[Git][security-tracker-team/security-tracker][master] Track update for CVE-2022-46175/node-json5 proposed for bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1576ad40 by Salvatore Bonaccorso at 2023-01-16T08:30:56+01:00 Track update for CVE-2022-46175/node-json5 proposed for bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -80,3 +80,5 @@ CVE-2021-37622 [bullseye] - exiv2 0.27.3-3+deb11u2 CVE-2021-37623 [bullseye] - exiv2 0.27.3-3+deb11u2 +CVE-2022-46175 + [bullseye] - node-json5 2.1.3-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1576ad40af68013e33bbd0ead6dfb02523b4e30e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1576ad40af68013e33bbd0ead6dfb02523b4e30e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40704/phoronix-test-suite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b2a753c by Salvatore Bonaccorso at 2023-01-16T08:21:14+01:00 Add CVE-2022-40704/phoronix-test-suite - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27961,6 +27961,7 @@ CVE-2022-41137 RESERVED CVE-2022-40704 RESERVED + - phoronix-test-suite CVE-2022-40208 RESERVED CVE-2022-38066 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b2a753c1fe80ab25ebd0e8421e760df3d5f30da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b2a753c1fe80ab25ebd0e8421e760df3d5f30da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take xfig
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: a2148892 by Anton Gladky at 2023-01-16T07:15:29+01:00 LTS: take xfig - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -360,7 +360,7 @@ xdg-utils NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used -- -xfig +xfig (gladk) NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21488920fa30ea7473144a2e716ca5b9cabb06a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21488920fa30ea7473144a2e716ca5b9cabb06a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 45925203 by Anton Gladky at 2023-01-16T06:34:20+01:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Anton Gladky gl...@debian.org - - - - - aae91bcb by Anton Gladky at 2023-01-16T07:10:22+01:00 LTS: Add VCS information - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -146,6 +146,7 @@ libstb -- libzen (Thorsten Alteholz) NOTE: 20230115: Programming language: C. + NOTE: 20230116: VCS: https://salsa.debian.org/lts-team/packages/libzen.git -- linux (Ben Hutchings) NOTE: 20230111: Programming language: C @@ -328,7 +329,7 @@ sox NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/sox.git -- -tiff (Sylvain Beucler) +tiff NOTE: 20221031: Programming language: C. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/tiff.git NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html @@ -339,6 +340,7 @@ tinymce -- tor (Thorsten Alteholz) NOTE: 20220115: Programming language: C. + NOTE: 20230116: VCS: https://salsa.debian.org/lts-team/packages/tor.git -- trafficserver NOTE: 20220905: Programming language: C. @@ -362,7 +364,7 @@ xfig NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- -xrdp (Abhijith PA) +xrdp NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3e93e31dd7487a93cab970dcf92791952b8c77e6...aae91bcb61216038fe6c46b87c080273341a36e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3e93e31dd7487a93cab970dcf92791952b8c77e6...aae91bcb61216038fe6c46b87c080273341a36e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for sgt-puzzles issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e93e31d by Salvatore Bonaccorso at 2023-01-16T06:29:53+01:00 Add temporary entry for sgt-puzzles issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023- [Multiple integer overflow and buffer overflow issues in game loading] + - sgt-puzzles (bug #1028986) CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e93e31dd7487a93cab970dcf92791952b8c77e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e93e31dd7487a93cab970dcf92791952b8c77e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 528b6311 by Salvatore Bonaccorso at 2023-01-15T21:31:55+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2022-4890 RESERVED CVE-2021-4313 @@ -31,7 +31,7 @@ CVE-2010-10005 CVE-2023-23596 RESERVED CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) - TODO: check + NOT-FOR-US: BlueCat Device Registration Portal CVE-2023-23594 RESERVED CVE-2023-23593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/528b6311c8f5f485b1607bb14cfee07a46620d7e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/528b6311c8f5f485b1607bb14cfee07a46620d7e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
154f219e by security tracker role at 2023-01-15T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2023-0305 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2023-0304 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
+ TODO: check
+CVE-2022-4890
+ RESERVED
+CVE-2021-4313
+ RESERVED
+CVE-2018-25076
+ RESERVED
+CVE-2016-15020
+ RESERVED
+CVE-2015-10057
+ RESERVED
+CVE-2015-10056
+ RESERVED
+CVE-2015-10055
+ RESERVED
+CVE-2015-10054
+ RESERVED
+CVE-2015-10053
+ RESERVED
+CVE-2014-125080
+ RESERVED
+CVE-2013-10012
+ RESERVED
+CVE-2010-10005
+ RESERVED
CVE-2023-23596
RESERVED
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that
exfiltr ...)
@@ -18,38 +48,38 @@ CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in
GitHub repository alfio
NOT-FOR-US: Alf.io
CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify
prior t ...)
NOT-FOR-US: Publify
-CVE-2022-4889
- RESERVED
+CVE-2022-4889 (A vulnerability classified as critical was found in visegripped
Strack ...)
+ TODO: check
CVE-2018-25075
RESERVED
-CVE-2016-15019
- RESERVED
-CVE-2016-15018
- RESERVED
-CVE-2015-10052
- RESERVED
-CVE-2015-10051
- RESERVED
-CVE-2015-10050
- RESERVED
-CVE-2015-10049
- RESERVED
-CVE-2015-10048
- RESERVED
-CVE-2015-10047
- RESERVED
-CVE-2015-10046
- RESERVED
-CVE-2015-10045
- RESERVED
-CVE-2015-10044
- RESERVED
-CVE-2014-125079
- RESERVED
-CVE-2014-125078
- RESERVED
-CVE-2014-125077
- RESERVED
+CVE-2016-15019 (A vulnerability was found in tombh jekbox. It has been rated
as proble ...)
+ TODO: check
+CVE-2016-15018 (A vulnerability was found in krail-jpa up to 0.9.1. It has
been classi ...)
+ TODO: check
+CVE-2015-10052 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2015-10051 (A vulnerability, which was classified as critical, has been
found in b ...)
+ TODO: check
+CVE-2015-10050 (A vulnerability was found in brandonfire
miRNA_Database_by_PHP_MySql. ...)
+ TODO: check
+CVE-2015-10049 (A vulnerability was found in Overdrive Eletrnica
course-builder ...)
+ TODO: check
+CVE-2015-10048 (A vulnerability was found in bmattoso desafio_buzz_woody. It
has been ...)
+ TODO: check
+CVE-2015-10047 (A vulnerability was found in KYUUBl school-register. It has
been class ...)
+ TODO: check
+CVE-2015-10046 (A vulnerability has been found in lolfeedback and classified
as critic ...)
+ TODO: check
+CVE-2015-10045 (A vulnerability, which was classified as critical, was found
in tutran ...)
+ TODO: check
+CVE-2015-10044 (A vulnerability classified as critical was found in gophergala
sqldump ...)
+ TODO: check
+CVE-2014-125079 (A vulnerability was found in agy pontifex.http. It has been
declared a ...)
+ TODO: check
+CVE-2014-125078 (A vulnerability was found in yanheven console and classified
as proble ...)
+ TODO: check
+CVE-2014-125077 (A vulnerability, which was classified as critical, has been
found in p ...)
+ TODO: check
CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote
attackers ...)
TODO: check
CVE-2023-0298 (Improper Authorization in GitHub repository
firefly-iii/firefly-iii pr ...)
@@ -23085,6 +23115,7 @@ CVE-2022-42920 (Apache Commons BCEL has a number of
APIs that would normally onl
NOTE: whereeas CVE-2022-42920 is associated with bcel itself.
TODO: check with the assigning CNAs which one to retain if confirmed to
be handled as duplicate and move CVE-2022-34169 to Apache Xalan Java XSLT use
of BCEL only.
CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw
allows a ...)
+ {DLA-3271-1}
- node-minimatch 3.0.5+~3.0.5-1
[bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/154f219e3d79dadb21bf27e106371879107157a8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/154f219e3d79dadb21bf27e106371879107157a8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2023-0288 as no-dsa for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b6df140f by Thorsten Alteholz at 2023-01-15T19:30:00+01:00 mark CVE-2023-0288 as no-dsa for Buster - - - - - ba7f9ec7 by Thorsten Alteholz at 2023-01-15T19:41:59+01:00 add libzen - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -90,6 +90,7 @@ CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n TODO: check CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim + [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3 NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189) CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...) = data/dla-needed.txt = @@ -144,6 +144,9 @@ libsdl2 libstb NOTE: 2022: Programming language: C. -- +libzen (Thorsten Alteholz) + NOTE: 20230115: Programming language: C. +-- linux (Ben Hutchings) NOTE: 20230111: Programming language: C -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ded3f861462fb95836476553788cf326befd1ed3...ba7f9ec7fc5731b34e23ff8f35e35e4286a03e79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ded3f861462fb95836476553788cf326befd1ed3...ba7f9ec7fc5731b34e23ff8f35e35e4286a03e79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVEs of freeradius as no-dsa for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa84c288 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
mark CVEs of freeradius as no-dsa for Buster
- - - - -
c9893585 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
add tor
- - - - -
b5eecb13 by Thorsten Alteholz at 2023-01-15T19:05:19+01:00
mark CVE-2023-22895 as no-dsa for Buster
- - - - -
6b225caa by Thorsten Alteholz at 2023-01-15T19:05:20+01:00
mark temporary issue for kodi as no-dsa
- - - - -
ded3f861 by Thorsten Alteholz at 2023-01-15T19:05:22+01:00
mark CVE-2022-4743 as no-dsa for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -1839,6 +1839,7 @@ CVE-2014-125073 (A vulnerability was found in mapoor
voteapp. It has been rated
CVE-2023- [kodi: VideoPlayerCodec: Stop dividing by zero]
- kodi 2:20.0~rc2+dfsg-2
[bullseye] - kodi (Minor issue)
+ [buster] - kodi (Minor issue)
NOTE:
https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73
NOTE: https://github.com/xbmc/xbmc/issues/22378
NOTE: https://github.com/xbmc/xbmc/pull/22391
@@ -1869,6 +1870,7 @@ CVE-2023-22896
CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause
a denia ...)
- rust-bzip2
[bullseye] - rust-bzip2 (Minor issue)
+ [buster] - rust-bzip2 (Minor issue)
NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86
NOTE:
https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b
(0.4.4)
CVE-2023-22894
@@ -4472,6 +4474,7 @@ CVE-2022-4744
RESERVED
CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in
GLES_CreateTex ...)
- libsdl2 2.26.0+dfsg-1
+ [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290
NOTE: https://github.com/libsdl-org/SDL/pull/6269
NOTE: Fixed by:
https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
(prerelease-2.25.1)
@@ -25933,12 +25936,14 @@ CVE-2022-41861 [freeradius: Crash on invalid abinary
data]
RESERVED
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius (Minor issue)
+ [buster] - freeradius (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM]
RESERVED
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius (Minor issue)
+ [buster] - freeradius (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in
EAP-SIM")
CVE-2022-41859
=
data/dla-needed.txt
=
@@ -334,6 +334,9 @@ tiff (Sylvain Beucler)
tinymce
NOTE: 20221227: Programming language: PHP.
--
+tor (Thorsten Alteholz)
+ NOTE: 20220115: Programming language: C.
+--
trafficserver
NOTE: 20220905: Programming language: C.
NOTE: 20221024: WIP, big changeset in security fix (abhijith)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3271-1 for node-minimatch
Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f8b040c by Guilhem Moulin at 2023-01-15T16:20:33+01:00
Reserve DLA-3271-1 for node-minimatch
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -23083,7 +23083,6 @@ CVE-2022-42920 (Apache Commons BCEL has a number of
APIs that would normally onl
CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw
allows a ...)
- node-minimatch 3.0.5+~3.0.5-1
[bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
- [buster] - node-minimatch (Minor issue)
NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
NOTE:
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
(v3.0.5)
NOTE: Regression follow-up:
https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Jan 2023] DLA-3271-1 node-minimatch - security update
+ {CVE-2022-3517}
+ [buster] - node-minimatch 3.0.4-3+deb10u1
[15 Jan 2023] DLA-3270-1 net-snmp - security update
{CVE-2022-44792 CVE-2022-44793}
[buster] - net-snmp 5.7.3+dfsg-5+deb10u4
=
data/dla-needed.txt
=
@@ -180,10 +180,6 @@ node-got
NOTE: 2022: Follow fixes from bullseye 11.4 (Beuc/front-desk)
NOTE: 20221223: Module has been rewritten in Typescript since Buster
released (lamby).
--
-node-minimatch (guilhem)
- NOTE: 20230105: Programming language: JavaScript.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
---
node-moment (Utkarsh)
NOTE: 2022: Programming language: JavaScript.
NOTE: 2022: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-38533/binutils via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad495517 by Salvatore Bonaccorso at 2023-01-15T16:03:23+01:00 Track fixed version for CVE-2022-38533/binutils via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34614,7 +34614,7 @@ CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote co CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) NOT-FOR-US: TOTOLINK CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...) - - binutils (unimportant) + - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 NOTE: binutils not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad495517620ed3eb5e6465bfb0fe41bc0e3b4d64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad495517620ed3eb5e6465bfb0fe41bc0e3b4d64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2022-4285/binutils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e16694a2 by Salvatore Bonaccorso at 2023-01-15T16:01:25+01:00 Add fixed version via unstable for CVE-2022-4285/binutils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10325,7 +10325,7 @@ CVE-2022-4286 RESERVED CVE-2022-4285 RESERVED - - binutils (unimportant) + - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 NOTE: binutils not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e16694a284082778e019244a717d0dc2f8a7b3c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e16694a284082778e019244a717d0dc2f8a7b3c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: claim lemonldap-ng in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 14c44648 by Guilhem Moulin at 2023-01-15T14:58:03+01:00 LTS: claim lemonldap-ng in dla-needed.txt - - - - - 5049f1e5 by Guilhem Moulin at 2023-01-15T15:20:25+01:00 CVE-2022-3517: Add links to follow commits. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -23086,6 +23086,8 @@ CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw all [buster] - node-minimatch (Minor issue) NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5) + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/e4cd43462340ca6b21212b68c9e314d8cdd9861a CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...) = data/dla-needed.txt = @@ -114,7 +114,7 @@ lava NOTE: 20221127: Programming language: Python. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/lava.git -- -lemonldap-ng +lemonldap-ng (guilhem) NOTE: 20230105: Programming language: Perl. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19...5049f1e53b1a478457ca724da99c8e898de0e6e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19...5049f1e53b1a478457ca724da99c8e898de0e6e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Re-claim node-moment from Guilhem
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cbb3ed7 by Utkarsh Gupta at 2023-01-15T19:27:13+05:30 Re-claim node-moment from Guilhem - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -184,7 +184,7 @@ node-minimatch (guilhem) NOTE: 20230105: Programming language: JavaScript. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- -node-moment (guilhem) +node-moment (Utkarsh) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-33621/ruby3.1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03f22cb3 by Salvatore Bonaccorso at 2023-01-15T14:33:50+01:00 Track fixed version for CVE-2021-33621/ruby3.1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -120141,7 +120141,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3. - singularity-container 3.9.5+ds1-2 (bug #990201) NOTE: https://support.sylabs.io/support/solutions/articles/4287130-3-5-8-security-release-cve-2021-33622- CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...) - - ruby3.1 (bug #1024799) + - ruby3.1 3.1.2-4 (bug #1024799) - ruby3.0 (bug #1024800) - ruby2.7 [bullseye] - ruby2.7 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f22cb343143c3725db83bade43fd2a2c60328a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f22cb343143c3725db83bade43fd2a2c60328a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6eb1486c by security tracker role at 2023-01-15T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,17 @@
+CVE-2023-23596
+ RESERVED
+CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that
exfiltr ...)
+ TODO: check
+CVE-2023-23594
+ RESERVED
+CVE-2023-23593
+ RESERVED
+CVE-2023-23592
+ RESERVED
+CVE-2023-23591
+ RESERVED
+CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane
(Special E ...)
+ TODO: check
CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository
alfio-event/a ...)
NOT-FOR-US: Alf.io
CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository
alfio-even ...)
@@ -36,8 +50,8 @@ CVE-2014-125078
RESERVED
CVE-2014-125077
RESERVED
-CVE-2023-23590
- RESERVED
+CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote
attackers ...)
+ TODO: check
CVE-2023-0298 (Improper Authorization in GitHub repository
firefly-iii/firefly-iii pr ...)
TODO: check
CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to
0.5.0b3.dev ...)
@@ -52,8 +66,8 @@ CVE-2023-0293 (The Mediamatic Media Library Folders
plugin for WordPress
NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress
CVE-2017-20169 (A vulnerability, which was classified as critical, has been
found in G ...)
NOT-FOR-US: ToN-MasterServer
-CVE-2015-10043
- RESERVED
+CVE-2015-10043 (A vulnerability, which was classified as critical, was found
in abreen ...)
+ TODO: check
CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
NOT-FOR-US: Dovgalyuk AIBattle
CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
@@ -1816,8 +1830,8 @@ CVE-2023-0146
RESERVED
CVE-2023-0145
RESERVED
-CVE-2017-20167
- RESERVED
+CVE-2017-20167 (A vulnerability, which was classified as problematic, was
found in Min ...)
+ TODO: check
CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and
classified ...)
NOT-FOR-US: fabarea media_upload
CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been
rated as crit ...)
@@ -2210,8 +2224,8 @@ CVE-2015-10022 (A vulnerability was found in IISH nlgis2.
It has been declared a
NOT-FOR-US: IISH nlgis2
CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been
classified ...)
NOT-FOR-US: ritterim
-CVE-2015-10020
- RESERVED
+CVE-2015-10020 (A vulnerability has been found in ssn2013 cis450Project and
classified ...)
+ TODO: check
CVE-2015-10019 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: MySimplifiedSQL
CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified
as critic ...)
@@ -15244,12 +15258,14 @@ CVE-2022-44795 (An issue was discovered in Object
First 1.0.7.712. A flaw was fo
CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management
protocol ...)
NOT-FOR-US: Object First
CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c
in Net-S ...)
+ {DLA-3270-1}
- net-snmp 5.9.3+dfsg-2 (bug #1024020)
[bullseye] - net-snmp (Minor issue)
NOTE: https://github.com/net-snmp/net-snmp/issues/475
NOTE:
https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
NOTE:
https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57
CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in
Net-SNMP ...)
+ {DLA-3270-1}
- net-snmp 5.9.3+dfsg-2 (bug #1024020)
[bullseye] - net-snmp (Minor issue)
NOTE: https://github.com/net-snmp/net-snmp/issues/474
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb1486cbcedb1e1829e5cc0488e30b4c80acc43
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb1486cbcedb1e1829e5cc0488e30b4c80acc43
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
