[Git][security-tracker-team/security-tracker][master] 2 commits: Update optee-os CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 21 09:29:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbbb9667 by Dylan Aïssi at 2024-02-21T10:26:01+01:00
Update optee-os CVEs
- - - - -
fc6dc7b3 by Salvatore Bonaccorso at 2024-02-21T09:29:15+00:00
Merge branch 'wip/daissi/optee-os' into 'master'
Update optee-os CVEs
See merge request security-tracker-team/security-tracker!166
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28653,7 +28653,9 @@ CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versi
CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site ...)
NOT-FOR-US: Froala Editor
CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...)
- - optee-os <undetermined>
+ - optee-os <not-affected> (Fixed before initial upload)
+ NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm
+ NOTE: https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a
CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...)
NOT-FOR-US: Usermin
CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...)
@@ -161068,7 +161070,8 @@ CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cook
CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
NOT-FOR-US: tusdotnet
CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
- - optee-os <undetermined>
+ - optee-os <not-affected> (Fixed before initial upload)
+ NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4pqr-q8rf-8464
CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
NOT-FOR-US: GL.iNet
CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
@@ -185381,7 +185384,8 @@ CVE-2021-36135
CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
NOT-FOR-US: McAfee
CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
- - optee-os <undetermined>
+ - optee-os <unfixed>
+ NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-6q85-3ph3-rm47
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
NOT-FOR-US: FileImport MediaWiki extension
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a0ac3f3d8af8d45b1a4bb03c95a4e1ec6b286a3...fc6dc7b316c37553edbf9374e1361b40eeba549d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a0ac3f3d8af8d45b1a4bb03c95a4e1ec6b286a3...fc6dc7b316c37553edbf9374e1361b40eeba549d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/9db54d46/attachment.htm>
More information about the debian-security-tracker-commits
mailing list