[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox via unstable for issues in mfsa2023-22
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9375729c by Salvatore Bonaccorso at 2023-07-05T07:38:51+02:00 Track fixed version for firefox via unstable for issues in mfsa2023-22 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,61 +1,61 @@ CVE-2023-37212 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 - - firefox + - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211 CVE-2023-37210 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 CVE-2023-37209 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 - - firefox + - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 - - firefox + - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207 CVE-2023-37206 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 CVE-2023-37205 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205 CVE-2023-37204 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204 CVE-2023-37203 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 - - firefox + - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 - - firefox + - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201 CVE-2023-3482 - - firefox + - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) NOT-FOR-US: Active It Zone Active eCommerce CMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9375729c340d8905db9e362bdcdf38f25fc1189d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9375729c340d8905db9e362bdcdf38f25fc1189d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr via unstable for mfsa2023-23 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 994828a4 by Salvatore Bonaccorso at 2023-07-05T07:31:51+02:00 Track fixed version for firefox-esr via unstable for mfsa2023-23 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2023-37212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 - firefox - - firefox-esr + - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 @@ -16,14 +16,14 @@ CVE-2023-37209 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 - firefox - - firefox-esr + - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 - firefox - - firefox-esr + - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 @@ -42,14 +42,14 @@ CVE-2023-37203 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 - firefox - - firefox-esr + - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 - firefox - - firefox-esr + - firefox-esr 102.13.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994828a40e5dc560ce43d289afd8000747967bdc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994828a40e5dc560ce43d289afd8000747967bdc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add pypdf2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 8bf22648 by Anton Gladky at 2023-07-05T06:59:05+02:00 LTS: add pypdf2 - - - - - 544d1f55 by Anton Gladky at 2023-07-05T06:59:39+02:00 Mark ruby-yajl as no-dsa for buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -3010,6 +3010,7 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse - ruby-yajl [bookworm] - ruby-yajl (Minor issue) [bullseye] - ruby-yajl (Minor issue) + [buster] - ruby-yajl (Minor issue) CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) = data/dla-needed.txt = @@ -173,6 +173,9 @@ php-dompdf NOTE: 20230618: Added by Front-Desk (opal) NOTE: 20230618: Low priority but higher than to not fix it. -- +pypdf2 + NOTE: 20230705: Added by Front-Desk (gladk) +-- python-glance-store (jspricke) NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6870f195eca3236b18912c607f24f0f89da9dba9...544d1f55ffdf81d721dc6b756d6a122d5b70def0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6870f195eca3236b18912c607f24f0f89da9dba9...544d1f55ffdf81d721dc6b756d6a122d5b70def0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add nsis
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 6870f195 by Anton Gladky at 2023-07-05T06:30:01+02:00 LTS: add nsis - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -141,6 +141,9 @@ nova NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. (lamby) -- +nsis + NOTE: 20230705: Added by Front-Desk (gladk) +-- nvidia-cuda-toolkit NOTE: 20230514: Added by Front-Desk (utkarsh) NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6870f195eca3236b18912c607f24f0f89da9dba9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6870f195eca3236b18912c607f24f0f89da9dba9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80f24ac4 by Salvatore Bonaccorso at 2023-07-05T06:13:49+02:00 Add thunderbird to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -73,6 +73,8 @@ salt/oldstable -- samba/oldstable -- +thunderbird (jmm) +-- webkit2gtk -- wpewebkit View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f24ac421565af5060223dc1be88e95c60997be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f24ac421565af5060223dc1be88e95c60997be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add rouca for ruby-redcloth
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: f6f2c26f by Bastien Roucariès at 2023-07-04T21:40:01+00:00 Add rouca for ruby-redcloth - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -220,7 +220,7 @@ ruby-rails-html-sanitizer NOTE: 20221231: Added by Front-Desk (ola) NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh) -- -ruby-redcloth +ruby-redcloth (rouca) NOTE: 20230612: Added by Front-Desk (apo) -- sabnzbdplus View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f2c26f0990439c6d1ac7a8392a498fe30392d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f2c26f0990439c6d1ac7a8392a498fe30392d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2023-24
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fde5a1f by Salvatore Bonaccorso at 2023-07-04T22:44:00+02:00 Add thunderbird issues from mfsa2023-24 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4,8 +4,10 @@ CVE-2023-37212 CVE-2023-37211 - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211 CVE-2023-37210 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 @@ -15,13 +17,17 @@ CVE-2023-37209 CVE-2023-37208 - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207 CVE-2023-37206 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 @@ -37,13 +43,17 @@ CVE-2023-37203 CVE-2023-37202 - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201 CVE-2023-3482 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fde5a1f4d83d3310a68c4c32c71e596eda24bb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fde5a1f4d83d3310a68c4c32c71e596eda24bb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 515b7cc4 by Salvatore Bonaccorso at 2023-07-04T22:41:02+02:00 Add firefox-esr to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,6 +16,8 @@ aom/oldstable -- cinder/oldstable -- +firefox-esr (jmm) +-- gpac/oldstable (jmm) -- linux (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515b7cc4a555c1edaa5669376f674487cce60e03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515b7cc4a555c1edaa5669376f674487cce60e03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2023-23
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eeb49150 by Salvatore Bonaccorso at 2023-07-04T22:39:07+02:00 Add firefox-esr issues from mfsa2023-23 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,9 @@ CVE-2023-37212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 CVE-2023-37210 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 @@ -12,10 +14,14 @@ CVE-2023-37209 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 CVE-2023-37207 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 CVE-2023-37206 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 @@ -30,10 +36,14 @@ CVE-2023-37203 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 CVE-2023-37201 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 CVE-2023-3482 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb491504f6d66877cb7c7f9e188561134cbc54b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb491504f6d66877cb7c7f9e188561134cbc54b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-22
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5cdb4a9 by Salvatore Bonaccorso at 2023-07-04T22:37:10+02:00 Add new firefox issues from mfsa2023-22 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,42 @@ +CVE-2023-37212 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 +CVE-2023-37211 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 +CVE-2023-37210 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 +CVE-2023-37209 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 +CVE-2023-37208 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 +CVE-2023-37207 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 +CVE-2023-37206 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 +CVE-2023-37205 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205 +CVE-2023-37204 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204 +CVE-2023-37203 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 +CVE-2023-37202 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 +CVE-2023-37201 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 +CVE-2023-3482 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) NOT-FOR-US: Active It Zone Active eCommerce CMS CVE-2023-3505 (A vulnerability was found in Onest CRM 1.0. It has been classified as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5cdb4a953c0dbccd9e9ba3f7d85c7ac86e73ed0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5cdb4a953c0dbccd9e9ba3f7d85c7ac86e73ed0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 86e91416 by Emilio Pozuelo Monfort at 2023-07-04T22:25:18+02:00 lts: take firefox-esr and thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,6 +54,9 @@ erlang (Markus Koschany) NOTE: 20221119: Added by Front-Desk (ta) NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) -- +firefox-esr (pochu) + NOTE: 20230704: Added by pochu +-- flatpak NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk) @@ -246,6 +249,9 @@ symfony (guilhem) syncthing (Abhijith PA) NOTE: 20230616: Added by Front-Desk (opal) -- +thunderbird (pochu) + NOTE: 20230704: Added by pochu +-- tiff (Adrian Bunk) NOTE: 20230702: Added by Front-Desk (ta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e91416836bee61371870ce772cda11dc958558 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e91416836bee61371870ce772cda11dc958558 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: acfb1beb by Salvatore Bonaccorso at 2023-07-04T22:19:38+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) - TODO: check + NOT-FOR-US: Active It Zone Active eCommerce CMS CVE-2023-3505 (A vulnerability was found in Onest CRM 1.0. It has been classified as ...) - TODO: check + NOT-FOR-US: Onest CRM CVE-2023-3504 (A vulnerability was found in SmartWeb Infotech Job Board 1.0 and class ...) - TODO: check + NOT-FOR-US: SmartWeb Infotech Job Board CVE-2023-3503 (A vulnerability has been found in SourceCodester Shopping Website 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Shopping Website CVE-2023-3502 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Shopping Website CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated state para ...) TODO: check CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) @@ -34811,7 +34811,7 @@ CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not vali CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4623 (The ND Shortcodes WordPress plugin before 7.0 does not validate and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfb1beb2551bfc78fa94e949570c82835382d72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfb1beb2551bfc78fa94e949570c82835382d72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f10a528f by security tracker role at 2023-07-04T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) + TODO: check +CVE-2023-3505 (A vulnerability was found in Onest CRM 1.0. It has been classified as ...) + TODO: check +CVE-2023-3504 (A vulnerability was found in SmartWeb Infotech Job Board 1.0 and class ...) + TODO: check +CVE-2023-3503 (A vulnerability has been found in SourceCodester Shopping Website 1.0 ...) + TODO: check +CVE-2023-3502 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated state para ...) + TODO: check CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) NOT-FOR-US: WordPress plugin CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) @@ -329,7 +341,7 @@ CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in Mitsubis NOT-FOR-US: Mitsubishi CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication bypass ...) NOT-FOR-US: BookIt plugin for WordPress -CVE-2023-2974 +CVE-2023-2974 (A vulnerability was found in quarkus-core. This vulnerability occurs b ...) NOT-FOR-US: Quarkus CVE-2023-3458 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) NOT-FOR-US: SourceCodester Shopping Website @@ -44622,7 +44634,7 @@ CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail NOT-FOR-US: Rapid7 CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...) NOT-FOR-US: WordPress plugin -CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + m ...) +CVE-2022-3911 (The iubenda WordPress plugin before 3.3.3 does does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...) - linux 5.19.11-1 @@ -75567,7 +75579,7 @@ CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all ver - gitlab 15.10.8+ds1-2 CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...) NOT-FOR-US: Kuka -CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...) +CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...) NOT-FOR-US: WordPress plugin @@ -88209,7 +88221,7 @@ CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a NOT-FOR-US: WordPress plugin CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...) NOT-FOR-US: WordPress plugin -CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...) +CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.5 which is a companion to t ...) NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10a528f2e0afaae5afeae6933834ac7b27187fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10a528f2e0afaae5afeae6933834ac7b27187fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: drop python-oslo.privsep, only open is marked 'unimportant'
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 05d31bc6 by Roberto C. Sánchez at 2023-07-04T15:32:12-04:00 LTS: drop python-oslo.privsep, only open is marked unimportant - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -175,11 +175,6 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- -python-oslo.privsep - NOTE: 20221231: Added by Front-Desk (ola) - NOTE: 20230525: CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity. - NOTE: 20230525: It was mentioned the fix was easy but tedious. It is consumer design flaw issue. (sgmoore) --- qt4-x11 NOTE: 20230612: Added by Front-Desk (apo) NOTE: 20230615: VCS: https://salsa.debian.org/qt-kde-team/qt/qt4-x11 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05d31bc6210fae329e16df6baa5f942cfc5d8623 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05d31bc6210fae329e16df6baa5f942cfc5d8623 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes via experimental for perl issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08082492 by Salvatore Bonaccorso at 2023-07-04T20:32:29+02:00 Track fixes via experimental for perl issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5862,6 +5862,7 @@ CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates wh [buster] - libgitlab-api-v4-perl (Minor issue) NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57 CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading ...) + [experimental] - perl 5.38.0~rc2-1 - perl (bug #1035109) [bookworm] - perl (Minor issue) [bullseye] - perl (Minor issue) @@ -5904,6 +5905,7 @@ CVE-2023-2395 (A vulnerability classified as problematic has been found in Netge NOT-FOR-US: Netgear CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...) - libhttp-tiny-perl (bug #962407; unimportant) + [experimental] - perl 5.38.0~rc2-1 - perl (unimportant; bug #954089) NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14 NOTE: https://github.com/chansen/p5-http-tiny/issues/134 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0808249283a803c8782127f872f9480215456b7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0808249283a803c8782127f872f9480215456b7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for pypdf issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 198a9938 by Salvatore Bonaccorso at 2023-07-04T17:43:11+02:00 Add Debian bug references for pypdf issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -532,9 +532,9 @@ CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulne CVE-2023-3327 REJECTED CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...) - - pypdf + - pypdf (bug #1040338) [bookworm] - pypdf (Minor issue) - - pypdf2 + - pypdf2 (bug #1040339) [bookworm] - pypdf2 (Minor issue) [bullseye] - pypdf2 (Vulnerable code not present) [buster] - pypdf2 (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198a99380e3fd9d5f365dce01c2383c4b5df2d08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198a99380e3fd9d5f365dce01c2383c4b5df2d08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-37360/pacparser
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fcdecb66 by Salvatore Bonaccorso at 2023-07-04T17:41:49+02:00 Reference upstream commit for CVE-2023-37360/pacparser - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -221,6 +221,7 @@ CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argumen CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) - pacparser NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9 + NOTE: https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2) CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in ...) NOT-FOR-US: MISP CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcdecb660837d484e3c11d69aa59c8e0b9f58d1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcdecb660837d484e3c11d69aa59c8e0b9f58d1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-36183/openimageio
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d724827 by Salvatore Bonaccorso at 2023-07-04T17:37:28+02:00 Update information on CVE-2023-36183/openimageio - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,11 +59,12 @@ CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) NOT-FOR-US: mlogclub bbs-go CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...) - - openimageio + - openimageio 2.4.13.0+dfsg-1 [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3871 - NOTE: https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 + NOTE: https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 (master) + NOTE: https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e (v2.4.13.0) CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remot ...) NOT-FOR-US: ZZCMS CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vuln ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d72482757c48ee175c98a7048b32bc2c08b3259 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d72482757c48ee175c98a7048b32bc2c08b3259 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Record necessary commit for CVE-2023-3428
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dfe1d372 by Salvatore Bonaccorso at 2023-07-04T17:23:00+02:00 Record necessary commit for CVE-2023-3428 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -512,8 +512,9 @@ CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" fie TODO: check CVE-2023-3428 [heap-buffer-overflow in coders/tiff.c] - imagemagick - NOTE: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 - NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 + NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: Salon Booking System plugin for WordPress CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Reques ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe1d3729b1d2937c6a2e6245c17a072f33901c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe1d3729b1d2937c6a2e6245c17a072f33901c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1295/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cbd997d5 by Salvatore Bonaccorso at 2023-07-04T10:36:46+02:00 Add CVE-2023-1295/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16366,7 +16366,10 @@ CVE-2023-1296 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not co - nomad (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 CVE-2023-1295 (A time-of-check to time-of-use issue exists in io_uring subsystem's IO ...) - TODO: check + - linux 5.14.6-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9eac1904d3364254d622bf2c771c4f85cd435fc2 (5.12-rc1) CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker Manager Syste ...) NOT-FOR-US: SourceCodester File Tracker Manager System CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd997d54617845fc3b4578d7cc8542e479dc63a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd997d54617845fc3b4578d7cc8542e479dc63a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51094ed8 by Salvatore Bonaccorso at 2023-07-04T10:28:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8498,7 +8498,7 @@ CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Polluti CVE-2023-2011 RESERVED CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) @@ -12213,11 +12213,11 @@ CVE-2023-29149 CVE-2023-29148 RESERVED CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the det ...) - TODO: check + NOT-FOR-US: Malwarebytes EDR CVE-2023-29146 RESERVED CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...) - TODO: check + NOT-FOR-US: Malwarebytes EDR CVE-2023-29144 RESERVED CVE-2023-29143 @@ -12335,7 +12335,7 @@ CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...) - TODO: check + NOT-FOR-US: OrangeScrum CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...) - nomad (Vulnerable code not present; Introduced in 1.5.0) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-13-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375 @@ -13278,7 +13278,7 @@ CVE-2023-1627 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...) NOT-FOR-US: Jianming Antivirus CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...) - TODO: check + NOT-FOR-US: Apereo CAS CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...) {DLA-3396-1} - redis 5:7.0.11-1 (bug #1034613) @@ -14394,7 +14394,7 @@ CVE-2023-28543 CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) TODO: check CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28540 RESERVED CVE-2023-28539 @@ -14928,7 +14928,7 @@ CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path trav CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine ...) NOT-FOR-US: MicroEngine CVE-2023-27396 (FINS (Factory Interface Network Service) is a message communication pr ...) - TODO: check + NOT-FOR-US: FINS (Factory Interface Network Service) CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...) NOT-FOR-US: CX-Drive All CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...) @@ -15271,9 +15271,9 @@ CVE-2022-48403 CVE-2023-28325 (An improper authorization vulnerability exists in Rocket.Chat <6.0 tha ...) NOT-FOR-US: Rocket.Chat CVE-2023-28324 (A improper input validation vulnerability exists in Ivanti Endpoint Ma ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and all pri ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-28322 (An information disclosure vulnerability exists in curl (Minor issue) @@ -16162,7 +16162,7 @@ CVE-2023-28037 CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...) @@ -16300,7 +16300,7 @@ CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an CVE-2023-28007 RESERVED CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that is no lo ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...) NOT-FOR-US: Trend Micro CVE-2023-1307 (Authentication Bypass by Primary Weakness in
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46cef6e7 by Salvatore Bonaccorso at 2023-07-04T10:16:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36813 [Multiple Authenticated SQL Injections] - kanboard 1.2.31+ds-1 (bug #1040265) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx @@ -6856,7 +6856,7 @@ CVE-2023-30992 CVE-2023-30991 RESERVED CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-30989 RESERVED CVE-2023-30988 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46cef6e7096084aa2a66d4da3731040e7b805e59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46cef6e7096084aa2a66d4da3731040e7b805e59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix syntax/ordering for CVE-2022-46871/libusrsctp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11008563 by Salvatore Bonaccorso at 2023-07-04T10:13:30+02:00 Fix syntax/ordering for CVE-2022-46871/libusrsctp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38999,8 +38999,8 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872 CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - [buster] - libusrsctp (Fix too intrusive and risky to to backport for a minor issue) - libusrsctp 0.9.3.0+20201007-1 + [buster] - libusrsctp (Fix too intrusive and risky to to backport for a minor issue) - firefox 108.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11008563c3324c9f70eaf6ef435b09f9d4ee377b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11008563c3324c9f70eaf6ef435b09f9d4ee377b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac887516 by security tracker role at 2023-07-04T08:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) + TODO: check +CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) + TODO: check +CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...) + TODO: check +CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...) + TODO: check +CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...) + TODO: check +CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...) + TODO: check +CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...) + TODO: check CVE-2023-36813 [Multiple Authenticated SQL Injections] - kanboard 1.2.31+ds-1 (bug #1040265) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx @@ -6841,8 +6855,8 @@ CVE-2023-30992 RESERVED CVE-2023-30991 RESERVED -CVE-2023-30990 - RESERVED +CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...) + TODO: check CVE-2023-30989 RESERVED CVE-2023-30988 @@ -8483,8 +8497,8 @@ CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Polluti NOT-FOR-US: SheetJS CVE-2023-2011 RESERVED -CVE-2023-2010 - RESERVED +CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...) + TODO: check CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) @@ -14377,10 +14391,10 @@ CVE-2023-28544 RESERVED CVE-2023-28543 RESERVED -CVE-2023-28542 - RESERVED -CVE-2023-28541 - RESERVED +CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) + TODO: check +CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) + TODO: check CVE-2023-28540 RESERVED CVE-2023-28539 @@ -16533,8 +16547,8 @@ CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCode NOT-FOR-US: SourceCodester Phone Shop Sales Managements System CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) NOT-FOR-US: WordPress plugin -CVE-2023-1273 - RESERVED +CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...) + TODO: check CVE-2023-1272 RESERVED CVE-2023-1271 @@ -23597,22 +23611,21 @@ CVE-2023-25525 RESERVED CVE-2023-25524 RESERVED -CVE-2023-25523 - RESERVED -CVE-2023-25522 - RESERVED -CVE-2023-25521 - RESERVED +CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + TODO: check +CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + TODO: check +CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + TODO: check CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...) TODO: check CVE-2023-25519 RESERVED CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) TODO: check -CVE-2023-25517 - RESERVED -CVE-2023-25516 - RESERVED +CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + TODO: check +CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules (Contrib not supported) - nvidia-graphics-drivers-tesla (bug #1039685) @@ -23636,7 +23649,7 @@ CVE-2023-25516 [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 -CVE-2023-25515 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) +CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules (Contrib not supported) - nvidia-graphics-drivers-tesla (bug #1039685) @@ -25409,14
[Git][security-tracker-team/security-tracker][master] Note CVE-2022-46871 (libusrsctp) as ignored for buster
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b2b839e by Bastien Roucariès at 2023-07-04T08:01:05+00:00 Note CVE-2022-46871 (libusrsctp) as ignored for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38986,6 +38986,7 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872 CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + [buster] - libusrsctp (Fix too intrusive and risky to to backport for a minor issue) - libusrsctp 0.9.3.0+20201007-1 - firefox 108.0-1 - firefox-esr 102.7.0esr-1 @@ -38995,6 +38996,7 @@ CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities th NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871 NOTE: https://bugs.launchpad.net/ubuntu/+source/libusrsctp/+bug/2015448 NOTE: https://github.com/sctplab/usrsctp/commit/939d48f9632d69bf170c7a84514b312b6b42257d (0.9.4.0) + NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Apache Zeppelin CVE-2022-46869 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2b839e0a84b06c35884aafb86882400d1b9d5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2b839e0a84b06c35884aafb86882400d1b9d5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits