[Git][security-tracker-team/security-tracker][master] Removed exiftags from dla-needed and marked one CVE as no-dsa for buster following bullseye.
Ola Lundqvist (@opal)
opal at debian.org
Sat Mar 9 22:55:26 GMT 2024
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e215b731 by Ola Lundqvist at 2024-03-09T23:55:05+01:00
Removed exiftags from dla-needed and marked one CVE as no-dsa for buster following bullseye.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12068,54 +12068,63 @@ CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP Initi
- edk2 <unfixed> (bug #1063727)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...)
- edk2 <unfixed> (bug #1063726)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker could p ...)
@@ -12990,6 +12999,7 @@ CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer
- exiftags <unfixed> (bug #1060753)
[bookworm] - exiftags <no-dsa> (Minor issue)
[bullseye] - exiftags <no-dsa> (Minor issue)
+ [buster] - exiftags <no-dsa> (Minor issue)
NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/
CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode applicat ...)
NOT-FOR-US: ScaleFusion
=====================================
data/dla-needed.txt
=====================================
@@ -74,9 +74,6 @@ edk2
NOTE: 20231230: Added by Front-Desk (lamby)
NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby)
--
-exiftags
- NOTE: 20240121: Added by Front-Desk (apo)
---
expat
NOTE: 20240306: Added by Front-Desk (opal)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e215b7311d6edb4c5abbd08c5bbbd3c239d5a548
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e215b7311d6edb4c5abbd08c5bbbd3c239d5a548
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/0a72a637/attachment.htm>
More information about the debian-security-tracker-commits
mailing list