Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 08e6dce2 by Salvatore Bonaccorso at 2023-07-24T09:06:03+02:00 CVE-2023-3732{7,8,9}/gst* assigned in meanwhile - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -3158,28 +3158,22 @@ CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683 NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on ...) NOT-FOR-US: Sealos -CVE-2023-XXXX [Heap overwrite in PGS subtitle overlay decoder] +CVE-2023-37329 [Heap overwrite in PGS subtitle overlay decoder] - gst-plugins-bad1.0 1.22.4-1 - [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1 - [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1 - gst-plugins-bad0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d -CVE-2023-XXXX [Integer overflow leading to heap overwrite in FLAC image tag handling] +CVE-2023-37327 [Integer overflow leading to heap overwrite in FLAC image tag handling] - gst-plugins-good1.0 1.22.4-1 - [bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1 - [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2 - gst-plugins-good0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556 -CVE-2023-XXXX [Heap overwrite in subtitle parsing] +CVE-2023-37328 [Heap overwrite in subtitle parsing] - gst-plugins-base1.0 1.22.4-1 - [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1 - [bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1 - gst-plugins-base0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch ===================================== data/DSA/list ===================================== @@ -43,12 +43,15 @@ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u5 [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u1 [02 Jul 2023] DSA-5445-1 gst-plugins-good1.0 - security update + {CVE-2023-37327} [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u2 [bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u1 [02 Jul 2023] DSA-5444-1 gst-plugins-bad1.0 - security update + {CVE-2023-37329} [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u1 [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1 [02 Jul 2023] DSA-5443-1 gst-plugins-base1.0 - security update + {CVE-2023-37328} [bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u1 [bookworm] - gst-plugins-base1.0 1.22.0-3+deb12u1 [29 Jun 2023] DSA-5442-1 flask - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08e6dce25790d0ec75d3478777e02e8baae660d7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits