[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 52718548 by Henri Salo at 2023-01-06T09:38:17+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9098,6 +9098,7 @@ CVE-2022-4146 RESERVED CVE-2022-45935 RESERVED + NOT-FOR-US: Apache James CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) - linux NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d @@ -9506,6 +9507,7 @@ CVE-2022-45788 RESERVED CVE-2022-45787 RESERVED + NOT-FOR-US: Apache James CVE-2022-45786 RESERVED CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78290382 by Salvatore Bonaccorso at 2023-01-06T07:42:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8555,7 +8555,7 @@ CVE-2022-46169 (Cacti is an open source platform which provides a robust and ext NOTE: Fixed by: https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf CVE-2022-46168 (Discourse is an option source discussion platform. Prior to version 2. ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) NOT-FOR-US: Capsule CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...) @@ -75425,9 +75425,9 @@ CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Ku CVE-2022-23550 RESERVED CVE-2022-23549 (Discourse is an option source discussion platform. Prior to version 2. ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk - ring @@ -75443,7 +75443,7 @@ CVE-2022-23547 (PJSIP is a free and open source multimedia communication library NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr NOTE: https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36 CVE-2022-23546 (In version 2.9.0.beta14 of Discourse, an open-source discussion platfo ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-23545 RESERVED CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78290382e40dfc155f32bd1532001e8f5941c20e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78290382e40dfc155f32bd1532001e8f5941c20e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0091 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f23468c by Salvatore Bonaccorso at 2023-01-06T07:09:15+01:00 Add CVE-2023-0091 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46,6 +46,8 @@ CVE-2023-22301 RESERVED CVE-2023-22291 RESERVED +CVE-2023-0091 + NOT-FOR-US: Keycloak CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: Swifty Page Manager plugin for WordPress CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Stored C ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f23468cc0e2587d7daef407f868d4216a7bb47b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f23468cc0e2587d7daef407f868d4216a7bb47b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4235/golang-yaml.v2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2a72244 by Salvatore Bonaccorso at 2023-01-06T06:38:19+01:00 Add CVE-2021-4235/golang-yaml.v2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36036,7 +36036,10 @@ CVE-2021-4237 CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...) TODO: check CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...) - TODO: check + - golang-yaml.v2 2.2.8-1 + NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3) + NOTE: https://github.com/go-yaml/yaml/pull/375 + NOTE: https://pkg.go.dev/vuln/GO-2021-0061 CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/golang-na ...) NOT-FOR-US: golang-nanoauth CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a72244e4821c4667952dfac161eeae703687b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a72244e4821c4667952dfac161eeae703687b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-2347/u-boot via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd8270d0 by Salvatore Bonaccorso at 2023-01-06T06:17:45+01:00 Track fixed version for CVE-2022-2347/u-boot via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40283,7 +40283,7 @@ CVE-2022-2348 REJECTED CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU implem ...) [experimental] - u-boot 2023.01~rc2+dfsg-1 - - u-boot (bug #1014959) + - u-boot 2023.01~rc4+dfsg-2 (bug #1014959) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd8270d07d522ddb6ba17df57d87e8f4e7158909 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd8270d07d522ddb6ba17df57d87e8f4e7158909 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-2509{6,7,8}/extplorer
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a697ea9b by Salvatore Bonaccorso at 2023-01-05T21:37:25+01:00
Add CVE-2019-2509{6,7,8}/extplorer
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -89,11 +89,11 @@ CVE-2020-36641 (A vulnerability classified as problematic
was found in gturri aX
CVE-2020-36640 (A vulnerability, which was classified as problematic, was
found in bon ...)
TODO: check
CVE-2019-25098 (A vulnerability was found in soerennb eXtplorer up to 2.1.12.
It has b ...)
- TODO: check
+ - extplorer
CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12
and class ...)
- TODO: check
+ - extplorer
CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to
2.1.12 and ...)
- TODO: check
+ - extplorer
CVE-2019-25095 (A vulnerability, which was classified as problematic, was
found in kak ...)
NOT-FOR-US: kakwa LdapCherry
CVE-2018-25065 (A vulnerability was found in Wikimedia
mediawiki-extensions-I18nTags a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a697ea9b93c304bbcd9cd3b4b12774da6297dae7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a697ea9b93c304bbcd9cd3b4b12774da6297dae7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 144ab1ec by Salvatore Bonaccorso at 2023-01-05T21:34:58+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,7 +69,7 @@ CVE-2023-0079 CVE-2023-0078 RESERVED CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...) - TODO: check + NOT-FOR-US: Synology CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...) TODO: check CVE-2022-48220 @@ -95,7 +95,7 @@ CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12 and CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and ...) TODO: check CVE-2019-25095 (A vulnerability, which was classified as problematic, was found in kak ...) - TODO: check + NOT-FOR-US: kakwa LdapCherry CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...) TODO: check CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/144ab1ece54cbe4390591ef32ce2ee74ca5c4777 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/144ab1ece54cbe4390591ef32ce2ee74ca5c4777 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3ea7ee5 by Salvatore Bonaccorso at 2023-01-05T21:19:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -47,11 +47,11 @@ CVE-2023-22301
CVE-2023-22291
RESERVED
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: Swifty Page Manager plugin for WordPress
CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: Swifty Page Manager plugin for WordPress
CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable
to Cro ...)
- TODO: check
+ NOT-FOR-US: JetWidgets for Elementor plugin for WordPress
CVE-2023-0085
RESERVED
CVE-2023-0084
@@ -8971,7 +8971,7 @@ CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable
to Buffer Overflow. ..
CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection
via cmd ...)
NOT-FOR-US: Tenda
CVE-2022-45995 (There is an unauthorized buffer overflow vulnerability in
Tenda AX12 v ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45994
RESERVED
CVE-2022-45993
@@ -17643,7 +17643,7 @@ CVE-2022-43846
CVE-2022-43845
RESERVED
CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through
21.0.3 is v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43843
RESERVED
CVE-2022-43842
@@ -18391,7 +18391,7 @@ CVE-2022-43575
CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3,
21.0.4, and 21 ...)
NOT-FOR-US: IBM
CVE-2022-43573 (IBM Robotic Process Automation 20.12 through 21.0.6 is
vulnerable to e ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
sending ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
an authe ...)
@@ -23485,7 +23485,7 @@ CVE-2022-41741 (NGINX Open Source before versions
1.23.2 and 1.22.1, NGINX Open
NOTE:
https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea
(release-1.22.1)
NOTE: Only affects the nginx-extras binary package
CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could
allow an att ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-41739
RESERVED
CVE-2022-41738
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3ea7ee550ee130da34bb7bb3b9e5ab631b320c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3ea7ee550ee130da34bb7bb3b9e5ab631b320c9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae5c4d76 by security tracker role at 2023-01-05T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,123 @@ +CVE-2023-22665 + RESERVED +CVE-2023-22652 + RESERVED +CVE-2023-22651 + RESERVED +CVE-2023-22650 + RESERVED +CVE-2023-22649 + RESERVED +CVE-2023-22648 + RESERVED +CVE-2023-22647 + RESERVED +CVE-2023-22646 + RESERVED +CVE-2023-22645 + RESERVED +CVE-2023-22644 + RESERVED +CVE-2023-22643 + RESERVED +CVE-2023-22642 + RESERVED +CVE-2023-22641 + RESERVED +CVE-2023-22640 + RESERVED +CVE-2023-22639 + RESERVED +CVE-2023-22638 + RESERVED +CVE-2023-22637 + RESERVED +CVE-2023-22636 + RESERVED +CVE-2023-22635 + RESERVED +CVE-2023-22634 + RESERVED +CVE-2023-22633 + RESERVED +CVE-2023-22436 + RESERVED +CVE-2023-22301 + RESERVED +CVE-2023-22291 + RESERVED +CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...) + TODO: check +CVE-2023-0085 + RESERVED +CVE-2023-0084 + RESERVED +CVE-2023-0083 + RESERVED +CVE-2023-0082 + RESERVED +CVE-2023-0081 + RESERVED +CVE-2023-0080 + RESERVED +CVE-2023-0079 + RESERVED +CVE-2023-0078 + RESERVED +CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...) + TODO: check +CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...) + TODO: check +CVE-2022-48220 + RESERVED +CVE-2022-48219 + RESERVED +CVE-2022-48218 + RESERVED +CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...) + TODO: check +CVE-2021-4304 (A vulnerability was found in eprintsug ulcc-core. It has been declared ...) + TODO: check +CVE-2021-4303 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2020-36641 (A vulnerability classified as problematic was found in gturri aXMLRPC ...) + TODO: check +CVE-2020-36640 (A vulnerability, which was classified as problematic, was found in bon ...) + TODO: check +CVE-2019-25098 (A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has b ...) + TODO: check +CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12 and class ...) + TODO: check +CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and ...) + TODO: check +CVE-2019-25095 (A vulnerability, which was classified as problematic, was found in kak ...) + TODO: check +CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...) + TODO: check +CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...) + TODO: check +CVE-2017-20162 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + TODO: check +CVE-2016-15009 (A vulnerability classified as problematic has been found in OpenACS bu ...) + TODO: check +CVE-2015-10015 (A vulnerability, which was classified as critical, has been found in g ...) + TODO: check +CVE-2015-10014 (A vulnerability classified as critical has been found in arekk uke. Th ...) + TODO: check +CVE-2015-10013 (A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up ...) + TODO: check +CVE-2014-125041 (A vulnerability classified as critical was found in Miccighel PR-CWT. ...) + TODO: check +CVE-2014-125040 (A vulnerability was found in stevejagodzinski DevNewsAggregator. It ha ...) + TODO: check +CVE-2007-10001 (A vulnerability classified as problematic has been found in web-cyradm ...) + TODO: check CVE-2023-22632 RESERVED CVE-2023-22631 @@ -10,8 +130,8 @@ CVE-2023-22628 RESERVED CVE-2023-22627 RESERVED -CVE-2023-22626 - RESERVED +CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because ...) + TODO: check CVE-2023-22625 RESERVED CVE-2023-22624 @@ -386,8 +506,8 @@ CVE-2023-0030 NOTE: https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1) CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...) NOT-FOR-US: Multilaser RE708 -CVE-2022-4869 - RESERVED +CVE-2022-4869 (A vulnerability was
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3262-1 for smarty3
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19a48e04 by Chris Lamb at 2023-01-05T17:40:52+00:00
Reserve DLA-3262-1 for smarty3
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Jan 2023] DLA-3262-1 smarty3 - security update
+ {CVE-2018-25047}
+ [buster] - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2
[05 Jan 2023] DLA-3261-1 libetpan - security update
{CVE-2022-4121}
[buster] - libetpan 1.9.3-2+deb10u2
=
data/dla-needed.txt
=
@@ -328,9 +328,6 @@ samba
NOTE: 20220904: Special attention: High popcon! Used in many servers.
NOTE: 20220904: Many postponed or open CVE in general. (apo)
--
-smarty3 (Chris Lamb)
- NOTE: 20230101: Programming language: PHP.
---
snakeyaml
NOTE: 20230101: Programming language: Java.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19a48e0435ef72465e1acba5db95f227fc9ba280
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19a48e0435ef72465e1acba5db95f227fc9ba280
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add fig2dev
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a3dda01 by Sylvain Beucler at 2023-01-05T18:12:41+01:00 dla: add fig2dev - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,6 +56,10 @@ erlang exiv2 NOTE: 20221119: Programming language: C. -- +fig2dev + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Harmonize with bullseye 11.5 and stretch (Beuc/front-desk) +-- firmware-nonfree NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. NOTE: 20221204: Coming soon in the first week of December. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a3dda01aa3c8abda0da7146f0a5abc556fe9d06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a3dda01aa3c8abda0da7146f0a5abc556fe9d06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3261-1 for libetpan
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e143b31f by Chris Lamb at 2023-01-05T17:00:57+00:00
Reserve DLA-3261-1 for libetpan
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Jan 2023] DLA-3261-1 libetpan - security update
+ {CVE-2022-4121}
+ [buster] - libetpan 1.9.3-2+deb10u2
[01 Jan 2023] DLA-3260-1 node-xmldom - security update
{CVE-2021-21366 CVE-2022-39353}
[buster] - node-xmldom 0.1.27+ds-1+deb10u2
=
data/dla-needed.txt
=
@@ -124,10 +124,6 @@ libde265
NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk)
NOTE: 20221215: CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409
CVE-2021-36410 CVE-2021-36411 adressed, remaining CVEs are unfixed upstream.
(I've proposed a patch upstream, waiting for feeback) (tobi)
--
-libetpan (Chris Lamb)
- NOTE: 20221203: Programming language: C++.
- NOTE: 20221203: VCS: https://salsa.debian.org/lts-team/packages/libetpan.git
---
libitext5-java (Markus Koschany)
NOTE: 20221225: Programming language: Java.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e143b31f535e00d18074ad4ea4aa779f33596060
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e143b31f535e00d18074ad4ea4aa779f33596060
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: check bullseye 11.6 updates
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: f0c711cf by Sylvain Beucler at 2023-01-05T17:57:58+01:00 dla: check bullseye 11.6 updates - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -20326,7 +20326,6 @@ CVE-2022-3478 CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) - powerline-gitstatus 1.3.2-1 [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1 - [buster] - powerline-gitstatus (Minor issue and solution require the user to reconfigure) NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46 CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...) = data/dla-needed.txt = @@ -45,6 +45,10 @@ curl (Roberto C. Sánchez) NOTE: 20230103: Sorted out issue with broken CVE fix in stable, working with secteam to land the fix (roberto) NOTE: 20230103: Packages ready for bullseye and buster, syncing ELTS releases (roberto) -- +dojo + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- erlang NOTE: 20221119: Programming language: Erlang. NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) @@ -103,6 +107,14 @@ kopanocore lava NOTE: 20221127: Programming language: Python. -- +lemonldap-ng + NOTE: 20230105: Programming language: Perl. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- +libapache2-mod-auth-mellon + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- libapreq2 NOTE: 20221031: Programming language: C. -- @@ -129,6 +141,10 @@ libsdl2 libstb NOTE: 2022: Programming language: C. -- +libtasn1-6 + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- libxstream-java NOTE: 20221231: Programming language: Java. NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/libxstream-java.git @@ -175,6 +191,10 @@ node-got NOTE: 2022: Follow fixes from bullseye 11.4 (Beuc/front-desk) NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby). -- +node-minimatch + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- node-moment NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) @@ -189,6 +209,10 @@ node-object-path NOTE: 2022: Follow fixes from bullseye 11.1 (Beuc/front-desk) NOTE: 20221223: Functional part of CVE-2021-3805 might be https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby) -- +node-qs + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- node-url-parse NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk) @@ -224,6 +248,10 @@ pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. -- +powerline-gitstatus + NOTE: 20230105: Programming language: Python. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- protobuf NOTE: 20221031: Programming language: Several. NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf. @@ -342,6 +370,10 @@ xdg-utils NOTE: 20221120: Programming language: C. NOTE: 20221120: no real fix yet -- +xfig + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- xrdp (Abhijith PA) NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add more information to freeradius issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f1cd9c7 by Moritz Muehlenhoff at 2023-01-05T17:31:39+01:00
add more information to freeradius issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -22977,14 +22977,18 @@ CVE-2022-41863
RESERVED
CVE-2022-41862
RESERVED
-CVE-2022-41861
+CVE-2022-41861 [freeradius: Crash on invalid abinary data]
RESERVED
- freeradius 3.2.0+dfsg-1
+ [bullseye] - freeradius (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
(release_3_0_26)
-CVE-2022-41860
+ NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
+CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM]
RESERVED
- freeradius 3.2.0+dfsg-1
+ [bullseye] - freeradius (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
(release_3_0_26)
+ NOTE: https://freeradius.org/security/ ("Crash on unknown option in
EAP-SIM")
CVE-2022-41859
RESERVED
CVE-2022-41858
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1cd9c70431253f1b6fc755ba23e2a54d099303
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f1cd9c70431253f1b6fc755ba23e2a54d099303
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-31631/php
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4f81d80 by Salvatore Bonaccorso at 2023-01-05T16:22:30+01:00
Update information for CVE-2022-31631/php
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -50523,12 +50523,15 @@ CVE-2022-31632
RESERVED
CVE-2022-31631
RESERVED
+ - php8.2
- php8.1
- php7.4
[bullseye] - php7.4 (Minor issue, fix along in next update)
- php7.3
- NOTE: Fixed in 8.1.14
+ NOTE: Fixed in 8.0.27, 8.1.14
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740
+ NOTE: Fixed by:
https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba
(php-8.0.27)
+ NOTE: Improvement:
https://github.com/php/php-src/commit/a6a80eefe0413c91acd922bc58590a4db7979af0
CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using
imagelo ...)
{DSA-5277-1}
- php8.1 8.1.12-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4f81d802d983b55179e29a5edc6b3e46274defb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4f81d802d983b55179e29a5edc6b3e46274defb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 77d8152f by Moritz Muehlenhoff at 2023-01-05T16:17:16+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13532,26 +13532,35 @@ CVE-2023-20923 RESERVED CVE-2023-20922 RESERVED + NOT-FOR-US: Android CVE-2023-20921 RESERVED + NOT-FOR-US: Android CVE-2023-20920 RESERVED + NOT-FOR-US: Android CVE-2023-20919 RESERVED + NOT-FOR-US: Android CVE-2023-20918 RESERVED + NOT-FOR-US: Android CVE-2023-20917 RESERVED CVE-2023-20916 RESERVED + NOT-FOR-US: Android CVE-2023-20915 RESERVED + NOT-FOR-US: Android CVE-2023-20914 RESERVED CVE-2023-20913 RESERVED + NOT-FOR-US: Android CVE-2023-20912 RESERVED + NOT-FOR-US: Android CVE-2023-20911 RESERVED CVE-2023-20910 @@ -13560,14 +13569,17 @@ CVE-2023-20909 RESERVED CVE-2023-20908 RESERVED + NOT-FOR-US: Android CVE-2023-20907 RESERVED CVE-2023-20906 RESERVED CVE-2023-20905 RESERVED + NOT-FOR-US: Android CVE-2023-20904 RESERVED + NOT-FOR-US: Android CVE-2022-44714 RESERVED CVE-2022-44713 (Microsoft Outlook for Mac Spoofing Vulnerability. ...) @@ -93880,16 +93892,21 @@ CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.ja NOT-FOR-US: Android CVE-2022-20494 RESERVED + NOT-FOR-US: Android CVE-2022-20493 RESERVED + NOT-FOR-US: Android CVE-2022-20492 RESERVED + NOT-FOR-US: Android CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20490 RESERVED + NOT-FOR-US: Android CVE-2022-20489 RESERVED + NOT-FOR-US: Android CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20487 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) @@ -93946,6 +93963,7 @@ CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a poss NOT-FOR-US: Android CVE-2022-20461 RESERVED + NOT-FOR-US: Android CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...) NOT-FOR-US: Google Pixel CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...) @@ -93956,6 +93974,7 @@ CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is NOT-FOR-US: Android CVE-2022-20456 RESERVED + NOT-FOR-US: Android CVE-2022-20455 RESERVED CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77d8152f7712c2c3b64cbe943580ca0b6de23d7c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77d8152f7712c2c3b64cbe943580ca0b6de23d7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-36081/tesseract
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2041dd5f by Salvatore Bonaccorso at 2023-01-05T14:56:21+01:00 Update status for CVE-2021-36081/tesseract - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -111252,13 +111252,13 @@ CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClient NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) - - tesseract (bug #990529) + - tesseract 5.1.0-1 (bug #990529) [bullseye] - tesseract (Minor issue) [buster] - tesseract (Minor issue) [stretch] - tesseract (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml - NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 + NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 (5.0.0-alpha-20210401) CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...) - libredwg (bug #595191) CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041dd5fb3c9bf8088c2eb7b470eb2add0fecffb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041dd5fb3c9bf8088c2eb7b470eb2add0fecffb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-33621/ruby*: fix patch version
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d7f7db5 by Sylvain Beucler at 2023-01-05T14:08:11+01:00 CVE-2021-33621/ruby*: fix patch version - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -117165,7 +117165,7 @@ CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before [buster] - ruby2.5 (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ NOTE: Fixed by: https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 (v0.3.4) - NOTE: Possible followup needed: https://github.com/ruby/cgi/commit/b46d41c36380e04f6388970b5ef05c687f4d1819 (v3.0.5) + NOTE: Possible followup needed: https://github.com/ruby/cgi/commit/b46d41c36380e04f6388970b5ef05c687f4d1819 (v0.3.5) NOTE: Fixed in Ruby 3.1.3, 3.0.5 and 2.2.7 CVE-2021-33619 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d7f7db5d448385b7e0594e17b706fb5466c14ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d7f7db5d448385b7e0594e17b706fb5466c14ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6117b5b6 by Moritz Muehlenhoff at 2023-01-05T12:19:30+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -114,6 +114,7 @@ CVE-2023-22603 RESERVED CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...) - vim + [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145) CVE-2023-0053 @@ -121,15 +122,17 @@ CVE-2023-0053 CVE-2023-0052 RESERVED CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - - vim + - vim (unimportant) NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9 NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144) + NOTE: Crash in CLI tool, no security impact CVE-2023-0050 RESERVED CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. ...) - - vim + - vim (unimportant) NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 NOTE: https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c (v9.0.1143) + NOTE: Crash in CLI tool, no security impact CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior to maste ...) TODO: check CVE-2023-0047 @@ -50510,6 +50513,7 @@ CVE-2022-31631 RESERVED - php8.1 - php7.4 + [bullseye] - php7.4 (Minor issue, fix along in next update) - php7.3 NOTE: Fixed in 8.1.14 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740 = data/dsa-needed.txt = @@ -61,6 +61,5 @@ sox -- tiff -- -trafficserver - Maintainer asked for an update +trafficserver (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6117b5b68cdcd692a13e4504487cadb48d2b8fb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6117b5b68cdcd692a13e4504487cadb48d2b8fb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c533b24 by Salvatore Bonaccorso at 2023-01-05T09:33:09+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43329,7 +43329,7 @@ CVE-2022-34332 CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance operati ...) NOT-FOR-US: IBM CVE-2022-34330 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive informati ...) NOT-FOR-US: IBM CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...) @@ -79615,7 +79615,7 @@ CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Informati CVE-2022-22372 RESERVED CVE-2022-22371 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 d ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...) NOT-FOR-US: IBM CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c533b24ea84c4ecc9cf85488cea86dbfe0639ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c533b24ea84c4ecc9cf85488cea86dbfe0639ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b06244da by security tracker role at 2023-01-05T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,85 @@
+CVE-2023-22632
+ RESERVED
+CVE-2023-22631
+ RESERVED
+CVE-2023-22630
+ RESERVED
+CVE-2023-22629
+ RESERVED
+CVE-2023-22628
+ RESERVED
+CVE-2023-22627
+ RESERVED
+CVE-2023-22626
+ RESERVED
+CVE-2023-22625
+ RESERVED
+CVE-2023-22624
+ RESERVED
+CVE-2023-22623
+ RESERVED
+CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits
to caus ...)
+ TODO: check
+CVE-2023-22621
+ RESERVED
+CVE-2023-22620
+ RESERVED
+CVE-2023-22619
+ RESERVED
+CVE-2023-0076
+ RESERVED
+CVE-2023-0075
+ RESERVED
+CVE-2023-0074
+ RESERVED
+CVE-2023-0073
+ RESERVED
+CVE-2023-0072
+ RESERVED
+CVE-2023-0071
+ RESERVED
+CVE-2023-0070
+ RESERVED
+CVE-2023-0069
+ RESERVED
+CVE-2023-0068
+ RESERVED
+CVE-2023-0067
+ RESERVED
+CVE-2023-0066
+ RESERVED
+CVE-2023-0065
+ RESERVED
+CVE-2023-0064
+ RESERVED
+CVE-2023-0063
+ RESERVED
+CVE-2023-0062
+ RESERVED
+CVE-2023-0061
+ RESERVED
+CVE-2023-0060
+ RESERVED
+CVE-2023-0059
+ RESERVED
+CVE-2023-0058
+ RESERVED
+CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
+ TODO: check
+CVE-2023-0056
+ RESERVED
+CVE-2023-0055 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
+ TODO: check
+CVE-2022-4876 (A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and
classi ...)
+ TODO: check
+CVE-2022-4875 (A vulnerability has been found in fossology and classified as
problema ...)
+ TODO: check
+CVE-2021-4302 (A vulnerability was found in slackero phpwcms up to 1.9.26. It
has bee ...)
+ TODO: check
+CVE-2021-4301
+ RESERVED
+CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and
classified a ...)
+ TODO: check
CVE-2023-22618
RESERVED
CVE-2023-22617
@@ -677,10 +759,10 @@ CVE-2023-22469
RESERVED
CVE-2023-22468
RESERVED
-CVE-2023-22467
- RESERVED
-CVE-2023-22466
- RESERVED
+CVE-2023-22467 (Luxon is a library for working with dates and times in
JavaScript. On ...)
+ TODO: check
+CVE-2023-22466 (Tokio is a runtime for writing applications with Rust.
Starting with v ...)
+ TODO: check
CVE-2023-22465 (Http4s is a Scala interface for HTTP services. Starting with
version 0 ...)
TODO: check
CVE-2023-22463 (KubePi is a k8s panel. The jwt authentication function of
KubePi throu ...)
@@ -7874,9 +7956,9 @@ CVE-2022-41985
CVE-2022-46337
RESERVED
CVE-2022-46336
- RESERVED
+ REJECTED
CVE-2022-46335
- RESERVED
+ REJECTED
CVE-2022-46334 (Proofpoint Enterprise Protection (PPS/PoD) contains a
vulnerability wh ...)
NOT-FOR-US: Proofpoint
CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection
(PPS/PoD) ...)
@@ -43246,8 +43328,8 @@ CVE-2022-34332
RESERVED
CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance
operati ...)
NOT-FOR-US: IBM
-CVE-2022-34330
- RESERVED
+CVE-2022-34330 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.1 i ...)
+ TODO: check
CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive
informati ...)
NOT-FOR-US: IBM
CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an
lvl=author_ ...)
@@ -79532,8 +79614,8 @@ CVE-2022-22373 (An improper validation vulnerability in
IBM InfoSphere Informati
NOT-FOR-US: IBM
CVE-2022-22372
RESERVED
-CVE-2022-22371
- RESERVED
+CVE-2022-22371 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.1 d ...)
+ TODO: check
CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and
10.0.3.0 ...)
NOT-FOR-US: IBM
CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to
overwri ...)
@@ -139061,11 +139143,11 @@ CVE-2021-25225 (A memory exhaustion vulnerability
in Trend Micro ServerProtect f
CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect
for Lin ...)
NOT-FOR-US: Trend Micro
CVE-2021-25223
- RESERVED
+ REJECTED
CVE-2021-25222
- RESERVED
+ REJECTED
CVE-2021-25221
- RESERVED
+ REJECTED
CVE-2021-25220 (BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 -
9.18.0 BIN ...)
{DSA-5105-1 DLA-2955-1}
- bind9 1:9.18.1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b06244da4c88afa11375be7317b04af2e1361441
--
View
