[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4121/libetpan
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09c86d39 by Salvatore Bonaccorso at 2022-11-29T08:45:49+01:00 Add CVE-2022-4121/libetpan - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1123,8 +1123,10 @@ CVE-2022-45787 RESERVED CVE-2022-45786 RESERVED -CVE-2022-4121 +CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c] RESERVED + - libetpan + NOTE: https://github.com/dinhvh/libetpan/issues/420 CVE-2022-4120 RESERVED CVE-2022-4119 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c86d39b8f2b9ff01563e65329588e27fa4b8d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c86d39b8f2b9ff01563e65329588e27fa4b8d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-45197/slixmpp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5bf41a52 by Salvatore Bonaccorso at 2022-11-29T08:40:48+01:00 Add CVE-2022-45197/slixmpp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2970,8 +2970,10 @@ CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpe [bullseye] - ffmpeg (Wait until it lands in 4.1.x) [buster] - ffmpeg (Wait until it lands in 4.1.x) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 -CVE-2022-45197 +CVE-2022-45197 [missing certificate hostname validation] RESERVED + - slixmpp 1.8.3-1 + NOTE: https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa (slix-1.8.3) CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...) NOT-FOR-US: Hyperledger Fabric CVE-2022-45195 (SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bf41a52a6b6b042b7dbae8037ac845a16cd2184 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bf41a52a6b6b042b7dbae8037ac845a16cd2184 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-3559/exim4: Reference upstream issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08696132 by Salvatore Bonaccorso at 2022-11-29T08:32:57+01:00 CVE-2022-3559/exim4: Reference upstream issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11428,6 +11428,7 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. - exim4 4.96-4 [bullseye] - exim4 (Minor issue) [buster] - exim4 (Minor issue) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2915 NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0869613218321bb88c7e70ebf72ef4a91976d67e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0869613218321bb88c7e70ebf72ef4a91976d67e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2013-4235: Reference regression fixes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d0abc1f by Salvatore Bonaccorso at 2022-11-29T08:29:56+01:00 CVE-2013-4235: Reference regression fixes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -477425,13 +477425,16 @@ CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when co - shadow 1:4.12.3+dfsg1-1 (unimportant; bug #778950) NOTE: https://github.com/shadow-maint/shadow/issues/317 NOTE: https://github.com/shadow-maint/shadow/pull/545 - NOTE: https://github.com/shadow-maint/shadow/commit/e9ae247cb14f977d8881f481488843b10665dba8 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/f6f8bcd2a57c06983296485cc028ebdf467ebfd7 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/dab764d0195fc16d1d39330eee8a33e8917826d8 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/1d281273b149f2bb992d893d8ca9ddc95cc8 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/f606314f0c22fb5d13e5af17a70860d57559e808 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/6cbec2d0aa29d6d25e9eed007ded4e79eb637519 (4.12.2) - NOTE: https://github.com/shadow-maint/shadow/commit/faeab50e710131816b261de66141524898c2c487 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e9ae247cb14f977d8881f481488843b10665dba8 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/f6f8bcd2a57c06983296485cc028ebdf467ebfd7 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/dab764d0195fc16d1d39330eee8a33e8917826d8 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d281273b149f2bb992d893d8ca9ddc95cc8 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/f606314f0c22fb5d13e5af17a70860d57559e808 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/6cbec2d0aa29d6d25e9eed007ded4e79eb637519 (4.12.2) + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/faeab50e710131816b261de66141524898c2c487 (4.12.2) + NOTE: Regression fix: https://github.com/shadow-maint/shadow/commit/f3bdb28e57e5e38c1e89347976c7d61a181eec32 (4.13) + NOTE: Regression fix: https://github.com/shadow-maint/shadow/commit/10cd68e0f04b48363eb32d2c6e168b358fb27810 (4.13) + NOTE: Regression fix: https://github.com/shadow-maint/shadow/commit/cde221b8587193f9dc300c0799a530e846c75961 (4.13) CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...) {DSA-2751-1} - libmodplug 1:0.8.8.4-4 (bug #719462) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d0abc1fa56931ea7a920a22b16f845581bdf1bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d0abc1fa56931ea7a920a22b16f845581bdf1bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2013-4235/shadow
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77f1ac59 by Salvatore Bonaccorso at 2022-11-29T08:25:22+01:00 Update status for CVE-2013-4235/shadow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -477422,7 +477422,16 @@ CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...) - vdsm (bug #668538) CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...) - - shadow (unimportant; bug #778950) + - shadow 1:4.12.3+dfsg1-1 (unimportant; bug #778950) + NOTE: https://github.com/shadow-maint/shadow/issues/317 + NOTE: https://github.com/shadow-maint/shadow/pull/545 + NOTE: https://github.com/shadow-maint/shadow/commit/e9ae247cb14f977d8881f481488843b10665dba8 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/f6f8bcd2a57c06983296485cc028ebdf467ebfd7 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/dab764d0195fc16d1d39330eee8a33e8917826d8 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/1d281273b149f2bb992d893d8ca9ddc95cc8 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/f606314f0c22fb5d13e5af17a70860d57559e808 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/6cbec2d0aa29d6d25e9eed007ded4e79eb637519 (4.12.2) + NOTE: https://github.com/shadow-maint/shadow/commit/faeab50e710131816b261de66141524898c2c487 (4.12.2) CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...) {DSA-2751-1} - libmodplug 1:0.8.8.4-4 (bug #719462) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77f1ac59f8efe8d99f7b3822f2439c1767485a5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77f1ac59f8efe8d99f7b3822f2439c1767485a5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-2785{3,4} and CVE-2021-2786{1,2}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 249fdfb1 by Salvatore Bonaccorso at 2022-11-29T08:06:47+01:00 Update status for CVE-2021-2785{3,4} and CVE-2021-2786{1,2} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -123531,9 +123531,15 @@ CVE-2021-27864 CVE-2021-27863 RESERVED CVE-2021-27862 (Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...) - TODO: check, potentially needs to be tracked for src:linux + NOTE: https://kb.cert.org/vuls/id/855201 + NOTE: https://blog.champtar.fr/VLAN0_LLC_SNAP/ + NOTE: Linux kernel behaves as expected, it's the user space responsibility to build + NOTE: correct filtering rules. CVE-2021-27861 (Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...) - TODO: check, potentially needs to be tracked for src:linux + NOTE: https://kb.cert.org/vuls/id/855201 + NOTE: https://blog.champtar.fr/VLAN0_LLC_SNAP/ + NOTE: Linux kernel behaves as expected, it's the user space responsibility to build + NOTE: correct filtering rules. CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...) NOT-FOR-US: FatPipe CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...) @@ -123547,9 +123553,15 @@ CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2 CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...) NOT-FOR-US: FatPipe CVE-2021-27854 (Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...) - TODO: check, potentially needs to be tracked for src:linux + NOTE: https://kb.cert.org/vuls/id/855201 + NOTE: https://blog.champtar.fr/VLAN0_LLC_SNAP/ + NOTE: Linux kernel behaves as expected, it's the user space responsibility to build + NOTE: correct filtering rules. CVE-2021-27853 (Layer 2 network filtering capabilities such as IPv6 RA guard or ARP in ...) - TODO: check, potentially needs to be tracked for src:linux + NOTE: https://kb.cert.org/vuls/id/855201 + NOTE: https://blog.champtar.fr/VLAN0_LLC_SNAP/ + NOTE: Linux kernel behaves as expected, it's the user space responsibility to build + NOTE: correct filtering rules. CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of ...) NOT-FOR-US: Checkbox Survey CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249fdfb1d8dc93fc190810bb97bb4c8d16e620af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249fdfb1d8dc93fc190810bb97bb4c8d16e620af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: LTS: add libarchive to dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b9472f0 by Anton Gladky at 2022-11-28T23:14:05+01:00 LTS: add libarchive to dla-needed.txt - - - - - 9ec5d38c by Anton Gladky at 2022-11-28T23:14:05+01:00 LTS: add libpgjava to dla-needed.txt - - - - - d6fdd7de by Anton Gladky at 2022-11-28T23:14:05+01:00 LTS: add nextcloud-desktop to dla-needed.txt - - - - - a24776ed by Anton Gladky at 2022-11-28T23:14:05+01:00 LTS: add vim to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -105,6 +105,10 @@ lava libapreq2 NOTE: 20221031: Programming language: C. -- +libarchive + NOTE: 20221128: Programming language: C. + NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/libarchive.git +-- libcommons-jxpath-java NOTE: 20221027: Programming language: Java. NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream discussion. See CVE-2022-41852 for pull requests. @@ -114,6 +118,12 @@ libde265 NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk) NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk) -- +libpgjava + NOTE: 20221128: Programming language: Java. + NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/libpgjava.git + NOTE: 20221128: Please check, whether CVE-2022-41946 affects modern systems (gladk). + NOTE: 20221128: If not - please mark it as (gladk). +-- libreoffice NOTE: 20221012: Programming language: C++. -- @@ -153,6 +163,11 @@ netatalk (gladk) NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) -- +nextcloud-desktop + NOTE: 20221128: Programming language: C++. + NOTE: 20221128: VCS: https://salsa.debian.org/owncloud-team/nextcloud-desktop + NOTE: 20221128: Please coordinate with maintainer the usage of their git-repo (gladk). +-- node-cached-path-relative NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.3 (Beuc/front-desk) @@ -318,6 +333,11 @@ trafficserver NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith) NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith) -- +vim + NOTE: 20221128: Programming language: C. + NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/vim.git + NOTE: 20221128: Please wait till at least several CVEs appear before upload (gladk). +-- virglrenderer (Thorsten Alteholz) NOTE: 20221009: Programming language: C. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/540aab09498e193c6b6058b811192049e3004270...a24776ed8ea4dd477fb2103df1af4f48d1519b4a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/540aab09498e193c6b6058b811192049e3004270...a24776ed8ea4dd477fb2103df1af4f48d1519b4a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 540aab09 by Salvatore Bonaccorso at 2022-11-28T22:21:24+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6220,11 +6220,11 @@ CVE-2022-44403 (Automotive Shop Management System v1.0 is vulnerable to SQL Inje CVE-2022-44402 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44401 (Online Tours Travels Management System v1.0 contains an arbitrar ...) - TODO: check + NOT-FOR-US: Online Tours & Travels Management System CVE-2022-44400 (Purchase Order Management System v1.0 contains a file upload vulnerabi ...) - TODO: check + NOT-FOR-US: Purchase Order Management System CVE-2022-44399 (Poultry Farm Management System v1.0 contains a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: Poultry Farm Management System CVE-2022-44398 RESERVED CVE-2022-44397 @@ -6454,9 +6454,9 @@ CVE-2022-44286 CVE-2022-44285 RESERVED CVE-2022-44284 (Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Sit ...) - TODO: check + NOT-FOR-US: Dinstar FXO Analog VoIP Gateway DAG2000-16O CVE-2022-44283 (AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. ...) - TODO: check + NOT-FOR-US: AVS Audio Converter CVE-2022-44282 RESERVED CVE-2022-44281 @@ -13058,7 +13058,7 @@ CVE-2022-42447 CVE-2022-42446 RESERVED CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...) - TODO: check + NOT-FOR-US: HCL CVE-2022-42444 RESERVED CVE-2022-42443 @@ -14185,7 +14185,7 @@ CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected ver CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...) NOT-FOR-US: super-xray CVE-2022-41944 (Discourse is an open-source discussion platform. In stable versions pr ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...) NOT-FOR-US: Sourcegraph CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...) @@ -14231,7 +14231,7 @@ CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege es CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...) - yii (bug #597899) CVE-2022-41921 (Discourse is an open-source discussion platform. Prior to version 2.9. ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...) NOT-FOR-US: Lancet CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) @@ -29303,7 +29303,7 @@ CVE-2022-36195 CVE-2022-36194 (Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the ...) - centreon-web (bug #913903) CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: School Management System CVE-2022-36192 RESERVED CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540aab09498e193c6b6058b811192049e3004270 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540aab09498e193c6b6058b811192049e3004270 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-45869/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18f9f537 by Salvatore Bonaccorso at 2022-11-28T22:02:51+01:00 Add CVE-2022-45869/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -889,8 +889,12 @@ CVE-2022-45871 RESERVED CVE-2022-45870 RESERVED -CVE-2022-45869 +CVE-2022-45869 [KVM: x86/mmu: Fix race condition in direct_page_fault] RESERVED + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/47b0c2e4c220f2251fd8dcfbb44479819c715e15 (6.1-rc7) CVE-2022-45868 (The web-based admin console in H2 Database Engine through 2.1.214 can ...) - h2database (unimportant) NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords should never be View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f9f5373f7d121802a762514e4c55dc2940d16d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f9f5373f7d121802a762514e4c55dc2940d16d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Associate CVE-2022-361{79,80} with fusiondirectory
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee63691a by Salvatore Bonaccorso at 2022-11-28T21:48:32+01:00 Associate CVE-2022-361{79,80} with fusiondirectory - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29338,9 +29338,11 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which al CVE-2022-36181 RESERVED CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...) - NOT-FOR-US: Fusiondirectory + - fusiondirectory + NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. ...) - NOT-FOR-US: Fusiondirectory + - fusiondirectory + NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ CVE-2022-36178 RESERVED CVE-2022-36177 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee63691a0c47a752370b654d724b85dd4e4132ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee63691a0c47a752370b654d724b85dd4e4132ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e518c535 by Salvatore Bonaccorso at 2022-11-28T21:41:50+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4166,7 +4166,7 @@ CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload i - nomad (Only affects 1.4) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167 CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3864 RESERVED CVE-2022-3863 @@ -5412,13 +5412,13 @@ CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site CVE-2022-3851 RESERVED CVE-2022-3850 (The Find and Replace All WordPress plugin before 1.3 does not have CSR ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3849 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44643 RESERVED CVE-2022-44642 @@ -5517,7 +5517,7 @@ CVE-2022-3841 CVE-2022-3840 RESERVED CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3838 RESERVED CVE-2022-3837 @@ -5527,19 +5527,19 @@ CVE-2022-3836 CVE-2022-3835 RESERVED CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3832 RESERVED CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3830 RESERVED CVE-2022-3829 RESERVED CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...) - centreon-web (bug #913903) CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified as pro ...) @@ -5547,11 +5547,11 @@ CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified a CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as critical ...) NOT-FOR-US: Huaxia ERP CVE-2022-3824 (The WP Admin UI Customize WordPress plugin before 1.5.13 does not sani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...) - systemd 251.3-1 [bullseye] - systemd (Minor issue) @@ -6093,9 +6093,9 @@ CVE-2022-3771 (A vulnerability, which was classified as critical, has been found CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...) NOT-FOR-US: Yunjing CMS CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3767 RESERVED - gitlab @@ -9386,7 +9386,7 @@ CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7. CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-43760 @@ -10312,7 +10312,7 @@ CVE-2022-3612 CVE-2022-3611 RESERVED CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5172efbe by security tracker role at 2022-11-28T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,311 @@ +CVE-2022-46265 + RESERVED +CVE-2022-46264 + RESERVED +CVE-2022-46263 + RESERVED +CVE-2022-46262 + RESERVED +CVE-2022-46261 + RESERVED +CVE-2022-46260 + RESERVED +CVE-2022-46259 + RESERVED +CVE-2022-46258 + RESERVED +CVE-2022-46257 + RESERVED +CVE-2022-46256 + RESERVED +CVE-2022-46255 + RESERVED +CVE-2022-46254 + RESERVED +CVE-2022-46253 + RESERVED +CVE-2022-46252 + RESERVED +CVE-2022-46251 + RESERVED +CVE-2022-46250 + RESERVED +CVE-2022-46249 + RESERVED +CVE-2022-46248 + RESERVED +CVE-2022-46247 + RESERVED +CVE-2022-46246 + RESERVED +CVE-2022-46245 + RESERVED +CVE-2022-46244 + RESERVED +CVE-2022-46243 + RESERVED +CVE-2022-46242 + RESERVED +CVE-2022-46241 + RESERVED +CVE-2022-46240 + RESERVED +CVE-2022-46239 + RESERVED +CVE-2022-46238 + RESERVED +CVE-2022-46237 + RESERVED +CVE-2022-46236 + RESERVED +CVE-2022-46235 + RESERVED +CVE-2022-46234 + RESERVED +CVE-2022-46233 + RESERVED +CVE-2022-46232 + RESERVED +CVE-2022-46231 + RESERVED +CVE-2022-46230 + RESERVED +CVE-2022-46229 + RESERVED +CVE-2022-46228 + RESERVED +CVE-2022-46227 + RESERVED +CVE-2022-46226 + RESERVED +CVE-2022-46225 + RESERVED +CVE-2022-46224 + RESERVED +CVE-2022-46223 + RESERVED +CVE-2022-46222 + RESERVED +CVE-2022-46221 + RESERVED +CVE-2022-46220 + RESERVED +CVE-2022-46219 + RESERVED +CVE-2022-46218 + RESERVED +CVE-2022-46217 + RESERVED +CVE-2022-46216 + RESERVED +CVE-2022-46215 + RESERVED +CVE-2022-46214 + RESERVED +CVE-2022-46213 + RESERVED +CVE-2022-46212 + RESERVED +CVE-2022-46211 + RESERVED +CVE-2022-46210 + RESERVED +CVE-2022-46209 + RESERVED +CVE-2022-46208 + RESERVED +CVE-2022-46207 + RESERVED +CVE-2022-46206 + RESERVED +CVE-2022-46205 + RESERVED +CVE-2022-46204 + RESERVED +CVE-2022-46203 + RESERVED +CVE-2022-46202 + RESERVED +CVE-2022-46201 + RESERVED +CVE-2022-46200 + RESERVED +CVE-2022-46199 + RESERVED +CVE-2022-46198 + RESERVED +CVE-2022-46197 + RESERVED +CVE-2022-46196 + RESERVED +CVE-2022-46195 + RESERVED +CVE-2022-46194 + RESERVED +CVE-2022-46193 + RESERVED +CVE-2022-46192 + RESERVED +CVE-2022-46191 + RESERVED +CVE-2022-46190 + RESERVED +CVE-2022-46189 + RESERVED +CVE-2022-46188 + RESERVED +CVE-2022-46187 + RESERVED +CVE-2022-46186 + RESERVED +CVE-2022-46185 + RESERVED +CVE-2022-46184 + RESERVED +CVE-2022-46183 + RESERVED +CVE-2022-46182 + RESERVED +CVE-2022-46181 + RESERVED +CVE-2022-46180 + RESERVED +CVE-2022-46179 + RESERVED +CVE-2022-46178 + RESERVED +CVE-2022-46177 + RESERVED +CVE-2022-46176 + RESERVED +CVE-2022-46175 + RESERVED +CVE-2022-46174 + RESERVED +CVE-2022-46173 + RESERVED +CVE-2022-46172 + RESERVED +CVE-2022-46171 + RESERVED +CVE-2022-46170 + RESERVED +CVE-2022-46169 + RESERVED +CVE-2022-46168 + RESERVED +CVE-2022-46167 + RESERVED +CVE-2022-46166 + RESERVED +CVE-2022-46165 + RESERVED +CVE-2022-46164 + RESERVED +CVE-2022-46163 + RESERVED +CVE-2022-46162 + RESERVED +CVE-2022-46161 + RESERVED +CVE-2022-46160 + RESERVED +CVE-2022-46159 + RESERVED +CVE-2022-46158 + RESERVED +CVE-2022-46157 + RESERVED +CVE-2022-46156 + RESERVED +CVE-2022-46155 + RESERVED +CVE-2022-46154 + RESERVED +CVE-2022-46153 + RESERVED +CVE-2022-46152 + RESERVED +CVE-2022-46151 + RESERVED +CVE-2022-46150 + RESERVED +CVE-2022-46149 + RESERVED +CVE-2022-46148 + RESERVED +CVE-2022-46147 + RESERVED +CVE-2022-46146 + RESERVED +CVE-2022-46145 + RESERVED +CVE-2022-46144 + RESERVED +CVE-2022-46143 + RESERVED +CVE-2022-46142 + RESERVED +CVE-2022-46141 + RESERVED +CVE-2022-46140 + RESERVED +CVE-2022-44620 + RESERVED +CVE-2022-44606 + RESERVED +CVE-2022-43464 + RESERVED +CVE-2022-4171 + RESERVED +CVE-2022-4170 + RESERVED +CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to authori ...) + TODO: check +CVE-2022-4168 + RESERVED +CVE-2022-4167 + RESERVED +CVE-2022-4166 + RESERVED +CVE-2022-4165 + RESERVED +CVE-2022-4164 + RESERVED +CVE-2022-4163 + RESERVED +CVE-2022-4162 +
[Git][security-tracker-team/security-tracker][master] mujs DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e39f9250 by Moritz Mühlenhoff at 2022-11-28T20:29:41+01:00 mujs DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -43324,13 +43324,11 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf NOTE: to not open that issue. CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) - mujs 1.2.0-3 - [bullseye] - mujs (Minor issue) NOTE: https://github.com/ccxvii/mujs/issues/161 NOTE: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec NOTE: https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) - mujs 1.2.0-3 - [bullseye] - mujs (Minor issue) NOTE: https://github.com/ccxvii/mujs/issues/162 NOTE: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61 NOTE: https://github.com/ccxvii/mujs/commit/799b62bf065b006e2bcb1c80044eab2b10412ecf = data/DSA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DSA-5291-1 mujs - security update + {CVE-2022-30974 CVE-2022-30975 CVE-2022-44789} + [bullseye] - mujs 1.1.0-1+deb11u2 [28 Nov 2022] DSA-5290-1 commons-configuration2 - security update {CVE-2022-33980} [bullseye] - commons-configuration2 2.8.0-1~deb11u1 = data/dsa-needed.txt = @@ -29,8 +29,6 @@ netatalk -- nodejs -- -mujs (jmm) --- multipath-tools -- openexr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39f9250feb26647c88fada2ce951e0f12d098b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39f9250feb26647c88fada2ce951e0f12d098b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-45939/emacs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76247beb by Salvatore Bonaccorso at 2022-11-28T19:53:35+01:00 Add Debian bug reference for CVE-2022-45939/emacs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -399,7 +399,7 @@ CVE-2022-45941 CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) - - emacs + - emacs (bug #1025009) NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76247bebe3e52122804f0592dcf3a572c2b6e083 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76247bebe3e52122804f0592dcf3a572c2b6e083 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Add xemacs21 as well for CVE-2022-45939"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc22f2b1 by Salvatore Bonaccorso at 2022-11-28T19:41:05+01:00 Revert Add xemacs21 as well for CVE-2022-45939 This reverts commit 66fdd56b866d7fd45eb6f415247d2130291e6478. Revert it for now as needs first further investigation if the 21.4.24 code base and earlier for xemacs is affected as well or where the issue has been introduced. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -400,7 +400,6 @@ CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) - emacs - - xemacs21 NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc22f2b1548a24bc7d0e76f9e47e5abc6cf65d9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc22f2b1548a24bc7d0e76f9e47e5abc6cf65d9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libraw ELTS triage
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 7246062f by Helmut Grohne at 2022-11-28T19:36:10+01:00 libraw ELTS triage Yeah, this doesnt really belong here. However, we need to remove conflicting declarations to allow adding them to the elts tracker without messing up the database. This is the bulk of changes. Im also adding commit references as this is independent of ELTS. Beyond this, two earlier DLAs have a wrong CVE list. DLA-2903-1 did not fix CVE-2017-16909. It contains a CVE-2017-16909.patch, which fixes a different vulnerability. DLA-1734-1 missed CVE-2018-5807 and CVE-2018-5810, which are fixed by the same commit that fixes CVE-2018-5808. Except for the commit id notes, none of this can be fixed in the elts tracker. - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -183005,7 +183005,6 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This [experimental] - libraw 0.20.0-1 - libraw 0.20.0-4 (bug #964747) [buster] - libraw (Minor issue) - [stretch] - libraw (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...) @@ -306475,15 +306474,11 @@ CVE-2018-10530 RESERVED CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...) - libraw 0.18.11-1 (low; bug #897186) - [stretch] - libraw (Vulnerable code not present) - [jessie] - libraw (Minor issue) [wheezy] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c NOTE: https://github.com/LibRaw/LibRaw/issues/144 CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...) - libraw 0.18.11-1 (low; bug #897185) - [stretch] - libraw (Vulnerable code not present) - [jessie] - libraw (Minor issue) [wheezy] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564 NOTE: https://github.com/LibRaw/LibRaw/issues/144 @@ -319914,8 +319909,8 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...) {DLA-2903-1} - libraw 0.18.13-1 (low) - [jessie] - libraw (Minor issue) NOTE: http://seclists.org/bugtraq/2018/Jul/58 + NOTE: https://github.com/LibRaw/LibRaw/commit/1334647862b0c90b2e8cb2f668e66627d9517b17 CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...) {DLA-1423-1 DLA-1422-1} - linux 4.16.12-1 @@ -319925,7 +319920,6 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...) {DLA-2903-1} - libraw 0.18.11-1 (low) - [jessie] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/ CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...) {DLA-2903-1} @@ -319942,6 +319936,7 @@ CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_ - libraw 0.18.11-1 [jessie] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...) - libraw 0.18.11-1 [stretch] - libraw (Vulnerable code not present) @@ -319958,21 +319953,22 @@ CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw - libraw 0.18.11-1 [jessie] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...) {DLA-2903-1} - libraw 0.18.8-1 (low) - [jessie] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 + NOTE: https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...) {DLA-2903-1} - libraw 0.18.8-1 (low) - [jessie] - libraw (Minor issue) NOTE:
[Git][security-tracker-team/security-tracker][master] Add xemacs21 as well for CVE-2022-45939
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 66fdd56b by Salvatore Bonaccorso at 2022-11-28T19:34:32+01:00 Add xemacs21 as well for CVE-2022-45939 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -400,6 +400,7 @@ CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) - emacs + - xemacs21 NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66fdd56b866d7fd45eb6f415247d2130291e6478 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66fdd56b866d7fd45eb6f415247d2130291e6478 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ceph fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fcb6922 by Moritz Muehlenhoff at 2022-11-28T16:47:30+01:00 ceph fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9520,7 +9520,7 @@ CVE-2022-3651 RESERVED CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit] RESERVED - - ceph (bug #1024932) + - ceph 16.2.10+ds-4 (bug #1024932) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1 NOTE: https://tracker.ceph.com/issues/57967 NOTE: https://github.com/ceph/ceph/pull/48713 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fcb69224b7f69bec9c669f864121c2a0630 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fcb69224b7f69bec9c669f864121c2a0630 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add DLA-3212-1 for twisted
Dominik George pushed to branch master at Debian Security Tracker / security-tracker Commits: df52ff8c by Dominik George at 2022-11-28T16:35:10+01:00 Add DLA-3212-1 for twisted - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DLA-3212-1 twisted - security update + {CVE-2022-39348} + [buster] - twisted 18.9.0-3+deb10u2 [28 Nov 2022] DLA-3211-1 frr - security update {CVE-2022-37032} [buster] - frr 6.0.2-2+deb10u2 = data/dla-needed.txt = @@ -318,9 +318,6 @@ trafficserver NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith) NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith) -- -twisted (Dominik George) - NOTE: 20221030: Programming language: Python. --- virglrenderer (Thorsten Alteholz) NOTE: 20221009: Programming language: C. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df52ff8ccf9fa2b7c7543aee84e58283d3031aa6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df52ff8ccf9fa2b7c7543aee84e58283d3031aa6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] puppetdb fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 98764ca4 by Moritz Muehlenhoff at 2022-11-28T16:03:34+01:00 puppetdb fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125123,7 +125123,7 @@ CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a tas NOTE: https://puppet.com/security/cve/CVE-2021-27022/ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) [experimental] - puppetdb 7.10.1-1 - - puppetdb (bug #990419) + - puppetdb 7.11.2-2 (bug #990419) [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/cve-2021-27021/ NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2 @@ -125134,7 +125134,7 @@ CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing us - puppet (Only affects Puppet Enterprise) CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...) [experimental] - puppetdb 7.10.1-1 - - puppetdb + - puppetdb 7.11.2-2 [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2021-27019/ CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...) @@ -204426,7 +204426,7 @@ CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0 CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (Doesn't affect Puppet masters (passenger-based) in Debian) [experimental] - puppetdb 7.10.1-1 - - puppetdb (low) + - puppetdb 7.11.2-2 (low) [buster] - puppetdb (Minor issue) - puppetserver (bug #830904) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98764ca44517f06df5c4a84639dec639bd6ac789 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98764ca44517f06df5c4a84639dec639bd6ac789 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3211-1 for frr
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ea21e87 by Chris Lamb at 2022-11-28T11:42:04+00:00 Reserve DLA-3211-1 for frr - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DLA-3211-1 frr - security update + {CVE-2022-37032} + [buster] - frr 6.0.2-2+deb10u2 [28 Nov 2022] DLA-3210-1 gerbv - security update {CVE-2021-40401 CVE-2021-40403} [buster] - gerbv 2.7.0-1+deb10u2 = data/dla-needed.txt = @@ -44,9 +44,6 @@ exiv2 firmware-nonfree (Markus Koschany) NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. -- -frr (Chris Lamb) - NOTE: 20220923: Programming language: C. --- fwupd (Stefano Rivera) NOTE: 20221003: Programming language: C++. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea21e87380abf81c483af54b473b6e64eef5b49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea21e87380abf81c483af54b473b6e64eef5b49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5290-1 commons-configuration2
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ff4a499 by Markus Koschany at 2022-11-28T12:26:39+01:00 Reserve DSA-5290-1 commons-configuration2 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DSA-5290-1 commons-configuration2 - security update + {CVE-2022-33980} + [bullseye] - commons-configuration2 2.8.0-1~deb11u1 [27 Nov 2022] DSA-5289-1 chromium - security update {CVE-2022-4135} [bullseye] - chromium 107.0.5304.121-1~deb11u1 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -commons-configuration2 (apo) -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff4a499ffe70304f5c3e826cbf684cd28a3c70c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff4a499ffe70304f5c3e826cbf684cd28a3c70c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3210-1 for gerbv
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 633698f5 by Chris Lamb at 2022-11-28T11:12:39+00:00 Reserve DLA-3210-1 for gerbv - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DLA-3210-1 gerbv - security update + {CVE-2021-40401 CVE-2021-40403} + [buster] - gerbv 2.7.0-1+deb10u2 [28 Nov 2022] DLA-3209-1 ini4j - security update {CVE-2022-41404} [buster] - ini4j 0.5.4-1~deb10u1 = data/dla-needed.txt = @@ -50,9 +50,6 @@ frr (Chris Lamb) fwupd (Stefano Rivera) NOTE: 20221003: Programming language: C++. -- -gerbv (Chris Lamb) - NOTE: 20220923: Programming language: C. --- git NOTE: 20221031: Programming language: C. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/git.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/633698f5046d417c20fc1bbe6d0383d823c2d35c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/633698f5046d417c20fc1bbe6d0383d823c2d35c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] freerdp2 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: da350964 by Moritz Muehlenhoff at 2022-11-28T12:09:09+01:00 freerdp2 fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14014,7 +14014,7 @@ CVE-2022-41879 (Parse Server is an open source backend that can be deployed to a CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h @@ -20180,7 +20180,7 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1) CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg @@ -20243,29 +20243,29 @@ CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content man CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...) NOT-FOR-US: GitHub Actions Runner CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...) - - freerdp2 (bug #1024511) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da350964d1ad3262ed5c45346f8682c980f166a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da350964d1ad3262ed5c45346f8682c980f166a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3209-1 for ini4j
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9dc57b5b by Markus Koschany at 2022-11-28T11:08:10+01:00 Reserve DLA-3209-1 for ini4j - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[28 Nov 2022] DLA-3209-1 ini4j - security update + {CVE-2022-41404} + [buster] - ini4j 0.5.4-1~deb10u1 [27 Nov 2022] DLA-3208-1 varnish - security update {CVE-2020-11653 CVE-2022-45060} [buster] - varnish 6.1.1-1+deb10u4 = data/dla-needed.txt = @@ -89,10 +89,6 @@ imagemagick (Roberto C. Sánchez) NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git NOTE: 20220904: Should be synced with Stretch. (apo) -- -ini4j (Markus Koschany) - NOTE: 20221012: Programming language: Java. - NOTE: 20221012: Require investigation (lamby) --- jhead (Markus Koschany) NOTE: 20221031: Programming language: C. NOTE: 20221031: Note that multiple options are vulnerable. The attacker have to trick someone to execute the command but arbitrary code exectuion is not good.. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc57b5b6216f8efc8485acaacfea76543a45aa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc57b5b6216f8efc8485acaacfea76543a45aa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f4ed6a1 by Moritz Muehlenhoff at 2022-11-28T11:05:45+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -454,7 +454,7 @@ CVE-2022-45916 CVE-2022-45915 RESERVED CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...) - TODO: check + NOT-FOR-US: ESL (Electronic Shelf Label) protocol CVE-2022-45913 RESERVED CVE-2022-45912 @@ -467,9 +467,9 @@ CVE-2022-4145 CVE-2022-45910 RESERVED CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...) - TODO: check + NOT-FOR-US: drachtio-server CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - pytorch (bug #1024903) [bullseye] - pytorch (Minor issue) @@ -13845,7 +13845,7 @@ CVE-2022-41956 CVE-2022-41955 RESERVED CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...) - TODO: check + NOT-FOR-US: MPXJ CVE-2022-41953 RESERVED CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...) @@ -13880,7 +13880,7 @@ CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior t CVE-2022-41941 RESERVED CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...) - TODO: check + NOT-FOR-US: Engine.io CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) NOT-FOR-US: knative.dev/func CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) @@ -13908,13 +13908,13 @@ CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directiv CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...) NOT-FOR-US: XWiki CVE-2022-41926 (Nextcould talk android is the android OS implementation of the nextclo ...) - TODO: check + NOT-FOR-US: Nextcould CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...) - TODO: check + NOT-FOR-US: Tailscale CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...) - TODO: check + NOT-FOR-US: Tailscale CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege escalati ...) - TODO: check + NOT-FOR-US: Grails Spring Security Core plugin CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...) - yii (bug #597899) CVE-2022-41921 @@ -13922,7 +13922,7 @@ CVE-2022-41921 CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...) NOT-FOR-US: Lancet CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) - TODO: check + NOT-FOR-US: Fastify CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) NOT-FOR-US: OpenSearch CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) @@ -14022,7 +14022,7 @@ CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. A CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) NOT-FOR-US: ezplatform-graphql CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows unauthent ...) - TODO: check + NOT-FOR-US: Optica CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...) @@ -15943,11 +15943,11 @@ CVE-2022-41160 CVE-2022-41159 RESERVED CVE-2022-41158 (Remote code execution vulnerability can be achieved by using cookie va ...) - TODO: check + NOT-FOR-US: eyoom CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution) has a ...) - TODO: check + NOT-FOR-US: Kyungrinara CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...) - TODO: check + NOT-FOR-US: OndiskPlayerAgent CVE-2022-41153 RESERVED CVE-2022-41152 @@ -19108,7 +19108,7 @@ CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerabilit CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...) NOT-FOR-US: PrimeKey EJBCA CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 51440a4b by Moritz Muehlenhoff at 2022-11-28T10:22:16+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2722,6 +2722,7 @@ CVE-2022-45168 RESERVED CVE-2022-3962 RESERVED + NOT-FOR-US: Kiali CVE-2022-3961 RESERVED CVE-2022-3960 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new emacs issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c07fb8b3 by Moritz Muehlenhoff at 2022-11-28T10:49:21+01:00 new emacs issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -399,7 +399,8 @@ CVE-2022-45941 CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) - TODO: check + - emacs + NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 RESERVED CVE-2022-45937 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07fb8b3eb4c56e2a08e27acafc30a5d7baf5b2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07fb8b3eb4c56e2a08e27acafc30a5d7baf5b2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1edab07f by security tracker role at 2022-11-28T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,413 @@ +CVE-2022-46139 + RESERVED +CVE-2022-46138 + RESERVED +CVE-2022-46137 + RESERVED +CVE-2022-46136 + RESERVED +CVE-2022-46135 + RESERVED +CVE-2022-46134 + RESERVED +CVE-2022-46133 + RESERVED +CVE-2022-46132 + RESERVED +CVE-2022-46131 + RESERVED +CVE-2022-46130 + RESERVED +CVE-2022-46129 + RESERVED +CVE-2022-46128 + RESERVED +CVE-2022-46127 + RESERVED +CVE-2022-46126 + RESERVED +CVE-2022-46125 + RESERVED +CVE-2022-46124 + RESERVED +CVE-2022-46123 + RESERVED +CVE-2022-46122 + RESERVED +CVE-2022-46121 + RESERVED +CVE-2022-46120 + RESERVED +CVE-2022-46119 + RESERVED +CVE-2022-46118 + RESERVED +CVE-2022-46117 + RESERVED +CVE-2022-46116 + RESERVED +CVE-2022-46115 + RESERVED +CVE-2022-46114 + RESERVED +CVE-2022-46113 + RESERVED +CVE-2022-46112 + RESERVED +CVE-2022-46111 + RESERVED +CVE-2022-46110 + RESERVED +CVE-2022-46109 + RESERVED +CVE-2022-46108 + RESERVED +CVE-2022-46107 + RESERVED +CVE-2022-46106 + RESERVED +CVE-2022-46105 + RESERVED +CVE-2022-46104 + RESERVED +CVE-2022-46103 + RESERVED +CVE-2022-46102 + RESERVED +CVE-2022-46101 + RESERVED +CVE-2022-46100 + RESERVED +CVE-2022-46099 + RESERVED +CVE-2022-46098 + RESERVED +CVE-2022-46097 + RESERVED +CVE-2022-46096 + RESERVED +CVE-2022-46095 + RESERVED +CVE-2022-46094 + RESERVED +CVE-2022-46093 + RESERVED +CVE-2022-46092 + RESERVED +CVE-2022-46091 + RESERVED +CVE-2022-46090 + RESERVED +CVE-2022-46089 + RESERVED +CVE-2022-46088 + RESERVED +CVE-2022-46087 + RESERVED +CVE-2022-46086 + RESERVED +CVE-2022-46085 + RESERVED +CVE-2022-46084 + RESERVED +CVE-2022-46083 + RESERVED +CVE-2022-46082 + RESERVED +CVE-2022-46081 + RESERVED +CVE-2022-46080 + RESERVED +CVE-2022-46079 + RESERVED +CVE-2022-46078 + RESERVED +CVE-2022-46077 + RESERVED +CVE-2022-46076 + RESERVED +CVE-2022-46075 + RESERVED +CVE-2022-46074 + RESERVED +CVE-2022-46073 + RESERVED +CVE-2022-46072 + RESERVED +CVE-2022-46071 + RESERVED +CVE-2022-46070 + RESERVED +CVE-2022-46069 + RESERVED +CVE-2022-46068 + RESERVED +CVE-2022-46067 + RESERVED +CVE-2022-46066 + RESERVED +CVE-2022-46065 + RESERVED +CVE-2022-46064 + RESERVED +CVE-2022-46063 + RESERVED +CVE-2022-46062 + RESERVED +CVE-2022-46061 + RESERVED +CVE-2022-46060 + RESERVED +CVE-2022-46059 + RESERVED +CVE-2022-46058 + RESERVED +CVE-2022-46057 + RESERVED +CVE-2022-46056 + RESERVED +CVE-2022-46055 + RESERVED +CVE-2022-46054 + RESERVED +CVE-2022-46053 + RESERVED +CVE-2022-46052 + RESERVED +CVE-2022-46051 + RESERVED +CVE-2022-46050 + RESERVED +CVE-2022-46049 + RESERVED +CVE-2022-46048 + RESERVED +CVE-2022-46047 + RESERVED +CVE-2022-46046 + RESERVED +CVE-2022-46045 + RESERVED +CVE-2022-46044 + RESERVED +CVE-2022-46043 + RESERVED +CVE-2022-46042 + RESERVED +CVE-2022-46041 + RESERVED +CVE-2022-46040 + RESERVED +CVE-2022-46039 + RESERVED +CVE-2022-46038 + RESERVED +CVE-2022-46037 + RESERVED +CVE-2022-46036 + RESERVED +CVE-2022-46035 + RESERVED +CVE-2022-46034 + RESERVED +CVE-2022-46033 + RESERVED +CVE-2022-46032 + RESERVED +CVE-2022-46031 + RESERVED +CVE-2022-46030 + RESERVED +CVE-2022-46029 + RESERVED +CVE-2022-46028 + RESERVED +CVE-2022-46027 + RESERVED +CVE-2022-46026 + RESERVED +CVE-2022-46025 + RESERVED +CVE-2022-46024 + RESERVED +CVE-2022-46023 + RESERVED +CVE-2022-46022 + RESERVED +CVE-2022-46021 + RESERVED +CVE-2022-46020 + RESERVED +CVE-2022-46019 + RESERVED +CVE-2022-46018 + RESERVED +CVE-2022-46017 + RESERVED +CVE-2022-46016 + RESERVED +CVE-2022-46015 + RESERVED +CVE-2022-46014 + RESERVED +CVE-2022-46013 + RESERVED +CVE-2022-46012 + RESERVED +CVE-2022-46011 + RESERVED +CVE-2022-46010 + RESERVED +CVE-2022-46009 + RESERVED +CVE-2022-46008 + RESERVED +CVE-2022-46007 + RESERVED +CVE-2022-46006 + RESERVED +CVE-2022-46005 + RESERVED +CVE-2022-46004 + RESERVED +CVE-2022-46003 + RESERVED +CVE-2022-46002 + RESERVED +CVE-2022-46001 + RESERVED +CVE-2022-46000 + RESERVED +CVE-2022-45999 +