[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0597/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d7a94e3 by Salvatore Bonaccorso at 2023-02-02T07:48:52+01:00 Add CVE-2023-0597/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -400,6 +400,8 @@ CVE-2023-0598 RESERVED CVE-2023-0597 RESERVED + - linux + NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1) CVE-2023-0596 RESERVED CVE-2023-0595 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7a94e3c6f25f0520c6baded765ed7b6337ef53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7a94e3c6f25f0520c6baded765ed7b6337ef53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0615/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3efad38 by Salvatore Bonaccorso at 2023-02-02T07:44:42+01:00 Add CVE-2023-0615/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52,6 +52,8 @@ CVE-2023-0616 RESERVED CVE-2023-0615 RESERVED + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166287 CVE-2023-0614 RESERVED CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3efad385c6468f112a5666e3546d64510485092 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3efad385c6468f112a5666e3546d64510485092 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark a series of src:redis CVEs as ignored in both buster and stretch to match bullseye.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: afd383c3 by Chris Lamb at 2023-02-01T12:24:23-08:00 Mark a series of src:redis CVEs as ignored in both buster and stretch to match bullseye. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45755,7 +45755,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.8-1 [bullseye] - redis (Minor issue; requires authed user) - [buster] - redis (Minor issue) + [buster] - redis (Minor issue; requires authed user) NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8) CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) NOT-FOR-US: GitOps Tools Extension for VSCode @@ -78091,16 +78091,16 @@ CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to v [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) - [buster] - redis (Minor issue) - [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) + [buster] - redis (Minor issue; requires authed user; problematic to backport patch) + [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...) [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) - [buster] - redis (Minor issue) - [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) + [buster] - redis (Minor issue; requires authed user; problematic to backport patch) + [stretch] - redis (Minor issue; requires authed user; problematic to backport patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd383c3c0ed65d80407e394213cdf4fe7a8a7ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd383c3c0ed65d80407e394213cdf4fe7a8a7ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-47016 as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a6927d5 by Salvatore Bonaccorso at 2023-02-01T21:20:35+01:00 Mark CVE-2022-47016 as unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12608,11 +12608,11 @@ CVE-2022-47018 CVE-2022-47017 RESERVED CVE-2022-47016 (A null pointer dereference issue was discovered in function window_pan ...) - - tmux - [bullseye] - tmux (Minor issue) + - tmux (unimportant) NOTE: https://github.com/tmux/tmux/issues/3312 NOTE: https://github.com/tmux/tmux/issues/3447 NOTE: https://github.com/tmux/tmux/commit/e86752820993a00e3d28350cbe46878ba95d9012 + NOTE: Negligible security impact CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of S ...) TODO: check CVE-2022-47014 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6927d5f6538011426af7ddf80c68805021d1d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6927d5f6538011426af7ddf80c68805021d1d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95b09bc6 by security tracker role at 2023-02-01T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,72 @@ -CVE-2023-24997 +CVE-2023-25000 RESERVED - NOT-FOR-US: Apache InLong -CVE-2023-24977 +CVE-2023-24999 + RESERVED +CVE-2023-24998 + RESERVED +CVE-2023-24996 + RESERVED +CVE-2023-24995 + RESERVED +CVE-2023-24994 + RESERVED +CVE-2023-24993 + RESERVED +CVE-2023-24992 + RESERVED +CVE-2023-24991 + RESERVED +CVE-2023-24990 + RESERVED +CVE-2023-24989 + RESERVED +CVE-2023-24988 + RESERVED +CVE-2023-24987 + RESERVED +CVE-2023-24986 + RESERVED +CVE-2023-24985 + RESERVED +CVE-2023-24984 + RESERVED +CVE-2023-24983 + RESERVED +CVE-2023-24982 + RESERVED +CVE-2023-24981 RESERVED +CVE-2023-24980 + RESERVED +CVE-2023-24979 + RESERVED +CVE-2023-24978 + RESERVED +CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...) + TODO: check +CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...) + TODO: check +CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) + TODO: check +CVE-2023-0616 + RESERVED +CVE-2023-0615 + RESERVED +CVE-2023-0614 + RESERVED +CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) + TODO: check +CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...) + TODO: check +CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) + TODO: check +CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) + TODO: check +CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...) NOT-FOR-US: Apache InLong CVE-2023-24976 RESERVED @@ -837,8 +901,8 @@ CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWik NOT-FOR-US: MediaWiki PdfBook extension CVE-2023-24611 RESERVED -CVE-2023-24610 - RESERVED +CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...) + TODO: check CVE-2023-24609 RESERVED CVE-2023-24608 @@ -2616,8 +2680,8 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/51a30d7b406af95c4143560d9753cf0b6d2151f5 (v2.9.6) NOTE: Issue relates to CVE-2022-39956 but considered independent change to ModSecurity (C NOTE: language) codebase. -CVE-2023-23969 - RESERVED +CVE-2023-23969 (In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...) + {DLA-3306-1} - python-django 3:3.2.17-1 (bug #1030251) NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) @@ -3413,8 +3477,8 @@ CVE-2023-23694 RESERVED CVE-2023-23693 RESERVED -CVE-2023-23692 - RESERVED +CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection ...) + TODO: check CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...) NOT-FOR-US: EMC CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...) @@ -3970,12 +4034,12 @@ CVE-2023-23557 RESERVED CVE-2023-23556 RESERVED -CVE-2023-23555 - RESERVED +CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...) + TODO: check CVE-2023-23553 RESERVED -CVE-2023-23552 - RESERVED +CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...) + TODO: check CVE-2023-23551 RESERVED CVE-2023-23543 @@ -4080,40 +4144,40 @@ CVE-2023-23494 RESERVED CVE-2023-23493 RESERVED -CVE-2023-22842 - RESERVED -CVE-2023-22839 - RESERVED -CVE-2023-22664 - RESERVED -CVE-2023-22657 - RESERVED -CVE-2023-22422 - RESERVED -CVE-2023-22418 - RESERVED -CVE-2023-22374 - RESERVED -CVE-2023-22358 - RESERVED -CVE-2023-22341 - RESERVED -CVE-2023-22340 - RESERVED -CVE-2023-22326 - RESERVED -CVE-2023-22323 - RESERVED -CVE-2023-22302 - RESERVED +CVE-2023-22842 (On
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove redis.git reference; canonical repo is https://salsa.debian.org/lamby/pkg-redis.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 81ed9068 by Chris Lamb at 2023-02-01T11:32:03-08:00 Remove redis.git reference; canonical repo is https://salsa.debian.org/lamby/pkg-redis. - - - - - ef0d90ee by Chris Lamb at 2023-02-01T11:34:06-08:00 Triage CVE-2022-35977 in redis for buster LTS. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -45692,6 +45692,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.8-1 [bullseye] - redis (Minor issue; requires authed user) + [buster] - redis (Minor issue) NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8) CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) NOT-FOR-US: GitOps Tools Extension for VSCode = data/dla-needed.txt = @@ -233,10 +233,6 @@ rainloop NOTE: 20220913: also there's an unofficial one for CVE-2022-29360; NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk) -- -redis (Chris Lamb) - NOTE: 20230130: Programming language: C - NOTE: 20230130: VCS: https://salsa.debian.org/lts-team/packages/redis.git --- ring NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/696a72962fd90820a00c7c36aae166c54e26416e...ef0d90eedaba475705b2f7b5507269f39210e91a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/696a72962fd90820a00c7c36aae166c54e26416e...ef0d90eedaba475705b2f7b5507269f39210e91a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark a series of redis vulnerabilities as 'ignored'; they all require an...
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 696a7296 by Chris Lamb at 2023-02-01T11:27:55-08:00 Mark a series of redis vulnerabilities as ignored; they all require an elevated (and possibly raw TCP-) level of access. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45691,7 +45691,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0) CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.8-1 - [bullseye] - redis (Minor issue) + [bullseye] - redis (Minor issue; requires authed user) NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8) CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) NOT-FOR-US: GitOps Tools Extension for VSCode @@ -78026,7 +78026,7 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical c CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...) [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 - [bullseye] - redis (Minor issue) + [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) [buster] - redis (Minor issue) [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 @@ -78034,7 +78034,7 @@ CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to v CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...) [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 - [bullseye] - redis (Minor issue) + [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) [buster] - redis (Minor issue) [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696a72962fd90820a00c7c36aae166c54e26416e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696a72962fd90820a00c7c36aae166c54e26416e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3306-1 for python-django
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c354e79 by Chris Lamb at 2023-02-01T10:42:58-08:00 Reserve DLA-3306-1 for python-django - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[01 Feb 2023] DLA-3306-1 python-django - security update + {CVE-2023-23969} + [buster] - python-django 1:1.11.29-1+deb10u6 [31 Jan 2023] DLA-3305-1 libstb - security update {CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042} [buster] - libstb 0.0~git20180212.15.e6afb9c-1+deb10u1 = data/dla-needed.txt = @@ -198,8 +198,6 @@ protobuf puppet-module-puppetlabs-mysql NOTE: 20221107: Programming language: Puppet, Ruby. -- -python-django (Chris Lamb) --- python-oslo.privsep NOTE: 20221231: Programming language: Python. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c354e798f6384c7ee39bcd45d85a17a16e35065 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c354e798f6384c7ee39bcd45d85a17a16e35065 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openjdk-17,cinder,nova,glance DSAs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ddfadbc4 by Moritz Mühlenhoff at 2023-02-01T19:23:47+01:00 openjdk-17,cinder,nova,glance DSAs - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -36094,7 +36094,6 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.17+8-1 [buster] - openjdk-11 (Minor issue, fix along with next CPU) - openjdk-17 17.0.5+8-1 - [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...) NOT-FOR-US: GLPI plugin CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...) @@ -95440,7 +95439,6 @@ CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.17+8-1 [buster] - openjdk-11 (Minor issue, fix along with next CPU) - openjdk-17 17.0.5+8-1 - [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR @@ -95457,7 +95455,6 @@ CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.17+8-1 [buster] - openjdk-11 (Minor issue, fix along with next CPU) - openjdk-17 17.0.5+8-1 - [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...) @@ -95474,10 +95471,8 @@ CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.17+8-1 [buster] - openjdk-11 (Minor issue, fix along with next CPU) - openjdk-17 17.0.5+8-1 - [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-17 17.0.5+8-1 - [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) = data/DSA/list = @@ -1,3 +1,15 @@ +[01 Feb 2023] DSA-5338-1 cinder - security update + {CVE-2022-47951} + [bullseye] - cinder 2:17.0.1-1+deb11u1 +[01 Feb 2023] DSA-5337-1 nova - security update + {CVE-2022-47951} + [bullseye] - nova 2:22.0.1-2+deb11u1 +[01 Feb 2023] DSA-5336-1 glance - security update + {CVE-2022-47951} + [bullseye] - glance 2:21.0.0-2+deb11u1 +[01 Feb 2023] DSA-5335-1 openjdk-17 - security update + {CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843} + [bullseye] - openjdk-17 17.0.6+10-1~deb11u1 [29 Jan 2023] DSA-5334-1 varnish - security update {CVE-2022-45060} [bullseye] - varnish 6.5.1-1+deb11u3 = data/dsa-needed.txt = @@ -11,13 +11,9 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -cinder (jmm) -- frr -- -glance (jmm) --- jupyter-core Maintainer asked for availability to prepare updates -- @@ -32,13 +28,9 @@ linux (carnil) netatalk open regression with MacOS, tentative patch not yet merged upstream -- -nova (jmm) --- multipath-tools Tobias Frost proposed a potential update to be reviewed, maintainer asked to review changes -- -openjdk-17 (jmm) --- php-cas -- php-horde-mime-viewer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2022-3560/pesign
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4aaac69 by Salvatore Bonaccorso at 2023-02-01T18:12:42+01:00 Add additional reference for CVE-2022-3560/pesign - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26783,6 +26783,7 @@ CVE-2022-3560 RESERVED - pesign (bug #1030168) NOTE: https://www.openwall.com/lists/oss-security/2023/01/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/2 NOTE: https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998 (116) CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...) - exim4 4.96-4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4aaac690b97ce26a2eba1dca7a503b382e5bf57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4aaac690b97ce26a2eba1dca7a503b382e5bf57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-13990 as no-dsa for bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0df1bef5 by Salvatore Bonaccorso at 2023-02-01T18:09:02+01:00 Mark CVE-2019-13990 as no-dsa for bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -257729,6 +257729,7 @@ CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attac NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3 CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...) - libquartz-java 1:1.8.6-8 (bug #933169) + [bullseye] - libquartz-java (Minor issue) [buster] - libquartz-java (Minor issue) [stretch] - libquartz-java (Minor issue) [jessie] - libquartz-java (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df1bef52a81565ca4799bad87186511bd74b333 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df1bef52a81565ca4799bad87186511bd74b333 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Django fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c02f4e47 by Moritz Muehlenhoff at 2023-02-01T17:55:08+01:00 Django fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2618,7 +2618,7 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart NOTE: language) codebase. CVE-2023-23969 RESERVED - - python-django (bug #1030251) + - python-django 3:3.2.17-1 (bug #1030251) NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) CVE-2023-23968 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02f4e472a03ed50e3b38b77ecdf576b2b133e06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02f4e472a03ed50e3b38b77ecdf576b2b133e06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFus
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 729057f5 by Moritz Muehlenhoff at 2023-02-01T17:29:17+01:00 NFus - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,7 +45,7 @@ CVE-2023-24958 CVE-2023-24957 RESERVED CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Forget Heart Message Box CVE-2023-24955 RESERVED CVE-2023-24954 @@ -267,11 +267,11 @@ CVE-2023-22440 CVE-2023-22276 RESERVED CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...) - TODO: check + - ampache CVE-2023-0605 RESERVED CVE-2023-0604 @@ -341,11 +341,11 @@ CVE-2023-0595 CVE-2023-0594 RESERVED CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...) - TODO: check + NOT-FOR-US: ProjectSendyaffshiv CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...) - TODO: check + NOT-FOR-US: jefferson JFFS tool CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...) - TODO: check + NOT-FOR-US: UBI reader CVE-2023-0590 RESERVED - linux 6.0.6-1 @@ -370,7 +370,7 @@ CVE-2023-0586 CVE-2023-0585 RESERVED CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...) - TODO: check + NOT-FOR-US: SiteFusion CVE-2023-24831 RESERVED CVE-2023-24828 @@ -1064,7 +1064,7 @@ CVE-2023-22311 CVE-2023-0525 RESERVED CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...) - TODO: check + NOT-FOR-US: Tenable CVE-2023-0523 RESERVED CVE-2023-0522 @@ -1471,7 +1471,7 @@ CVE-2023-0456 CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...) NOT-FOR-US: unilogies/bumsys CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) - TODO: check + NOT-FOR-US: OrangeScrum CVE-2023-0453 RESERVED CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...) @@ -1957,7 +1957,7 @@ CVE-2023-24243 CVE-2023-24242 RESERVED CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Forget Heart Message Box CVE-2023-24240 RESERVED CVE-2023-24239 @@ -2113,9 +2113,9 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /go CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) NOT-FOR-US: Tenda CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...) - TODO: check + NOT-FOR-US: Dromara hutool CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...) - TODO: check + NOT-FOR-US: Dromara hutool CVE-2023-24161 RESERVED CVE-2023-24160 @@ -2702,7 +2702,7 @@ CVE-2023-23930 CVE-2023-23929 RESERVED CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...) - TODO: check + NOT-FOR-US: reason-jose CVE-2023-23927 RESERVED CVE-2023-23926 @@ -7606,7 +7606,7 @@ CVE-2022-48163 CVE-2022-48162 RESERVED CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...) - TODO: check + NOT-FOR-US: Easy Images CVE-2022-48160 RESERVED CVE-2022-48159 @@ -8985,7 +8985,7 @@ CVE-2022-47875 CVE-2022-47874 RESERVED CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...) - TODO: check + NOT-FOR-US: Netcad KEOS CVE-2022-47872 RESERVED CVE-2022-47871 @@ -9191,11 +9191,11 @@ CVE-2022-47772 CVE-2022-47771 RESERVED CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...) NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2023-0341 in editorconfig-core for buster LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 05ecf8ae by Chris Lamb at 2023-02-01T08:05:23-08:00 Triage CVE-2023-0341 in editorconfig-core for buster LTS. - - - - - 0433f650 by Chris Lamb at 2023-02-01T08:05:45-08:00 Triage CVE-2022-40152 in libwoodstox-java for buster LTS. - - - - - 8df4ca80 by Chris Lamb at 2023-02-01T08:06:12-08:00 Triage CVE-2022-47021 in opusfile for buster LTS. - - - - - 5bc2df27 by Chris Lamb at 2023-02-01T08:06:32-08:00 Triage CVE-2023-22745 in tpm2-tss for buster LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3359,6 +3359,7 @@ CVE-2023-0342 CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) - editorconfig-core 0.12.6-0.1 [bullseye] - editorconfig-core (Minor issue) + [buster] - editorconfig-core (Minor issue) NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87 NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e CVE-2023-0340 @@ -6342,6 +6343,7 @@ CVE-2023-22746 CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...) - tpm2-tss (bug #1029369) [bullseye] - tpm2-tss (Minor issue) + [buster] - tpm2-tss (Minor issue) NOTE: Fixed by: https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 CVE-2023-22744 @@ -12530,6 +12532,7 @@ CVE-2022-47022 CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...) - opusfile (bug #1030049) [bullseye] - opusfile (Minor issue) + [buster] - opusfile (Minor issue) NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 NOTE: https://github.com/xiph/opusfile/issues/36 CVE-2022-47020 @@ -34338,6 +34341,7 @@ CVE-2022-40153 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...) - libwoodstox-java [bullseye] - libwoodstox-java (Minor issue) + [buster] - libwoodstox-java (Minor issue) NOTE: https://github.com/x-stream/xstream/issues/304 NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bd28ff8022a5fb5abaff5730ebcd15daa3db46a...5bc2df27660c1d1350fb6f5bc775f13472f9567c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Add bug for python-django/CVE-2023-23969
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: b47c6145 by Chris Lamb at 2023-02-01T07:58:06-08:00 Add bug for python-django/CVE-2023-23969 - - - - - f88b5e4e by Chris Lamb at 2023-02-01T07:59:25-08:00 data/dla-needed.txt: Triage python-django for buster LTS (CVE-2023-23969) - - - - - 6bd28ff8 by Chris Lamb at 2023-02-01T07:59:32-08:00 data/dla-needed.txt: Claim python-django. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -2618,7 +2618,7 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart NOTE: language) codebase. CVE-2023-23969 RESERVED - - python-django + - python-django (bug #1030251) NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) CVE-2023-23968 = data/dla-needed.txt = @@ -198,6 +198,8 @@ protobuf puppet-module-puppetlabs-mysql NOTE: 20221107: Programming language: Puppet, Ruby. -- +python-django (Chris Lamb) +-- python-oslo.privsep NOTE: 20221231: Programming language: Python. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bab85f5446c4b1993b909de30f6b61d12d6...6bd28ff8022a5fb5abaff5730ebcd15daa3db46a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bab85f5446c4b1993b909de30f6b61d12d6...6bd28ff8022a5fb5abaff5730ebcd15daa3db46a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-23969/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6bab85f5 by Salvatore Bonaccorso at 2023-02-01T16:06:55+01:00 Add CVE-2023-23969/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2618,6 +2618,9 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart NOTE: language) codebase. CVE-2023-23969 RESERVED + - python-django + NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 + NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) CVE-2023-23968 RESERVED CVE-2023-23967 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bab85f5446c4b1993b909de30f6b61d12d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bab85f5446c4b1993b909de30f6b61d12d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-24997 + RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24977 RESERVED NOT-FOR-US: Apache InLong View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Documented a few fixed CVEs in vorbis-tools for Wheezy.
Petter Reinholdtsen pushed to branch master at Debian Security Tracker / security-tracker Commits: 93b93c5b by Petter Reinholdtsen at 2023-02-01T09:24:26+01:00 Documented a few fixed CVEs in vorbis-tools for Wheezy. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -440512,6 +440512,7 @@ CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vo {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (bug #797461) [jessie] - vorbis-tools 1.4.0-6+deb8u1 + [wheezy] - vorbis-tools 1.4.0-1+deb7u1 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2015/08/29/1 NOTE: https://trac.xiph.org/ticket/2212 CVE-2015-6741 @@ -456912,6 +456913,7 @@ CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a d {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (unimportant; bug #776086) [jessie] - vorbis-tools 1.4.0-6+deb8u1 + [wheezy] - vorbis-tools 1.4.0-1+deb7u1 - opus-tools 0.1.10-1 (unimportant; bug #780160) NOTE: https://trac.xiph.org/ticket/2137 NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e @@ -456932,6 +456934,7 @@ CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-6 (bug #771363) [squeeze] - vorbis-tools (Minor issue) + [wheezy] - vorbis-tools 1.4.0-1+deb7u1 NOTE: https://trac.xiph.org/ticket/2009 NOTE: Upstream fix: https://trac.xiph.org/changeset/19117 CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in R ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b93c5b6bb15ba3ab002b9c5d36c17807b5571d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b93c5b6bb15ba3ab002b9c5d36c17807b5571d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-4382/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a99c4c2e by Salvatore Bonaccorso at 2023-02-01T09:51:11+01:00 Update information for CVE-2022-4382/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13086,8 +13086,9 @@ CVE-2022-4384 CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...) - - linux + - linux 6.1.8-1 NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1 + NOTE: https://git.kernel.org/linus/d18dcfe9860e842f394e37ba01ca9440ab2178f4 (6.2-rc5) CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4380 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99c4c2e56b154fcb5eed88dac9ec0b385e96ead -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99c4c2e56b154fcb5eed88dac9ec0b385e96ead You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-25147 and CVE-2022-24963
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 503fcb1e by Salvatore Bonaccorso at 2023-02-01T09:36:56+01:00 Update information for CVE-2022-25147 and CVE-2022-24963 Thanks: Stefan Fritsch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76715,8 +76715,9 @@ CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior t CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...) NOT-FOR-US: Corda CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64 functions o ...) - - apr + - apr-util NOTE: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 + NOTE: http://svn.apache.org/r1904728 CVE-2022-0610 (Inappropriate implementation in Gamepad API in Google Chrome prior to ...) {DSA-5079-1} - chromium 98.0.4758.102-1 @@ -77294,6 +77295,7 @@ CVE-2022-24964 CVE-2022-24963 (Integer Overflow or Wraparound vulnerability in apr_encode functions o ...) - apr NOTE: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 + NOTE: http://svn.apache.org/r1904675 CVE-2022-24962 RESERVED CVE-2022-0568 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503fcb1e1297e1d7b4046f5be4b794bb60f24eed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503fcb1e1297e1d7b4046f5be4b794bb60f24eed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Documented a few fixed CVEs in vorbis-tools for Wheezy."
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: ac2e0fd3 by Emilio Pozuelo Monfort at 2023-02-01T09:34:06+01:00 Revert Documented a few fixed CVEs in vorbis-tools for Wheezy. Its already marked as fixed in DLA-1010-1, so theres no need to reference it in CVE/list again. Besides, the syntax is wrong and breaks the tracker. This reverts commit 93b93c5b6bb15ba3ab002b9c5d36c17807b5571d. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -440512,7 +440512,6 @@ CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vo {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (bug #797461) [jessie] - vorbis-tools 1.4.0-6+deb8u1 - [wheezy] - vorbis-tools 1.4.0-1+deb7u1 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2015/08/29/1 NOTE: https://trac.xiph.org/ticket/2212 CVE-2015-6741 @@ -456913,7 +456912,6 @@ CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a d {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (unimportant; bug #776086) [jessie] - vorbis-tools 1.4.0-6+deb8u1 - [wheezy] - vorbis-tools 1.4.0-1+deb7u1 - opus-tools 0.1.10-1 (unimportant; bug #780160) NOTE: https://trac.xiph.org/ticket/2137 NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e @@ -456934,7 +456932,6 @@ CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-6 (bug #771363) [squeeze] - vorbis-tools (Minor issue) - [wheezy] - vorbis-tools 1.4.0-1+deb7u1 NOTE: https://trac.xiph.org/ticket/2009 NOTE: Upstream fix: https://trac.xiph.org/changeset/19117 CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in R ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac2e0fd3db02b0b1a8529876ac6c0c70a878dd19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac2e0fd3db02b0b1a8529876ac6c0c70a878dd19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 93b93c5b6bb15ba3ab002b9c5d36c17807b5571d failed
The error message was: error: unknown package note 'Minor issue' make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7a0cead by Salvatore Bonaccorso at 2023-02-01T09:21:27+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,7 @@ CVE-2023-24833 CVE-2023-24832 RESERVED CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2023-0586 RESERVED CVE-2023-0585 @@ -18446,7 +18446,7 @@ CVE-2022-45104 CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) NOT-FOR-US: Dell CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...) - TODO: check + NOT-FOR-US: EMC CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...) TODO: check CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a0cead354f0993dcba27b699c629db1e53f102 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a0cead354f0993dcba27b699c629db1e53f102 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2023-24977 RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24976 RESERVED CVE-2023-24975 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added two references for the CVE-2013-2238 issue in freeswitch.
Petter Reinholdtsen pushed to branch master at Debian Security Tracker / security-tracker Commits: f2c27106 by Petter Reinholdtsen at 2023-02-01T09:12:12+01:00 Added two references for the CVE-2013-2238 issue in freeswitch. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -498473,6 +498473,8 @@ CVE-2013-2239 (vzkernel before 042stab080.2 in the OpenVZ modification for the L - linux (openvz flavour no longer included after Squeeze) CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...) - freeswitch (bug #389591) + NOTE: https://www.openwall.com/lists/oss-security/2013/07/01/11 + NOTE: https://github.com/signalwire/freeswitch/commit/c2c8fba14a0352dfeecf31a0f818d83f83a93a85 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...) {DSA-2766-1 DSA-2745-1} - linux-2.6 (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2c27106f0c5a95b3d23cdcc4baa059daf1ba915 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2c27106f0c5a95b3d23cdcc4baa059daf1ba915 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b64ece5 by security tracker role at 2023-02-01T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,283 @@ +CVE-2023-24977 + RESERVED +CVE-2023-24976 + RESERVED +CVE-2023-24975 + RESERVED +CVE-2023-24974 + RESERVED +CVE-2023-24973 + RESERVED +CVE-2023-24972 + RESERVED +CVE-2023-24971 + RESERVED +CVE-2023-24970 + RESERVED +CVE-2023-24969 + RESERVED +CVE-2023-24968 + RESERVED +CVE-2023-24967 + RESERVED +CVE-2023-24966 + RESERVED +CVE-2023-24965 + RESERVED +CVE-2023-24964 + RESERVED +CVE-2023-24963 + RESERVED +CVE-2023-24962 + RESERVED +CVE-2023-24961 + RESERVED +CVE-2023-24960 + RESERVED +CVE-2023-24959 + RESERVED +CVE-2023-24958 + RESERVED +CVE-2023-24957 + RESERVED +CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) + TODO: check +CVE-2023-24955 + RESERVED +CVE-2023-24954 + RESERVED +CVE-2023-24953 + RESERVED +CVE-2023-24952 + RESERVED +CVE-2023-24951 + RESERVED +CVE-2023-24950 + RESERVED +CVE-2023-24949 + RESERVED +CVE-2023-24948 + RESERVED +CVE-2023-24947 + RESERVED +CVE-2023-24946 + RESERVED +CVE-2023-24945 + RESERVED +CVE-2023-24944 + RESERVED +CVE-2023-24943 + RESERVED +CVE-2023-24942 + RESERVED +CVE-2023-24941 + RESERVED +CVE-2023-24940 + RESERVED +CVE-2023-24939 + RESERVED +CVE-2023-24938 + RESERVED +CVE-2023-24937 + RESERVED +CVE-2023-24936 + RESERVED +CVE-2023-24935 + RESERVED +CVE-2023-24934 + RESERVED +CVE-2023-24933 + RESERVED +CVE-2023-24932 + RESERVED +CVE-2023-24931 + RESERVED +CVE-2023-24930 + RESERVED +CVE-2023-24929 + RESERVED +CVE-2023-24928 + RESERVED +CVE-2023-24927 + RESERVED +CVE-2023-24926 + RESERVED +CVE-2023-24925 + RESERVED +CVE-2023-24924 + RESERVED +CVE-2023-24923 + RESERVED +CVE-2023-24922 + RESERVED +CVE-2023-24921 + RESERVED +CVE-2023-24920 + RESERVED +CVE-2023-24919 + RESERVED +CVE-2023-24918 + RESERVED +CVE-2023-24917 + RESERVED +CVE-2023-24916 + RESERVED +CVE-2023-24915 + RESERVED +CVE-2023-24914 + RESERVED +CVE-2023-24913 + RESERVED +CVE-2023-24912 + RESERVED +CVE-2023-24911 + RESERVED +CVE-2023-24910 + RESERVED +CVE-2023-24909 + RESERVED +CVE-2023-24908 + RESERVED +CVE-2023-24907 + RESERVED +CVE-2023-24906 + RESERVED +CVE-2023-24905 + RESERVED +CVE-2023-24904 + RESERVED +CVE-2023-24903 + RESERVED +CVE-2023-24902 + RESERVED +CVE-2023-24901 + RESERVED +CVE-2023-24900 + RESERVED +CVE-2023-24899 + RESERVED +CVE-2023-24898 + RESERVED +CVE-2023-24897 + RESERVED +CVE-2023-24896 + RESERVED +CVE-2023-24895 + RESERVED +CVE-2023-24894 + RESERVED +CVE-2023-24893 + RESERVED +CVE-2023-24892 + RESERVED +CVE-2023-24891 + RESERVED +CVE-2023-24890 + RESERVED +CVE-2023-24889 + RESERVED +CVE-2023-24888 + RESERVED +CVE-2023-24887 + RESERVED +CVE-2023-24886 + RESERVED +CVE-2023-24885 + RESERVED +CVE-2023-24884 + RESERVED +CVE-2023-24883 + RESERVED +CVE-2023-24882 + RESERVED +CVE-2023-24881 + RESERVED +CVE-2023-24880 + RESERVED +CVE-2023-24879 + RESERVED +CVE-2023-24878 + RESERVED +CVE-2023-24877 + RESERVED +CVE-2023-24876 + RESERVED +CVE-2023-24875 + RESERVED +CVE-2023-24874 + RESERVED +CVE-2023-24873 + RESERVED +CVE-2023-24872 + RESERVED +CVE-2023-24871 + RESERVED +CVE-2023-24870 + RESERVED +CVE-2023-24869 + RESERVED +CVE-2023-24868 + RESERVED +CVE-2023-24867 + RESERVED +CVE-2023-24866 + RESERVED +CVE-2023-24865 + RESERVED +CVE-2023-24864 + RESERVED +CVE-2023-24863 + RESERVED +CVE-2023-24862 + RESERVED +CVE-2023-24861 + RESERVED +CVE-2023-24860 + RESERVED +CVE-2023-24859 + RESERVED +CVE-2023-24858 + RESERVED +CVE-2023-24857 + RESERVED +CVE-2023-24856 + RESERVED +CVE-2023-24016 + RESERVED +CVE-2023-23910 + RESERVED +CVE-2023-23909 + RESERVED +CVE-2023-23569 + RESERVED +CVE-2023-22447 + RESERVED +CVE-2023-22446 + RESERVED +CVE-2023-22443 + RESERVED +CVE-2023-22442 + RESERVED +CVE-2023-22440 + RESERVED +CVE-2023-22276 + RESERVED +CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) + TODO: check +CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) +