Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 440399be by security tracker role at 2023-09-06T08:17:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,55 @@ +CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-4773 (The WordPress Social Login plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2023-4719 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...) + TODO: check +CVE-2023-4705 + REJECTED +CVE-2023-4487 (GE CIMPLICITY 2023 is by a process control vulnerability, which could ...) + TODO: check +CVE-2023-4485 (ARDEREGSistema SCADA Central versions 2.203 and prior login page are v ...) + TODO: check +CVE-2023-4310 (BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) ver ...) + TODO: check +CVE-2023-41508 (A hard coded password in Super Store Finder v3.6 allows attackers to a ...) + TODO: check +CVE-2023-41507 (Super Store Finder v3.6 was discovered to contain multiple SQL injecti ...) + TODO: check +CVE-2023-3472 (Use after free vulnerability in Panasonic KW Watcher versions 1.00 thr ...) + TODO: check +CVE-2023-3471 (Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 th ...) + TODO: check +CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient Verification ...) + TODO: check +CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFl ...) + TODO: check +CVE-2023-34352 (A permissions issue was addressed with improved redaction of sensitive ...) + TODO: check +CVE-2023-32438 (This issue was addressed with improved checks to prevent unauthorized ...) + TODO: check +CVE-2023-32432 (A privacy issue was addressed with improved handling of temporary file ...) + TODO: check +CVE-2023-32428 (This issue was addressed with improved file handling. This issue is fi ...) + TODO: check +CVE-2023-32426 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2023-32425 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check +CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...) + TODO: check +CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege Escalation Vu ...) + TODO: check +CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local Privil ...) + TODO: check +CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2023-36851 NOT-FOR-US: Juniper CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) @@ -9,16 +61,16 @@ CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DE [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed -CVE-2023-4764 +CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845. ...) - chromium 116.0.5845.180-1 [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4763 +CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 116.0.5845.179 al ...) - chromium 116.0.5845.180-1 [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4762 +CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed ...) - chromium 116.0.5845.180-1 [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4761 +CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5 ...) - chromium 116.0.5845.180-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -43,9 +95,9 @@ CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. U NOT-FOR-US: KnowStreaming CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mava Software Hotel Management System -CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Bookr ...) +CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Unisi ...) NOT-FOR-US: Bookreen -CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Bookreen allows ...) +CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen ...) NOT-FOR-US: Bookreen CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Cuppa CMS @@ -53,7 +105,7 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vul TODO: check CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...) NOT-FOR-US: IceWarp -CVE-2023-39516 [Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources] +CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...) @@ -62,40 +114,40 @@ CVE-2023-39515 (Cacti is an open source operational monitoring and fault managem CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 -CVE-2023-39513 [Cross-Site Scripting vulnerability with Device Name when debugging data queries] +CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 -CVE-2023-39512 [Cross-Site Scripting vulnerability with Device Name when managing Data Sources] +CVE-2023-39512 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7 -CVE-2023-39510 [Cross-Site Scripting vulnerability with Device Name when administrating Reports] +CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h -CVE-2023-39366 [Cross-Site Scripting vulnerability with Device Name when managing Data Sources] +CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv -CVE-2023-39365 [SQL Injection when using regular expressions] +CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 -CVE-2023-39364 [Open redirect in change password functionality] +CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x -CVE-2023-39362 [Authenticated command injection when using SNMP options] +CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp -CVE-2023-39361 [Unauthenticated SQL Injection when viewing graphs] +CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg -CVE-2023-39360 [Cross-Site Scripting vulnerability when creating new graphs] +CVE-2023-39360 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 -CVE-2023-39359 [Authenticated SQL injection vulnerability when managing graphs] +CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h -CVE-2023-39358 [Authenticated SQL injection vulnerability when managing reports] +CVE-2023-39358 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g -CVE-2023-39357 [SQL Injection when saving data with sql_save()] +CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...) @@ -3270,6 +3322,7 @@ CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.) CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) + {DLA-3555-1} - php8.2 8.2.10-1 (bug #1043477) [bookworm] - php8.2 <postponed> (Fix along in future update) - php7.4 <removed> @@ -3279,6 +3332,7 @@ CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2. NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) + {DLA-3555-1} - php8.2 8.2.10-1 (bug #1043477) [bookworm] - php8.2 <postponed> (Fix along in future update) - php7.4 <removed> @@ -15442,8 +15496,7 @@ CVE-2023-31134 (Tauri is software for building applications for multi-platform d NOT-FOR-US: Tauri CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...) NOT-FOR-US: Ghost CMS -CVE-2023-31132 - RESERVED +CVE-2023-31132 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <not-affected> (Only affect Cacti Installer on Windows) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...) @@ -16832,56 +16885,56 @@ CVE-2023-30732 RESERVED CVE-2023-30731 RESERVED -CVE-2023-30730 - RESERVED -CVE-2023-30729 - RESERVED -CVE-2023-30728 - RESERVED +CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...) + TODO: check +CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...) + TODO: check +CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...) + TODO: check CVE-2023-30727 RESERVED -CVE-2023-30726 - RESERVED -CVE-2023-30725 - RESERVED -CVE-2023-30724 - RESERVED -CVE-2023-30723 - RESERVED -CVE-2023-30722 - RESERVED -CVE-2023-30721 - RESERVED -CVE-2023-30720 - RESERVED -CVE-2023-30719 - RESERVED -CVE-2023-30718 - RESERVED -CVE-2023-30717 - RESERVED -CVE-2023-30716 - RESERVED -CVE-2023-30715 - RESERVED -CVE-2023-30714 - RESERVED -CVE-2023-30713 - RESERVED -CVE-2023-30712 - RESERVED -CVE-2023-30711 - RESERVED -CVE-2023-30710 - RESERVED -CVE-2023-30709 - RESERVED -CVE-2023-30708 - RESERVED -CVE-2023-30707 - RESERVED -CVE-2023-30706 - RESERVED +CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...) + TODO: check +CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...) + TODO: check +CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...) + TODO: check +CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...) + TODO: check +CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...) + TODO: check +CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...) + TODO: check +CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...) + TODO: check +CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...) + TODO: check +CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...) + TODO: check +CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...) + TODO: check +CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...) + TODO: check +CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...) + TODO: check +CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...) + TODO: check +CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...) + TODO: check +CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...) + TODO: check +CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...) + TODO: check +CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...) + TODO: check +CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...) + TODO: check +CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...) + TODO: check +CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...) + TODO: check +CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...) + TODO: check CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) NOT-FOR-US: Samsung CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...) @@ -17533,8 +17586,7 @@ CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for use with Slim 4. In vers NOTE: https://github.com/slimphp/Slim-Psr7/commit/4fea29e910391b1883de5bf6e84b50f6900355fb (1.6.1) CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...) NOT-FOR-US: Snowflake JDBC -CVE-2023-30534 [Insecure deserialization of filter data] - RESERVED +CVE-2023-30534 (Cacti is an open source operational monitoring and fault management fr ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...) @@ -17700,8 +17752,8 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fo NOT-FOR-US: WordPress Plugin CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...) NOT-FOR-US: WordPress Plugin -CVE-2023-30497 - RESERVED +CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...) + TODO: check CVE-2023-30496 RESERVED CVE-2023-30495 @@ -20296,8 +20348,8 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plu NOT-FOR-US: Zoho ManageEngine CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...) NOT-FOR-US: Zoho ManageEngine -CVE-2023-29441 - RESERVED +CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...) + TODO: check CVE-2023-29440 RESERVED CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) @@ -24733,22 +24785,22 @@ CVE-2019-25107 RESERVED CVE-2019-25106 RESERVED -CVE-2023-28215 - RESERVED -CVE-2023-28214 - RESERVED -CVE-2023-28213 - RESERVED -CVE-2023-28212 - RESERVED -CVE-2023-28211 - RESERVED -CVE-2023-28210 - RESERVED -CVE-2023-28209 - RESERVED -CVE-2023-28208 - RESERVED +CVE-2023-28215 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28214 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28213 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28212 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28211 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28210 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28209 (A buffer overflow issue was addressed with improved memory handling. T ...) + TODO: check +CVE-2023-28208 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2023-28207 RESERVED CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...) @@ -24783,8 +24835,8 @@ CVE-2023-28197 RESERVED CVE-2023-28196 RESERVED -CVE-2023-28195 - RESERVED +CVE-2023-28195 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-28193 @@ -24797,10 +24849,10 @@ CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more NOT-FOR-US: Apple CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple -CVE-2023-28188 - RESERVED -CVE-2023-28187 - RESERVED +CVE-2023-28188 (A denial-of-service issue was addressed with improved input validation ...) + TODO: check +CVE-2023-28187 (This issue was addressed with improved state management. This issue is ...) + TODO: check CVE-2023-28186 RESERVED CVE-2023-28185 @@ -25652,8 +25704,8 @@ CVE-2023-27952 (A race condition was addressed with improved locking. This issue NOT-FOR-US: Apple CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple -CVE-2023-27950 - RESERVED +CVE-2023-27950 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...) @@ -90099,8 +90151,8 @@ CVE-2022-32922 (A use after free issue was addressed with improved memory manage NOT-FOR-US: Apple CVE-2022-32921 REJECTED -CVE-2022-32920 - RESERVED +CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...) + TODO: check CVE-2022-32919 RESERVED CVE-2022-32918 (This issue was addressed with improved data protection. This issue is ...) @@ -169605,16 +169657,19 @@ CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible NOTE: Only supported behind an authenticated HTTP zone NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...) + {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...) + {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) + {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 (bug #988211) NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ @@ -191786,6 +191841,7 @@ CVE-2020-36137 CVE-2020-36136 (SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows att ...) NOT-FOR-US: cskaza cszcms CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) + {DSA-5490-1 DLA-3556-1} - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1 @@ -191797,16 +191853,19 @@ CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation vi NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/4567c355bf55a7430819e9d30df259bcb83cfe0d (v2.1.0-rc1) NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.1.0-rc1) CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...) + {DSA-5490-1 DLA-3556-1} - aom 3.2.0-1 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1 NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.2.0-rc1) CVE-2020-36132 RESERVED CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...) + {DSA-5490-1 DLA-3556-1} - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) + {DSA-5490-1 DLA-3556-1} - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.1.0-rc1) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits