Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: aefa3287 by Moritz Muehlenhoff at 2023-08-15T12:49:12+02:00 bookworm/bullseye triage (and also updates some older libstd entries) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -29,12 +29,15 @@ CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit- CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ...) - qemu <unfixed> [bookworm] - qemu <not-affected> (Vulnerable code intoduced later) + [bullseye] - qemu <not-affected> (Vulnerable code intoduced later) [buster] - qemu <not-affected> (Vulnerable code intoduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1815 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 (v8.1.0-rc3) CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set names even ...) - xterm 382-2 + [bookworm] - xterm <no-dsa> (Minor issue) + [bullseye] - xterm <no-dsa> (Minor issue) NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380 CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...) TODO: check @@ -205,10 +208,13 @@ CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license NOT-FOR-US: Snow Software CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.9.1+ds-1 + [bullseye] - fastdds <no-dsa> (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg NOTE: https://github.com/eProsima/Fast-DDS/issues/3236 CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.10.1+ds-2 + [bookworm] - fastdds <no-dsa> (Minor issue) + [bullseye] - fastdds <no-dsa> (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) @@ -342,6 +348,8 @@ CVE-2023-XXXX [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Real NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5) CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...) - haproxy 2.6.15-1 (bug #1043502) + [bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA) + [bullseye] - haproxy <postponed> (Minor issue, fix along with future DSA) NOTE: https://github.com/haproxy/haproxy/issues/2237 NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...) @@ -1122,6 +1130,8 @@ CVE-2023-39977 REJECTED CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long ...) - libqb 2.0.8-1 + [bookworm] - libqb <no-dsa> (Minor issue) + [bullseye] - libqb <no-dsa> (Minor issue) NOTE: https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 (v2.0.8) NOTE: https://github.com/ClusterLabs/libqb/pull/490 CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior to vers ...) @@ -73141,6 +73151,7 @@ CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privil NOT-FOR-US: Microsoft CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability) - samba 2:4.17.4+dfsg-1 + [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1) NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability) - samba 2:4.17.4+dfsg-1 @@ -108460,23 +108471,17 @@ CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: MyBatis plus CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - - libstb <unfixed> (unimportant) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1287 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files - NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore - NOTE: cannot bounds check it. CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - - libstb <unfixed> (unimportant) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1288 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files - NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore - NOTE: cannot bounds check it. CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - - libstb <unfixed> (unimportant) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1286 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files - NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore - NOTE: cannot bounds check it. CVE-2022-25513 RESERVED CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...) @@ -188559,12 +188564,14 @@ CVE-2020-36025 CVE-2020-36024 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...) {DLA-3528-1} - poppler 22.08.0-2 + [bullseye] - poppler <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/748 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 (poppler-21.01.0) CVE-2020-36023 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...) {DLA-3528-1} - poppler 22.08.0-2 + [bullseye] - poppler <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/744 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/238dc045beeeb1eb619f3fb6cb699ba36813222d (poppler-21.01.0) @@ -257488,33 +257495,33 @@ CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_D NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 NOTE: Crash in CLI tool, no security impact CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - - libstb <unfixed> (unimportant; bug #949560) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/865 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - - libstb <unfixed> (unimportant; bug #949559) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/869 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) - - libstb <unfixed> (unimportant; bug #949558) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/867 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - - libstb <unfixed> (unimportant; bug #949557) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/868 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) - - libstb <unfixed> (unimportant; bug #949556) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/863 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - - libstb <unfixed> (unimportant; bug #949555) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/866 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - - libstb <unfixed> (unimportant; bug #949554) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/867 - NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...) NOT-FOR-US: Broadcom CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefa3287d465d20a69eac71594abd0321448493f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefa3287d465d20a69eac71594abd0321448493f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits