[Git][security-tracker-team/security-tracker][master] Add CVE-2023-27635/debian-goodies
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b017dc4a by Salvatore Bonaccorso at 2023-03-06T05:51:15+01:00 Add CVE-2023-27635/debian-goodies - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-27635 + - debian-goodies (bug #1031267) + [bullseye] - debian-goodies (Minor issue; user prompted before execution) CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...) TODO: check CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b017dc4ab23e0abb3fb721134905597efa2cfbf3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b017dc4ab23e0abb3fb721134905597efa2cfbf3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e0bd85f by Salvatore Bonaccorso at 2023-03-05T21:16:48+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...) TODO: check CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...) - TODO: check + NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2008-10004 RESERVED CVE-2023-27634 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0bd85f6d3c1faaf451f05b9f17c516dda5e8c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0bd85f6d3c1faaf451f05b9f17c516dda5e8c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e1075e0 by security tracker role at 2023-03-05T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository
icret/easyima ...)
+ TODO: check
+CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center
Patient ...)
+ TODO: check
+CVE-2023-1179 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2008-10004
+ RESERVED
CVE-2023-27634
RESERVED
CVE-2023-27633
@@ -210,8 +218,8 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c
(v9.0.1376)
CVE-2023-1169
RESERVED
-CVE-2015-10089
- RESERVED
+CVE-2015-10089 (A vulnerability classified as problematic has been found in
flame.js. ...)
+ TODO: check
CVE-2023-1168
RESERVED
CVE-2023-1167
@@ -6203,24 +6211,29 @@ CVE-2023-25365
CVE-2023-25364
RESERVED
CVE-2023-25363 (A use-after-free vulnerability in
WebCore::RenderLayer::updateDescenda ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=242684
CVE-2023-25362 (A use-after-free vulnerability in
WebCore::RenderLayer::repaintBlockSe ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=244802
CVE-2023-25361 (A use-after-free vulnerability in
WebCore::RenderLayer::setNextSibling ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=244249
CVE-2023-25360 (A use-after-free vulnerability in
WebCore::RenderLayer::renderer in We ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=242686
CVE-2023-25359
RESERVED
CVE-2023-25358 (A use-after-free vulnerability in
WebCore::RenderLayer::addChild in We ...)
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683
@@ -45774,7 +45787,7 @@ CVE-2022-38727
CVE-2022-38726
RESERVED
CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity
syslog-ng 3. ...)
- {DLA-3348-1}
+ {DSA-5369-1 DLA-3348-1}
- syslog-ng 3.38.1-1
NOTE:
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110
@@ -115682,6 +115695,7 @@ CVE-2021-40243
CVE-2021-40242
RESERVED
CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
+ {DLA-3353-1}
- xfig 1:3.2.8a-1 (unimportant; bug #992395)
[bullseye] - xfig 1:3.2.8-3+deb11u1
NOTE: https://sourceforge.net/p/mcj/tickets/136/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1075e0f7aa0bf6e300bf70994287fd5d076396
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1075e0f7aa0bf6e300bf70994287fd5d076396
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new set of webkit2gtk issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
874845fb by Salvatore Bonaccorso at 2023-03-05T20:40:23+01:00
Add new set of webkit2gtk issues
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -6203,17 +6203,27 @@ CVE-2023-25365
CVE-2023-25364
RESERVED
CVE-2023-25363 (A use-after-free vulnerability in
WebCore::RenderLayer::updateDescenda ...)
- TODO: check
+ - webkit2gtk 2.38.0-1
+ - wpewebkit 2.38.0-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=242684
CVE-2023-25362 (A use-after-free vulnerability in
WebCore::RenderLayer::repaintBlockSe ...)
- TODO: check
+ - webkit2gtk 2.38.0-1
+ - wpewebkit 2.38.0-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=244802
CVE-2023-25361 (A use-after-free vulnerability in
WebCore::RenderLayer::setNextSibling ...)
- TODO: check
+ - webkit2gtk 2.38.0-1
+ - wpewebkit 2.38.0-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=244249
CVE-2023-25360 (A use-after-free vulnerability in
WebCore::RenderLayer::renderer in We ...)
- TODO: check
+ - webkit2gtk 2.38.0-1
+ - wpewebkit 2.38.0-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=242686
CVE-2023-25359
RESERVED
CVE-2023-25358 (A use-after-free vulnerability in
WebCore::RenderLayer::addChild in We ...)
- TODO: check
+ - webkit2gtk 2.38.0-1
+ - wpewebkit 2.38.0-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683
CVE-2023-25357
RESERVED
CVE-2023-25356
=
data/DLA/list
=
@@ -683,7 +683,7 @@
{CVE-2020-25708 CVE-2020-29260}
[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u5
[29 Sep 2022] DLA-3124-1 webkit2gtk - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863
CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[buster] - webkit2gtk 2.38.0-1~deb10u1
[27 Sep 2022] DLA-3123-1 thunderbird - security update
{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958
CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
=
data/DSA/list
=
@@ -386,10 +386,10 @@
{CVE-2022-29599}
[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
[28 Sep 2022] DSA-5241-1 wpewebkit - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863
CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - wpewebkit 2.38.0-1~deb11u1
[28 Sep 2022] DSA-5240-1 webkit2gtk - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863
CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - webkit2gtk 2.38.0-1~deb11u1
[27 Sep 2022] DSA-5239-1 gdal - security update
{CVE-2021-45943}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/874845fb52cd250c6541f6b64ffad2c6c26e2bc1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/874845fb52cd250c6541f6b64ffad2c6c26e2bc1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] syslog-ng DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98519993 by Moritz Mühlenhoff at 2023-03-05T20:19:47+01:00
syslog-ng DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[05 Mar 2023] DSA-5369-1 syslog-ng - security update
+ {CVE-2022-38725}
+ [bullseye] - syslog-ng 3.28.1-2+deb11u1
[03 Mar 2023] DSA-5368-1 libreswan - security update
{CVE-2023-23009}
[bullseye] - libreswan 4.3-1+deb11u3
=
data/dsa-needed.txt
=
@@ -55,9 +55,6 @@ samba
sofia-sip
Maintainer proposed debdiff for review with additional question and sent a
followup
--
-syslog-ng
- Guilhem Moulin proposed bullseye-security update for review
---
xrdp
needs some additional clarification, tentatively DSA worthy
maybe upgrade to 0.9.21 within bullseye?
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98519993da8d1df9d9aa4ed9a99318fcbff14055
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98519993da8d1df9d9aa4ed9a99318fcbff14055
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: give imagemagick to Bastien
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab9f1289 by Adrian Bunk at 2023-03-05T19:47:27+02:00 dla: give imagemagick to Bastien - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -96,7 +96,7 @@ golang-yaml.v2 NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't). -- -imagemagick (Adrian Bunk) +imagemagick (Bastien Roucariès) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git NOTE: 20220904: Should be synced with Stretch. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9f1289e0de81258cdd49ea132fdbd9bf28538a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9f1289e0de81258cdd49ea132fdbd9bf28538a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for two CVEs for linux fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e522c038 by Salvatore Bonaccorso at 2023-03-05T17:09:38+01:00 Track fixed version for two CVEs for linux fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2624,7 +2624,7 @@ CVE-2015-10087 CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...) NOT-FOR-US: OpenCycleCompass CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...) - - linux + - linux 6.1.15-1 NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2) CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in ...) - linux (unimportant) @@ -57780,7 +57780,7 @@ CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion CVE-2022-2197 (By using a specific credential string, an attacker with network access ...) NOT-FOR-US: Exemys CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...) - - linux + - linux 6.1.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 CVE-2022-2195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e522c038778540961de77c2d243206cf9ece2406 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e522c038778540961de77c2d243206cf9ece2406 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: data/config.json: Add codename entries for forky
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23412668 by Salvatore Bonaccorso at 2023-03-05T13:58:47+01:00
data/config.json: Add codename entries for forky
Signed-off-by: Salvatore Bonaccorso car...@debian.org
- - - - -
e9ceb9c7 by Salvatore Bonaccorso at 2023-03-05T14:17:52+01:00
distributions.json: Add forky
Signed-off-by: Salvatore Bonaccorso car...@debian.org
- - - - -
7ee5e16c by Salvatore Bonaccorso at 2023-03-05T13:23:26+00:00
Merge branch initial-forky-support into master
Add codename entries for forky
See merge request security-tracker-team/security-tracker!128
- - - - -
2 changed files:
- data/config.json
- static/distributions.json
Changes:
=
data/config.json
=
@@ -121,6 +121,17 @@
]
}
},
+"forky": {
+ "members": {
+"supported": [
+ "forky",
+ "forky-security"
+],
+"optional": [
+ "forky-proposed-updates"
+]
+ }
+},
"sid": {
"members": {
"supported": [
=
static/distributions.json
=
@@ -34,6 +34,11 @@
"support": "none",
"contact": ""
},
+ "forky": {
+"major-version": "14",
+"support": "none",
+"contact": ""
+ },
"sid": {
"major-version": "",
"support": "none",
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/103a56e7920fcb0238aedce78e5c0c4269c5828e...7ee5e16c35567bfc978885528a3c95541cf4250a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/103a56e7920fcb0238aedce78e5c0c4269c5828e...7ee5e16c35567bfc978885528a3c95541cf4250a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-27560/phpseclib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 103a56e7 by Salvatore Bonaccorso at 2023-03-05T11:11:23+01:00 Add Debian bug reference for CVE-2023-27560/phpseclib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -239,7 +239,7 @@ CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...) NOT-FOR-US: cfire24 ajaxlife CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...) - - php-phpseclib3 + - php-phpseclib3 (bug #1032371) NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0) NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440 CVE-2023-27559 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103a56e7920fcb0238aedce78e5c0c4269c5828e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103a56e7920fcb0238aedce78e5c0c4269c5828e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3353-1 for xfig
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a06b1e53 by Anton Gladky at 2023-03-05T11:08:21+01:00
Reserve DLA-3353-1 for xfig
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Mar 2023] DLA-3353-1 xfig - security update
+ {CVE-2021-40241}
+ [buster] - xfig 1:3.2.7a-3+deb10u1
[04 Mar 2023] DLA-3352-1 libde265 - security update
{CVE-2023-24751 CVE-2023-24752 CVE-2023-24754 CVE-2023-24755
CVE-2023-24756 CVE-2023-24757 CVE-2023-24758 CVE-2023-25221}
[buster] - libde265 1.0.11-0+deb10u4
=
data/dla-needed.txt
=
@@ -333,13 +333,6 @@ wordpress (guilhem)
NOTE: 20230302: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html
NOTE: 20230302: buster is 6 CVEs behind bullseye (Beuc/front-desk)
--
-xfig (gladk)
- NOTE: 20230105: Programming language: C.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
- NOTE: 20230206: VCS: https://salsa.debian.org/debian/xfig
- NOTE: 20230213: ddCommunication with the maintainer.
- NOTE: 20230226: CVE-2021-4024 is prepared by maintainer.
---
xrdp (Dominik George)
NOTE: 20221225: Programming language: C.
NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a06b1e53448ac233c51c63409f7d8551d42b3245
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a06b1e53448ac233c51c63409f7d8551d42b3245
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b62ddb44 by Salvatore Bonaccorso at 2023-03-05T11:00:19+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -293,7 +293,7 @@ CVE-2023-1162 (A vulnerability, which was classified as critical, was found in D CVE-2023-1161 RESERVED CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository ...) - TODO: check + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-1159 RESERVED CVE-2023-1158 @@ -305,11 +305,11 @@ CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCode CVE-2021-4328 (A vulnerability has been found in CMS and clas ...) TODO: check CVE-2020-36665 (A vulnerability was found in Artesos SEOTools up to 0.17.1 and c ...) - TODO: check + NOT-FOR-US: artesaos SEOTools CVE-2020-36664 (A vulnerability has been found in Artesos SEOTools up to 0.17.1 ...) - TODO: check + NOT-FOR-US: artesaos SEOTools CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...) - TODO: check + NOT-FOR-US: artesaos SEOTools CVE-2023-27539 RESERVED CVE-2023-27538 @@ -2089,9 +2089,9 @@ CVE-2023-26782 CVE-2023-26781 RESERVED CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. ...) - TODO: check + NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which ...) - TODO: check + NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-26778 RESERVED CVE-2023-26777 @@ -2811,7 +2811,7 @@ CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL d CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...) TODO: check CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...) - TODO: check + NOT-FOR-US: mailcow CVE-2023-26489 RESERVED CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62ddb4448d39f5397a96ad2ac97bf7994c55d3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62ddb4448d39f5397a96ad2ac97bf7994c55d3b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Mark CVE-2009-4228 as not-affected"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d672ae42 by Salvatore Bonaccorso at 2023-03-05T10:47:41+01:00 Revert Mark CVE-2009-4228 as not-affected This reverts commit 4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7. Having newer versions in the archive is not a valid reason for not-affected. We either continue to err on the safe side and keep something as unfixed or pinpoint a fix. In this case it is mostly irrelevant as the issue is unimportant. - - - - - 28f6fd92 by Salvatore Bonaccorso at 2023-03-05T10:50:32+01:00 Add CVE assignment reference to distinquish CVE-2009-4228 from CVE-2009-4227 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -558863,7 +558863,8 @@ CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.d ...) NOT-FOR-US: PestPatrol CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...) - - xfig (all available versions in archive are newer, than 3.2.5b) + - xfig (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2009/12/08/5 CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in f_r ...) - xfig 1:3.2.5.b-1 (low; bug #559274) [lenny] - xfig (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7...28f6fd92bee9730c9d0c36a68da93ae2c75d9c8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7...28f6fd92bee9730c9d0c36a68da93ae2c75d9c8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2009-4228 as not-affected
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4ad5997f by Anton Gladky at 2023-03-05T10:43:14+01:00 Mark CVE-2009-4228 as not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -558863,7 +558863,7 @@ CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.d ...) NOT-FOR-US: PestPatrol CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...) - - xfig (unimportant) + - xfig (all available versions in archive are newer, than 3.2.5b) CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in f_r ...) - xfig 1:3.2.5.b-1 (low; bug #559274) [lenny] - xfig (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track golang-github-tidwall-gjson fixes via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9012022 by Salvatore Bonaccorso at 2023-03-05T10:25:50+01:00 Track golang-github-tidwall-gjson fixes via experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107618,6 +107618,7 @@ CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does no CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...) NOT-FOR-US: Talend Data Catalog CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) + [experimental] - golang-github-tidwall-gjson 1.14.4-1 - golang-github-tidwall-gjson (bug #1000225) [bullseye] - golang-github-tidwall-gjson (Minor issue) [buster] - golang-github-tidwall-gjson (Limited support, minor issue, follow bullseye DSAs/point-releases) @@ -110444,6 +110445,7 @@ CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Super CVE-2021-42249 RESERVED CVE-2021-42248 (GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON i ...) + [experimental] - golang-github-tidwall-gjson 1.14.4-1 - golang-github-tidwall-gjson (bug #1011616) [bullseye] - golang-github-tidwall-gjson (Minor issue) [buster] - golang-github-tidwall-gjson (Limited support, minor issue, follow bullseye DSAs/point-releases) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9012022af19f6c7b7cced0b30f5e5f13d5b5222 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9012022af19f6c7b7cced0b30f5e5f13d5b5222 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-23538/singularity-container
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5771044 by Salvatore Bonaccorso at 2023-03-05T10:23:44+01:00 Track fixed version for CVE-2022-23538/singularity-container - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -90122,7 +90122,7 @@ CVE-2022-23540 (In versions `=8.5.1` of `jsonwebtoken` library, lack of algo CVE-2022-23539 (Versions `=8.5.1` of `jsonwebtoken` library could be misconfigured ...) NOT-FOR-US: jsonwebtoken node module CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Singular ...) - - singularity-container + - singularity-container 3.11.0+ds1-1 NOTE: https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 NOTE: https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa TODO: check details, might as well affect golang-github-apptainer-container-library-client View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57710443977d4d56e8d906e055457dda5f48949 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57710443977d4d56e8d906e055457dda5f48949 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d1f0b96 by Salvatore Bonaccorso at 2023-03-05T09:38:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -231,13 +231,13 @@ CVE-2015-10088 (A vulnerability, which was classified as critical, was found in NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046 NOTE: https://sourceforge.net/p/ayttm/mailman/message/34397158/ CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992. It has b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It has b ...) - TODO: check + NOT-FOR-US: iGamingModules flashgames CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...) - TODO: check + NOT-FOR-US: cfire24 ajaxlife CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...) - php-phpseclib3 NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1f0b96d4993114c2a86991d1ddd19c0aff4be8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1f0b96d4993114c2a86991d1ddd19c0aff4be8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2015-10088/ayttm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78364cdd by Salvatore Bonaccorso at 2023-03-05T09:37:32+01:00 Add CVE-2015-10088/ayttm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -227,7 +227,9 @@ CVE-2022-4927 CVE-2021-4329 RESERVED CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...) - TODO: check + - ayttm + NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046 + NOTE: https://sourceforge.net/p/ayttm/mailman/message/34397158/ CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and ...) TODO: check CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992. It has b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78364cdd96893d433f6ffd9e9de8594e6ff9344f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78364cdd96893d433f6ffd9e9de8594e6ff9344f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00a96368 by security tracker role at 2023-03-05T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2023-27634 + RESERVED +CVE-2023-27633 + RESERVED +CVE-2023-27632 + RESERVED +CVE-2023-27631 + RESERVED +CVE-2023-27630 + RESERVED +CVE-2023-27629 + RESERVED +CVE-2023-27628 + RESERVED +CVE-2023-27627 + RESERVED +CVE-2023-27626 + RESERVED +CVE-2023-27625 + RESERVED +CVE-2023-27624 + RESERVED +CVE-2023-27623 + RESERVED +CVE-2023-27622 + RESERVED +CVE-2023-27621 + RESERVED +CVE-2023-27620 + RESERVED +CVE-2023-27619 + RESERVED +CVE-2023-27618 + RESERVED +CVE-2023-27617 + RESERVED +CVE-2023-27616 + RESERVED +CVE-2023-27615 + RESERVED +CVE-2023-27614 + RESERVED +CVE-2023-27613 + RESERVED +CVE-2023-27612 + RESERVED +CVE-2023-27611 + RESERVED +CVE-2023-27610 + RESERVED +CVE-2023-27609 + RESERVED +CVE-2023-27608 + RESERVED +CVE-2023-27607 + RESERVED +CVE-2023-27606 + RESERVED +CVE-2023-27605 + RESERVED +CVE-2023-1178 + RESERVED CVE-2023-27604 RESERVED CVE-2023-27603 @@ -164,16 +226,16 @@ CVE-2022-4927 RESERVED CVE-2021-4329 RESERVED -CVE-2015-10088 - RESERVED -CVE-2014-125091 - RESERVED -CVE-2014-125090 - RESERVED -CVE-2008-10003 - RESERVED -CVE-2008-10002 - RESERVED +CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...) + TODO: check +CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and ...) + TODO: check +CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992. It has b ...) + TODO: check +CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It has b ...) + TODO: check +CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...) + TODO: check CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...) - php-phpseclib3 NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0) @@ -240,8 +302,8 @@ CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCode NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2021-4328 (A vulnerability has been found in CMS and clas ...) TODO: check -CVE-2020-36665 - RESERVED +CVE-2020-36665 (A vulnerability was found in Artesos SEOTools up to 0.17.1 and c ...) + TODO: check CVE-2020-36664 (A vulnerability has been found in Artesos SEOTools up to 0.17.1 ...) TODO: check CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a963682f41d0179946bdff2420b1397d1e406c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a963682f41d0179946bdff2420b1397d1e406c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
