[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker4 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53f3cbf7 by Salvatore Bonaccorso at 2023-10-24T22:44:26+02:00 Add Debian bug reference for request-tracker4 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -928,12 +928,12 @@ CVE-2023-45024 NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 CVE-2023-41260 - request-tracker5 - - request-tracker4 + - request-tracker4 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 CVE-2023-41259 - request-tracker5 - - request-tracker4 + - request-tracker4 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 CVE-2023-5639 (The Team Showcase plugin for WordPress is vulnerable to Stored Cross-S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53f3cbf77a1e05f3a7cd5ce74996182b5a6514d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53f3cbf77a1e05f3a7cd5ce74996182b5a6514d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssl update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf08268d by Salvatore Bonaccorso at 2023-10-24T21:05:27+02:00 Reserve DSA number for openssl update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[24 Oct 2023] DSA-5532-1 openssl - security update + {CVE-2023-5363} + [bookworm] - openssl 3.0.11-1~deb12u2 [23 Oct 2023] DSA-5531-1 roundcube - security update {CVE-2023-5631} [bullseye] - roundcube 1.4.15+dfsg.1-1~deb11u1 = data/dsa-needed.txt = @@ -46,8 +46,6 @@ openjdk-11/oldstable (jmm) -- openjdk-17 (jmm) -- -openssl (carnil) --- php-cas/oldstable -- php-horde-mime-viewer/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf08268df07488cd908bcfeeda4b0dff8ad6c346 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf08268df07488cd908bcfeeda4b0dff8ad6c346 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2879bc35 by security tracker role at 2023-10-24T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,56 +1,183 @@ -CVE-2023-5732 +CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...) + TODO: check +CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) + TODO: check +CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...) + TODO: check +CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...) + TODO: check +CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via ...) + TODO: check +CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...) + TODO: check +CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...) + TODO: check +CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) + TODO: check +CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...) + TODO: check +CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing ...) + TODO: check +CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...) + TODO: check +CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...) + TODO: check +CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...) + TODO: check +CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + TODO: check +CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...) + TODO: check +CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...) + TODO: check +CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...) + TODO: check +CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...) + TODO: check +CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...) + TODO: check +CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...) + TODO: check +CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...) + TODO: check +CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a r ...) + TODO: check +CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...) + TODO: check +CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn L ...) + TODO: check +CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lead ...) + TODO: check +CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) + TODO: check +CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...) + TODO: check +CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpsp ...) + TODO: check +CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Rav ...) + TODO: check +CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) + TODO: check +CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Woka ...) + TODO: check +CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0ecbbf2 by Salvatore Bonaccorso at 2023-10-24T22:22:59+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,129 +1,129 @@ CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) - TODO: check + NOT-FOR-US: Synology CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a r ...) TODO: check CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting
[Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: e794e0ed by Anton Gladky at 2023-10-24T21:20:34+02:00 Mark CVE-2023-{5586,5595} as EOL for LTS (gpac) - - - - - b60ef744 by Anton Gladky at 2023-10-24T21:38:01+02:00 Mark CVE-2023-41914 as EOL for buster (slurm-llnl) - - - - - c594f8a6 by Anton Gladky at 2023-10-24T21:40:21+02:00 Add firefox-esr - - - - - 944e210f by Anton Gladky at 2023-10-24T21:43:09+02:00 LTS: Add pmix - - - - - b6e80ee3 by Anton Gladky at 2023-10-24T21:49:32+02:00 LTS: add request-tracker4 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1207,6 +1207,7 @@ CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordP NOT-FOR-US: WordPress plugin CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1 CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...) @@ -1508,6 +1509,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP hea NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25) CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 NOTE: https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle Rental S ...) @@ -1548,6 +1550,7 @@ CVE-2023-41914 - slurm-wlm 23.02.6-1 [bullseye] - slurm-wlm (Very intrusive patch and upstream does not release patches for unsupported versions) - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) = data/dla-needed.txt = @@ -58,6 +58,9 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- +firefox-esr + NOTE: 20231024: Added by Front-Desk (gladk) +-- flatpak NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk) @@ -159,6 +162,9 @@ osslsigncode phppgadmin (Chris Lamb) NOTE: 20230925: Added by Front-Desk (apo) -- +pmix + NOTE: 20231024: Added by Front-Desk (gladk) +-- python-django (Chris Lamb) NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk) @@ -189,6 +195,11 @@ rails NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh) NOTE: 20230828: want to rollout ruby-rack first. (utkarsh) -- +request-tracker4 + NOTE: 20231024: Added by Front-Desk (gladk) + NOTE: 20231024: Please check the commit: https://github.com/bestpractical/rt/commit/a7a83dfdf591cd4d9f547048e89a5a310eeef32d + NOTE: 20231024: Please check the commit: https://github.com/bestpractical/rt/commit/afb7dcded721e27028e47b62e7e5ed8ffc492beb +-- ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gst-plugins-bad1.0 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2d5285d by Salvatore Bonaccorso at 2023-10-24T22:51:39+02:00 Reserve DSA number for gst-plugins-bad1.0 update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[24 Oct 2023] DSA-5533-1 gst-plugins-bad1.0 - security update + {CVE-2023-40474 CVE-2023-40475 CVE-2023-40476} + [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u2 + [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u2 [24 Oct 2023] DSA-5532-1 openssl - security update {CVE-2023-5363} [bookworm] - openssl 3.0.11-1~deb12u2 = data/dsa-needed.txt = @@ -23,8 +23,6 @@ firefox-esr (jmm) -- gpac/oldstable (jmm) -- -gst-plugins-bad1.0 (carnil) --- jetty9 -- libreswan (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d5285d5ea79f15cc1059dc7267224cee03c1bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d5285d5ea79f15cc1059dc7267224cee03c1bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker5 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6bc1890 by Salvatore Bonaccorso at 2023-10-24T22:49:25+02:00 Add Debian bug reference for request-tracker5 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -924,15 +924,15 @@ CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers f CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...) NOT-FOR-US: Ichitaro CVE-2023-45024 - - request-tracker5 + - request-tracker5 (bug #1054517) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 CVE-2023-41260 - - request-tracker5 + - request-tracker5 (bug #1054517) - request-tracker4 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 CVE-2023-41259 - - request-tracker5 + - request-tracker5 (bug #1054517) - request-tracker4 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc189057570315f1317bb04d41c39ea3a558e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc189057570315f1317bb04d41c39ea3a558e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3630-1 for roundcube
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f6bf2a4 by Guilhem Moulin at 2023-10-24T23:46:14+02:00 Reserve DLA-3630-1 for roundcube - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[24 Oct 2023] DLA-3630-1 roundcube - security update + {CVE-2023-5631} + [buster] - roundcube 1.3.17+dfsg.1-1~deb10u4 [23 Oct 2023] DLA-3629-1 ceph - security update {CVE-2019-10222 CVE-2020-1700 CVE-2020-1760 CVE-2020-10753 CVE-2020-12059 CVE-2020-25678 CVE-2020-27781 CVE-2021-3524 CVE-2021-3531 CVE-2021-3979 CVE-2021-20288 CVE-2023-43040} [buster] - ceph 12.2.11+dfsg1-2.1+deb10u1 = data/dla-needed.txt = @@ -204,9 +204,6 @@ ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) -- -roundcube (guilhem) - NOTE: 20231024: Added by Front-Desk (gladk) --- salt NOTE: 20220814: Added by Front-Desk (gladk) NOTE: 20220814: I am not sure, whether it is possible to fix issues View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6bf2a461648b92a3e2922f9f957f01e08861bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6bf2a461648b92a3e2922f9f957f01e08861bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for CVEs for firefox-esr via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1516610 by Salvatore Bonaccorso at 2023-10-25T07:49:06+02:00 Track fixes for CVEs for firefox-esr via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,14 +125,14 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to ca CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...) NOT-FOR-US: PingFederate CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...) - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732 CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs showed e ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...) - firefox - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730 CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneously tr ...) @@ -140,7 +140,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneous NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729 CVE-2023-5728 (During garbage collection extra operations were performed on a object ...) - firefox - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728 CVE-2023-5727 (The executable file warning was not presented when downloading .msix, ...) @@ -155,12 +155,12 @@ CVE-2023-5726 (A website could have obscured the full screen notification by usi NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...) - firefox - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...) - firefox - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724 CVE-2023-5723 (An attacker with temporary script access to a site could have set a co ...) @@ -171,7 +171,7 @@ CVE-2023-5722 (Using iterative requests an attacker was able to learn the size o NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...) - firefox - - firefox-esr + - firefox-esr 115.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c15166104248e622013f9b746f5701a5c4dd32b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c15166104248e622013f9b746f5701a5c4dd32b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67a6d475 by security tracker role at 2023-10-24T08:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,36 @@ -CVE-2023-5633 +CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) + TODO: check +CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) + TODO: check +CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) + TODO: check +CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...) + TODO: check +CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...) + TODO: check +CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...) + TODO: check +CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...) + TODO: check +CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + TODO: check +CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...) + TODO: check +CVE-2023-39817 + REJECTED +CVE-2023-39816 + REJECTED +CVE-2023-39815 + REJECTED +CVE-2023-39814 + REJECTED +CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community ...) + TODO: check +CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...) + TODO: check +CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...) + TODO: check +CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...) - linux 6.5.8-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -45,7 +77,7 @@ CVE-2023-33837 (IBM Security Verify Governance 10.0 does not encrypt sensitive o NOT-FOR-US: IBM CVE-2023-46288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - airflow (bug #819700) -CVE-2023-46316 [Fix command line parsing in wrappers] +CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scrip ...) - traceroute 1:2.1.3-1 [bookworm] - traceroute (Minor issue) [bullseye] - traceroute (Minor issue) @@ -82342,10 +82374,10 @@ CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.plat NOT-FOR-US: DNNPlatform CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: NotrinosERP -CVE-2022-38485 - RESERVED -CVE-2022-38484 - RESERVED +CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...) + TODO: check +CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...) + TODO: check CVE-2022-38483 RESERVED CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for weborf via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d17021c by Salvatore Bonaccorso at 2023-10-24T10:20:35+02:00 Track proposed update for weborf via bullseye-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -76,3 +76,5 @@ CVE-2023-26132 [bullseye] - node-dottie 2.0.2-4+deb11u1 CVE-2023-40743 [bullseye] - axis 1.4-28+deb11u1 +CVE-2023-46586 + [bullseye] - weborf 0.17-3+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d17021c7de88f50dd11cd4ba73bb13d5d6cd52f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d17021c7de88f50dd11cd4ba73bb13d5d6cd52f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d6b6a7ee by Salvatore Bonaccorso at 2023-10-24T10:26:19+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) - TODO: check + NOT-FOR-US: Synology CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) - TODO: check + NOT-FOR-US: Geeklog-Core geeklog CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) - TODO: check + NOT-FOR-US: Geeklog-Core geeklog CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...) - TODO: check + NOT-FOR-US: kodbox CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...) - TODO: check + NOT-FOR-US: WenwenaiCMS CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...) - TODO: check + NOT-FOR-US: umputun remark42 CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...) TODO: check CVE-2023-39817 @@ -25,11 +25,11 @@ CVE-2023-39815 CVE-2023-39814 REJECTED CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community ...) - TODO: check + NOT-FOR-US: UVDesk Community Skeleton CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...) - TODO: check + NOT-FOR-US: UVDesk Community Skeleton CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...) - TODO: check + NOT-FOR-US: carRental CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...) - linux 6.5.8-1 [bullseye] - linux (Vulnerable code not present) @@ -82375,9 +82375,9 @@ CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.plat CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: NotrinosERP CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...) - TODO: check + NOT-FOR-US: AgeVolt Portal CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...) - TODO: check + NOT-FOR-US: AgeVolt Portal CVE-2022-38483 RESERVED CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5633/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a18b4e7 by Salvatore Bonaccorso at 2023-10-24T08:14:48+02:00 Add CVE-2023-5633/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-5633 + - linux 6.5.8-1 + NOTE: https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6) CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data back t ...) NOT-FOR-US: Vue.js Devtools extension CVE-2023-5246 (Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways wi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a18b4e7ea665ae9711369a0a004ed92f9d57ee9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a18b4e7ea665ae9711369a0a004ed92f9d57ee9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2023-5633 with kernel-sec information
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45875c4a by Salvatore Bonaccorso at 2023-10-24T08:43:36+02:00 Update CVE-2023-5633 with kernel-sec information - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2023-5633 - linux 6.5.8-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6) CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data back t ...) NOT-FOR-US: Vue.js Devtools extension View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45875c4abb1df765fdd50e8ce3a6f461a1a8108a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45875c4abb1df765fdd50e8ce3a6f461a1a8108a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-42459/fastdds
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ecda6a0 by Salvatore Bonaccorso at 2023-10-24T16:17:01+02:00 Track fixed version for CVE-2023-42459/fastdds - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1104,7 +1104,7 @@ CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platfo CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...) NOT-FOR-US: Liferay Portal CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...) - - fastdds (bug #1054163) + - fastdds 2.11.2+ds-6 (bug #1054163) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm NOTE: https://github.com/eProsima/Fast-DDS/issues/3207 NOTE: https://github.com/eProsima/Fast-DDS/pull/3824 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecda6a0135e2533f2f6922c650aafa0d20f5b47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecda6a0135e2533f2f6922c650aafa0d20f5b47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list and assign to jmm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 170e0e91 by Salvatore Bonaccorso at 2023-10-24T17:08:05+02:00 Add firefox-esr to dsa-needed list and assign to jmm - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -19,6 +19,8 @@ cacti -- cinder/oldstable -- +firefox-esr (jmm) +-- gpac/oldstable (jmm) -- gst-plugins-bad1.0 (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170e0e91d9d251abf820adf84eb4ee6244834088 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170e0e91d9d251abf820adf84eb4ee6244834088 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2023-46
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fe538f8 by Salvatore Bonaccorso at 2023-10-24T17:07:07+02:00 Add firefox-esr issues from mfsa2023-46 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,42 @@ +CVE-2023-5732 + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732 CVE-2023-5731 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731 CVE-2023-5730 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730 CVE-2023-5729 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729 CVE-2023-5728 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728 CVE-2023-5727 - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727 CVE-2023-5726 - firefox (Only affects Firefox on MacOS) + - firefox-esr (Only affects Firefox ESR on MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726 CVE-2023-5725 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725 CVE-2023-5724 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724 CVE-2023-5723 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723 @@ -30,7 +45,9 @@ CVE-2023-5722 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722 CVE-2023-5721 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) NOT-FOR-US: Synology CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe538f81c7ceb09b395488f8c764aea570feec5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe538f81c7ceb09b395488f8c764aea570feec5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-5363/openssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 784048eb by Salvatore Bonaccorso at 2023-10-24T17:10:38+02:00 Add CVE-2023-5363/openssl - - - - - 4a3dcab5 by Salvatore Bonaccorso at 2023-10-24T17:11:18+02:00 Add openssl to dsa-needed list - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -50,6 +50,11 @@ CVE-2023-5721 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) NOT-FOR-US: Synology +CVE-2023-5363 [Incorrect cipher key & IV length processing] + - openssl + [bullseye] - openssl (Vulnerable code not present) + [buster] - openssl (Vulnerable code not present) + NOTE: https://www.openssl.org/news/secadv/20231024.txt CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) NOT-FOR-US: Geeklog-Core geeklog CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) = data/dsa-needed.txt = @@ -46,6 +46,8 @@ openjdk-11/oldstable (jmm) -- openjdk-17 (jmm) -- +openssl (carnil) +-- php-cas/oldstable -- php-horde-mime-viewer/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-45
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82603b43 by Salvatore Bonaccorso at 2023-10-24T17:01:50+02:00 Add new firefox issues from mfsa2023-45 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,36 @@ +CVE-2023-5731 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731 +CVE-2023-5730 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730 +CVE-2023-5729 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729 +CVE-2023-5728 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728 +CVE-2023-5727 + - firefox (Only affects Firefox on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727 +CVE-2023-5726 + - firefox (Only affects Firefox on MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726 +CVE-2023-5725 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725 +CVE-2023-5724 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724 +CVE-2023-5723 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723 +CVE-2023-5722 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722 +CVE-2023-5721 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) NOT-FOR-US: Synology CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82603b43cec6a6cc1af7a6e539f40b55302238ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82603b43cec6a6cc1af7a6e539f40b55302238ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add roundcube and assign to maintainer
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 48b0cbf9 by Anton Gladky at 2023-10-24T18:35:36+02:00 LTS: add roundcube and assign to maintainer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -193,6 +193,9 @@ ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) -- +roundcube (guilhem) + NOTE: 20231024: Added by Front-Desk (gladk) +-- salt NOTE: 20220814: Added by Front-Desk (gladk) NOTE: 20220814: I am not sure, whether it is possible to fix issues View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0cbf9c2541e3f71ca3a5bbc4ba31157fa50ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0cbf9c2541e3f71ca3a5bbc4ba31157fa50ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits