Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 32522bfe by security tracker role at 2023-10-28T20:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t hu60wap6. ...) + TODO: check +CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) + TODO: check CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption] - golang-github-nats-io-nkeys <unfixed> [bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) @@ -3148,6 +3154,7 @@ CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0. - chromium 118.0.5993.70-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4421 + {DLA-3634-1} - nss 2:3.61-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1651411 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677 @@ -5417,7 +5424,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vu NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-40476 [Integer overflow in H.265 video parser leading to stack overwrite] - {DSA-5533-1} + {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 <unfixed> (bug #1053259) - gst-plugins-bad0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.html @@ -5425,7 +5432,7 @@ CVE-2023-40476 [Integer overflow in H.265 video parser leading to stack overwrit NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 (1.22.6) CVE-2023-40475 [Integer overflow leading to heap overwrite in MXF file handling with AES3 audio] - {DSA-5533-1} + {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 <unfixed> (bug #1053260) - gst-plugins-bad0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.html @@ -5433,7 +5440,7 @@ CVE-2023-40475 [Integer overflow leading to heap overwrite in MXF file handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 (1.22.6) CVE-2023-40474 [Integer overflow leading to heap overwrite in MXF file handling with uncompressed video] - {DSA-5533-1} + {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 <unfixed> (bug #1053261) - gst-plugins-bad0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html @@ -222446,6 +222453,7 @@ CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not NOTE: https://github.com/FasterXML/jackson-databind/issues/2589 NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1) CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...) + {DLA-3634-1} - nss 2:3.58-1 [stretch] - nss <no-dsa> (Minor issue) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32522bfedd44175ac10b7acedf37d38161296c5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32522bfedd44175ac10b7acedf37d38161296c5f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits