[Git][security-tracker-team/security-tracker][master] Reserve DSA-5490-1 aom

Markus Koschany (@apo) apo at debian.org
Tue Sep 5 23:16:13 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ac31b02 by Markus Koschany at 2023-09-06T00:15:44+02:00
Reserve DSA-5490-1 aom

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2023-39515 (Cacti is an open source operational monitoring and fault managem
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
 CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...)
-	 - cacti <unfixed>
+	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
 CVE-2023-39513 [Cross-Site Scripting vulnerability with Device Name when debugging data queries]
 	- cacti <unfixed>
@@ -17518,7 +17518,7 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core
 	NOT-FOR-US: Snowflake JDBC
 CVE-2023-30534 [Insecure deserialization of filter data]
 	RESERVED
-	 - cacti <unfixed>
+	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
 CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...)
 	NOT-FOR-US: SheetJS
@@ -191763,7 +191763,6 @@ CVE-2020-36136 (SQL Injection vulnerability in cskaza cszcms version 1.2.9, allo
 	NOT-FOR-US: cskaza cszcms
 CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
 	- aom 3.2.0-1
-	[bullseye] - aom <no-dsa> (Minor issue)
 	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
@@ -191776,7 +191775,6 @@ CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation vi
 	NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.1.0-rc1)
 CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the  ...)
 	- aom 3.2.0-1
-	[bullseye] - aom <no-dsa> (Minor issue)
 	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
 	NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.2.0-rc1)
@@ -191784,13 +191782,11 @@ CVE-2020-36132
 	RESERVED
 CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
 	- aom 3.2.0-1
-	[bullseye] - aom <no-dsa> (Minor issue)
 	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
 	- aom 3.2.0-1
-	[bullseye] - aom <no-dsa> (Minor issue)
 	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.1.0-rc1)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Sep 2023] DSA-5490-1 aom - security update
+	{CVE-2020-36130 CVE-2020-36131 CVE-2020-36133 CVE-2020-36135 CVE-2021-30473 CVE-2021-30474 CVE-2021-30475}
+	[bullseye] - aom 1.0.0.errata1-3+deb11u1
 [04 Sep 2023] DSA-5489-1 file - security update
 	{CVE-2022-48554}
 	[bullseye] - file 1:5.39-3+deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
---
-aom/oldstable (apo)
 --
 cinder/oldstable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ac31b023d3f06d5e1b69207ec5c0c3cb767d5eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ac31b023d3f06d5e1b69207ec5c0c3cb767d5eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230905/0091f3e2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list