Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: dff9ed60 by Thorsten Alteholz at 2023-12-10T00:25:45+01:00 mark CVEs for gpac as EOL in Buster - - - - - 52c1cae8 by Thorsten Alteholz at 2023-12-10T00:27:32+01:00 mark CVE-2023-49284 as no-dsa for Buster - - - - - 917a5171 by Thorsten Alteholz at 2023-12-10T00:38:00+01:00 mark CVE-2023-49464 CVE-2023-49463 CVE-2023-49462 CVE-2023-49460 as not-affected for Buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24,6 +24,7 @@ CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials NOT-FOR-US: IBM CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...) - gpac <unfixed> + [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2652 NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49 NOTE: https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521 @@ -31,6 +32,7 @@ CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 NOT-FOR-US: DrayTek Vigor167 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...) - gpac <unfixed> + [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2669 NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...) @@ -269,6 +271,7 @@ CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violati - libheif <unfixed> [bookworm] - libheif <no-dsa> (Minor issue) [bullseye] - libheif <no-dsa> (Minor issue) + [buster] - libheif <not-affected> (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1044 NOTE: https://github.com/strukturag/libheif/pull/1049 NOTE: https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 @@ -276,16 +279,19 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violati - libheif <unfixed> [bookworm] - libheif <no-dsa> (Minor issue) [bullseye] - libheif <no-dsa> (Minor issue) + [buster] - libheif <not-affected> (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1042 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif <unfixed> [bookworm] - libheif <no-dsa> (Minor issue) [bullseye] - libheif <no-dsa> (Minor issue) + [buster] - libheif <not-affected> (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1043 CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif <unfixed> [bookworm] - libheif <no-dsa> (Minor issue) [bullseye] - libheif <no-dsa> (Minor issue) + [buster] - libheif <not-affected> (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1046 CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) NOT-FOR-US: Tenda @@ -798,6 +804,7 @@ CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS, - fish <unfixed> (bug #1057455) [bookworm] - fish <no-dsa> (Minor issue) [bullseye] - fish <no-dsa> (Minor issue) + [buster] - fish <no-dsa> (Minor issue) NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f NOTE: https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 (3.6.2) CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to request chang ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68e140b27ee90086aed7c0a2f35d998587eb27b0...917a51719f847fc8d75dfdd0a210f43d636af528 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits