020-1767 CVE-2020-1769 CVE-2020-1770 CVE-2020-1771 CVE-2020-1772 CVE-2020-1773 CVE-2020-1774 CVE-2020-1776 CVE-2020-11022 CVE-2020-11023 CVE-2021-21252 CVE-2021-21439 CVE-2021-21440 CVE-2021-21441 CVE-2021-21443 CVE-2021-36091 CVE-2021-36100 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-4427 CVE-2023-38060}


=====================================
data/DSA/list
=====================================
@@ -45,6 +45,7 @@
 	{CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968}
 	[bookworm] - samba 2:4.17.10+dfsg-0+deb12u1
 [12 Aug 2023] DSA-5476-1 gst-plugins-ugly1.0 - security update
+	{CVE-2023-38103 CVE-2023-38104}
 	[bullseye] - gst-plugins-ugly1.0 1.18.4-2+deb11u1
 	[bookworm] - gst-plugins-ugly1.0 1.22.0-2+deb12u1
 [11 Aug 2023] DSA-5475-1 linux - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a0697b20df7e4af1d88d55dbee7869682486b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a0697b20df7e4af1d88d55dbee7869682486b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230905/3f22e24a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list