[Git][security-tracker-team/security-tracker][master] 7 commits: mark CVE-2023-51792 as postponed for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Apr 28 18:22:11 BST 2024



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8808bbf1 by Thorsten Alteholz at 2024-04-28T19:01:26+02:00
mark CVE-2023-51792 as postponed for Buster

- - - - -
6f4f2a9d by Thorsten Alteholz at 2024-04-28T19:05:01+02:00
mark CVE-2024-30171 as postponed for Buster

- - - - -
38f7045f by Thorsten Alteholz at 2024-04-28T19:06:22+02:00
mark CVE-2022-48682 as postponed for Buster

- - - - -
b83b555a by Thorsten Alteholz at 2024-04-28T19:17:25+02:00
mark several CVEs of ffmpeg as postponed for Buster

- - - - -
7dda4acc by Thorsten Alteholz at 2024-04-28T19:18:01+02:00
fix typo

- - - - -
62b23395 by Thorsten Alteholz at 2024-04-28T19:18:56+02:00
mark CVE-2023-36308 as postponed for Buster

- - - - -
f0d578a9 by Thorsten Alteholz at 2024-04-28T19:21:15+02:00
mark some CVEs of iotjs as ignored for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -335,18 +335,22 @@ CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Fa
 CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...)
 	- iotjs <removed>
 	[bullseye] - iotjs <ignored> (Minor issue)
+	[buster] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5133
 CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...)
 	- iotjs <removed>
 	[bullseye] - iotjs <ignored> (Minor issue)
+	[buster] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5132
 CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...)
 	- iotjs <removed>
 	[bullseye] - iotjs <ignored> (Minor issue)
+	[buster] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5114
 CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...)
 	- iotjs <removed>
 	[bullseye] - iotjs <ignored> (Minor issue)
+	[buster] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5135
 CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...)
 	NOT-FOR-US: WordPress plugin
@@ -541,6 +545,7 @@ CVE-2023-47252 (An issue was discovered in PnpSmm in Insyde InsydeH2O with kerne
 CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows  ...)
 	- fdupes 1:2.2.1-1
 	[bullseye] - fdupes <no-dsa> (Minor issue)
+	[buster] - fdupes <postponed> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
 	NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0)
 CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search]
@@ -1033,6 +1038,7 @@ CVE-2024-30171
 	- bouncycastle <unfixed>
 	[bookworm] - bouncycastle <no-dsa> (Minor issue)
 	[bullseye] - bouncycastle <no-dsa> (Minor issue)
+	[buster] - bouncycastle <postponed> (Minor issue)
 	NOTE: https://github.com/bcgit/bc-java/issues/1528
 CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated  ...)
 	NOT-FOR-US: Tenda
@@ -1588,6 +1594,7 @@ CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10758
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/68146f06f852078866b3ef1564556e3a272920c7 (n7.0)
 CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
@@ -1595,6 +1602,7 @@ CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10756
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906 (n7.0)
 CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
@@ -1620,12 +1628,14 @@ CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10743
 CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ...)
 	- libde265 1.0.13-1
 	[bookworm] - libde265 <no-dsa> (Minor issue)
 	[bullseye] - libde265 <no-dsa> (Minor issue)
+	[buster] - libde265 <postponed> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/427
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301 (v1.0.13)
 CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
@@ -1633,6 +1643,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10738
 	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/fb54c89a0df3d63198678b17d64aef4dbb599109 (n7.0)
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
@@ -1642,6 +1653,7 @@ CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10702
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (n7.0)
 CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
@@ -1649,6 +1661,7 @@ CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10699
 CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
@@ -1656,6 +1669,7 @@ CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10701
 CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
@@ -1663,6 +1677,7 @@ CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10700
 CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-c ...)
@@ -1672,12 +1687,14 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10688
 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10686
 CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
@@ -50172,6 +50189,7 @@ CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (
 	- golang-github-disintegration-imaging <unfixed> (bug #1069062)
 	[bookworm] - golang-github-disintegration-imaging <no-dsa> (Minor issue)
 	[bullseye] - golang-github-disintegration-imaging <no-dsa> (Minor issue)
+	[buster] - golang-github-disintegration-imaging <postponed> (Minor issue)
 	NOTE: https://github.com/disintegration/imaging/issues/165
 CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer  ...)
 	NOT-FOR-US: ZPLGFA



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b04723da10f910896599d1bbbc29be4ead2729e9...f0d578a94bf7a09bb9f561c6d7b2a5a72786c741

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b04723da10f910896599d1bbbc29be4ead2729e9...f0d578a94bf7a09bb9f561c6d7b2a5a72786c741
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240428/7813f18e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list