[Git][security-tracker-team/security-tracker][master] Track update for CVE-2022-46175/node-json5 proposed for bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1576ad40 by Salvatore Bonaccorso at 2023-01-16T08:30:56+01:00 Track update for CVE-2022-46175/node-json5 proposed for bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -80,3 +80,5 @@ CVE-2021-37622 [bullseye] - exiv2 0.27.3-3+deb11u2 CVE-2021-37623 [bullseye] - exiv2 0.27.3-3+deb11u2 +CVE-2022-46175 + [bullseye] - node-json5 2.1.3-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1576ad40af68013e33bbd0ead6dfb02523b4e30e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1576ad40af68013e33bbd0ead6dfb02523b4e30e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40704/phoronix-test-suite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b2a753c by Salvatore Bonaccorso at 2023-01-16T08:21:14+01:00 Add CVE-2022-40704/phoronix-test-suite - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27961,6 +27961,7 @@ CVE-2022-41137 RESERVED CVE-2022-40704 RESERVED + - phoronix-test-suite CVE-2022-40208 RESERVED CVE-2022-38066 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b2a753c1fe80ab25ebd0e8421e760df3d5f30da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b2a753c1fe80ab25ebd0e8421e760df3d5f30da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take xfig
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: a2148892 by Anton Gladky at 2023-01-16T07:15:29+01:00 LTS: take xfig - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -360,7 +360,7 @@ xdg-utils NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used -- -xfig +xfig (gladk) NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21488920fa30ea7473144a2e716ca5b9cabb06a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21488920fa30ea7473144a2e716ca5b9cabb06a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 45925203 by Anton Gladky at 2023-01-16T06:34:20+01:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Anton Gladky gl...@debian.org - - - - - aae91bcb by Anton Gladky at 2023-01-16T07:10:22+01:00 LTS: Add VCS information - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -146,6 +146,7 @@ libstb -- libzen (Thorsten Alteholz) NOTE: 20230115: Programming language: C. + NOTE: 20230116: VCS: https://salsa.debian.org/lts-team/packages/libzen.git -- linux (Ben Hutchings) NOTE: 20230111: Programming language: C @@ -328,7 +329,7 @@ sox NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/sox.git -- -tiff (Sylvain Beucler) +tiff NOTE: 20221031: Programming language: C. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/tiff.git NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html @@ -339,6 +340,7 @@ tinymce -- tor (Thorsten Alteholz) NOTE: 20220115: Programming language: C. + NOTE: 20230116: VCS: https://salsa.debian.org/lts-team/packages/tor.git -- trafficserver NOTE: 20220905: Programming language: C. @@ -362,7 +364,7 @@ xfig NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- -xrdp (Abhijith PA) +xrdp NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3e93e31dd7487a93cab970dcf92791952b8c77e6...aae91bcb61216038fe6c46b87c080273341a36e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3e93e31dd7487a93cab970dcf92791952b8c77e6...aae91bcb61216038fe6c46b87c080273341a36e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for sgt-puzzles issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e93e31d by Salvatore Bonaccorso at 2023-01-16T06:29:53+01:00 Add temporary entry for sgt-puzzles issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023- [Multiple integer overflow and buffer overflow issues in game loading] + - sgt-puzzles (bug #1028986) CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e93e31dd7487a93cab970dcf92791952b8c77e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e93e31dd7487a93cab970dcf92791952b8c77e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 528b6311 by Salvatore Bonaccorso at 2023-01-15T21:31:55+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2022-4890 RESERVED CVE-2021-4313 @@ -31,7 +31,7 @@ CVE-2010-10005 CVE-2023-23596 RESERVED CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) - TODO: check + NOT-FOR-US: BlueCat Device Registration Portal CVE-2023-23594 RESERVED CVE-2023-23593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/528b6311c8f5f485b1607bb14cfee07a46620d7e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/528b6311c8f5f485b1607bb14cfee07a46620d7e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 154f219e by security tracker role at 2023-01-15T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + TODO: check +CVE-2022-4890 + RESERVED +CVE-2021-4313 + RESERVED +CVE-2018-25076 + RESERVED +CVE-2016-15020 + RESERVED +CVE-2015-10057 + RESERVED +CVE-2015-10056 + RESERVED +CVE-2015-10055 + RESERVED +CVE-2015-10054 + RESERVED +CVE-2015-10053 + RESERVED +CVE-2014-125080 + RESERVED +CVE-2013-10012 + RESERVED +CVE-2010-10005 + RESERVED CVE-2023-23596 RESERVED CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) @@ -18,38 +48,38 @@ CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository alfio NOT-FOR-US: Alf.io CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify prior t ...) NOT-FOR-US: Publify -CVE-2022-4889 - RESERVED +CVE-2022-4889 (A vulnerability classified as critical was found in visegripped Strack ...) + TODO: check CVE-2018-25075 RESERVED -CVE-2016-15019 - RESERVED -CVE-2016-15018 - RESERVED -CVE-2015-10052 - RESERVED -CVE-2015-10051 - RESERVED -CVE-2015-10050 - RESERVED -CVE-2015-10049 - RESERVED -CVE-2015-10048 - RESERVED -CVE-2015-10047 - RESERVED -CVE-2015-10046 - RESERVED -CVE-2015-10045 - RESERVED -CVE-2015-10044 - RESERVED -CVE-2014-125079 - RESERVED -CVE-2014-125078 - RESERVED -CVE-2014-125077 - RESERVED +CVE-2016-15019 (A vulnerability was found in tombh jekbox. It has been rated as proble ...) + TODO: check +CVE-2016-15018 (A vulnerability was found in krail-jpa up to 0.9.1. It has been classi ...) + TODO: check +CVE-2015-10052 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2015-10051 (A vulnerability, which was classified as critical, has been found in b ...) + TODO: check +CVE-2015-10050 (A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. ...) + TODO: check +CVE-2015-10049 (A vulnerability was found in Overdrive Eletrnica course-builder ...) + TODO: check +CVE-2015-10048 (A vulnerability was found in bmattoso desafio_buzz_woody. It has been ...) + TODO: check +CVE-2015-10047 (A vulnerability was found in KYUUBl school-register. It has been class ...) + TODO: check +CVE-2015-10046 (A vulnerability has been found in lolfeedback and classified as critic ...) + TODO: check +CVE-2015-10045 (A vulnerability, which was classified as critical, was found in tutran ...) + TODO: check +CVE-2015-10044 (A vulnerability classified as critical was found in gophergala sqldump ...) + TODO: check +CVE-2014-125079 (A vulnerability was found in agy pontifex.http. It has been declared a ...) + TODO: check +CVE-2014-125078 (A vulnerability was found in yanheven console and classified as proble ...) + TODO: check +CVE-2014-125077 (A vulnerability, which was classified as critical, has been found in p ...) + TODO: check CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers ...) TODO: check CVE-2023-0298 (Improper Authorization in GitHub repository firefly-iii/firefly-iii pr ...) @@ -23085,6 +23115,7 @@ CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally onl NOTE: whereeas CVE-2022-42920 is associated with bcel itself. TODO: check with the assigning CNAs which one to retain if confirmed to be handled as duplicate and move CVE-2022-34169 to Apache Xalan Java XSLT use of BCEL only. CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...) + {DLA-3271-1} - node-minimatch 3.0.5+~3.0.5-1 [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1 NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/154f219e3d79dadb21bf27e106371879107157a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/154f219e3d79dadb21bf27e106371879107157a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2023-0288 as no-dsa for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b6df140f by Thorsten Alteholz at 2023-01-15T19:30:00+01:00 mark CVE-2023-0288 as no-dsa for Buster - - - - - ba7f9ec7 by Thorsten Alteholz at 2023-01-15T19:41:59+01:00 add libzen - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -90,6 +90,7 @@ CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n TODO: check CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim + [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3 NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189) CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...) = data/dla-needed.txt = @@ -144,6 +144,9 @@ libsdl2 libstb NOTE: 2022: Programming language: C. -- +libzen (Thorsten Alteholz) + NOTE: 20230115: Programming language: C. +-- linux (Ben Hutchings) NOTE: 20230111: Programming language: C -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ded3f861462fb95836476553788cf326befd1ed3...ba7f9ec7fc5731b34e23ff8f35e35e4286a03e79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ded3f861462fb95836476553788cf326befd1ed3...ba7f9ec7fc5731b34e23ff8f35e35e4286a03e79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVEs of freeradius as no-dsa for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fa84c288 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00 mark CVEs of freeradius as no-dsa for Buster - - - - - c9893585 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00 add tor - - - - - b5eecb13 by Thorsten Alteholz at 2023-01-15T19:05:19+01:00 mark CVE-2023-22895 as no-dsa for Buster - - - - - 6b225caa by Thorsten Alteholz at 2023-01-15T19:05:20+01:00 mark temporary issue for kodi as no-dsa - - - - - ded3f861 by Thorsten Alteholz at 2023-01-15T19:05:22+01:00 mark CVE-2022-4743 as no-dsa for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1839,6 +1839,7 @@ CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated CVE-2023- [kodi: VideoPlayerCodec: Stop dividing by zero] - kodi 2:20.0~rc2+dfsg-2 [bullseye] - kodi (Minor issue) + [buster] - kodi (Minor issue) NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73 NOTE: https://github.com/xbmc/xbmc/issues/22378 NOTE: https://github.com/xbmc/xbmc/pull/22391 @@ -1869,6 +1870,7 @@ CVE-2023-22896 CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...) - rust-bzip2 [bullseye] - rust-bzip2 (Minor issue) + [buster] - rust-bzip2 (Minor issue) NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) CVE-2023-22894 @@ -4472,6 +4474,7 @@ CVE-2022-4744 RESERVED CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...) - libsdl2 2.26.0+dfsg-1 + [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290 NOTE: https://github.com/libsdl-org/SDL/pull/6269 NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1) @@ -25933,12 +25936,14 @@ CVE-2022-41861 [freeradius: Crash on invalid abinary data] RESERVED - freeradius 3.2.0+dfsg-1 [bullseye] - freeradius (Minor issue) + [buster] - freeradius (Minor issue) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26) NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data") CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM] RESERVED - freeradius 3.2.0+dfsg-1 [bullseye] - freeradius (Minor issue) + [buster] - freeradius (Minor issue) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26) NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM") CVE-2022-41859 = data/dla-needed.txt = @@ -334,6 +334,9 @@ tiff (Sylvain Beucler) tinymce NOTE: 20221227: Programming language: PHP. -- +tor (Thorsten Alteholz) + NOTE: 20220115: Programming language: C. +-- trafficserver NOTE: 20220905: Programming language: C. NOTE: 20221024: WIP, big changeset in security fix (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3271-1 for node-minimatch
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f8b040c by Guilhem Moulin at 2023-01-15T16:20:33+01:00 Reserve DLA-3271-1 for node-minimatch - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -23083,7 +23083,6 @@ CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally onl CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...) - node-minimatch 3.0.5+~3.0.5-1 [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1 - [buster] - node-minimatch (Minor issue) NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5) NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Jan 2023] DLA-3271-1 node-minimatch - security update + {CVE-2022-3517} + [buster] - node-minimatch 3.0.4-3+deb10u1 [15 Jan 2023] DLA-3270-1 net-snmp - security update {CVE-2022-44792 CVE-2022-44793} [buster] - net-snmp 5.7.3+dfsg-5+deb10u4 = data/dla-needed.txt = @@ -180,10 +180,6 @@ node-got NOTE: 2022: Follow fixes from bullseye 11.4 (Beuc/front-desk) NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby). -- -node-minimatch (guilhem) - NOTE: 20230105: Programming language: JavaScript. - NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) --- node-moment (Utkarsh) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-38533/binutils via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad495517 by Salvatore Bonaccorso at 2023-01-15T16:03:23+01:00 Track fixed version for CVE-2022-38533/binutils via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34614,7 +34614,7 @@ CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote co CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) NOT-FOR-US: TOTOLINK CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...) - - binutils (unimportant) + - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 NOTE: binutils not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad495517620ed3eb5e6465bfb0fe41bc0e3b4d64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad495517620ed3eb5e6465bfb0fe41bc0e3b4d64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2022-4285/binutils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e16694a2 by Salvatore Bonaccorso at 2023-01-15T16:01:25+01:00 Add fixed version via unstable for CVE-2022-4285/binutils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10325,7 +10325,7 @@ CVE-2022-4286 RESERVED CVE-2022-4285 RESERVED - - binutils (unimportant) + - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 NOTE: binutils not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e16694a284082778e019244a717d0dc2f8a7b3c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e16694a284082778e019244a717d0dc2f8a7b3c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: claim lemonldap-ng in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 14c44648 by Guilhem Moulin at 2023-01-15T14:58:03+01:00 LTS: claim lemonldap-ng in dla-needed.txt - - - - - 5049f1e5 by Guilhem Moulin at 2023-01-15T15:20:25+01:00 CVE-2022-3517: Add links to follow commits. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -23086,6 +23086,8 @@ CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw all [buster] - node-minimatch (Minor issue) NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5) + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/e4cd43462340ca6b21212b68c9e314d8cdd9861a CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...) = data/dla-needed.txt = @@ -114,7 +114,7 @@ lava NOTE: 20221127: Programming language: Python. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/lava.git -- -lemonldap-ng +lemonldap-ng (guilhem) NOTE: 20230105: Programming language: Perl. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19...5049f1e53b1a478457ca724da99c8e898de0e6e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19...5049f1e53b1a478457ca724da99c8e898de0e6e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Re-claim node-moment from Guilhem
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cbb3ed7 by Utkarsh Gupta at 2023-01-15T19:27:13+05:30 Re-claim node-moment from Guilhem - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -184,7 +184,7 @@ node-minimatch (guilhem) NOTE: 20230105: Programming language: JavaScript. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- -node-moment (guilhem) +node-moment (Utkarsh) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb3ed70075cc1bf5dfa94e2c0d2347f89fee19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-33621/ruby3.1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03f22cb3 by Salvatore Bonaccorso at 2023-01-15T14:33:50+01:00 Track fixed version for CVE-2021-33621/ruby3.1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -120141,7 +120141,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3. - singularity-container 3.9.5+ds1-2 (bug #990201) NOTE: https://support.sylabs.io/support/solutions/articles/4287130-3-5-8-security-release-cve-2021-33622- CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...) - - ruby3.1 (bug #1024799) + - ruby3.1 3.1.2-4 (bug #1024799) - ruby3.0 (bug #1024800) - ruby2.7 [bullseye] - ruby2.7 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f22cb343143c3725db83bade43fd2a2c60328a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f22cb343143c3725db83bade43fd2a2c60328a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6eb1486c by security tracker role at 2023-01-15T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2023-23596 + RESERVED +CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) + TODO: check +CVE-2023-23594 + RESERVED +CVE-2023-23593 + RESERVED +CVE-2023-23592 + RESERVED +CVE-2023-23591 + RESERVED +CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) + TODO: check CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/a ...) NOT-FOR-US: Alf.io CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-even ...) @@ -36,8 +50,8 @@ CVE-2014-125078 RESERVED CVE-2014-125077 RESERVED -CVE-2023-23590 - RESERVED +CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers ...) + TODO: check CVE-2023-0298 (Improper Authorization in GitHub repository firefly-iii/firefly-iii pr ...) TODO: check CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...) @@ -52,8 +66,8 @@ CVE-2023-0293 (The Mediamatic Media Library Folders plugin for WordPress NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress CVE-2017-20169 (A vulnerability, which was classified as critical, has been found in G ...) NOT-FOR-US: ToN-MasterServer -CVE-2015-10043 - RESERVED +CVE-2015-10043 (A vulnerability, which was classified as critical, was found in abreen ...) + TODO: check CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: Dovgalyuk AIBattle CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) @@ -1816,8 +1830,8 @@ CVE-2023-0146 RESERVED CVE-2023-0145 RESERVED -CVE-2017-20167 - RESERVED +CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...) + TODO: check CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and classified ...) NOT-FOR-US: fabarea media_upload CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated as crit ...) @@ -2210,8 +2224,8 @@ CVE-2015-10022 (A vulnerability was found in IISH nlgis2. It has been declared a NOT-FOR-US: IISH nlgis2 CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been classified ...) NOT-FOR-US: ritterim -CVE-2015-10020 - RESERVED +CVE-2015-10020 (A vulnerability has been found in ssn2013 cis450Project and classified ...) + TODO: check CVE-2015-10019 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MySimplifiedSQL CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified as critic ...) @@ -15244,12 +15258,14 @@ CVE-2022-44795 (An issue was discovered in Object First 1.0.7.712. A flaw was fo CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management protocol ...) NOT-FOR-US: Object First CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...) + {DLA-3270-1} - net-snmp 5.9.3+dfsg-2 (bug #1024020) [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/475 NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f NOTE: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP ...) + {DLA-3270-1} - net-snmp 5.9.3+dfsg-2 (bug #1024020) [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/474 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb1486cbcedb1e1829e5cc0488e30b4c80acc43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb1486cbcedb1e1829e5cc0488e30b4c80acc43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits