[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-6349 and CVE-2023-44488

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 28 13:06:57 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfddebb7 by Salvatore Bonaccorso at 2024-05-28T14:06:11+02:00
Update information for CVE-2023-6349 and CVE-2023-44488

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,8 +77,12 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Grup Arge Energy and Control Systems Smartpower
 CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that  ...)
 	- libvpx 1.13.1-2
+	[bookworm] - libvpx 1.12.0-1+deb12u2
+	[bullseye] - libvpx 1.9.0-1+deb11u2
+	[buster] - libvpx 1.7.0-3+deb10u2
 	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642
 	NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1)
+	NOTE: Same upstream commit as CVE-2023-44488
 CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...)
 	NOTE: Disputed GNOME Shell issue
 CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...)
@@ -59551,6 +59555,7 @@ CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a cras
 	NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main)
 	NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1)
 	NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4
+	NOTE: Same commit as CVE-2023-6349
 CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...)
 	NOT-FOR-US: Caphyon Advanced Installer
 CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/bdd7ec38/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list