[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0210/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a99daf8d by Salvatore Bonaccorso at 2023-01-11T07:25:30+01:00 Add CVE-2023-0210/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32,6 +32,12 @@ CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x throu TODO: check CVE-2023-22908 RESERVED +CVE-2023-0210 + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/797805d81baa814f76cf7bdab35f86408a79d707 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/04/1 CVE-2023-0163 RESERVED CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cross-S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99daf8d153d859d77ea51919d24ec6d8c42b1eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99daf8d153d859d77ea51919d24ec6d8c42b1eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Add missing meta information in packages
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 14dce102 by Anton Gladky at 2023-01-11T07:13:02+01:00 LTS: Add missing meta information in packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,6 +55,7 @@ erlang NOTE: 20221119: Programming language: Erlang. NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang + NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used. -- fig2dev NOTE: 20230105: Programming language: C. @@ -78,6 +79,7 @@ golang-1.11 NOTE: 20220916: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't) NOTE: 20220916: Harmonize with bullseye and stretch: 9 CVEs fixed in Debian 11.2 & 11.3 + 2 CVEs fixed in stretch-lts (Beuc/front-desk) NOTE: 20220916: CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24921 + NOTE: 20230111: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/golang.html -- golang-github-nats-io-jwt NOTE: 20221109: Programming language: Go. @@ -151,6 +153,7 @@ libxstream-java NOTE: 20221231: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/libxstream-java.html -- linux (Ben Hutchings) + NOTE: 20230111: Programming language: C -- man2html NOTE: 20221004: Programming language: C. @@ -334,6 +337,7 @@ snakeyaml snort NOTE: 20220905: Requires further triaging to conclude exactly which CVEs to be fixed or ignored. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/snort.git + NOTE: 20230111: Programming language: C -- sox NOTE: 20220818: Programming language: C. @@ -370,6 +374,7 @@ xdg-utils NOTE: 20221120: Programming language: C. NOTE: 20221120: no real fix yet NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils + NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used -- xfig NOTE: 20230105: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14dce10205c0e7eb2b3ccbd6b5883ac0af57b4e5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14dce10205c0e7eb2b3ccbd6b5883ac0af57b4e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Add missing VCS information in packages
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: bc6470c0 by Anton Gladky at 2023-01-11T06:50:53+01:00 LTS: Add missing VCS information in packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,6 +24,7 @@ apache2 -- asterisk NOTE: 20221211: Programming language: C. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git -- ceph (Stefano Rivera) NOTE: 20221031: Programming language: C++. @@ -32,6 +33,7 @@ ceph (Stefano Rivera) NOTE: 20221130: CVE-2022-3650: The patch is kind of trivial Python stuff backporting work. NOTE: 20221130: Can someone take care of it in Buster? I'm currently building the Bullseye backport of the fix... NOTE: 20221130: https://lists.debian.org/debian-lts/2022/11/msg00025.html (zigo/maintainer) + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git -- consul NOTE: 20221031: Programming language: Go. @@ -52,6 +54,7 @@ dojo erlang NOTE: 20221119: Programming language: Erlang. NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) + NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang -- fig2dev NOTE: 20230105: Programming language: C. @@ -107,6 +110,7 @@ kopanocore -- lava NOTE: 20221127: Programming language: Python. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/lava.git -- lemonldap-ng NOTE: 20230105: Programming language: Perl. @@ -124,12 +128,15 @@ libde265 NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk) NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk) NOTE: 20221215: CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 adressed, remaining CVEs are unfixed upstream. (I've proposed a patch upstream, waiting for feeback) (tobi) + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libde265.git -- libitext5-java (Markus Koschany) NOTE: 20221225: Programming language: Java. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libitext5-java.git -- libreoffice NOTE: 20221012: Programming language: C++. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git -- libsdl2 NOTE: 2022: Programming language: C. @@ -153,9 +160,11 @@ man2html modsecurity-crs NOTE: 20221006: Programming language: Other. NOTE: 20221006: Maintainer notes: Please contact maintainer. Consider uploading of newer version. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/modsecurity-crs.git -- net-snmp (guilhem) NOTE: 20221120: Programming language: C. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/net-snmp.git -- netatalk NOTE: 20220816: Programming language: C. @@ -225,6 +234,7 @@ nvidia-graphics-drivers-legacy-390xx NOTE: 20221225: Programming language: binary blob. NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk) NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg5.html + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git -- openimageio NOTE: 20221225: Programming language: C. @@ -288,6 +298,7 @@ rainloop -- ring NOTE: 20221120: Programming language: C. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git -- ruby-loofah NOTE: 20221231: Programming language: Ruby. @@ -322,11 +333,13 @@ snakeyaml -- snort NOTE: 20220905: Requires further triaging to conclude exactly which CVEs to be fixed or ignored. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/snort.git -- sox NOTE: 20220818: Programming language: C. NOTE: 20220818: Requires some investigation; see #1012138 etc. NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/sox.git -- tiff (Sylvain Beucler) NOTE: 20221031: Programming language: C. @@ -345,6 +358,7 @@ trafficserver -- viewvc (Chris Lamb) NOTE: 20230104: Programming language: Python. + NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/viewvc.git -- webkit2gtk NOTE: 20221229: Programming language: C++. @@ -355,6 +369,7 @@ webkit2gtk xdg-utils NOTE: 20221120: Programming language: C. NOTE: 20221120: no real fix yet + NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils -- xfig NOTE: 20230105: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6470c03cb018260a123a874d9df531919cd674 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4037b370 by Salvatore Bonaccorso at 2023-01-11T06:30:43+01:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141,32 +141,60 @@ CVE-2023-0142 RESERVED CVE-2023-0141 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0140 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0139 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0138 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0137 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0136 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0135 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0134 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0133 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0132 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0131 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0130 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0129 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0128 RESERVED + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-0127 RESERVED CVE-2023-0126 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4037b37079d47bfb9f10c556b1f326bd0e4bf36d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4037b37079d47bfb9f10c556b1f326bd0e4bf36d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Document that maintainer is preparing updates for lava
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f257e700 by Salvatore Bonaccorso at 2023-01-11T06:19:56+01:00 Document that maintainer is preparing updates for lava - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -20,6 +20,7 @@ emacs (jmm) frr -- lava + Maintainer will prepare updates -- libxstream-java (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f257e700b3c7903ddabf07eee1f0c3f516f1d854 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f257e700b3c7903ddabf07eee1f0c3f516f1d854 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim libxstream-java in dsa-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c5733ce5 by Markus Koschany at 2023-01-11T00:37:14+01:00 Claim libxstream-java in dsa-needed.txt - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -21,7 +21,7 @@ frr -- lava -- -libxstream-java +libxstream-java (apo) -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5733ce526bbe703505702c1b7ae8ffc32aeee24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5733ce526bbe703505702c1b7ae8ffc32aeee24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5312-1 for libjettison-java.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d52efcca by Markus Koschany at 2023-01-10T23:56:35+01:00 Reserve DSA-5312-1 for libjettison-java. - - - - - a920ba6e by Markus Koschany at 2023-01-10T23:57:39+01:00 Reserve DSA-5313-1 for hsqldb - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,9 @@ +[10 Jan 2023] DSA-5313-1 hsqldb - security update + {CVE-2022-41853} + [bullseye] - hsqldb 2.5.1-1+deb11u1 +[10 Jan 2023] DSA-5312-1 libjettison-java - security update + {CVE-2022-40149 CVE-2022-40150 CVE-2022-45685 CVE-2022-45693} + [bullseye] - libjettison-java 1.5.3-1~deb11u1 [08 Jan 2023] DSA-5311-1 trafficserver - security update {CVE-2022-32749 CVE-2022-37392} [bullseye] - trafficserver 8.1.6+ds-1~deb11u1 = data/dsa-needed.txt = @@ -19,8 +19,6 @@ emacs (jmm) -- frr -- -hsqldb (apo) --- lava -- libxstream-java View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4b949564d8dbd0556d64b21474c6e285014a06d...a920ba6e9982941d87a3a733437859d4150cc76d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4b949564d8dbd0556d64b21474c6e285014a06d...a920ba6e9982941d87a3a733437859d4150cc76d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-29507: Reference upstream tag and non-merge commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4b94956 by Salvatore Bonaccorso at 2023-01-10T22:42:12+01:00 CVE-2021-29507: Reference upstream tag and non-merge commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -129385,7 +129385,7 @@ CVE-2021-29508 (Due to how Wire handles type information in its serialization fo CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...) - dlt-daemon 2.18.8-1 (unimportant) NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only) - NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4 + NOTE: https://github.com/GENIVI/dlt-daemon/commit/ad8a6ab070803f2b0e0fa177fd6638c10db2dde3 (v2.18.7) NOTE: No security impact, config files need to be trusted CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...) NOT-FOR-US: GraphHopper View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4b949564d8dbd0556d64b21474c6e285014a06d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4b949564d8dbd0556d64b21474c6e285014a06d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cb57faa by Salvatore Bonaccorso at 2023-01-10T21:18:40+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2023-22908 CVE-2023-0163 RESERVED CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: CPO Companion plugin for WordPress CVE-2023-0161 RESERVED CVE-2023-0160 @@ -2830,7 +2830,7 @@ CVE-2022-4713 CVE-2022-4712 RESERVED CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-47937 RESERVED CVE-2022-47936 @@ -2838,27 +2838,27 @@ CVE-2022-47936 CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions V11. ...) TODO: check CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4709 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4706 RESERVED CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4703 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4702 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) - TODO: check + NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4699 RESERVED CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cb57faa9ab97841031dd938ffe7b0efb41c178e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cb57faa9ab97841031dd938ffe7b0efb41c178e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd45a7ca by security tracker role at 2023-01-10T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2023-22924 + RESERVED +CVE-2023-22923 + RESERVED +CVE-2023-22922 + RESERVED +CVE-2023-22921 + RESERVED +CVE-2023-22920 + RESERVED +CVE-2023-22919 + RESERVED +CVE-2023-22918 + RESERVED +CVE-2023-22917 + RESERVED +CVE-2023-22916 + RESERVED +CVE-2023-22915 + RESERVED +CVE-2023-22914 + RESERVED +CVE-2023-22913 + RESERVED +CVE-2023-22912 + RESERVED +CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + TODO: check +CVE-2023-22910 + RESERVED +CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + TODO: check +CVE-2023-22908 + RESERVED +CVE-2023-0163 + RESERVED +CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2023-0161 + RESERVED +CVE-2023-0160 + RESERVED +CVE-2023-0159 + RESERVED +CVE-2023-0158 + RESERVED +CVE-2023-0157 + RESERVED +CVE-2023-0156 + RESERVED +CVE-2023-0155 + RESERVED +CVE-2023-0154 + RESERVED +CVE-2023-0153 + RESERVED +CVE-2023-0152 + RESERVED +CVE-2023-0151 + RESERVED +CVE-2023-0150 + RESERVED +CVE-2023-0149 + RESERVED +CVE-2023-0148 + RESERVED +CVE-2023-0147 + RESERVED +CVE-2023-0146 + RESERVED +CVE-2023-0145 + RESERVED +CVE-2017-20167 + RESERVED +CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and classified ...) + TODO: check +CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated as crit ...) + TODO: check CVE-2023- [kodi: VideoPlayerCodec: Stop dividing by zero] - kodi 2:20.0~rc2+dfsg-2 [bullseye] - kodi (Minor issue) @@ -2514,8 +2592,8 @@ CVE-2023-0026 RESERVED CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...) NOT-FOR-US: Heimdall Application Dashboard -CVE-2022-47967 - RESERVED +CVE-2022-47967 (A vulnerability has been identified in Solid Edge (All versions V ...) + TODO: check CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to 0.9.1. ...) NOT-FOR-US: usememos CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. I ...) @@ -2751,36 +2829,36 @@ CVE-2022-4713 RESERVED CVE-2022-4712 RESERVED -CVE-2022-4711 - RESERVED +CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check CVE-2022-47937 RESERVED CVE-2022-47936 RESERVED -CVE-2022-47935 - RESERVED -CVE-2022-4710 - RESERVED -CVE-2022-4709 - RESERVED -CVE-2022-4708 - RESERVED -CVE-2022-4707 - RESERVED +CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions V11. ...) + TODO: check +CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...) + TODO: check +CVE-2022-4709 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...) + TODO: check CVE-2022-4706 RESERVED -CVE-2022-4705 - RESERVED -CVE-2022-4704 - RESERVED -CVE-2022-4703 - RESERVED -CVE-2022-4702 - RESERVED -CVE-2022-4701 - RESERVED -CVE-2022-4700 - RESERVED +CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4703 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4702 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check +CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + TODO: check CVE-2022-4699 RESERVED CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) @@ -6580,8 +6658,8 @@ CVE-2022-47085 RESERVED CVE-2022-47084 RESERVED -CVE-2022-47083 - RESERVED +CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46176/cargo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2f48578 by Salvatore Bonaccorso at 2023-01-10T20:43:27+01:00 Add CVE-2022-46176/cargo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9469,6 +9469,10 @@ CVE-2022-46177 (Discourse is an option source discussion platform. Prior to vers NOT-FOR-US: Discourse CVE-2022-46176 RESERVED + - cargo + - rust-cargo + NOTE: https://www.openwall.com/lists/oss-security/2023/01/10/3 + NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176 CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be ...) - node-json5 2.2.3+dfsg-1 (bug #1027145) [bullseye] - node-json5 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f485786dd2c088584908145c78ed4c7b789bdb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f485786dd2c088584908145c78ed4c7b789bdb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] reserve DLA-3265-1 for exiv2
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 64c3ca93 by Helmut Grohne at 2023-01-10T17:44:15+01:00 reserve DLA-3265-1 for exiv2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1506,7 +1506,7 @@ CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been ra CVE-2017-20160 (A vulnerability was found in flitto express-param up to 0.x. It has be ...) NOT-FOR-US: express-param CVE-2014-125029 (A vulnerability was found in ttskch PaginationServiceProvider up to 0. ...) - NOT-FOR-US: ttskch/PaginationServiceProvider + NOT-FOR-US: ttskch/PaginationServiceProvider CVE-2014-125028 (A vulnerability was found in valtech IDP Test Client and classified as ...) NOT-FOR-US: valtech IDP Test Client CVE-2022-4868 (Improper Authorization in GitHub repository froxlor/froxlor prior to 2 ...) @@ -108652,21 +108652,18 @@ CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, wri CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv NOTE: https://github.com/Exiv2/exiv2/pull/1788 CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg NOTE: https://github.com/Exiv2/exiv2/pull/1778 CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 NOTE: https://github.com/Exiv2/exiv2/pull/1769 @@ -116527,7 +116524,6 @@ CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, wri CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992706) [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p NOTE: https://github.com/Exiv2/exiv2/pull/1766 @@ -120321,7 +120317,6 @@ CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for t CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992705) [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m NOTE: https://github.com/Exiv2/exiv2/pull/1739 @@ -129479,7 +129474,6 @@ CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime servi CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #987277) [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 NOTE: https://github.com/Exiv2/exiv2/issues/1530 @@ -185933,7 +185927,6 @@ CVE-2020-18772 RESERVED CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...) - exiv2 0.27.2-6 - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/756 CVE-2020-18770 @@ -240883,7 +240876,6 @@ CVE-2019-17403 (Nokia IMPACT 18A: An unrestricted File Upload vulnerability CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...) {DLA-2019-1} - exiv2 0.27.3-1 (bug #946341) - [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/1019 NOTE: https://github.com/Exiv2/exiv2/commit/88054239e3c914862d13f6ac89a19a104fa2c076 (master) @@ -250712,7 +250704,6 @@ CVE-2019-14371 (An issue was discovered in Libav 12.3. There is an infinite loop NOTE: fixed through CVE-2018-11102 / https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7abf394814d818973db562102f21ab9d10540840 CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...) - exiv2
[Git][security-tracker-team/security-tracker][master] Correct version number for ruby-sinatra in DLA-3264-1.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b1b1a0b by Chris Lamb at 2023-01-10T15:37:37+00:00 Correct version number for ruby-sinatra in DLA-3264-1. - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,6 +1,6 @@ [10 Jan 2023] DLA-3264-1 ruby-sinatra - security update {CVE-2022-45442} - [buster] - ruby-sinatra 2.0.5-4+deb10u1 + [buster] - ruby-sinatra 2.0.5-4+deb10u2 [09 Jan 2023] DLA-3263-1 libtasn1-6 - security update {CVE-2021-46848} [buster] - libtasn1-6 4.13-3+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1b1a0b2f1eda2c82cce0a45dae67a406ed0239 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1b1a0b2f1eda2c82cce0a45dae67a406ed0239 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: delete heimdal annotations conflicting with ELTS tracker
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 89e9f403 by Helmut Grohne at 2023-01-10T14:21:19+01:00 delete heimdal annotations conflicting with ELTS tracker - - - - - b632e32d by Helmut Grohne at 2023-01-10T14:21:20+01:00 triage exiv2 * This is mostly adding not-affected for LTS. * Also deleting annotations that conflict with the ELTS tracker. * CVE-2021-31292 is a duplicate of CVE-2021-29458 * Add detail to some CVEs such as patches. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -108646,8 +108646,7 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (relevant IPTC parsing added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq NOTE: https://github.com/Exiv2/exiv2/pull/1790 CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) @@ -108674,15 +108673,13 @@ CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, wri CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Jp2Image::encodeJp2Header added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v NOTE: https://github.com/Exiv2/exiv2/pull/1752 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Jp2Image::printStructure added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 NOTE: https://github.com/Exiv2/exiv2/pull/1759 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) @@ -108691,15 +108688,13 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (resolveLens0x8ff added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (resolveLens0x319 added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) @@ -116526,8 +116521,7 @@ CVE-2021-34336 CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992707) [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (resolveLens0x added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 NOTE: https://github.com/Exiv2/exiv2/pull/1750 CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) @@ -124505,6 +124499,7 @@ CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allo NOTE: https://github.com/Exiv2/exiv2/issues/1530 NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 NOTE: In older releases affected code is in src/crwimage.cpp + NOTE: This is a duplicate of CVE-2021-29458, but mitre finds the evidence unconvincing. CVE-2021-31291 REJECTED CVE-2021-31290 @@ -129056,8 +129051,7 @@ CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect t CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) - exiv2 0.27.5-1 (bug #988481) [bullseye] - exiv2 (Minor issue) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (webpimage support added 0.26) NOTE:
[Git][security-tracker-team/security-tracker][master] new rust-bzip2 issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 16e13cfc by Moritz Muehlenhoff at 2023-01-10T13:52:20+01:00 new rust-bzip2 issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,10 @@ CVE-2023-22897 CVE-2023-22896 RESERVED CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...) - TODO: check + - rust-bzip2 + [bullseye] - rust-bzip2 (Minor issue) + NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 + NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) CVE-2023-22894 RESERVED CVE-2023-22893 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16e13cfcad9b3bed80b5d2e5bdc4c640a4fc21e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16e13cfcad9b3bed80b5d2e5bdc4c640a4fc21e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ee63c827 by Moritz Muehlenhoff at 2023-01-10T13:38:14+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2023-22905 CVE-2023-22904 RESERVED CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...) - TODO: check + NOT-FOR-US: LibrePhotos CVE-2023-22902 RESERVED CVE-2023-22901 @@ -23,7 +23,7 @@ CVE-2023-22900 CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) TODO: check CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...) - TODO: check + NOT-FOR-US: Pandora CVE-2023-22897 RESERVED CVE-2023-22896 @@ -91,7 +91,7 @@ CVE-2023-0127 CVE-2023-0126 RESERVED CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been declared as ...) - TODO: check + NOT-FOR-US: Control iD Panel CVE-2023-0124 RESERVED CVE-2023-0123 @@ -99,19 +99,19 @@ CVE-2023-0123 CVE-2022-48251 (** DISPUTED ** The AES instructions on the ARMv8 platform do not have ...) TODO: check CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows ...) - TODO: check + NOT-FOR-US: Phoenix.HTML CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated with the in ...) - TODO: check + NOT-FOR-US: Ecto CVE-2015-10035 (A vulnerability was found in gperson angular-test-reporter and classif ...) - TODO: check + NOT-FOR-US: angular-test-reporter CVE-2015-10034 (A vulnerability has been found in j-nowak workout-organizer and classi ...) - TODO: check + NOT-FOR-US: j-nowak workout-organizer CVE-2015-10033 (A vulnerability, which was classified as problematic, was found in jvv ...) - TODO: check + NOT-FOR-US: jvvlee MerlinsBoard CVE-2014-125072 (A vulnerability classified as critical has been found in CherishSin kl ...) - TODO: check + NOT-FOR-US: CherishSin CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...) - TODO: check + NOT-FOR-US: lukehutch Gribbit CVE-2023-22883 RESERVED CVE-2023-22882 @@ -183,7 +183,7 @@ CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk =2.0.0p32 an CVE-2022-4883 RESERVED CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...) - TODO: check + NOT-FOR-US: Kaltura CVE-2022-48250 RESERVED CVE-2022-48249 @@ -231,7 +231,7 @@ CVE-2022-46285 CVE-2022-44617 RESERVED CVE-2021-4311 (A vulnerability classified as problematic was found in Talend Open Stu ...) - TODO: check + NOT-FOR-US: Talend CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been ...) NOT-FOR-US: 01-Scripts 01-Artikelsystem CVE-2017-20165 (A vulnerability classified as problematic has been found in debug-js d ...) @@ -329,7 +329,7 @@ CVE-2022-4880 (A vulnerability was found in stakira OpenUtau. It has been classi CVE-2022-48229 RESERVED CVE-2021-4306 (A vulnerability classified as problematic has been found in cronvel te ...) - TODO: check + NOT-FOR-US: Node terminal-kit CVE-2020-36645 (A vulnerability, which was classified as critical, was found in square ...) NOT-FOR-US: square squalor CVE-2020-36644 (A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 a ...) @@ -345,9 +345,9 @@ CVE-2016-15012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in for CVE-2015-10028 (A vulnerability has been found in ss15-this-is-sparta and classified a ...) NOT-FOR-US: ss15-this-is-sparta CVE-2015-10027 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: hydrian TTRSS-Auth-LDAP CVE-2015-10026 (A vulnerability was found in tiredtyrant flairbot. It has been declare ...) - TODO: check + NOT-FOR-US: tiredtyrant flairbot CVE-2015-10025 (A vulnerability has been found in luelista miniConf up to 1.7.6 and cl ...) NOT-FOR-US: luelista miniConf CVE-2015-10024 (A vulnerability classified as critical was found in hoffie larasync. T ...) @@ -369,19 +369,19 @@ CVE-2014-125062 (A vulnerability classified as critical was found in ananich bit CVE-2014-125061 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel file ...) NOT-FOR-US: peel filebrokerrm CVE-2014-125060 (A vulnerability, which was classified as critical, was found in holden ...) - TODO: check + NOT-FOR-US: holdennb CollabCal CVE-2014-125059 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Track proposed update for avahi via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d9742d8 by Salvatore Bonaccorso at 2023-01-10T13:12:49+01:00 Track proposed update for avahi via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -42,3 +42,5 @@ CVE-2022-3821 [bullseye] - systemd 247.3-7+deb11u2 CVE-2022-1227 [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1 +CVE-2021-3468 + [bullseye] - avahi 0.8-5+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d9742d8db0415897667cf10050817371a5db1fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d9742d8db0415897667cf10050817371a5db1fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3264-1 for ruby-sinatra
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 45408248 by Chris Lamb at 2023-01-10T11:19:30+00:00 Reserve DLA-3264-1 for ruby-sinatra - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Jan 2023] DLA-3264-1 ruby-sinatra - security update + {CVE-2022-45442} + [buster] - ruby-sinatra 2.0.5-4+deb10u1 [09 Jan 2023] DLA-3263-1 libtasn1-6 - security update {CVE-2021-46848} [buster] - libtasn1-6 4.13-3+deb10u1 = data/dla-needed.txt = @@ -303,10 +303,6 @@ ruby-sidekiq NOTE: 20221231: Programming language: Ruby. NOTE: 20221231: CVE-2022-23837 was fixed in stretch so should be fixed in buster for consistency even though it is not that severe. (opal). -- -ruby-sinatra (Chris Lamb) - NOTE: 20221231: Programming language: Ruby. - NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-sinatra.git --- runc NOTE: 20220905: Programming language: Go. NOTE: 20220905: Special attention: Sync with Bullseye. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/454082487f35dd42ad4a34480fcd20a7c02fed3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/454082487f35dd42ad4a34480fcd20a7c02fed3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new kodi issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: af454f42 by Moritz Muehlenhoff at 2023-01-10T12:13:07+01:00 new kodi issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023- [kodi: VideoPlayerCodec: Stop dividing by zero] + - kodi 2:20.0~rc2+dfsg-2 + [bullseye] - kodi (Minor issue) + NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73 + NOTE: https://github.com/xbmc/xbmc/issues/22378 + NOTE: https://github.com/xbmc/xbmc/pull/22391 CVE-2023-22907 RESERVED CVE-2023-22906 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af454f42f6c6b4de5439eba7e9027d60a6565bfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af454f42f6c6b4de5439eba7e9027d60a6565bfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] avahi fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9df4383d by Moritz Muehlenhoff at 2023-01-10T12:05:32+01:00 avahi fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -129991,7 +129991,7 @@ CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an - foreman (bug #663101) CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...) {DLA-3047-1} - - avahi (bug #984938) + - avahi 0.8-7 (bug #984938) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue) NOTE: https://github.com/lathiat/avahi/pull/330 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9df4383dd6dbf960774fd5066524166d3aedcca3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9df4383dd6dbf960774fd5066524166d3aedcca3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dlt-daemon fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d76eea3e by Moritz Muehlenhoff at 2023-01-10T12:01:40+01:00 dlt-daemon fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -129297,7 +129297,7 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...) NOT-FOR-US: Wire CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...) - - dlt-daemon (unimportant) + - dlt-daemon 2.18.8-1 (unimportant) NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only) NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4 NOTE: No security impact, config files need to be trusted View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76eea3eaf99ffd46e8676c0713c6467af8df54d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76eea3eaf99ffd46e8676c0713c6467af8df54d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] triage leptonlib
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: accb17ef by Helmut Grohne at 2023-01-10T11:59:40+01:00 triage leptonlib * Remove a bunch of annotations that will end up conflicting with the ELTS tracker. * Note patch for CVE-2018-7442 and explain that it changes behaviour. * Note that CVE-2018-7441 is not neutralized, remove unimportant, list patches. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -325949,8 +325949,6 @@ CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in sched CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a % ...) {DLA-1302-1} - leptonlib 1.75.3-2 (low; bug #890548) - [stretch] - leptonlib (Minor issue) - [jessie] - leptonlib (Minor issue) NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! v ...) NOT-FOR-US: Saxum Astro component for Joomla! @@ -335436,17 +335434,19 @@ CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519 CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...) - leptonlib 1.76.0-1 (bug #898439) - [stretch] - leptonlib (Minor issue) - [jessie] - leptonlib (Minor issue) [wheezy] - leptonlib (Minor issue) NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html + NOTE: https://github.com/DanBloomberg/leptonica/commit/24cca39cbeafd7943fb6ec723c9c1f525c24eb9f + NOTE: The patch deactivates debugging functions by default and thus changes behaviour. CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might al ...) - - leptonlib 1.76.0-1 (unimportant) + - leptonlib 1.76.0-1 NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html - NOTE: Neutralised by kernel hardening + NOTE: Not neutralised by kernel hardening, because subdirectories of /tmp are not hardened + NOTE: https://github.com/DanBloomberg/leptonica/commit/dcaf546c748aaf13fd14289677037e83d749455f + NOTE: The patch requires CVE-2018-7442 patch as underlying infrastructure. + NOTE: The patch deactivates debugging functions by default and thus changes behaviour. CVE-2017-18196 (Leptonica 1.74.4 constructs unintended pathnames (containing duplicate ...) - leptonlib 1.74.4-2 (low; bug #885704) - [stretch] - leptonlib (Minor issue) [jessie] - leptonlib (Vulnerable code not present) [wheezy] - leptonlib (Vulnerable code not present) CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...) @@ -335459,8 +335459,6 @@ CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The gplotMak CVE-2018-3836 (An exploitable command injection vulnerability exists in the gplotMake ...) {DLA-1284-1} - leptonlib 1.75.3-1 (bug #889759) - [stretch] - leptonlib (Minor issue) - [jessie] - leptonlib (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516 NOTE: https://github.com/DanBloomberg/leptonica/issues/303 NOTE: When fixing this issue make sure the fix is complete and includes as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/accb17ef45236f07536a694b7f1c6762b87d4b0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/accb17ef45236f07536a694b7f1c6762b87d4b0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dc9a6df by Salvatore Bonaccorso at 2023-01-10T10:55:12+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2924,9 +2924,9 @@ CVE-2023-0025 CVE-2023-0024 RESERVED CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0021 RESERVED CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...) @@ -3147,9 +3147,9 @@ CVE-2023-0020 CVE-2023-0019 RESERVED CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...) - TODO: check + NOT-FOR-US: SAP CVE-2022-47890 RESERVED CVE-2022-47889 @@ -5216,15 +5216,15 @@ CVE-2022-4543 [KASLR Leakage Achievable even with KPTI through Prefetch Side-Cha NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3 NOTE: https://www.willsroot.io/2022/12/entrybleed.html CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Server - v ...) - TODO: check + NOT-FOR-US: SAP CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...) - TODO: check + NOT-FOR-US: SAP CVE-2022-4542 RESERVED CVE-2022-4541 @@ -5567,7 +5567,7 @@ CVE-2022-4499 CVE-2022-4498 RESERVED CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4496 RESERVED CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...) @@ -5579,7 +5579,7 @@ CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affec CVE-2022-4492 RESERVED CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4490 RESERVED CVE-2022-4489 @@ -5603,7 +5603,7 @@ CVE-2022-4481 CVE-2022-4480 RESERVED CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4478 RESERVED CVE-2022-4477 @@ -5763,7 +5763,7 @@ CVE-2022-4470 CVE-2022-4469 RESERVED CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4467 RESERVED CVE-2022-4466 @@ -6932,7 +6932,7 @@ CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG [buster] - otrs2 (Non-free not supported) NOTE: https://www.znuny.org/en/advisories/zsa-2022-07 CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4425 RESERVED CVE-2022-4424 @@ -7066,9 +7066,9 @@ CVE-2022-46893 CVE-2022-4395 RESERVED CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...) TODO: check CVE-2022-46892 @@ -7225,7 +7225,7 @@ CVE-2022-46839 CVE-2022-46838 RESERVED CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...) NOT-FOR-US: Netgear CVE-2022-4389 @@ -7278,7 +7278,7 @@ CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does not sanit ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0122/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44fe46c6 by Salvatore Bonaccorso at 2023-01-10T09:32:12+01:00 Add CVE-2023-0122/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -158,8 +158,12 @@ CVE-2023-22859 RESERVED CVE-2023-22459 RESERVED -CVE-2023-0122 +CVE-2023-0122 [NVME driver: null pointer dereference in drivers/nvme/target/auth.c] RESERVED + - linux (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: In Debian NVME_TARGET_AUTH is not set CVE-2023-0121 RESERVED CVE-2023-0120 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44fe46c67b189197c7ca6ebbc8f4f8e058290e19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44fe46c67b189197c7ca6ebbc8f4f8e058290e19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0105 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 053e0f45 by Salvatore Bonaccorso at 2023-01-10T09:14:43+01:00 Add CVE-2023-0105 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -468,6 +468,7 @@ CVE-2023-0106 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos NOT-FOR-US: usememos CVE-2023-0105 RESERVED + NOT-FOR-US: Keycloak CVE-2018-25068 (A vulnerability has been found in devent globalpom-utils up to 4.5.0 a ...) NOT-FOR-US: devent globalpom-utils CVE-2018-25067 (A vulnerability, which was classified as critical, was found in JoomGa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/053e0f452eb7e5bb889251a9e178b22d39f1953f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/053e0f452eb7e5bb889251a9e178b22d39f1953f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1fbc5f5 by security tracker role at 2023-01-10T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2023-22907 + RESERVED +CVE-2023-22906 + RESERVED +CVE-2023-22905 + RESERVED +CVE-2023-22904 + RESERVED +CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...) + TODO: check +CVE-2023-22902 + RESERVED +CVE-2023-22901 + RESERVED +CVE-2023-22900 + RESERVED +CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) + TODO: check +CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...) + TODO: check +CVE-2023-22897 + RESERVED +CVE-2023-22896 + RESERVED +CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...) + TODO: check +CVE-2023-22894 + RESERVED +CVE-2023-22893 + RESERVED +CVE-2023-22892 + RESERVED +CVE-2023-22891 + RESERVED +CVE-2023-22890 + RESERVED +CVE-2023-22889 + RESERVED +CVE-2023-22888 + RESERVED +CVE-2023-22887 + RESERVED +CVE-2023-22886 + RESERVED +CVE-2023-22885 + RESERVED +CVE-2023-22884 + RESERVED +CVE-2023-0144 + RESERVED +CVE-2023-0143 + RESERVED +CVE-2023-0142 + RESERVED +CVE-2023-0141 + RESERVED +CVE-2023-0140 + RESERVED +CVE-2023-0139 + RESERVED +CVE-2023-0138 + RESERVED +CVE-2023-0137 + RESERVED +CVE-2023-0136 + RESERVED +CVE-2023-0135 + RESERVED +CVE-2023-0134 + RESERVED +CVE-2023-0133 + RESERVED +CVE-2023-0132 + RESERVED +CVE-2023-0131 + RESERVED +CVE-2023-0130 + RESERVED +CVE-2023-0129 + RESERVED +CVE-2023-0128 + RESERVED +CVE-2023-0127 + RESERVED +CVE-2023-0126 + RESERVED +CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been declared as ...) + TODO: check +CVE-2023-0124 + RESERVED +CVE-2023-0123 + RESERVED +CVE-2022-48251 (** DISPUTED ** The AES instructions on the ARMv8 platform do not have ...) + TODO: check +CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows ...) + TODO: check +CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated with the in ...) + TODO: check +CVE-2015-10035 (A vulnerability was found in gperson angular-test-reporter and classif ...) + TODO: check +CVE-2015-10034 (A vulnerability has been found in j-nowak workout-organizer and classi ...) + TODO: check +CVE-2015-10033 (A vulnerability, which was classified as problematic, was found in jvv ...) + TODO: check +CVE-2014-125072 (A vulnerability classified as critical has been found in CherishSin kl ...) + TODO: check +CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...) + TODO: check CVE-2023-22883 RESERVED CVE-2023-22882 @@ -2266,8 +2374,8 @@ CVE-2023-22324 RESERVED CVE-2023-22322 RESERVED -CVE-2023-22320 - RESERVED +CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...) + TODO: check CVE-2023-22316 RESERVED CVE-2023-22304 @@ -2810,10 +2918,10 @@ CVE-2023-0025 RESERVED CVE-2023-0024 RESERVED -CVE-2023-0023 - RESERVED -CVE-2023-0022 - RESERVED +CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...) + TODO: check +CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...) + TODO: check CVE-2023-0021 RESERVED CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...) @@ -3033,10 +3141,10 @@ CVE-2023-0020 RESERVED CVE-2023-0019 RESERVED -CVE-2023-0018 - RESERVED -CVE-2023-0017 - RESERVED +CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...) + TODO: check +CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...) + TODO: check CVE-2022-47890 RESERVED CVE-2022-47889 @@ -5102,16 +5210,16 @@ CVE-2022-4543 [KASLR Leakage Achievable even with KPTI through Prefetch Side-Cha - linux NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3 NOTE: https://www.willsroot.io/2022/12/entrybleed.html -CVE-2023-0016 - RESERVED -CVE-2023-0015 - RESERVED -CVE-2023-0014 - RESERVED -CVE-2023-0013 - RESERVED -CVE-2023-0012 - RESERVED +CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...) + TODO: check +CVE-2023-0015 (In SAP BusinessObjects