[Git][security-tracker-team/security-tracker][master] opensearch is in the archive now
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a614ad15 by Moritz Mühlenhoff at 2023-10-21T23:42:33+02:00 opensearch is in the archive now - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -762,7 +762,8 @@ CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensiti CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...) NOT-FOR-US: Wago CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - NOT-FOR-US: OpenSearch + - opensearch + TODO: Check whether packaged bits are affected CVE-2023-45659 (Engelsystem is a shift planning system for chaos events. If a users' ...) NOT-FOR-US: Engelsystem CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote ...) @@ -22569,7 +22570,8 @@ CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming an CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...) - NOT-FOR-US: OpenSearch + - opensearch + TODO: Check whether packaged bits are affected CVE-2023-31140 (OpenProject is open source project management software. Starting with ...) NOT-FOR-US: OpenProject CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) @@ -45656,9 +45658,11 @@ CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable CVE-2023-23614 (Pi-hole\xae's Web interface (based off of AdminLTE) provides a central ...) NOT-FOR-US: Pi-Hole CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...) - NOT-FOR-US: OpenSearch + - opensearch + TODO: Check whether packaged bits are affected CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...) - NOT-FOR-US: OpenSearch + - opensearch + TODO: Check whether packaged bits are affected CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...) NOT-FOR-US: LTI CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) @@ -72875,9 +72879,9 @@ CVE-2022-41920 (Lancet is a general utility library for the go programming langu CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) NOT-FOR-US: Fastify CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - NOT-FOR-US: OpenSearch + - opensearch (Fixed before initial upload to archive) CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - NOT-FOR-US: OpenSearch + - opensearch (Fixed before initial upload to archive) CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...) {DSA-5287-1 DLA-3206-1} - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a614ad15a00270d6bc1017e71b966a3013e029b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a614ad15a00270d6bc1017e71b966a3013e029b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-5115/ansible-core
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d05d19b by Salvatore Bonaccorso at 2023-10-21T21:25:09+02:00 Track fixed version for CVE-2023-5115/ansible-core - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4531,7 +4531,7 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por - galera-3 (bug #1053476) NOTE: https://jira.mariadb.org/browse/MDEV-25068 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files] - - ansible-core (bug #1053693) + - ansible-core 2.14.11-1 (bug #1053693) [bookworm] - ansible-core (Minor issue) [bullseye] - ansible-core (Minor issue) - ansible 5.4.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d05d19bf0212cdc5214b4cbb6b882e51e668ce1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d05d19bf0212cdc5214b4cbb6b882e51e668ce1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28755/rubygems
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47a730a9 by Salvatore Bonaccorso at 2023-10-21T21:18:40+02:00 Track fixed version for CVE-2023-28755/rubygems rubygems 3.4.20 upstream imports the uri module up to 001202 including the fix from v.12.1. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29971,7 +29971,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...) {DLA-3447-1 DLA-3408-1} - - rubygems + - rubygems 3.4.20-1 [bookworm] - rubygems (Minor issue) [bullseye] - rubygems (Minor issue) - ruby3.1 (bug #1038408) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47a730a9f79b5e8d59aae2baa11d5e133a0dbaea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47a730a9f79b5e8d59aae2baa11d5e133a0dbaea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5568/samba
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5bdb3127 by Salvatore Bonaccorso at 2023-10-21T21:03:40+02:00 Update information for CVE-2023-5568/samba - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -615,7 +615,12 @@ CVE-2023-32087 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an NOT-FOR-US: Pega Platform CVE-2023-5568 [Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19] - samba 2:4.19.2+dfsg-1 + [bookworm] - samba (Vulnerable code introduced later) + [bullseye] - samba (Vulnerable code introduced later) + [buster] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15491 + NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/3310 + NOTE: https://github.com/samba-team/samba/commit/3280893ae80507e36653a0c7da03c82b88ece30b CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...) TODO: check CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdb3127ecf377bfe4f830418a15b07d4d825f8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdb3127ecf377bfe4f830418a15b07d4d825f8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track two CVE fixes for openjdk-21
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cbc7bb1 by Salvatore Bonaccorso at 2023-10-21T20:42:44+02:00 Track two CVE fixes for openjdk-21 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52727,6 +52727,7 @@ CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edi CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...) - openjdk-11 11.0.21+9-1 - openjdk-17 17.0.9+9-1 + - openjdk-21 21.0.1+12-1 CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -52851,6 +52852,7 @@ CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (compo TODO: check CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-17 17.0.9+9-1 + - openjdk-21 21.0.1+12-1 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...) NOT-FOR-US: Oracle CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cbc7bb198bab534df9eb707266bae3832b14379 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cbc7bb198bab534df9eb707266bae3832b14379 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track for now the experimental fix of CVE-2023-3428
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff43a15a by Salvatore Bonaccorso at 2023-10-21T20:41:03+02:00 Track for now the experimental fix of CVE-2023-3428 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16544,6 +16544,7 @@ CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in coders/tiff.c ...) + [experimental] - imagemagick 8:6.9.12.98+dfsg1-1 - imagemagick NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13) NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff43a15a0048cbdff318671eca2bde1ea56b9400 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff43a15a0048cbdff318671eca2bde1ea56b9400 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5349/ruby-rmagick
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 143833bb by Salvatore Bonaccorso at 2023-10-21T20:38:25+02:00 Add CVE-2023-5349/ruby-rmagick Though asked Bastien on the validity of the CVE and from which CNA it is assigned to double-check the correctness. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-5349 [memory leak] + - ruby-rmagick 5.3.0-1 + NOTE: https://github.com/rmagick/rmagick/pull/1406 + NOTE: https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0) CVE-2023-5684 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-5683 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/143833bba58395108b8e2bce0293f7585119b7ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/143833bba58395108b8e2bce0293f7585119b7ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-45803 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d9d84e8 by Salvatore Bonaccorso at 2023-10-21T20:16:12+02:00 Track fixed version for CVE-2023-45803 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -703,7 +703,7 @@ CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Reques CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...) - - python-urllib3 (bug #1054226) + - python-urllib3 1.26.18-1 (bug #1054226) NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 NOTE: https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 (1.26.18) CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9d84e8b2938d3f86aebe7c957f5d7c401e0a29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9d84e8b2938d3f86aebe7c957f5d7c401e0a29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34b0ddb1 by Salvatore Bonaccorso at 2023-10-21T16:59:57+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,31 +63,31 @@ CVE-2023-45661 (stb_image is a single file MIT licensed library for processing i - libstb NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) - TODO: check + NOT-FOR-US: opensolution Quick CMS CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keep ...) - TODO: check + NOT-FOR-US: SuperWebMailer CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remo ...) - TODO: check + NOT-FOR-US: SuperWebMailer CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows supe ...) - TODO: check + NOT-FOR-US: SuperWebMailer CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spam ...) - TODO: check + NOT-FOR-US: SuperWebMailer CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Expo ...) - TODO: check + NOT-FOR-US: SuperWebMailer CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an attacker to f ...) - TODO: check + NOT-FOR-US: Langchain CVE-2023-32785 (In Langchain through 0.0.155, prompt injection allows execution of arb ...) - TODO: check + NOT-FOR-US: Langchain CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) @@ -118,23 +118,23 @@ CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior t NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected Cross- ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and ...) - TODO: check + NOT-FOR-US: Silicon Labs Gecko Bootloader CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was discovered to ...) - TODO: check + NOT-FOR-US: Sitolog sitologapplicationconnect CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Tim ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege escalation ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception] - linux [bullseye] - linux (Vulnerable code not present) @@ -23420,7 +23420,7 @@ CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/inf NOTE: https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leo...@nvidia.com/ NOTE: https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1) CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2175 RESERVED CVE-2023-2174 (The
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-44483/libxml-security-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60d8887d by Salvatore Bonaccorso at 2023-10-21T16:58:56+02:00 Add CVE-2023-44483/libxml-security-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -113,7 +113,10 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la NOTE: https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - TODO: check + - libxml-security-java + NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5 + NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 + NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...) TODO: check CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60d8887d123605445110caabe280bc0132f616de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60d8887d123605445110caabe280bc0132f616de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-45805/pdm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7636bda by Salvatore Bonaccorso at 2023-10-21T16:56:48+02:00 Add CVE-2023-45805/pdm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -109,7 +109,9 @@ CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in sh CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) NOT-FOR-US: reconFTW CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...) - TODO: check + - pdm + NOTE: https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 + NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) TODO: check CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7636bdae97d0f6033505e08397b8cfbf5cc9863 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7636bdae97d0f6033505e08397b8cfbf5cc9863 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take ruby rmagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bae9955 by Bastien Roucariès at 2023-10-21T14:46:58+00:00 Take ruby rmagick - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -202,7 +202,7 @@ ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) -- -ruby-rmagick +ruby-rmagick (rouca) NOTE: 20230808: Added by Front-Desk on rouca's (imagemagick package maintainer) request (Beuc) -- salt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bae99556ca41318b294eafaab4febe8d9814501 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bae99556ca41318b294eafaab4febe8d9814501 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note about cepth progress on buster
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: eceeb0e1 by Bastien Roucariès at 2023-10-21T14:44:53+00:00 Add note about cepth progress on buster - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -42,6 +42,7 @@ cairosvg -- ceph (rouca) NOTE: 20231013: Added by Front-Desk (ta) + NOTE: 20231021: Patch fixing CVE-2023-43040 seems to make testsuite fail -- cinder NOTE: 20230525: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eceeb0e1d4e9616011ea150c1ba27fca72d20e7e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eceeb0e1d4e9616011ea150c1ba27fca72d20e7e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new set of libstb issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ad51c1e by Salvatore Bonaccorso at 2023-10-21T16:42:07+02:00 Add new set of libstb issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,33 +21,47 @@ CVE-2023-46054 (Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: I-doit pro CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45666 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45664 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45663 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45662 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-45661 (stb_image is a single file MIT licensed library for processing images. ...) - TODO: check + - libstb + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) TODO: check CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ad51c1e30621da8dadd4a79560e3c0a83b4ae26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ad51c1e30621da8dadd4a79560e3c0a83b4ae26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8220bc03 by Salvatore Bonaccorso at 2023-10-21T12:36:55+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,25 +1,25 @@ CVE-2023-5684 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-5683 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-5682 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) - TODO: check + NOT-FOR-US: Tongda OA CVE-2023-5681 (A vulnerability, which was classified as critical, was found in Netent ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5205 (The Add Custom Body Class plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5132 (The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unau ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4939 (The SALESmanago plugin for WordPress is vulnerable to Log Injection in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4635 (The EventON plugin for WordPress is vulnerable to Reflected Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46055 (An issue in ThingNario Photon v.1.0 allows a remote attacker to execut ...) - TODO: check + NOT-FOR-US: ThingNario Photon CVE-2023-46054 (Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and befor ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) vi ...) - TODO: check + NOT-FOR-US: I-doit pro CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) TODO: check CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8220bc03e4aea1250e1b97d391260aa030374efd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8220bc03e4aea1250e1b97d391260aa030374efd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add version for DLA-3538-2
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b1225ec by Tobias Frost at 2023-10-21T12:25:50+02:00 Add version for DLA-3538-2 - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,4 +1,5 @@ [21 Oct 2023] DLA-3538-2 zabbix - regression update + [buster] - zabbix 1:4.0.4+dfsg-1+deb10u3 [20 Oct 2023] DLA-3624-1 zookeeper - security update {CVE-2023-44981} [buster] - zookeeper 3.4.13-2+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b1225ec4d0dc92b32b91231b4aa414ac729fbcf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b1225ec4d0dc92b32b91231b4aa414ac729fbcf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] DLA-3538-2 zabbix - regression update.
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fff31fc by Tobias Frost at 2023-10-21T12:09:11+02:00 DLA-3538-2 zabbix - regression update. - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,4 @@ +[21 Oct 2023] DLA-3538-2 zabbix - regression update [20 Oct 2023] DLA-3624-1 zookeeper - security update {CVE-2023-44981} [buster] - zookeeper 3.4.13-2+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fff31fc5df89b601421ee65398dba3af5f2ac1c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fff31fc5df89b601421ee65398dba3af5f2ac1c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f829ba2 by security tracker role at 2023-10-21T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2023-5684 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + TODO: check +CVE-2023-5683 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + TODO: check +CVE-2023-5682 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) + TODO: check +CVE-2023-5681 (A vulnerability, which was classified as critical, was found in Netent ...) + TODO: check +CVE-2023-5205 (The Add Custom Body Class plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-5132 (The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2023-4939 (The SALESmanago plugin for WordPress is vulnerable to Log Injection in ...) + TODO: check +CVE-2023-4635 (The EventON plugin for WordPress is vulnerable to Reflected Cross-Site ...) + TODO: check +CVE-2023-46055 (An issue in ThingNario Photon v.1.0 allows a remote attacker to execut ...) + TODO: check +CVE-2023-46054 (Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and befor ...) + TODO: check +CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) vi ...) + TODO: check +CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + TODO: check +CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-45666 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-45664 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-45663 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-45662 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-45661 (stb_image is a single file MIT licensed library for processing images. ...) + TODO: check +CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + TODO: check +CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keep ...) + TODO: check +CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remo ...) + TODO: check +CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows supe ...) + TODO: check +CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spam ...) + TODO: check +CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Expo ...) + TODO: check +CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an attacker to f ...) + TODO: check +CVE-2023-32785 (In Langchain through 0.0.155, prompt injection allows execution of arb ...) + TODO: check CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) @@ -577,7 +653,7 @@ CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerab
[Git][security-tracker-team/security-tracker][master] LTS: take h2o
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: a3bd8eea by Anton Gladky at 2023-10-21T09:47:45+02:00 LTS: take h2o - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,7 +84,7 @@ gst-plugins-bad1.0 (Thorsten Alteholz) NOTE: 20230928: Added by Frond-Desk (ola) NOTE: 20231013: testing package -- -h2o (Abhijith PA) +h2o (gladk) NOTE: 20231013: Added by Front-Desk (ta) -- i2p View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3bd8eea71ddba0835e3da46384c0475eb6bc230 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3bd8eea71ddba0835e3da46384c0475eb6bc230 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits