[Git][security-tracker-team/security-tracker][master] CVE-2023-3732{7,8,9}/gst* assigned in meanwhile

Mon, 24 Jul 2023 00:07:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
08e6dce2 by Salvatore Bonaccorso at 2023-07-24T09:06:03+02:00
CVE-2023-3732{7,8,9}/gst* assigned in meanwhile

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3158,28 +3158,22 @@ CVE-2023-33277 (The web interface of Gira Giersiepen 
Gira KNX/IP-Router 3.1.3683
        NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-33190 (Sealos is an open source cloud operating system distribution 
based on  ...)
        NOT-FOR-US: Sealos
-CVE-2023-XXXX [Heap overwrite in PGS subtitle overlay decoder]
+CVE-2023-37329 [Heap overwrite in PGS subtitle overlay decoder]
        - gst-plugins-bad1.0 1.22.4-1
-       [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
-       [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1
        - gst-plugins-bad0.10 <removed>
        NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0003.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d
-CVE-2023-XXXX [Integer overflow leading to heap overwrite in FLAC image tag 
handling]
+CVE-2023-37327 [Integer overflow leading to heap overwrite in FLAC image tag 
handling]
        - gst-plugins-good1.0 1.22.4-1
-       [bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1
-       [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2
        - gst-plugins-good0.10 <removed>
        NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0001.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556
-CVE-2023-XXXX [Heap overwrite in subtitle parsing]
+CVE-2023-37328 [Heap overwrite in subtitle parsing]
        - gst-plugins-base1.0 1.22.4-1
-       [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1
-       [bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1
        - gst-plugins-base0.10 <removed>
        NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0002.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch


=====================================
data/DSA/list
=====================================
@@ -43,12 +43,15 @@
        [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u5
        [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u1
 [02 Jul 2023] DSA-5445-1 gst-plugins-good1.0 - security update
+       {CVE-2023-37327}
        [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2
        [bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1
 [02 Jul 2023] DSA-5444-1 gst-plugins-bad1.0 - security update
+       {CVE-2023-37329}
        [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1
        [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
 [02 Jul 2023] DSA-5443-1 gst-plugins-base1.0 - security update
+       {CVE-2023-37328}
        [bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1
        [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1
 [29 Jun 2023] DSA-5442-1 flask - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to