[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: ea5ad6b5 by Anton Gladky at 2023-03-20T06:28:06+01:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Anton Gladky gl...@debian.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ duktape (Thorsten Alteholz, maintainer) NOTE: 20230311: Programming language: C. NOTE: 20230311: Maintainer notes: Maintainer prepares o-o-s updates. -- -emacs (Adrian Bunk) +emacs NOTE: 20230223: Programming language: Lisp. NOTE: 20230223: VCS: https://salsa.debian.org/lts-team/packages/emacs.git NOTE: 20230228: Waiting for confirmation that CVE-2022-48337 regression @@ -58,7 +58,7 @@ erlang NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used. -- -firmware-nonfree (tobi) +firmware-nonfree NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. NOTE: 20221204: Coming soon in the first week of December. (apo) NOTE: 20221211: Programming language: Binary blob @@ -133,7 +133,7 @@ man2html NOTE: 20230226: I would prefer to fix it instead of ignoring. (gladk) NOTE: 20230226: It looks like upstream is dead. Patch needs to be written. (gladk) -- -mariadb-10.3 (Emilio) +mariadb-10.3 NOTE: 20230225: Programming language: C. NOTE: 20230225: VCS: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster NOTE: 20230225: Testsuite: https://lists.debian.org/debian-lts/2019/07/msg00049.html @@ -145,7 +145,7 @@ netatalk NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. (gladk) -- -nheko (Dominik George) +nheko NOTE: 20230101: Programming language: C++. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git -- @@ -217,7 +217,7 @@ python-oslo.privsep NOTE: 20221231: Programming language: Python. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git -- -python3.7 (Adrian Bunk) +python3.7 NOTE: 20230220: Programming language: Python. NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git NOTE: 20230220: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html @@ -270,7 +270,7 @@ ruby-rails-html-sanitizer NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh) -- -runc (Sylvain Beucler) +runc NOTE: 20220905: Programming language: Go. NOTE: 20220905: Special attention: Sync with Bullseye. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/runc.git @@ -297,11 +297,11 @@ sox (Helmut Grohne) NOTE: 20230313: Programming language: C. NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/sox.git -- -sssd (Dominik George) +sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- -systemd (Adrian Bunk) +systemd NOTE: 20230304: Programming language: C. NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git NOTE: 20230304: Special attention: High popcon! Used almost by all systems!. @@ -321,12 +321,12 @@ trafficserver NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same fix as CVE-2022-31778 (marked as to be ignored), but no proof on that… NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6. -- -wordpress (guilhem) +wordpress NOTE: 20230302: Programming language: PHP. NOTE: 20230302: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html NOTE: 20230302: buster is 6 CVEs behind bullseye (Beuc/front-desk) -- -xrdp (Dominik George) +xrdp NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git NOTE: 20230117: Fixed 6 out 10 CVEs. Testing (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea5ad6b559a41d46891e4000a20edf8a9597c43f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea5ad6b559a41d46891e4000a20edf8a9597c43f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 10 commits: CVE-2022-41649,openimageio: Link to fixing commit
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d00da44c by Markus Koschany at 2023-03-19T23:43:52+01:00 CVE-2022-41649,openimageio: Link to fixing commit - - - - - 0b8e81cb by Markus Koschany at 2023-03-19T23:43:53+01:00 CVE-2022-41684,openimageio: Link to fixing commit - - - - - 3c7270da by Markus Koschany at 2023-03-19T23:43:54+01:00 CVE-2022-41794,openimageio: Link to fixing commit - - - - - 6dece549 by Markus Koschany at 2023-03-19T23:43:56+01:00 CVE-2022-41837,openimageio: Link to fixing commit - - - - - 88c8703d by Markus Koschany at 2023-03-19T23:43:57+01:00 CVE-2022-41838,CVE-2022-41999,openimageio: Link to fixing commits - - - - - 83ae7f51 by Markus Koschany at 2023-03-19T23:43:58+01:00 CVE-2022-38143,openimageio: Buster is not affected The vulnerable code was introduced later - - - - - 2e12246c by Markus Koschany at 2023-03-19T23:43:59+01:00 CVE-2022-43592,openimageio: Link to pull request - - - - - 22e314ce by Markus Koschany at 2023-03-19T23:44:01+01:00 CVE-2022-43594,openimageio: Link to pull request - - - - - d1bd600f by Markus Koschany at 2023-03-19T23:44:02+01:00 CVE-2022-43595,openimageio: Link to pull request - - - - - 2b466f30 by Markus Koschany at 2023-03-19T23:44:03+01:00 CVE-2022-43596,CVE-2022-43597,CVE-2022-43598,CVE-2022-43599,CVE-2022-43600 CVE-2022-43601,CVE-2022-43602,openimageio: Link to pull request - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35990,33 +35990,42 @@ CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput:: CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 + NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 + NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 + NOTE: https://github.com/OpenImageIO/oiio/pull/3672 CVE-2022-43591 (A buffer overflow vulnerability exists in the QML QtScript Reflect API ...) - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant) - qtdeclarative-opensource-src (unimportant) @@ -39205,6 +39214,7 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile - openimageio 2.4.7.1+dfsg-2 (bug #1027808) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635 NOTE:
[Git][security-tracker-team/security-tracker][master] Add new set of tcpreplay issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0662ffd7 by Salvatore Bonaccorso at 2023-03-19T22:21:41+01:00 Add new set of tcpreplay issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2774,19 +2774,29 @@ CVE-2023-27791 CVE-2023-27790 RESERVED CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/784 + NOTE: https://github.com/appneta/tcpreplay/pull/783 CVE-2023-27788 (An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/786 CVE-2023-27787 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/788 CVE-2023-27786 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/782 + NOTE: https://github.com/appneta/tcpreplay/pull/783 CVE-2023-27785 (An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker t ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/785 CVE-2023-27784 (An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/787 CVE-2023-27783 (An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacke ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/780 + NOTE: https://github.com/appneta/tcpreplay/pull/781 CVE-2023-27782 RESERVED CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in the opti ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0662ffd7d93f4164e16e3ea6c36b2b85846df96b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0662ffd7d93f4164e16e3ea6c36b2b85846df96b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c79722a by Salvatore Bonaccorso at 2023-03-19T21:38:06+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,7 @@ CVE-2023-1499 CVE-2023-1498 RESERVED CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) - TODO: check + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...) TODO: check CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c79722a245446f268c42c101b8adf03362b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c79722a245446f268c42c101b8adf03362b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96ed296b by security tracker role at 2023-03-19T20:10:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2023-1501 + RESERVED +CVE-2023-1500 + RESERVED +CVE-2023-1499 + RESERVED +CVE-2023-1498 + RESERVED +CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) + TODO: check +CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...) + TODO: check CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) - org-mode [bullseye] - org-mode (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96ed296b8f1c8d4a57d32318bb0588d989f71aef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96ed296b8f1c8d4a57d32318bb0588d989f71aef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-28617 as no-dsa for bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2488ae6 by Salvatore Bonaccorso at 2023-03-19T20:54:23+01:00 Mark CVE-2023-28617 as no-dsa for bullseye Thanks: Sebastien Delafond for the confirmation - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,8 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) - org-mode + [bullseye] - org-mode (Minor issue) - emacs + [bullseye] - emacs (Minor issue) NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2488ae6733f35462699786ef447ccc265c07682 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2488ae6733f35462699786ef447ccc265c07682 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-46877/jackson-databind
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45c60176 by Salvatore Bonaccorso at 2023-03-19T20:52:25+01:00 Add CVE-2021-46877/jackson-databind - - - - - f54f0a81 by Salvatore Bonaccorso at 2023-03-19T20:53:05+01:00 Mark CVE-2021-46877 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,12 @@ CVE-2022-4933 CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) NOT-FOR-US: ONLYOFFICE CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...) - TODO: check + - jackson-databind 2.13.2.2-1 + [bullseye] - jackson-databind (Minor issue) + NOTE: https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw + NOTE: https://github.com/FasterXML/jackson-databind/issues/3328 + NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6) + NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-3.13.1) CVE-2015-10096 RESERVED CVE-2023-28608 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2982d466f97d41e1dde8b1e5b79f3468763182d...f54f0a812dc091c1459471c2f5b203324bc01945 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2982d466f97d41e1dde8b1e5b79f3468763182d...f54f0a812dc091c1459471c2f5b203324bc01945 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2982d46 by Salvatore Bonaccorso at 2023-03-19T20:51:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,11 +19,11 @@ CVE-2023-28611 CVE-2023-28610 RESERVED CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...) - TODO: check + NOT-FOR-US: Ansible Semaphore CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to 3.2. ...) - TODO: check + NOT-FOR-US: Rebuild CVE-2023-1494 (A vulnerability classified as critical has been found in IBOS 4.5.5. A ...) - TODO: check + NOT-FOR-US: IBOS CVE-2023-1493 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1492 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) @@ -33,19 +33,19 @@ CVE-2023-1491 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. CVE-2023-1490 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and c ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1489 (A vulnerability has been found in Lespeed WiseCleaner Wise System Moni ...) - TODO: check + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1488 (A vulnerability, which was classified as problematic, was found in Les ...) - TODO: check + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1487 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed WiseCle ...) - TODO: check + NOT-FOR-US: Lespeed WiseCleaner Wise Force Deleter CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2022-4933 RESERVED CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) - TODO: check + NOT-FOR-US: ONLYOFFICE CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...) TODO: check CVE-2015-10096 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2982d466f97d41e1dde8b1e5b79f3468763182d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2982d466f97d41e1dde8b1e5b79f3468763182d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Demote liblouis issues to unimportant severity
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 602724ea by Salvatore Bonaccorso at 2023-03-19T17:52:44+01:00 Demote liblouis issues to unimportant severity - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5236,22 +5236,25 @@ CVE-2023-26771 CVE-2023-26770 RESERVED CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...) - - liblouis (bug #1033202) + - liblouis (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/pull/1300 NOTE: https://github.com/liblouis/liblouis/commit/d45430431f8c75941f863328eb3f7fc09f902b2e (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/6f39e88745e8ec602ccc46042c305a6188f28b0a (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/9f6cec9b63c1d9396fcc32fed77267a2815b648f (v3.25.0) + NOTE: Negligible security impact in debugging tool CVE-2023-26768 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - - liblouis (bug #1033202) + - liblouis (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/issues/1301 NOTE: https://github.com/liblouis/liblouis/pull/1302 NOTE: https://github.com/liblouis/liblouis/commit/565ac66ec0c187ffb442226487de3db376702958 (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/47822bb418fb77564c159469e3be79989b11aced (v3.25.0) + NOTE: Negligible security impact CVE-2023-26767 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - - liblouis (bug #1033202) + - liblouis (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/issues/1292 NOTE: https://github.com/liblouis/liblouis/pull/1297 NOTE: https://github.com/liblouis/liblouis/commit/f432de31058b5a94874d47405216d07910c18a9a (v3.25.0) + NOTE: Negligible security impact CVE-2023-26766 RESERVED CVE-2023-26765 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602724eac6146f5b224cf235f3d9990a41f2e67c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602724eac6146f5b224cf235f3d9990a41f2e67c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for liblouis issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8afa573 by Salvatore Bonaccorso at 2023-03-19T17:13:57+01:00 Add Debian bug reference for liblouis issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5236,19 +5236,19 @@ CVE-2023-26771 CVE-2023-26770 RESERVED CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...) - - liblouis + - liblouis (bug #1033202) NOTE: https://github.com/liblouis/liblouis/pull/1300 NOTE: https://github.com/liblouis/liblouis/commit/d45430431f8c75941f863328eb3f7fc09f902b2e (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/6f39e88745e8ec602ccc46042c305a6188f28b0a (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/9f6cec9b63c1d9396fcc32fed77267a2815b648f (v3.25.0) CVE-2023-26768 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - - liblouis + - liblouis (bug #1033202) NOTE: https://github.com/liblouis/liblouis/issues/1301 NOTE: https://github.com/liblouis/liblouis/pull/1302 NOTE: https://github.com/liblouis/liblouis/commit/565ac66ec0c187ffb442226487de3db376702958 (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/47822bb418fb77564c159469e3be79989b11aced (v3.25.0) CVE-2023-26767 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - - liblouis + - liblouis (bug #1033202) NOTE: https://github.com/liblouis/liblouis/issues/1292 NOTE: https://github.com/liblouis/liblouis/pull/1297 NOTE: https://github.com/liblouis/liblouis/commit/f432de31058b5a94874d47405216d07910c18a9a (v3.25.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8afa5738eb247eefb8e447b3a13445b2385d2a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8afa5738eb247eefb8e447b3a13445b2385d2a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for linux issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd36fb3e by Salvatore Bonaccorso at 2023-03-19T15:55:16+01:00 Track fixed version for linux issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -531,7 +531,7 @@ CVE-2019-25127 CVE-2019-25126 RESERVED CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...) - - linux + - linux 6.1.20-1 [bullseye] - linux (Minor issue; CONFIG_TLS not enabled in Debian) [buster] - linux (Minor issue; CONFIG_TLS not enabled in Debian) NOTE: https://git.kernel.org/linus/49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 @@ -3777,7 +3777,7 @@ CVE-2023-1120 CVE-2023-1119 RESERVED CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...) - - linux + - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17 NOTE: https://www.openwall.com/lists/oss-security/2023/03/02/1 CVE-2023-1117 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -4143,7 +4143,7 @@ CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/run - mattermost-server (bug #823556) CVE-2023-1079 RESERVED - - linux + - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4 CVE-2023-1078 @@ -4152,12 +4152,12 @@ CVE-2023-1078 NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d CVE-2023-1077 RESERVED - - linux + - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97 NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7 CVE-2023-1076 RESERVED - - linux + - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5 @@ -5722,7 +5722,7 @@ CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/fr - froxlor (bug #581792) CVE-2023-1032 RESERVED - - linux + - linux 6.1.20-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/2 @@ -10282,7 +10282,7 @@ CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) NOT-FOR-US: TYPO3 extension CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) - - linux + - linux 6.1.20-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dce...@diag.uniroma1.it/ CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd36fb3ee97810e880e2bac2e45b92c9289276ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd36fb3ee97810e880e2bac2e45b92c9289276ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-28617/{org-mode,emacs}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e2d7da3 by Salvatore Bonaccorso at 2023-03-19T15:11:17+01:00 Add CVE-2023-28617/{org-mode,emacs} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,9 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) - TODO: check + - org-mode + - emacs + NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e + NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 + NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 CVE-2023-28616 RESERVED CVE-2023-28615 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2d7da3736ebccc140e3968e2039ecec57b2f27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2d7da3736ebccc140e3968e2039ecec57b2f27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-22799/ruby-globalid via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31ef187f by Salvatore Bonaccorso at 2023-03-19T14:31:37+01:00 Add fixed version for CVE-2023-22799/ruby-globalid via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16872,7 +16872,7 @@ CVE-2023-22801 CVE-2023-22800 RESERVED CVE-2023-22799 (A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could ...) - - ruby-globalid (bug #1029851) + - ruby-globalid 0.6.0-2 (bug #1029851) [bullseye] - ruby-globalid (Minor issue) [buster] - ruby-globalid (Minor issue) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31ef187f34010a154039dbd364a3f6f7728ac3c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31ef187f34010a154039dbd364a3f6f7728ac3c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 081b6a95 by Salvatore Bonaccorso at 2023-03-19T09:22:29+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,13 +21,13 @@ CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to CVE-2023-1494 (A vulnerability classified as critical has been found in IBOS 4.5.5. A ...) TODO: check CVE-2023-1493 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) - TODO: check + NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1492 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) - TODO: check + NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1491 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) - TODO: check + NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1490 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and c ...) - TODO: check + NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1489 (A vulnerability has been found in Lespeed WiseCleaner Wise System Moni ...) TODO: check CVE-2023-1488 (A vulnerability, which was classified as problematic, was found in Les ...) @@ -37,7 +37,7 @@ CVE-2023-1487 (A vulnerability, which was classified as problematic, has been fo CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed WiseCle ...) TODO: check CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2022-4933 RESERVED CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) @@ -5158,9 +5158,9 @@ CVE-2023-26808 CVE-2023-26807 RESERVED CVE-2023-26806 (Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulner ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-26805 (Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-26804 RESERVED CVE-2023-26803 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081b6a95a1a1df5f22d3aba3ee8aab16ff1186ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081b6a95a1a1df5f22d3aba3ee8aab16ff1186ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57395a32 by security tracker role at 2023-03-19T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) + TODO: check +CVE-2023-28616 + RESERVED +CVE-2023-28615 + RESERVED +CVE-2023-28614 + RESERVED +CVE-2023-28613 + RESERVED +CVE-2023-28612 + RESERVED +CVE-2023-28611 + RESERVED +CVE-2023-28610 + RESERVED +CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...) + TODO: check +CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to 3.2. ...) + TODO: check +CVE-2023-1494 (A vulnerability classified as critical has been found in IBOS 4.5.5. A ...) + TODO: check +CVE-2023-1493 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + TODO: check +CVE-2023-1492 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + TODO: check +CVE-2023-1491 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + TODO: check +CVE-2023-1490 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and c ...) + TODO: check +CVE-2023-1489 (A vulnerability has been found in Lespeed WiseCleaner Wise System Moni ...) + TODO: check +CVE-2023-1488 (A vulnerability, which was classified as problematic, was found in Les ...) + TODO: check +CVE-2023-1487 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed WiseCle ...) + TODO: check +CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-4933 + RESERVED +CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) + TODO: check +CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...) + TODO: check +CVE-2015-10096 + RESERVED CVE-2023-28608 RESERVED CVE-2023-28607 (js/event-graph.js in MISP before 2.4.169 allows XSS via the event-grap ...) @@ -679,18 +727,18 @@ CVE-2023-1410 RESERVED CVE-2023-1409 RESERVED -CVE-2022-48425 +CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...) - linux (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: NTFS3 driver not enabled in Debian -CVE-2022-48424 +CVE-2022-48424 (In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate t ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f1dc7d9756e66f3f876839ea174df2e656b7f79 (6.2-rc1) NOTE: NTFS3 driver not enabled in Debian -CVE-2022-48423 +CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -4911,8 +4959,8 @@ CVE-2023-26907 RESERVED CVE-2023-26906 RESERVED -CVE-2023-26905 - RESERVED +CVE-2023-26905 (An issue was discovered in Alphaware - Simple E-Commerce System v1.0. ...) + TODO: check CVE-2023-26904 RESERVED CVE-2023-26903 @@ -5109,10 +5157,10 @@ CVE-2023-26808 RESERVED CVE-2023-26807 RESERVED -CVE-2023-26806 - RESERVED -CVE-2023-26805 - RESERVED +CVE-2023-26806 (Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulner ...) + TODO: check +CVE-2023-26805 (Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) ...) + TODO: check CVE-2023-26804 RESERVED CVE-2023-26803 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57395a326c76718ab9725794d65100ace2e1d5f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57395a326c76718ab9725794d65100ace2e1d5f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4842{3,4,5}/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e37608e by Salvatore Bonaccorso at 2023-03-19T09:05:47+01:00 Add CVE-2022-4842{3,4,5}/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -679,6 +679,23 @@ CVE-2023-1410 RESERVED CVE-2023-1409 RESERVED +CVE-2022-48425 + - linux (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-48424 + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4f1dc7d9756e66f3f876839ea174df2e656b7f79 (6.2-rc1) + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-48423 + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/54e45702b648b7ce90b3e9b890e367e16ea8 (6.2-rc1) + NOTE: NTFS3 driver not enabled in Debian CVE-2022-48421 RESERVED CVE-2023-28373 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e37608e5a157848257d019e46b317adee717668 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e37608e5a157848257d019e46b317adee717668 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1476 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 042091c5 by Salvatore Bonaccorso at 2023-03-19T08:36:39+01:00 Add CVE-2023-1476 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -258,6 +258,7 @@ CVE-2023-1477 RESERVED CVE-2023-1476 RESERVED + NOT-FOR-US: RedHat specific incomplete Linux kpatch incomplete fix for CVE-2022-41222 CVE-2023-1475 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042091c5ab6da50bf98715d00ad5bc4f5ad1c5c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042091c5ab6da50bf98715d00ad5bc4f5ad1c5c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1032/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c19b1664 by Salvatore Bonaccorso at 2023-03-19T08:33:44+01:00 Add CVE-2023-1032/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5652,6 +5652,11 @@ CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/fr - froxlor (bug #581792) CVE-2023-1032 RESERVED + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/2 + NOTE: https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067 CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-48361 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19b16646f7d40d665e07947f67c0eb7752d11e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19b16646f7d40d665e07947f67c0eb7752d11e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits