[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c629532 by Moritz Mühlenhoff at 2022-08-15T00:24:59+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9906,6 +9906,7 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...) NOT-FOR-US: totd CVE-2022-34294 RESERVED + NOT-FOR-US: totd CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) - wolfssl (bug #1016981) NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 @@ -10676,16 +10677,22 @@ CVE-2017-20082 (A vulnerability, which was classified as problematic, has been f NOT-FOR-US: JUNG Smart Visu Server CVE-2022-33993 RESERVED + NOT-FOR-US: dnrd CVE-2022-33992 RESERVED + NOT-FOR-US: dnrd CVE-2022-33991 RESERVED + NOT-FOR-US: dproxy CVE-2022-33990 RESERVED + NOT-FOR-US: dproxy CVE-2022-33989 RESERVED + NOT-FOR-US: dproxy CVE-2022-33988 RESERVED + NOT-FOR-US: dproxy CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...) - node-got 11.8.3+~cs58.7.37-3 (bug #1013264) [bullseye] - node-got 11.8.1+~cs53.13.17-3+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c629532c9e8a4500ad4c68f6438444df9f9fb7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c629532c9e8a4500ad4c68f6438444df9f9fb7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1cf1b0ed by Moritz Mühlenhoff at 2022-08-14T23:43:55+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,11 +5,11 @@ CVE-2022-2815 CVE-2022-2814 RESERVED CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2022-2812 (A vulnerability classified as critical was found in SourceCodester Gue ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2022-2811 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2022-2810 RESERVED CVE-2022-38216 @@ -5622,7 +5622,7 @@ CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class CVE-2022-35955 RESERVED CVE-2022-35954 (The GitHub Actions ToolKit provides a set of packages to make creating ...) - TODO: check + NOT-FOR-US: GitHub Actions ToolKit CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking about ...) NOT-FOR-US: BookWyrm CVE-2022-35952 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf1b0ed2385d1b3034d3cc0486cac8e7ada202f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf1b0ed2385d1b3034d3cc0486cac8e7ada202f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add salt package
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bee9630 by Anton Gladky at 2022-08-14T22:50:11+02:00 LTS: add salt package - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -64,6 +64,12 @@ nodejs puma (Abhijith PA) NOTE: 20220801: Programming language: Ruby. -- +salt + NOTE: 20220814: Programming language: Python + NOTE: 20220814: Packages is not in the supported packages by us. + NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues + NOTE: 20220814: without backporting a newer verion. (Anton) +-- schroot (carnil) NOTE: 20220813: Programming language: C++ NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bee963004dc89ba33f39db8a602ec8806a4d96e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bee963004dc89ba33f39db8a602ec8806a4d96e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add maven-shared-utils
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 32e2ff0e by Anton Gladky at 2022-08-14T22:36:06+02:00 LTS: add maven-shared-utils - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -42,6 +42,13 @@ kopanocore (Andreas Rönnquist) NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- +maven-shared-utils + NOTE: 20220813: Programming language: Java + NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils + NOTE: 20220813: Maintainer notes: Markus is active in the Java team + NOTE: 20220813: Special attention: Relatively high popcon + NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton) +-- linux (Ben Hutchings) -- mediawiki (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e2ff0e0d1761649d35af7a91158318a022b8b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e2ff0e0d1761649d35af7a91158318a022b8b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c652740e by security tracker role at 2022-08-14T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,15 @@ -CVE-2022-2813 +CVE-2022-38217 RESERVED -CVE-2022-2812 +CVE-2022-2815 RESERVED -CVE-2022-2811 +CVE-2022-2814 RESERVED +CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2022-2812 (A vulnerability classified as critical was found in SourceCodester Gue ...) + TODO: check +CVE-2022-2811 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check CVE-2022-2810 RESERVED CVE-2022-38216 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c652740e072d220c3f4e7cfb97469d1bafff4dd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c652740e072d220c3f4e7cfb97469d1bafff4dd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2587
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 458c7c3b by Salvatore Bonaccorso at 2022-08-14T20:04:09+02:00 Add CVE-2022-2587 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2969,7 +2969,7 @@ CVE-2022-2588 NOTE: https://lore.kernel.org/netdev/20220809170518.164662-1-casca...@canonical.com/T/#u NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6 CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome on Chro ...) - TODO: check + - chromium (Chrome on Chrome OS) CVE-2022-2586 RESERVED - linux 5.18.16-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/458c7c3b316edbe6afe84e342518c629783bbfff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/458c7c3b316edbe6afe84e342518c629783bbfff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72bcf724 by Salvatore Bonaccorso at 2022-08-14T20:00:10+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1903,7 +1903,7 @@ CVE-2022-37425 CVE-2022-37424 RESERVED CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...) - TODO: check + NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher) CVE-2022-37422 RESERVED CVE-2022-37421 @@ -5510,7 +5510,7 @@ CVE-2022-36009 CVE-2022-36008 RESERVED CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) - TODO: check + NOT-FOR-US: Venice CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) NOT-FOR-US: Arvados CVE-2022-36005 @@ -5602,7 +5602,7 @@ CVE-2022-35963 CVE-2022-35962 RESERVED CVE-2022-35961 (OpenZeppelin Contracts is a library for secure smart contract developm ...) - TODO: check + NOT-FOR-US: OpenZeppelin CVE-2022-35960 RESERVED CVE-2022-35959 @@ -5644,7 +5644,7 @@ CVE-2022-35944 CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...) - codeigniter (bug #471583) CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...) - TODO: check + NOT-FOR-US: PostgreSQL connector for LoopBack CVE-2022-35941 RESERVED CVE-2022-35940 @@ -6364,7 +6364,7 @@ CVE-2022-2392 CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...) NOT-FOR-US: WordPress plugin CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...) - TODO: check + NOT-FOR-US: Apps developed with Google Play Services SDK CVE-2022-2389 RESERVED CVE-2022-2388 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72bcf72412be3950a2063999c9c77f92533fc7e5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72bcf72412be3950a2063999c9c77f92533fc7e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f62af8c8 by Salvatore Bonaccorso at 2022-08-14T17:40:36+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5512,7 +5512,7 @@ CVE-2022-36008 CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) TODO: check CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) - TODO: check + NOT-FOR-US: Arvados CVE-2022-36005 RESERVED CVE-2022-36004 @@ -5564,7 +5564,7 @@ CVE-2022-35982 CVE-2022-35981 RESERVED CVE-2022-35980 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...) - TODO: check + NOT-FOR-US: OpenSearch Security plugin for OpenSearch CVE-2022-35979 RESERVED CVE-2022-35978 @@ -5608,7 +5608,7 @@ CVE-2022-35960 CVE-2022-35959 RESERVED CVE-2022-35958 (Discourse is a 100% open source discussion platform. A malicious user ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-35957 RESERVED CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class that a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f62af8c8130f21c3f8cb1ff693a2aa54d2f8589f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f62af8c8130f21c3f8cb1ff693a2aa54d2f8589f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7991580b by security tracker role at 2022-08-14T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2022-2813 + RESERVED +CVE-2022-2812 + RESERVED +CVE-2022-2811 + RESERVED CVE-2022-2810 RESERVED CVE-2022-38216 @@ -5503,10 +5509,10 @@ CVE-2022-36009 RESERVED CVE-2022-36008 RESERVED -CVE-2022-36007 - RESERVED -CVE-2022-36006 - RESERVED +CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) + TODO: check +CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) + TODO: check CVE-2022-36005 RESERVED CVE-2022-36004 @@ -5595,22 +5601,22 @@ CVE-2022-35963 RESERVED CVE-2022-35962 RESERVED -CVE-2022-35961 - RESERVED +CVE-2022-35961 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + TODO: check CVE-2022-35960 RESERVED CVE-2022-35959 RESERVED -CVE-2022-35958 - RESERVED +CVE-2022-35958 (Discourse is a 100% open source discussion platform. A malicious user ...) + TODO: check CVE-2022-35957 RESERVED CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class that a ...) TODO: check CVE-2022-35955 RESERVED -CVE-2022-35954 - RESERVED +CVE-2022-35954 (The GitHub Actions ToolKit provides a set of packages to make creating ...) + TODO: check CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking about ...) NOT-FOR-US: BookWyrm CVE-2022-35952 @@ -5623,8 +5629,7 @@ CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.` - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 NOTE: https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (v5.8.2) -CVE-2022-35948 - RESERVED +CVE-2022-35948 (undici is an HTTP/1.1 client, written from scratch for Node.js.`= ...) - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 NOTE: https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7991580b30d1623a778dfacfd5bc8839c7da37ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7991580b30d1623a778dfacfd5bc8839c7da37ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: assign schroot
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 41d943ba by Anton Gladky at 2022-08-14T10:02:09+02:00 LTS: assign schroot - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -57,7 +57,7 @@ nodejs puma (Abhijith PA) NOTE: 20220801: Programming language: Ruby. -- -schroot +schroot (carnil) NOTE: 20220813: Programming language: C++ NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/ NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d943ba2963e86ebd2e9602a73cba86577b373f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d943ba2963e86ebd2e9602a73cba86577b373f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim puma
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 98264ee4 by Abhijith PA at 2022-08-14T12:20:17+05:30 data/dla-needed.txt: claim puma - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,7 +54,7 @@ nodejs NOTE: 20220801: Programming language: JavaScript. NOTE: 20220801: one of the upstream fixes doesn't address the security issue -- -puma +puma (Abhijith PA) NOTE: 20220801: Programming language: Ruby. -- schroot View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98264ee48ca26027049e887f8bfdd5d11246df89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98264ee48ca26027049e887f8bfdd5d11246df89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits