[Git][security-tracker-team/security-tracker][master] Reference fixes for libxml2 in sid
Aron Xu (@aron)
aron at debian.org
Sat May 25 08:21:40 BST 2024
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bebdf42f by Aron Xu at 2024-05-25T15:20:46+08:00
Reference fixes for libxml2 in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6869,7 +6869,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A
CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...)
- - libxml2 <unfixed> (unimportant; bug #1071162)
+ - libxml2 2.12.7+dfsg-1 (bug #1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7)
@@ -36177,7 +36177,7 @@ CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM
NOT-FOR-US: Meinberg
CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
[experimental] - libxml2 2.12.5+dfsg-0exp1
- - libxml2 <unfixed> (bug #1063234)
+ - libxml2 2.12.7+dfsg-1 (bug #1063234)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -58256,7 +58256,7 @@ CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.0
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
- - libxml2 <unfixed> (bug #1053629)
+ - libxml2 2.12.7+dfsg-1 (bug #1053629)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
@@ -64190,7 +64190,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
- - libxml2 <unfixed> (bug #1051230)
+ - libxml2 2.12.7+dfsg-1 (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240525/5691796e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list