[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 06 Sep 2023 01:18:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
440399be by security tracker role at 2023-09-06T08:17:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to 
Stored  ...)
+       TODO: check
+CVE-2023-4773 (The WordPress Social Login plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2023-4719 (The Simple Membership plugin for WordPress is vulnerable to 
Reflected  ...)
+       TODO: check
+CVE-2023-4705
+       REJECTED
+CVE-2023-4487 (GE CIMPLICITY 2023 is by a process control vulnerability, which 
could  ...)
+       TODO: check
+CVE-2023-4485 (ARDEREGSistema SCADA Central versions 2.203 and prior login 
page are v ...)
+       TODO: check
+CVE-2023-4310 (BeyondTrust Privileged Remote Access (PRA) and Remote Support 
(RS) ver ...)
+       TODO: check
+CVE-2023-41508 (A hard coded password in Super Store Finder v3.6 allows 
attackers to a ...)
+       TODO: check
+CVE-2023-41507 (Super Store Finder v3.6 was discovered to contain multiple SQL 
injecti ...)
+       TODO: check
+CVE-2023-3472 (Use after free vulnerability in Panasonic KW Watcher versions 
1.00 thr ...)
+       TODO: check
+CVE-2023-3471 (Buffer overflow vulnerability in Panasonic KW Watcher versions 
1.00 th ...)
+       TODO: check
+CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient 
Verification  ...)
+       TODO: check
+CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet 
AG IsarFl ...)
+       TODO: check
+CVE-2023-34352 (A permissions issue was addressed with improved redaction of 
sensitive ...)
+       TODO: check
+CVE-2023-32438 (This issue was addressed with improved checks to prevent 
unauthorized  ...)
+       TODO: check
+CVE-2023-32432 (A privacy issue was addressed with improved handling of 
temporary file ...)
+       TODO: check
+CVE-2023-32428 (This issue was addressed with improved file handling. This 
issue is fi ...)
+       TODO: check
+CVE-2023-32426 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
+       TODO: check
+CVE-2023-32425 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2023-32379 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-32370 (A logic issue was addressed with improved validation. This 
issue is fi ...)
+       TODO: check
+CVE-2023-32362 (Error handling was changed to not reveal sensitive 
information. This i ...)
+       TODO: check
+CVE-2023-32356 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege 
Escalation Vu ...)
+       TODO: check
+CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment 
Local Privil ...)
+       TODO: check
+CVE-2023-29166 (A logic issue was addressed with improved state management. 
This issue ...)
+       TODO: check
 CVE-2023-36851
        NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
@@ -9,16 +61,16 @@ CVE-2023-4778 (Out-of-bounds Read in GitHub repository 
gpac/gpac prior to 2.3-DE
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
        NOTE: 
https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed
-CVE-2023-4764
+CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 
116.0.5845. ...)
        - chromium 116.0.5845.180-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4763
+CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 
116.0.5845.179 al ...)
        - chromium 116.0.5845.180-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4762
+CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 
allowed  ...)
        - chromium 116.0.5845.180-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4761
+CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 
116.0.5 ...)
        - chromium 116.0.5845.180-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -43,9 +95,9 @@ CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to 
Escalation of Privileges. U
        NOT-FOR-US: KnowStreaming
 CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Mava Software Hotel Management System
-CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Bookr ...)
+CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Unisi ...)
        NOT-FOR-US: Bookreen
-CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Bookreen 
allows  ...)
+CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign 
Bookreen ...)
        NOT-FOR-US: Bookreen
 CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code 
execution (RCE) ...)
        NOT-FOR-US: Cuppa CMS
@@ -53,7 +105,7 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain 
a SQL injection vul
        TODO: check
 CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation 
WebClient v. ...)
        NOT-FOR-US: IceWarp
-CVE-2023-39516 [Cross-Site Scripting vulnerability with Data Source 
Information when managing Data Sources]
+CVE-2023-39516 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv
 CVE-2023-39515 (Cacti is an open source operational monitoring and fault 
management fr ...)
@@ -62,40 +114,40 @@ CVE-2023-39515 (Cacti is an open source operational 
monitoring and fault managem
 CVE-2023-39514 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
-CVE-2023-39513 [Cross-Site Scripting vulnerability with Device Name when 
debugging data queries]
+CVE-2023-39513 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2
-CVE-2023-39512 [Cross-Site Scripting vulnerability with Device Name when 
managing Data Sources]
+CVE-2023-39512 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
-CVE-2023-39510 [Cross-Site Scripting vulnerability with Device Name when 
administrating Reports]
+CVE-2023-39510 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
-CVE-2023-39366 [Cross-Site Scripting vulnerability with Device Name when 
managing Data Sources]
+CVE-2023-39366 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
-CVE-2023-39365 [SQL Injection when using regular expressions]
+CVE-2023-39365 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
-CVE-2023-39364 [Open redirect in change password functionality]
+CVE-2023-39364 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
-CVE-2023-39362 [Authenticated command injection when using SNMP options]
+CVE-2023-39362 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
-CVE-2023-39361 [Unauthenticated SQL Injection when viewing graphs]
+CVE-2023-39361 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
-CVE-2023-39360 [Cross-Site Scripting vulnerability when creating new graphs]
+CVE-2023-39360 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
-CVE-2023-39359 [Authenticated SQL injection vulnerability when managing graphs]
+CVE-2023-39359 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
-CVE-2023-39358 [Authenticated SQL injection vulnerability when managing 
reports]
+CVE-2023-39358 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
-CVE-2023-39357 [SQL Injection when saving data with sql_save()]
+CVE-2023-39357 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
 CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection 
vulnerabil ...)
@@ -3270,6 +3322,7 @@ CVE-2023-40224 (MISP 2.4174 allows XSS in 
app/View/Events/index.ctp.)
 CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract 
developm ...)
        NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 
8.2.* bef ...)
+       {DLA-3555-1}
        - php8.2 8.2.10-1 (bug #1043477)
        [bookworm] - php8.2 <postponed> (Fix along in future update)
        - php7.4 <removed>
@@ -3279,6 +3332,7 @@ CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* 
before 8.1.22, and 8.2.
        NOTE: 
https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef 
(php-8.0.30)
        NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 
8.2.* be ...)
+       {DLA-3555-1}
        - php8.2 8.2.10-1 (bug #1043477)
        [bookworm] - php8.2 <postponed> (Fix along in future update)
        - php7.4 <removed>
@@ -15442,8 +15496,7 @@ CVE-2023-31134 (Tauri is software for building 
applications for multi-platform d
        NOT-FOR-US: Tauri
 CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a 
website,  ...)
        NOT-FOR-US: Ghost CMS
-CVE-2023-31132
-       RESERVED
+CVE-2023-31132 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <not-affected> (Only affect Cacti Installer on Windows)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876
 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse 
based on Po ...)
@@ -16832,56 +16885,56 @@ CVE-2023-30732
        RESERVED
 CVE-2023-30731
        RESERVED
-CVE-2023-30730
-       RESERVED
-CVE-2023-30729
-       RESERVED
-CVE-2023-30728
-       RESERVED
+CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to 
versions 11 ...)
+       TODO: check
+CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to 
version 6.1. ...)
+       TODO: check
+CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior 
to versi ...)
+       TODO: check
 CVE-2023-30727
        RESERVED
-CVE-2023-30726
-       RESERVED
-CVE-2023-30725
-       RESERVED
-CVE-2023-30724
-       RESERVED
-CVE-2023-30723
-       RESERVED
-CVE-2023-30722
-       RESERVED
-CVE-2023-30721
-       RESERVED
-CVE-2023-30720
-       RESERVED
-CVE-2023-30719
-       RESERVED
-CVE-2023-30718
-       RESERVED
-CVE-2023-30717
-       RESERVED
-CVE-2023-30716
-       RESERVED
-CVE-2023-30715
-       RESERVED
-CVE-2023-30714
-       RESERVED
-CVE-2023-30713
-       RESERVED
-CVE-2023-30712
-       RESERVED
-CVE-2023-30711
-       RESERVED
-CVE-2023-30710
-       RESERVED
-CVE-2023-30709
-       RESERVED
-CVE-2023-30708
-       RESERVED
-CVE-2023-30707
-       RESERVED
-CVE-2023-30706
-       RESERVED
+CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to 
version ...)
+       TODO: check
+CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to 
version 14 ...)
+       TODO: check
+CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery 
prior to v ...)
+       TODO: check
+CVE-2023-30723 (Improper input validation vulnerability in Samsung Health 
prior to ver ...)
+       TODO: check
+CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung 
Blockchai ...)
+       TODO: check
+CVE-2023-30721 (Insertion of sensitive information into log vulnerability in 
Locksetti ...)
+       TODO: check
+CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR 
Sep-2023 ...)
+       TODO: check
+CVE-2023-30719 (Exposure of Sensitive Information vulnerability in 
InboundSmsHandler p ...)
+       TODO: check
+CVE-2023-30718 (Improper export of android application components 
vulnerability in Wif ...)
+       TODO: check
+CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior 
to SMR  ...)
+       TODO: check
+CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR 
Sep-202 ...)
+       TODO: check
+CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR 
Sep-2023 ...)
+       TODO: check
+CVE-2023-30714 (Improper authorization vulnerability in 
FolderContainerDragDelegate in ...)
+       TODO: check
+CVE-2023-30713 (Improper privilege management vulnerability in 
FolderLockNotifier in O ...)
+       TODO: check
+CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR 
Sep-202 ...)
+       TODO: check
+CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR 
SEP-2023 Re ...)
+       TODO: check
+CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to 
SMR Sep-20 ...)
+       TODO: check
+CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR 
Sep-2023 Releas ...)
+       TODO: check
+CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 
Release 1 ...)
+       TODO: check
+CVE-2023-30707 (Improper input validation vulnerability in 
FileProviderStatusReceiver  ...)
+       TODO: check
+CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR 
Sep-2023 Relea ...)
+       TODO: check
 CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior 
to vers ...)
        NOT-FOR-US: Samsung
 CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior 
to vers ...)
@@ -17533,8 +17586,7 @@ CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for 
use with Slim 4. In vers
        NOTE: 
https://github.com/slimphp/Slim-Psr7/commit/4fea29e910391b1883de5bf6e84b50f6900355fb
 (1.6.1)
 CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports 
core functi ...)
        NOT-FOR-US: Snowflake JDBC
-CVE-2023-30534 [Insecure deserialization of filter data]
-       RESERVED
+CVE-2023-30534 (Cacti is an open source operational monitoring and fault 
management fr ...)
        - cacti <unfixed>
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
 CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype 
Pollution via ...)
@@ -17700,8 +17752,8 @@ CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in Fo
        NOT-FOR-US: WordPress Plugin
 CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
CodeFlav ...)
        NOT-FOR-US: WordPress Plugin
-CVE-2023-30497
-       RESERVED
+CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Simon Ch ...)
+       TODO: check
 CVE-2023-30496
        RESERVED
 CVE-2023-30495
@@ -20296,8 +20348,8 @@ CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus 
before 14105, ServiceDesk Plu
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows 
proxy.html  ...)
        NOT-FOR-US: Zoho ManageEngine
-CVE-2023-29441
-       RESERVED
+CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Robert H ...)
+       TODO: check
 CVE-2023-29440
        RESERVED
 CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
FooPlugi ...)
@@ -24733,22 +24785,22 @@ CVE-2019-25107
        RESERVED
 CVE-2019-25106
        RESERVED
-CVE-2023-28215
-       RESERVED
-CVE-2023-28214
-       RESERVED
-CVE-2023-28213
-       RESERVED
-CVE-2023-28212
-       RESERVED
-CVE-2023-28211
-       RESERVED
-CVE-2023-28210
-       RESERVED
-CVE-2023-28209
-       RESERVED
-CVE-2023-28208
-       RESERVED
+CVE-2023-28215 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28214 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28213 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28212 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28211 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28210 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28209 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
+       TODO: check
+CVE-2023-28208 (A logic issue was addressed with improved state management. 
This issue ...)
+       TODO: check
 CVE-2023-28207
        RESERVED
 CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input 
validat ...)
@@ -24783,8 +24835,8 @@ CVE-2023-28197
        RESERVED
 CVE-2023-28196
        RESERVED
-CVE-2023-28195
-       RESERVED
+CVE-2023-28195 (A privacy issue was addressed with improved private data 
redaction for ...)
+       TODO: check
 CVE-2023-28194 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
        NOT-FOR-US: Apple
 CVE-2023-28193
@@ -24797,10 +24849,10 @@ CVE-2023-28190 (A privacy issue was addressed by 
moving sensitive data to a more
        NOT-FOR-US: Apple
 CVE-2023-28189 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
        NOT-FOR-US: Apple
-CVE-2023-28188
-       RESERVED
-CVE-2023-28187
-       RESERVED
+CVE-2023-28188 (A denial-of-service issue was addressed with improved input 
validation ...)
+       TODO: check
+CVE-2023-28187 (This issue was addressed with improved state management. This 
issue is ...)
+       TODO: check
 CVE-2023-28186
        RESERVED
 CVE-2023-28185
@@ -25652,8 +25704,8 @@ CVE-2023-27952 (A race condition was addressed with 
improved locking. This issue
        NOT-FOR-US: Apple
 CVE-2023-27951 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
        NOT-FOR-US: Apple
-CVE-2023-27950
-       RESERVED
+CVE-2023-27950 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
+       TODO: check
 CVE-2023-27949 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
        NOT-FOR-US: Apple
 CVE-2023-27948 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
@@ -90099,8 +90151,8 @@ CVE-2022-32922 (A use after free issue was addressed 
with improved memory manage
        NOT-FOR-US: Apple
 CVE-2022-32921
        REJECTED
-CVE-2022-32920
-       RESERVED
+CVE-2022-32920 (The issue was addressed with improved checks. This issue is 
fixed in X ...)
+       TODO: check
 CVE-2022-32919
        RESERVED
 CVE-2022-32918 (This issue was addressed with improved data protection. This 
issue is  ...)
@@ -169605,16 +169657,19 @@ CVE-2021-3486 (GLPi 9.5.4 does not sanitize the 
metadata. This way its possible
        NOTE: Only supported behind an authenticated HTTP zone
        NOTE: 
https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
 CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 
has a buf ...)
+       {DSA-5490-1 DLA-3556-1}
        [experimental] - aom 3.2.0-1~exp1
        - aom 3.2.0-1
        NOTE: 
https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999
 CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 
has a use ...)
+       {DSA-5490-1 DLA-3556-1}
        [experimental] - aom 3.2.0-1~exp1
        - aom 3.2.0-1
        NOTE: 
https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees 
memory that i ...)
+       {DSA-5490-1 DLA-3556-1}
        [experimental] - aom 3.2.0-1~exp1
        - aom 3.2.0-1 (bug #988211)
        NOTE: 
https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
@@ -191786,6 +191841,7 @@ CVE-2020-36137
 CVE-2020-36136 (SQL Injection vulnerability in cskaza cszcms version 1.2.9, 
allows att ...)
        NOT-FOR-US: cskaza cszcms
 CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer 
dereference via th ...)
+       {DSA-5490-1 DLA-3556-1}
        - aom 3.2.0-1
        NOTE: 
https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 
(v2.1.0-rc1)
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
@@ -191797,16 +191853,19 @@ CVE-2020-36134 (AOM v2.0.1 was discovered to 
contain a segmentation violation vi
        NOTE: Introduced by: 
https://aomedia.googlesource.com/aom/+/4567c355bf55a7430819e9d30df259bcb83cfe0d 
(v2.1.0-rc1)
        NOTE: Fixed by: 
https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb 
(v2.1.0-rc1)
 CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow 
via the  ...)
+       {DSA-5490-1 DLA-3556-1}
        - aom 3.2.0-1
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
        NOTE: 
https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 
(v3.2.0-rc1)
 CVE-2020-36132
        RESERVED
 CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow 
via the c ...)
+       {DSA-5490-1 DLA-3556-1}
        - aom 3.2.0-1
        NOTE: 
https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 
(v2.1.0-rc1)
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer 
dereference via th ...)
+       {DSA-5490-1 DLA-3556-1}
        - aom 3.2.0-1
        NOTE: 
https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0
 (v2.1.0-rc1)
        NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/440399beb25ee50cf7bfe2aa3064e89d10aea46c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to