Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 05ecf8ae by Chris Lamb at 2023-02-01T08:05:23-08:00 Triage CVE-2023-0341 in editorconfig-core for buster LTS. - - - - - 0433f650 by Chris Lamb at 2023-02-01T08:05:45-08:00 Triage CVE-2022-40152 in libwoodstox-java for buster LTS. - - - - - 8df4ca80 by Chris Lamb at 2023-02-01T08:06:12-08:00 Triage CVE-2022-47021 in opusfile for buster LTS. - - - - - 5bc2df27 by Chris Lamb at 2023-02-01T08:06:32-08:00 Triage CVE-2023-22745 in tpm2-tss for buster LTS. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3359,6 +3359,7 @@ CVE-2023-0342 CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) - editorconfig-core 0.12.6-0.1 [bullseye] - editorconfig-core <no-dsa> (Minor issue) + [buster] - editorconfig-core <no-dsa> (Minor issue) NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87 NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e CVE-2023-0340 @@ -6342,6 +6343,7 @@ CVE-2023-22746 CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...) - tpm2-tss <unfixed> (bug #1029369) [bullseye] - tpm2-tss <no-dsa> (Minor issue) + [buster] - tpm2-tss <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 CVE-2023-22744 @@ -12530,6 +12532,7 @@ CVE-2022-47022 CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...) - opusfile <unfixed> (bug #1030049) [bullseye] - opusfile <no-dsa> (Minor issue) + [buster] - opusfile <no-dsa> (Minor issue) NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 NOTE: https://github.com/xiph/opusfile/issues/36 CVE-2022-47020 @@ -34338,6 +34341,7 @@ CVE-2022-40153 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...) - libwoodstox-java <unfixed> [bullseye] - libwoodstox-java <no-dsa> (Minor issue) + [buster] - libwoodstox-java <no-dsa> (Minor issue) NOTE: https://github.com/x-stream/xstream/issues/304 NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits