[Git][security-tracker-team/security-tracker][master] edk2, postgresql DSAs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 14 19:20:21 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb06d821 by Moritz Mühlenhoff at 2024-02-14T20:18:53+01:00
edk2, postgresql DSAs
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5567,43 +5567,43 @@ CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initi
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 2023.11-6 (bug #1061256)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
@@ -108606,19 +108606,19 @@ CVE-2022-36766
RESERVED
CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() function, al ...)
- edk2 2023.11-5 (bug #1060408)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...)
- edk2 2023.11-5 (bug #1060408)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118
CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...)
- edk2 2023.11-5 (bug #1060408)
- [bookworm] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4117
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,13 @@
+[14 Feb 2024] DSA-5624-1 edk2 - security update
+ {CVE-2023-48733}
+ [bullseye] - edk2 2020.11-2+deb11u2
+ [bookworm] - edk2 2022.11-6+deb12u1
+[14 Feb 2024] DSA-5623-1 postgresql-15 - security update
+ {CVE-2024-0985}
+ [bookworm] - postgresql-15 15.6-0+deb12u1
+[14 Feb 2024] DSA-5622-1 postgresql-13 - security update
+ {CVE-2024-0985}
+ [bullseye] - postgresql-13 13.14-0+deb11u1
[14 Feb 2024] DSA-5621-1 bind9 - security update
{CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868}
[bullseye] - bind9 1:9.16.48-1
=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ cryptojs
--
dnsdist (jmm)
--
-edk2 (jmm)
---
engrampa (jmm)
--
frr
@@ -60,10 +58,6 @@ phppgadmin
--
pillow (jmm)
--
-postgresql-13/oldstable (jmm)
---
-postgresql-15/stable (jmm)
---
py7zr/oldstable
--
python-asyncssh
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb06d821ed5c0f55288e49e1035321a865fdfe1c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb06d821ed5c0f55288e49e1035321a865fdfe1c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/e65f9bc3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list