[Git][security-tracker-team/security-tracker][master] Reserve DLA-3378-1 for duktape
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3865ec39 by Thorsten Alteholz at 2023-04-01T01:07:01+02:00
Reserve DLA-3378-1 for duktape
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[01 Apr 2023] DLA-3378-1 duktape - security update
+ {CVE-2021-46322}
+ [buster] - duktape 2.3.0-1+deb10u1
[31 Mar 2023] DLA-3377-1 systemd - security update
{CVE-2023-26604}
[buster] - systemd 241-7~deb10u9
=
data/dla-needed.txt
=
@@ -54,11 +54,6 @@ docker.io (gladk)
NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)
NOTE: 20230320: VCS: https://salsa.debian.org/lts-team/packages/docker.io.git
--
-duktape (Thorsten Alteholz, maintainer)
- NOTE: 20230311: Programming language: C.
- NOTE: 20230311: Maintainer notes: Maintainer prepares o-o-s updates.
- NOTE: 20230326: testing package
---
emacs (Adrian Bunk)
NOTE: 20230223: Programming language: Lisp.
NOTE: 20230223: VCS: https://salsa.debian.org/lts-team/packages/emacs.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3865ec3962eef0e26f1f6a9f47eb5f0646dd5dfa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3865ec3962eef0e26f1f6a9f47eb5f0646dd5dfa
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c96651f by Salvatore Bonaccorso at 2023-03-31T23:23:10+02:00
Revert Mark CVE-2019-6245 and CVE-2019-6247 as fixed in
1.3.0+dfsg1-5
This reverts commit de9e9f62f0570a51ec50f6c799d1e3981cede0c7.
See the CVE notes and ed43841f38719e4bc2339a4b3daf89f5bf9b47a7 .
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -294046,7 +294046,7 @@ CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog
/ Gelbeseiten Clone Script
NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone
Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
{DLA-3376-1}
- - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
+ - svgpp (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Issue only in src:svgpp which does not call the AGG-API in
correct way.
NOTE: No security impact, only used to build examples, see #921097
@@ -294056,7 +294056,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka
svgpp) 1.2.3. After calling
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
{DLA-3376-1 DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
+ - svgpp (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
NOTE: and possibly already fixed with the inclusion of
05-fix-recursion-crash.patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96651f37ea6acdc3334a5d980780d61119facf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96651f37ea6acdc3334a5d980780d61119facf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e2f288f by Salvatore Bonaccorso at 2023-03-31T23:22:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -133,15 +133,15 @@ CVE-2023-1775 (When running in a High Availability configuration, Mattermost fai CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...) - mattermost-server (bug #823556) CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...) - TODO: check + NOT-FOR-US: Rockoa CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...) - TODO: check + NOT-FOR-US: DataGear CVE-2023-1771 (A vulnerability was found in SourceCodester Grade Point Average GPA Ca ...) - TODO: check + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Average G ...) - TODO: check + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1768 RESERVED CVE-2023-1767 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e2f288f844d2649f79a056cd1074f4ba7743436 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e2f288f844d2649f79a056cd1074f4ba7743436 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process new CVEs for mattermost
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f24539e by Salvatore Bonaccorso at 2023-03-31T23:21:43+02:00 Process new CVEs for mattermost - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,13 +125,13 @@ CVE-2023-1779 CVE-2023-1778 RESERVED CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...) - TODO: check + - mattermost-server (bug #823556) CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...) - TODO: check + - mattermost-server (bug #823556) CVE-2023-1775 (When running in a High Availability configuration, Mattermost fails to ...) - TODO: check + - mattermost-server (bug #823556) CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...) - TODO: check + - mattermost-server (bug #823556) CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...) TODO: check CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f24539e60aff3c9e95611384d372166964aeff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f24539e60aff3c9e95611384d372166964aeff3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3377-1 for systemd
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
330c242e by Adrian Bunk at 2023-03-31T23:53:47+03:00
Reserve DLA-3377-1 for systemd
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 Mar 2023] DLA-3377-1 systemd - security update
+ {CVE-2023-26604}
+ [buster] - systemd 241-7~deb10u9
[31 Mar 2023] DLA-3376-1 svgpp - security update
{CVE-2019-6245 CVE-2019-6247 CVE-2021-44960}
[buster] - svgpp 1.2.3+dfsg1-6+deb10u1
=
data/dla-needed.txt
=
@@ -291,12 +291,6 @@ sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
--
-systemd (Adrian Bunk)
- NOTE: 20230304: Programming language: C.
- NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git
- NOTE: 20230304: Special attention: High popcon! Used almost by all systems!.
- NOTE: 20230304: root escalation with plausible scenario in CVE-2023-26604 +
check postponed issues (Beuc/front-desk)
---
tinymce
NOTE: 20221227: Programming language: PHP.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c242e843ca2d0c20f4a351231917cbd6d211e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c242e843ca2d0c20f4a351231917cbd6d211e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42df1638 by security tracker role at 2023-03-31T20:10:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,155 @@ +CVE-2023-29149 + RESERVED +CVE-2023-29148 + RESERVED +CVE-2023-29147 + RESERVED +CVE-2023-29146 + RESERVED +CVE-2023-29145 + RESERVED +CVE-2023-29144 + RESERVED +CVE-2023-29143 + RESERVED +CVE-2023-29142 + RESERVED +CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...) + TODO: check +CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) + TODO: check +CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check +CVE-2023-29138 + RESERVED +CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) + TODO: check +CVE-2023-29136 + RESERVED +CVE-2023-29135 + RESERVED +CVE-2023-29134 + RESERVED +CVE-2023-29133 + RESERVED +CVE-2023-29132 + RESERVED +CVE-2023-29131 + RESERVED +CVE-2023-29130 + RESERVED +CVE-2023-29129 + RESERVED +CVE-2023-29128 + RESERVED +CVE-2023-29127 + RESERVED +CVE-2023-29126 + RESERVED +CVE-2023-29125 + RESERVED +CVE-2023-29124 + RESERVED +CVE-2023-29123 + RESERVED +CVE-2023-29122 + RESERVED +CVE-2023-29121 + RESERVED +CVE-2023-29120 + RESERVED +CVE-2023-29119 + RESERVED +CVE-2023-29118 + RESERVED +CVE-2023-29117 + RESERVED +CVE-2023-29116 + RESERVED +CVE-2023-29115 + RESERVED +CVE-2023-29114 + RESERVED +CVE-2023-29113 + RESERVED +CVE-2023-29112 + RESERVED +CVE-2023-29111 + RESERVED +CVE-2023-29110 + RESERVED +CVE-2023-29109 + RESERVED +CVE-2023-29108 + RESERVED +CVE-2023-29107 + RESERVED +CVE-2023-29106 + RESERVED +CVE-2023-29105 + RESERVED +CVE-2023-29104 + RESERVED +CVE-2023-29103 + RESERVED +CVE-2023-29102 + RESERVED +CVE-2023-29101 + RESERVED +CVE-2023-29100 + RESERVED +CVE-2023-29099 + RESERVED +CVE-2023-29098 + RESERVED +CVE-2023-29097 + RESERVED +CVE-2023-29096 + RESERVED +CVE-2023-29095 + RESERVED +CVE-2023-29094 + RESERVED +CVE-2023-29093 + RESERVED +CVE-2023-1783 + RESERVED +CVE-2023-1782 + RESERVED +CVE-2023-1781 + RESERVED +CVE-2023-1780 + RESERVED +CVE-2023-1779 + RESERVED +CVE-2023-1778 + RESERVED +CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...) + TODO: check +CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...) + TODO: check +CVE-2023-1775 (When running in a High Availability configuration, Mattermost fails to ...) + TODO: check +CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...) + TODO: check +CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...) + TODO: check +CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...) + TODO: check +CVE-2023-1771 (A vulnerability was found in SourceCodester Grade Point Average GPA Ca ...) + TODO: check +CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Average G ...) + TODO: check +CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2023-1768 + RESERVED +CVE-2023-1767 + RESERVED +CVE-2023-1766 + RESERVED +CVE-2023-1765 + RESERVED CVE-2023-29092 RESERVED CVE-2023-29091 @@ -715,16 +867,15 @@ CVE-2023-28881 RESERVED CVE-2023-28880 RESERVED -CVE-2023-28879 [Buffer Overflow in s_xBCPE_process] - RESERVED +CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...) - ghostscript (bug #1033757) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 NOTE: Hardening: https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf CVE-2023-28878 RESERVED -CVE-2023-28877 - RESERVED +CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly restric ...) + TODO: check CVE-2023-28876 RESERVED CVE-2023-28875 @@ -755,8 +906,7 @@ CVE-2023-28864 RESERVED CVE-2023-28863 RESERVED -CVE-2023-28862 - RESERVED +CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...) - lemonldap-ng
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de9e9f62 by Anton Gladky at 2023-03-31T21:36:03+02:00
Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5
- - - - -
6feb617f by Anton Gladky at 2023-03-31T21:37:10+02:00
Reserve DLA-3376-1 for svgpp
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -104104,7 +104104,6 @@ CVE-2021-44961 (A memory leakage flaw exists in the
class PerimeterGenerator of
CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot
function in the ...)
- svgpp 1.3.0+dfsg1-5 (bug #1014599)
[bullseye] - svgpp (Minor issue)
- [buster] - svgpp (Minor issue)
NOTE: https://github.com/svgpp/svgpp/issues/101
NOTE:
https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
CVE-2021-44959
@@ -293893,7 +293892,7 @@ CVE-2019-6250 (A pointer overflow, with code
execution, was discovered in ZeroMQ
CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone
Script 2.0.1 ...)
NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone
Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
- - svgpp (unimportant; bug #919321)
+ - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Issue only in src:svgpp which does not call the AGG-API in
correct way.
NOTE: No security impact, only used to build examples, see #921097
@@ -293903,7 +293902,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka
svgpp) 1.2.3. After calling
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
{DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- - svgpp (unimportant; bug #919321)
+ - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
NOTE: and possibly already fixed with the inclusion of
05-fix-recursion-crash.patch
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 Mar 2023] DLA-3376-1 svgpp - security update
+ {CVE-2019-6245 CVE-2019-6247 CVE-2021-44960}
+ [buster] - svgpp 1.2.3+dfsg1-6+deb10u1
[31 Mar 2023] DLA-3375-1 xrdp - security update
{CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
[buster] - xrdp 0.9.9-1+deb10u3
=
data/dla-needed.txt
=
@@ -291,10 +291,6 @@ sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
--
-svgpp (gladk)
- NOTE: 20230322: Programming language: C++.
- NOTE: 20230322: VCS: https://salsa.debian.org/debian/svgpp.git
---
systemd (Adrian Bunk)
NOTE: 20230304: Programming language: C.
NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional followup changes reference for CVE-2023-28879
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e99681b by Salvatore Bonaccorso at 2023-03-31T21:30:00+02:00 Add additional followup changes reference for CVE-2023-28879 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -720,6 +720,7 @@ CVE-2023-28879 [Buffer Overflow in s_xBCPE_process] - ghostscript (bug #1033757) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 + NOTE: Hardening: https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf CVE-2023-28878 RESERVED CVE-2023-28877 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e99681b66d193025dcb6c7bec6eefe7e84118c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e99681b66d193025dcb6c7bec6eefe7e84118c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28879/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c685b94 by Salvatore Bonaccorso at 2023-03-31T21:23:34+02:00 Add Debian bug reference for CVE-2023-28879/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -717,7 +717,7 @@ CVE-2023-28880 RESERVED CVE-2023-28879 [Buffer Overflow in s_xBCPE_process] RESERVED - - ghostscript + - ghostscript (bug #1033757) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 CVE-2023-28878 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c685b943feca3a14bdb44590e70151d93708f95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c685b943feca3a14bdb44590e70151d93708f95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add ghostscript to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32f4b363 by Salvatore Bonaccorso at 2023-03-31T21:16:20+02:00 Add ghostscript to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -17,6 +17,8 @@ apache2 -- cairosvg (carnil) -- +ghostscript (carnil) +-- gpac (aron) -- jupyter-core View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f4b363e346f5aede2f5ca3c90fab476febaee7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f4b363e346f5aede2f5ca3c90fab476febaee7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-28879/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb170896 by Salvatore Bonaccorso at 2023-03-31T21:15:12+02:00 Add CVE-2023-28879/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -715,8 +715,11 @@ CVE-2023-28881 RESERVED CVE-2023-28880 RESERVED -CVE-2023-28879 +CVE-2023-28879 [Buffer Overflow in s_xBCPE_process] RESERVED + - ghostscript + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 CVE-2023-28878 RESERVED CVE-2023-28877 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb170896a95d8af15dce6fd174efd36be4b19ce5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb170896a95d8af15dce6fd174efd36be4b19ce5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3116/heimdal
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 475ff88a by Salvatore Bonaccorso at 2023-03-31T21:09:32+02:00 Add CVE-2022-3116/heimdal - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47896,7 +47896,7 @@ CVE-2022-39799 (An attacker with no prior authentication could craft and send ma CVE-2022-3117 REJECTED CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...) - - heimdal + - heimdal (bug #1033755) NOTE: https://www.kb.cert.org/vuls/id/730793 NOTE: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475ff88afe86cbbde5f22d5be2bd697a4d4c65b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475ff88afe86cbbde5f22d5be2bd697a4d4c65b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1161/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fb2da45 by Salvatore Bonaccorso at 2023-03-31T21:08:18+02:00 Add Debian bug reference for CVE-2023-1161/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5078,7 +5078,7 @@ CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...) NOT-FOR-US: DrayTek Vigor 2960 CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...) - - wireshark + - wireshark (bug #1033756) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb2da456c9b75d59e0cfa230e9e436979366374 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb2da456c9b75d59e0cfa230e9e436979366374 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28119
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8edcbc93 by Salvatore Bonaccorso at 2023-03-31T20:55:59+02:00 Add Debian bug reference for CVE-2023-28119 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3323,7 +3323,7 @@ CVE-2023-1348 CVE-2023-1347 RESERVED CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...) - - golang-github-crewjam-saml + - golang-github-crewjam-saml (bug #1033753) NOTE: https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 (v0.4.13) NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8edcbc93b67bb6e751a8f8ab05a1d9507f521297 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8edcbc93b67bb6e751a8f8ab05a1d9507f521297 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28858
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 747c78a1 by Salvatore Bonaccorso at 2023-03-31T20:55:07+02:00 Add Debian bug reference for CVE-2023-28858 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -787,7 +787,7 @@ CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection NOTE: https://github.com/redis/redis-py/issues/2665 NOTE: https://github.com/redis/redis-py/pull/2641 CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...) - - python-redis + - python-redis (bug #1033754) NOTE: https://github.com/redis/redis-py/issues/2624 NOTE: https://github.com/redis/redis-py/pull/2641 NOTE: https://openai.com/blog/march-20-chatgpt-outage View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747c78a13e9fc4e935c1b1e622f362491d6c0fd2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747c78a13e9fc4e935c1b1e622f362491d6c0fd2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-25076/sniproxy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c6864e7 by Salvatore Bonaccorso at 2023-03-31T20:41:45+02:00 Add Debian bug reference for CVE-2023-25076/sniproxy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4104,7 +4104,7 @@ CVE-2023-27854 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) NOT-FOR-US: OpenHarmony CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) - - sniproxy + - sniproxy (bug #1033752) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1) CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior vers ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c6864e76a9875d05978efd576fd5e94de0cf4de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c6864e76a9875d05978efd576fd5e94de0cf4de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-24180
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 471308e9 by Salvatore Bonaccorso at 2023-03-31T18:16:17+02:00 Add Debian bug reference for CVE-2023-24180 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14359,7 +14359,7 @@ CVE-2023-24182 CVE-2023-24181 RESERVED CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...) - - libelfin + - libelfin (bug #1033741) [bookworm] - libelfin (Minor issue) [bullseye] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/75 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/471308e9050669fde394b32671dd1e6e1d2ddc47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/471308e9050669fde394b32671dd1e6e1d2ddc47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-24180 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06325b90 by Salvatore Bonaccorso at 2023-03-31T18:11:55+02:00 Mark CVE-2023-24180 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14360,6 +14360,8 @@ CVE-2023-24181 RESERVED CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...) - libelfin + [bookworm] - libelfin (Minor issue) + [bullseye] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/75 CVE-2023-24179 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06325b909318a567e7a1635e5738c74e85286601 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06325b909318a567e7a1635e5738c74e85286601 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct version number for DLA-3375-1/xrdp.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a719f85 by Chris Lamb at 2023-03-31T13:43:20+01:00
Correct version number for DLA-3375-1/xrdp.
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,6 +1,6 @@
[31 Mar 2023] DLA-3375-1 xrdp - security update
{CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
- [buster] - xrdp 0.9.9-1+deb10u2
+ [buster] - xrdp 0.9.9-1+deb10u3
[30 Mar 2023] DLA-3374-1 libmicrohttpd - security update
{CVE-2023-27371}
[buster] - libmicrohttpd 0.9.62-1+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a719f856a6ac009c82afef588645c1f53f1f0a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a719f856a6ac009c82afef588645c1f53f1f0a4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3375-1 for xrdp
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c97846a by Chris Lamb at 2023-03-31T12:53:30+01:00
Reserve DLA-3375-1 for xrdp
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 Mar 2023] DLA-3375-1 xrdp - security update
+ {CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
+ [buster] - xrdp 0.9.9-1+deb10u2
[30 Mar 2023] DLA-3374-1 libmicrohttpd - security update
{CVE-2023-27371}
[buster] - libmicrohttpd 0.9.62-1+deb10u1
=
data/dla-needed.txt
=
@@ -320,9 +320,6 @@ wordpress (guilhem)
NOTE: 20230302: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html
NOTE: 20230302: buster is 6 CVEs behind bullseye (Beuc/front-desk)
--
-xrdp (Chris Lamb)
- NOTE: 20230331: Programming language: C.
---
zabbix
NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be
fixed in buster too.
NOTE: 20221209: Programming language: C.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c97846a2bf8ba080d37b9ac5317788d6e94a0b5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c97846a2bf8ba080d37b9ac5317788d6e94a0b5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: dla-needed.txt: Update note for xrdp.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: ba4360cf by Chris Lamb at 2023-03-31T09:39:35+01:00 dla-needed.txt: Update note for xrdp. - - - - - 8011d8bf by Chris Lamb at 2023-03-31T09:41:38+01:00 Add extra commit info for CVE-2022-23481 and CVE-2022-23482 in xrdp. - - - - - 83fdde7a by Chris Lamb at 2023-03-31T09:43:20+01:00 data/dla-needed.txt: Claim xrdp. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -95362,9 +95362,11 @@ CVE-2022-23483 (xrdp is an open source project which provides a graphical login CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...) - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm + NOTE: https://github.com/neutrinolabs/xrdp/commit/1e42426db59120c6596d673f1bb2dc8b0312e692 CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...) - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq + NOTE: https://github.com/neutrinolabs/xrdp/commit/bc6b052959697b205d15108fb88e7c7e38c15bee CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...) - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg = data/dla-needed.txt = @@ -320,7 +320,8 @@ wordpress (guilhem) NOTE: 20230302: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html NOTE: 20230302: buster is 6 CVEs behind bullseye (Beuc/front-desk) -- -xrdp +xrdp (Chris Lamb) + NOTE: 20230331: Programming language: C. -- zabbix NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d1e590556adc4672849bd80445cf993bdd3f377...83fdde7aa36293884ef2cef62de4388b8e733713 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d1e590556adc4672849bd80445cf993bdd3f377...83fdde7aa36293884ef2cef62de4388b8e733713 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d1e5905 by Salvatore Bonaccorso at 2023-03-31T10:30:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,13 +69,13 @@ CVE-2023-1764 CVE-2023-1763 RESERVED CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1761 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1758 RESERVED CVE-2023-1757 @@ -83,11 +83,11 @@ CVE-2023-1757 CVE-2023-1756 RESERVED CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1754 (Improper Input Validation in GitHub repository thorsten/phpmyfaq prior ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1752 RESERVED CVE-2023-1751 @@ -101,13 +101,13 @@ CVE-2023-1748 CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...) TODO: check CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: KMPlayer (different from src:kmplayer) CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...) TODO: check CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...) TODO: check CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...) @@ -167,17 +167,17 @@ CVE-2023-29033 CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...) TODO: check CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...) - TODO: check + NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System CVE-2023-1738 (A vulnerability has been found in SourceCodester Young Entrepreneur E- ...) - TODO: check + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1737 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1736 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodester You ...) - TODO: check + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1733 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d1e590556adc4672849bd80445cf993bdd3f377 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d1e590556adc4672849bd80445cf993bdd3f377 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9278dc74 by security tracker role at 2023-03-31T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,115 @@ +CVE-2023-29092 + RESERVED +CVE-2023-29091 + RESERVED +CVE-2023-29090 + RESERVED +CVE-2023-29089 + RESERVED +CVE-2023-29088 + RESERVED +CVE-2023-29087 + RESERVED +CVE-2023-29086 + RESERVED +CVE-2023-29085 + RESERVED +CVE-2023-29084 + RESERVED +CVE-2023-29083 + RESERVED +CVE-2023-29082 + RESERVED +CVE-2023-29081 + RESERVED +CVE-2023-29080 + RESERVED +CVE-2023-29079 + RESERVED +CVE-2023-29078 + RESERVED +CVE-2023-29077 + RESERVED +CVE-2023-29076 + RESERVED +CVE-2023-29075 + RESERVED +CVE-2023-29074 + RESERVED +CVE-2023-29073 + RESERVED +CVE-2023-29072 + RESERVED +CVE-2023-29071 + RESERVED +CVE-2023-29070 + RESERVED +CVE-2023-29069 + RESERVED +CVE-2023-29068 + RESERVED +CVE-2023-29067 + RESERVED +CVE-2023-29066 + RESERVED +CVE-2023-29065 + RESERVED +CVE-2023-29064 + RESERVED +CVE-2023-29063 + RESERVED +CVE-2023-29062 + RESERVED +CVE-2023-29061 + RESERVED +CVE-2023-29060 + RESERVED +CVE-2023-1764 + RESERVED +CVE-2023-1763 + RESERVED +CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...) + TODO: check +CVE-2023-1761 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ...) + TODO: check +CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-1758 + RESERVED +CVE-2023-1757 + RESERVED +CVE-2023-1756 + RESERVED +CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + TODO: check +CVE-2023-1754 (Improper Input Validation in GitHub repository thorsten/phpmyfaq prior ...) + TODO: check +CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) + TODO: check +CVE-2023-1752 + RESERVED +CVE-2023-1751 + RESERVED +CVE-2023-1750 + RESERVED +CVE-2023-1749 + RESERVED +CVE-2023-1748 + RESERVED +CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...) + TODO: check +CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...) + TODO: check +CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...) + TODO: check +CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...) + TODO: check CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...) NOT-FOR-US: 3CX DesktopApp CVE-2023-29058 @@ -52,20 +164,20 @@ CVE-2023-29034 RESERVED CVE-2023-29033 RESERVED -CVE-2023-1741 - RESERVED -CVE-2023-1740 - RESERVED -CVE-2023-1739 - RESERVED -CVE-2023-1738 - RESERVED -CVE-2023-1737 - RESERVED -CVE-2023-1736 - RESERVED -CVE-2023-1735 - RESERVED +CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...) + TODO: check +CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) + TODO: check +CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...) + TODO: check +CVE-2023-1738 (A vulnerability has been found in SourceCodester Young Entrepreneur E- ...) + TODO: check +CVE-2023-1737 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-1736 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodester You ...) + TODO: check CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1733 @@ -424,8 +536,7 @@ CVE-2023-1672 RESERVED CVE-2023-1671 RESERVED -CVE-2023-1670 - RESERVED +CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...) - linux NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44 CVE-2023-1669 @@ -671,11 +782,11
