[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 27 14:23:40 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
285994e1 by Moritz Muehlenhoff at 2024-09-27T15:23:19+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5093,37 +5093,37 @@ CVE-2024-42057 (A command injection vulnerability in the IPSec VPN feature of Zy
 CVE-2024-37136 (Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of  ...)
 	NOT-FOR-US: Dell
 CVE-2024-45620 (A vulnerability was found in the pkcs15-init tool in OpenSC. An attack ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082864)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309289
 CVE-2024-45619 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082863)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309288
 CVE-2024-45618 (A vulnerability was found in pkcs15-init in OpenSC. An attacker could  ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082862)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309287
 CVE-2024-45617 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082861)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309286
 CVE-2024-45616 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082860)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309290
 CVE-2024-45615 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
-	- opensc <unfixed>
+	- opensc <unfixed> (bug #1082859)
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309285
 CVE-2024-45310 (runc is a CLI tool for spawning and running containers according to th ...)
-	- runc <unfixed>
+	- runc <unfixed> (bug #1082865)
 	[bookworm] - runc <no-dsa> (Minor issue)
 	[bullseye] - runc <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/03/1
@@ -25652,7 +25652,7 @@ CVE-2023-51498 (Missing Authorization vulnerability in Woo WooCommerce Canada Po
 CVE-2023-50763 (A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6U ...)
 	NOT-FOR-US: Siemens
 CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token authentication  ...)
-	- dogtag-pki <unfixed>
+	- dogtag-pki <unfixed> (bug #1082868)
 	[bullseye] - dogtag-pki <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232218
 CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
@@ -35091,23 +35091,23 @@ CVE-2024-21772 (Uncontrolled search path in some Intel(R) Advisor software befor
 CVE-2023-49614 (Out of bounds write in firmware for some Intel(R) FPGA products before ...)
 	NOT-FOR-US: Intel
 CVE-2023-48727 (NULL pointer dereference in some Intel(R) oneVPL software before versi ...)
-	- intel-mediasdk <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
 	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
-	- onevpl <unfixed>
+	- onevpl <unfixed> (bug #1082867)
 	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-48368 (Improper input validation in Intel(R) Media SDK software all versions  ...)
-	- intel-mediasdk <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
 	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
-	- onevpl <unfixed>
+	- onevpl <unfixed> (bug #1082867)
 	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth products  ...)
 	NOT-FOR-US: Intel
 CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and some Intel( ...)
-	- intel-mediasdk <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
 	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
-	- onevpl <unfixed>
+	- onevpl <unfixed> (bug #1082867)
 	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
@@ -35116,9 +35116,9 @@ CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi
 	[bullseye] - firmware-nonfree <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html
 CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software all versio ...)
-	- intel-mediasdk <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
 	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
-	- onevpl <unfixed>
+	- onevpl <unfixed> (bug #1082867)
 	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max Series 1 ...)
@@ -35140,9 +35140,9 @@ CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM) Prof
 CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software for Win ...)
 	NOT-FOR-US: Intel
 CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all versions may al ...)
-	- intel-mediasdk <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
 	[bookworm] - intel-mediasdk <no-dsa> (Minor issue)
-	- onevpl <unfixed>
+	- onevpl <unfixed> (bug #1082867)
 	[bookworm] - onevpl <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for Windows  ...)
@@ -39555,7 +39555,7 @@ CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remot
 CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote  ...)
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ...)
-	- bluez <unfixed>
+	- bluez <unfixed> (bug #1082870)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -39563,7 +39563,7 @@ CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vul
 CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection Remote Cod ...)
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ...)
-	- bluez <unfixed>
+	- bluez <unfixed> (bug #1082869)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -133931,8 +133931,8 @@ CVE-2023-22926
 CVE-2023-22925
 	RESERVED
 CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL soft ...)
-	- intel-mediasdk <unfixed>
-	- onevpl <unfixed>
+	- intel-mediasdk <unfixed> (bug #1082866)
+	- onevpl <unfixed> (bug #1082867)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
 CVE-2023-22433
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285994e19fb2f1fedbceeeb18d0617f0d50f5059

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285994e19fb2f1fedbceeeb18d0617f0d50f5059
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/5c45f3c2/attachment.htm>

More information about the debian-security-tracker-commits mailing list