[Git][security-tracker-team/security-tracker][master] 2 commits: Fix typo in package note

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 12 10:06:32 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca2e3351 by Salvatore Bonaccorso at 2024-02-12T11:01:48+01:00
Fix typo in package note

- - - - -
6a8e6f07 by Salvatore Bonaccorso at 2024-02-12T11:05:09+01:00
Mark for now some previous NFU in OP-TEE to track via src:optee-os

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26404,7 +26404,7 @@ CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versi
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site  ...)
 	NOT-FOR-US: Froala Editor
 CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
-	NOT-FOR-US: OP-TEE
+	- optee-os <undetermined>
 CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...)
 	NOT-FOR-US: Usermin
 CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...)
@@ -73252,7 +73252,7 @@ CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for rea
 CVE-2022-47550
 	RESERVED
 CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware  ...)
-	- optee-os <not-affected> (Fixe before initial upload)
+	- optee-os <not-affected> (Fixed before initial upload)
 CVE-2022-47548
 	RESERVED
 CVE-2022-47547 (GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a p ...)
@@ -79084,7 +79084,7 @@ CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and bro
 CVE-2022-46153 (Traefik is an open source HTTP reverse proxy and load balancer. In aff ...)
 	- traefik <itp> (bug #983289)
 CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...)
-	NOT-FOR-US: OP-TEE
+	- optee-os <undetermined>
 CVE-2022-46151 (Querybook is an open source data querying UI. In affected versions use ...)
 	NOT-FOR-US: Querybook
 CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...)
@@ -158793,7 +158793,7 @@ CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cook
 CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
 	NOT-FOR-US: tusdotnet
 CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through  ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
 	NOT-FOR-US: GL.iNet
 CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
@@ -176948,7 +176948,7 @@ CVE-2021-38541
 CVE-2021-3699
 	RESERVED
 CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When  ...)
 	- rust-tar 0.4.37-1 (bug #992173)
 	[bullseye] - rust-tar <no-dsa> (Minor issue)
@@ -183105,7 +183105,7 @@ CVE-2021-36135
 CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
 	NOT-FOR-US: McAfee
 CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
-	NOT-FOR-US: OP-TEE
+	- optee-os <undetermined>
 CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
 	NOT-FOR-US: FileImport MediaWiki extension
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -335897,19 +335897,19 @@ CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and late
 	NOTE: https://github.com/rust-lang/rust/issues/53566
 	NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
 CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010297 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010296 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010295 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossi ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary  ...)
-	NOT-FOR-US: Linaro/OP-TEE OP-TEE
+	- optee-os <undetermined>
 CVE-2019-1010291
 	RESERVED
 CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open Redirection. T ...)
@@ -407147,9 +407147,9 @@ CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit d8a466829c
 	NOTE: https://github.com/Mindwerks/wildmidi/issues/178
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
 CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...)
-	NOT-FOR-US: OP-TEE
+	- optee-os <undetermined>
 CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...)
-	NOT-FOR-US: OP-TEE
+	- optee-os <undetermined>
 CVE-2018-3816
 	RESERVED
 CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e129c49d5bf9a8e8f4c694e34eb30499c9b8f2f...6a8e6f07eb5f4817e7892b1dd48cb141c21a8b8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e129c49d5bf9a8e8f4c694e34eb30499c9b8f2f...6a8e6f07eb5f4817e7892b1dd48cb141c21a8b8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240212/81295be6/attachment.htm>

More information about the debian-security-tracker-commits mailing list