Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ca2e3351 by Salvatore Bonaccorso at 2024-02-12T11:01:48+01:00 Fix typo in package note - - - - - 6a8e6f07 by Salvatore Bonaccorso at 2024-02-12T11:05:09+01:00 Mark for now some previous NFU in OP-TEE to track via src:optee-os - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -26404,7 +26404,7 @@ CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versi CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site ...) NOT-FOR-US: Froala Editor CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...) - NOT-FOR-US: OP-TEE + - optee-os <undetermined> CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) NOT-FOR-US: Usermin CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...) @@ -73252,7 +73252,7 @@ CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for rea CVE-2022-47550 RESERVED CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware ...) - - optee-os <not-affected> (Fixe before initial upload) + - optee-os <not-affected> (Fixed before initial upload) CVE-2022-47548 RESERVED CVE-2022-47547 (GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a p ...) @@ -79084,7 +79084,7 @@ CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and bro CVE-2022-46153 (Traefik is an open source HTTP reverse proxy and load balancer. In aff ...) - traefik <itp> (bug #983289) CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...) - NOT-FOR-US: OP-TEE + - optee-os <undetermined> CVE-2022-46151 (Querybook is an open source data querying UI. In affected versions use ...) NOT-FOR-US: Querybook CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) @@ -158793,7 +158793,7 @@ CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cook CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) NOT-FOR-US: tusdotnet CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) NOT-FOR-US: GL.iNet CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) @@ -176948,7 +176948,7 @@ CVE-2021-38541 CVE-2021-3699 RESERVED CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) - rust-tar 0.4.37-1 (bug #992173) [bullseye] - rust-tar <no-dsa> (Minor issue) @@ -183105,7 +183105,7 @@ CVE-2021-36135 CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) NOT-FOR-US: McAfee CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) - NOT-FOR-US: OP-TEE + - optee-os <undetermined> CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) NOT-FOR-US: FileImport MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ @@ -335897,19 +335897,19 @@ CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and late NOTE: https://github.com/rust-lang/rust/issues/53566 NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010297 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010296 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010295 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossi ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary ...) - NOT-FOR-US: Linaro/OP-TEE OP-TEE + - optee-os <undetermined> CVE-2019-1010291 RESERVED CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open Redirection. T ...) @@ -407147,9 +407147,9 @@ CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit d8a466829c NOTE: https://github.com/Mindwerks/wildmidi/issues/178 NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...) - NOT-FOR-US: OP-TEE + - optee-os <undetermined> CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...) - NOT-FOR-US: OP-TEE + - optee-os <undetermined> CVE-2018-3816 RESERVED CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) pr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e129c49d5bf9a8e8f4c694e34eb30499c9b8f2f...6a8e6f07eb5f4817e7892b1dd48cb141c21a8b8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e129c49d5bf9a8e8f4c694e34eb30499c9b8f2f...6a8e6f07eb5f4817e7892b1dd48cb141c21a8b8c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits