date:20231024

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker4 issues

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53f3cbf7 by Salvatore Bonaccorso at 2023-10-24T22:44:26+02:00
Add Debian bug reference for request-tracker4 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -928,12 +928,12 @@ CVE-2023-45024
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
 CVE-2023-41260
- request-tracker5 
-   - request-tracker4 
+   - request-tracker4  (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
 CVE-2023-41259
- request-tracker5 
-   - request-tracker4 
+   - request-tracker4  (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
 CVE-2023-5639 (The Team Showcase plugin for WordPress is vulnerable to Stored 
Cross-S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53f3cbf77a1e05f3a7cd5ce74996182b5a6514d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53f3cbf77a1e05f3a7cd5ce74996182b5a6514d0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssl update

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf08268d by Salvatore Bonaccorso at 2023-10-24T21:05:27+02:00
Reserve DSA number for openssl update

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[24 Oct 2023] DSA-5532-1 openssl - security update
+   {CVE-2023-5363}
+   [bookworm] - openssl 3.0.11-1~deb12u2
 [23 Oct 2023] DSA-5531-1 roundcube - security update
{CVE-2023-5631}
[bullseye] - roundcube 1.4.15+dfsg.1-1~deb11u1


=
data/dsa-needed.txt
=
@@ -46,8 +46,6 @@ openjdk-11/oldstable (jmm)
 --
 openjdk-17 (jmm)
 --
-openssl (carnil)
---
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf08268df07488cd908bcfeeda4b0dff8ad6c346

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf08268df07488cd908bcfeeda4b0dff8ad6c346
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2879bc35 by security tracker role at 2023-10-24T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,56 +1,183 @@
-CVE-2023-5732
+CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to 
asserts b ...)
+   TODO: check
+CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer 
Overflow') ...)
+   TODO: check
+CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable 
to Stor ...)
+   TODO: check
+CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+   TODO: check
+CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability 
via the f ...)
+   TODO: check
+CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow 
vulnerability vi ...)
+   TODO: check
+CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection 
vulnerability via  ...)
+   TODO: check
+CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow 
vulnerability vi ...)
+   TODO: check
+CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller 
Digital Inc. ...)
+   TODO: check
+CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk 
Auto Log ...)
+   TODO: check
+CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech 
It Soluti ...)
+   TODO: check
+CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet 
Marketing  ...)
+   TODO: check
+CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van 
Renselaar ...)
+   TODO: check
+CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media 
Novo-Map ...)
+   TODO: check
+CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple 
Calendar \u2 ...)
+   TODO: check
+CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 
WOLF \u2 ...)
+   TODO: check
+CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME 
TOGI Produc ...)
+   TODO: check
+CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military 
WP Radi ...)
+   TODO: check
+CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web 
application a ...)
+   TODO: check
+CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ClickDat ...)
+   TODO: check
+CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Emmanuel ...)
+   TODO: check
+CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+   TODO: check
+CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in XQue ...)
+   TODO: check
+CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute 
arbitrary comm ...)
+   TODO: check
+CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before 
allows a r ...)
+   TODO: check
+CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
XYDAC Ul ...)
+   TODO: check
+CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Libsyn L ...)
+   TODO: check
+CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Lead ...)
+   TODO: check
+CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Mart ...)
+   TODO: check
+CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+   TODO: check
+CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Scribit  ...)
+   TODO: check
+CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Fastwpsp ...)
+   TODO: check
+CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Alex Rav ...)
+   TODO: check
+CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Step ...)
+   TODO: check
+CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Woka ...)
+   TODO: check
+CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e0ecbbf2 by Salvatore Bonaccorso at 2023-10-24T22:22:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,129 +1,129 @@
 CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to 
asserts b ...)
-   TODO: check
+   NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer 
Overflow') ...)
-   TODO: check
+   NOT-FOR-US: Synology
 CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to 
Stored  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable 
to Stor ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is 
vulnerab ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to 
Stored Cross ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to 
Stored Cross ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to 
Stored  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability 
via the f ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow 
vulnerability vi ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection 
vulnerability via  ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow 
vulnerability vi ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller 
Digital Inc. ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk 
Auto Log ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech 
It Soluti ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet 
Marketing  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van 
Renselaar ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media 
Novo-Map ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple 
Calendar \u2 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 
WOLF \u2 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME 
TOGI Produc ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military 
WP Radi ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web 
application a ...)
-   TODO: check
+   NOT-FOR-US: Nautobot
 CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ClickDat ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Emmanuel ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in XQue ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute 
arbitrary comm ...)
-   TODO: check
+   NOT-FOR-US: SeaCMS
 CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before 
allows a r ...)
TODO: check
 CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
XYDAC Ul ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting

[Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)

2023-10-24 Thread Anton Gladky (@gladk)



Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e794e0ed by Anton Gladky at 2023-10-24T21:20:34+02:00
Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)

- - - - -
b60ef744 by Anton Gladky at 2023-10-24T21:38:01+02:00
Mark CVE-2023-41914 as EOL for buster (slurm-llnl)

- - - - -
c594f8a6 by Anton Gladky at 2023-10-24T21:40:21+02:00
Add firefox-esr

- - - - -
944e210f by Anton Gladky at 2023-10-24T21:43:09+02:00
LTS: Add pmix

- - - - -
b6e80ee3 by Anton Gladky at 2023-10-24T21:49:32+02:00
LTS: add request-tracker4

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -1207,6 +1207,7 @@ CVE-2011-10004 (A vulnerability was found in reciply 
Plugin up to 1.1.7 on WordP
NOT-FOR-US: WordPress plugin
 CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 
2.3.0-DEV.)
- gpac 
+   [buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e
NOTE: 
https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1
 CVE-2023-5575 (Improper access control in the permission inheritance in 
Devolutions S ...)
@@ -1508,6 +1509,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the 
authorization HTTP hea
NOTE: Fixed by 
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
 (1.25)
 CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior 
to 2.3.0 ...)
- gpac 
+   [buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740
NOTE: 
https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc
 CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle 
Rental S ...)
@@ -1548,6 +1550,7 @@ CVE-2023-41914
- slurm-wlm 23.02.6-1
[bullseye] - slurm-wlm  (Very intrusive patch and upstream 
does not release patches for unsupported versions)
- slurm-llnl 
+   [buster] - slurm-llnl  (EOL in buster LTS)
NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA
NOTE: slurm-wlm-contrib also changed, but actual security issue is in 
slurm-wlm
 CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 
802.15.4 nR ...)


=
data/dla-needed.txt
=
@@ -58,6 +58,9 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the 
initiatives. (Beuc/front-desk)
 --
+firefox-esr
+  NOTE: 20231024: Added by Front-Desk (gladk)
+--
 flatpak
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)
@@ -159,6 +162,9 @@ osslsigncode
 phppgadmin (Chris Lamb)
   NOTE: 20230925: Added by Front-Desk (apo)
 --
+pmix
+  NOTE: 20231024: Added by Front-Desk (gladk)
+--
 python-django (Chris Lamb)
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists 
(Beuc/front-desk)
@@ -189,6 +195,11 @@ rails
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the 
possible path forward. (utkarsh)
   NOTE: 20230828: want to rollout ruby-rack first. (utkarsh)
 --
+request-tracker4
+  NOTE: 20231024: Added by Front-Desk (gladk)
+  NOTE: 20231024: Please check the commit: 
https://github.com/bestpractical/rt/commit/a7a83dfdf591cd4d9f547048e89a5a310eeef32d
+  NOTE: 20231024: Please check the commit: 
https://github.com/bestpractical/rt/commit/afb7dcded721e27028e47b62e7e5ed8ffc492beb
+--
 ring
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230928: will be likely hard to fix see 
https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf08268df07488cd908bcfeeda4b0dff8ad6c346...b6e80ee32afc2cdb18397cc1b3984781cecb9387
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gst-plugins-bad1.0 update

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a2d5285d by Salvatore Bonaccorso at 2023-10-24T22:51:39+02:00
Reserve DSA number for gst-plugins-bad1.0 update

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[24 Oct 2023] DSA-5533-1 gst-plugins-bad1.0 - security update
+   {CVE-2023-40474 CVE-2023-40475 CVE-2023-40476}
+   [bullseye] - gst-plugins-bad1.0 1.18.4-3+deb11u2
+   [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u2
 [24 Oct 2023] DSA-5532-1 openssl - security update
{CVE-2023-5363}
[bookworm] - openssl 3.0.11-1~deb12u2


=
data/dsa-needed.txt
=
@@ -23,8 +23,6 @@ firefox-esr (jmm)
 --
 gpac/oldstable (jmm)
 --
-gst-plugins-bad1.0 (carnil)
---
 jetty9
 --
 libreswan (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d5285d5ea79f15cc1059dc7267224cee03c1bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d5285d5ea79f15cc1059dc7267224cee03c1bb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker5 issues

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b6bc1890 by Salvatore Bonaccorso at 2023-10-24T22:49:25+02:00
Add Debian bug reference for request-tracker5 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -924,15 +924,15 @@ CVE-2023-35126 (An out-of-bounds write vulnerability 
exists within the parsers f
 CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream 
parsing fun ...)
NOT-FOR-US: Ichitaro
 CVE-2023-45024
-   - request-tracker5 
+   - request-tracker5  (bug #1054517)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
 CVE-2023-41260
-   - request-tracker5 
+   - request-tracker5  (bug #1054517)
- request-tracker4  (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
 CVE-2023-41259
-   - request-tracker5 
+   - request-tracker5  (bug #1054517)
- request-tracker4  (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc189057570315f1317bb04d41c39ea3a558e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc189057570315f1317bb04d41c39ea3a558e0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3630-1 for roundcube

2023-10-24 Thread Guilhem Moulin (@guilhem)



Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1f6bf2a4 by Guilhem Moulin at 2023-10-24T23:46:14+02:00
Reserve DLA-3630-1 for roundcube

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[24 Oct 2023] DLA-3630-1 roundcube - security update
+   {CVE-2023-5631}
+   [buster] - roundcube 1.3.17+dfsg.1-1~deb10u4
 [23 Oct 2023] DLA-3629-1 ceph - security update
{CVE-2019-10222 CVE-2020-1700 CVE-2020-1760 CVE-2020-10753 
CVE-2020-12059 CVE-2020-25678 CVE-2020-27781 CVE-2021-3524 CVE-2021-3531 
CVE-2021-3979 CVE-2021-20288 CVE-2023-43040}
[buster] - ceph 12.2.11+dfsg1-2.1+deb10u1


=
data/dla-needed.txt
=
@@ -204,9 +204,6 @@ ring
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230928: will be likely hard to fix see 
https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)
 --
-roundcube (guilhem)
-  NOTE: 20231024: Added by Front-Desk (gladk)
---
 salt
   NOTE: 20220814: Added by Front-Desk (gladk)
   NOTE: 20220814: I am not sure, whether it is possible to fix issues



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6bf2a461648b92a3e2922f9f957f01e08861bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6bf2a461648b92a3e2922f9f957f01e08861bc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixes for CVEs for firefox-esr via unstable

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c1516610 by Salvatore Bonaccorso at 2023-10-25T07:49:06+02:00
Track fixes for CVEs for firefox-esr via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -125,14 +125,14 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 
allows an attacker to ca
 CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA 
device to  ...)
NOT-FOR-US: PingFederate
 CVE-2023-5732 (An attacker could have created a malicious link using 
bidirectional ch ...)
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
 CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs 
showed e ...)
- firefox 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, 
and Thun ...)
- firefox 
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730
 CVE-2023-5729 (A malicious web site can enter fullscreen mode while 
simultaneously tr ...)
@@ -140,7 +140,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen 
mode while simultaneous
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
 CVE-2023-5728 (During garbage collection extra operations were performed on a 
object  ...)
- firefox 
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728
 CVE-2023-5727 (The executable file warning was not presented when downloading 
.msix,  ...)
@@ -155,12 +155,12 @@ CVE-2023-5726 (A website could have obscured the full 
screen notification by usi
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, 
which un ...)
- firefox 
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and 
in som ...)
- firefox 
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724
 CVE-2023-5723 (An attacker with temporary script access to a site could have 
set a co ...)
@@ -171,7 +171,7 @@ CVE-2023-5722 (Using iterative requests an attacker was 
able to learn the size o
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be 
activate ...)
- firefox 
-   - firefox-esr 
+   - firefox-esr 115.4.0esr-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c15166104248e622013f9b746f5701a5c4dd32b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c15166104248e622013f9b746f5701a5c4dd32b5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67a6d475 by security tracker role at 2023-10-24T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,36 @@
-CVE-2023-5633
+CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)
+   TODO: check
+CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)
+   TODO: check
+CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)
+   TODO: check
+CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). 
Customizing g ...)
+   TODO: check
+CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows 
a remot ...)
+   TODO: check
+CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind 
Server-Side Req ...)
+   TODO: check
+CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in 
Concrete CMS v. ...)
+   TODO: check
+CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 
allows a  ...)
+   TODO: check
+CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 
allows a remo ...)
+   TODO: check
+CVE-2023-39817
+   REJECTED
+CVE-2023-39816
+   REJECTED
+CVE-2023-39815
+   REJECTED
+CVE-2023-39814
+   REJECTED
+CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk 
Community  ...)
+   TODO: check
+CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated 
attackers to p ...)
+   TODO: check
+CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control 
(Arbitrary Fil ...)
+   TODO: check
+CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 
and CVE ...)
- linux 6.5.8-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
@@ -45,7 +77,7 @@ CVE-2023-33837 (IBM Security Verify Governance 10.0 does not 
encrypt sensitive o
NOT-FOR-US: IBM
 CVE-2023-46288 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
- airflow  (bug #819700)
-CVE-2023-46316 [Fix command line parsing in wrappers]
+CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the 
wrapper scrip ...)
- traceroute 1:2.1.3-1
[bookworm] - traceroute  (Minor issue)
[bullseye] - traceroute  (Minor issue)
@@ -82342,10 +82374,10 @@ CVE-2022-2922 (Relative Path Traversal in GitHub 
repository dnnsoftware/dnn.plat
NOT-FOR-US: DNNPlatform
 CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized 
Actor in G ...)
NOT-FOR-US: NotrinosERP
-CVE-2022-38485
-   RESERVED
-CVE-2022-38484
-   RESERVED
+CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt 
Portal prior ...)
+   TODO: check
+CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability 
exist i ...)
+   TODO: check
 CVE-2022-38483
RESERVED
 CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 
15.2.0.6110 bef ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed update for weborf via bullseye-pu

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4d17021c by Salvatore Bonaccorso at 2023-10-24T10:20:35+02:00
Track proposed update for weborf via bullseye-pu

- - - - -


1 changed file:

- data/next-oldstable-point-update.txt


Changes:

=
data/next-oldstable-point-update.txt
=
@@ -76,3 +76,5 @@ CVE-2023-26132
[bullseye] - node-dottie 2.0.2-4+deb11u1
 CVE-2023-40743
[bullseye] - axis 1.4-28+deb11u1
+CVE-2023-46586
+   [bullseye] - weborf 0.17-3+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d17021c7de88f50dd11cd4ba73bb13d5d6cd52f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d17021c7de88f50dd11cd4ba73bb13d5d6cd52f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d6b6a7ee by Salvatore Bonaccorso at 2023-10-24T10:26:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,19 +1,19 @@
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)
-   TODO: check
+   NOT-FOR-US: Synology
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)
-   TODO: check
+   NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)
-   TODO: check
+   NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). 
Customizing g ...)
-   TODO: check
+   NOT-FOR-US: kodbox
 CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows 
a remot ...)
-   TODO: check
+   NOT-FOR-US: WenwenaiCMS
 CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind 
Server-Side Req ...)
-   TODO: check
+   NOT-FOR-US: umputun remark42
 CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in 
Concrete CMS v. ...)
-   TODO: check
+   NOT-FOR-US: Concrete CMS
 CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 
allows a  ...)
-   TODO: check
+   NOT-FOR-US: CMSmadesimple
 CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 
allows a remo ...)
TODO: check
 CVE-2023-39817
@@ -25,11 +25,11 @@ CVE-2023-39815
 CVE-2023-39814
REJECTED
 CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk 
Community  ...)
-   TODO: check
+   NOT-FOR-US: UVDesk Community Skeleton
 CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated 
attackers to p ...)
-   TODO: check
+   NOT-FOR-US: UVDesk Community Skeleton
 CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control 
(Arbitrary Fil ...)
-   TODO: check
+   NOT-FOR-US: carRental
 CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 
and CVE ...)
- linux 6.5.8-1
[bullseye] - linux  (Vulnerable code not present)
@@ -82375,9 +82375,9 @@ CVE-2022-2922 (Relative Path Traversal in GitHub 
repository dnnsoftware/dnn.plat
 CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized 
Actor in G ...)
NOT-FOR-US: NotrinosERP
 CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt 
Portal prior ...)
-   TODO: check
+   NOT-FOR-US: AgeVolt Portal
 CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability 
exist i ...)
-   TODO: check
+   NOT-FOR-US: AgeVolt Portal
 CVE-2022-38483
RESERVED
 CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 
15.2.0.6110 bef ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5633/linux

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a18b4e7 by Salvatore Bonaccorso at 2023-10-24T08:14:48+02:00
Add CVE-2023-5633/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,6 @@
+CVE-2023-5633
+   - linux 6.5.8-1
+   NOTE: 
https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6)
 CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data 
back t ...)
NOT-FOR-US: Vue.js Devtools extension
 CVE-2023-5246 (Authentication Bypass by Capture-replay in SICK Flexi Soft 
Gateways wi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a18b4e7ea665ae9711369a0a004ed92f9d57ee9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a18b4e7ea665ae9711369a0a004ed92f9d57ee9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update CVE-2023-5633 with kernel-sec information

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
45875c4a by Salvatore Bonaccorso at 2023-10-24T08:43:36+02:00
Update CVE-2023-5633 with kernel-sec information

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,7 @@
 CVE-2023-5633
- linux 6.5.8-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6)
 CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data 
back t ...)
NOT-FOR-US: Vue.js Devtools extension



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45875c4abb1df765fdd50e8ce3a6f461a1a8108a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45875c4abb1df765fdd50e8ce3a6f461a1a8108a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-42459/fastdds

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0ecda6a0 by Salvatore Bonaccorso at 2023-10-24T16:17:01+02:00
Track fixed version for CVE-2023-42459/fastdds

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1104,7 +1104,7 @@ CVE-2023-43658 (dicourse-calendar is a plugin for the 
Discourse messaging platfo
 CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the 
Export for T ...)
NOT-FOR-US: Liferay Portal
 CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution 
Service ...)
-   - fastdds  (bug #1054163)
+   - fastdds 2.11.2+ds-6 (bug #1054163)
NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
NOTE: https://github.com/eProsima/Fast-DDS/issues/3207
NOTE: https://github.com/eProsima/Fast-DDS/pull/3824



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecda6a0135e2533f2f6922c650aafa0d20f5b47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecda6a0135e2533f2f6922c650aafa0d20f5b47
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list and assign to jmm

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
170e0e91 by Salvatore Bonaccorso at 2023-10-24T17:08:05+02:00
Add firefox-esr to dsa-needed list and assign to jmm

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -19,6 +19,8 @@ cacti
 --
 cinder/oldstable
 --
+firefox-esr (jmm)
+--
 gpac/oldstable (jmm)
 --
 gst-plugins-bad1.0 (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170e0e91d9d251abf820adf84eb4ee6244834088

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170e0e91d9d251abf820adf84eb4ee6244834088
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2023-46

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3fe538f8 by Salvatore Bonaccorso at 2023-10-24T17:07:07+02:00
Add firefox-esr issues from mfsa2023-46

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,27 +1,42 @@
+CVE-2023-5732
+   - firefox-esr 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
 CVE-2023-5731
- firefox 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
 CVE-2023-5730
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730
 CVE-2023-5729
- firefox 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
 CVE-2023-5728
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728
 CVE-2023-5727
- firefox  (Only affects Firefox on Windows)
+   - firefox-esr  (Only affects Firefox ESR on Windows)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727
 CVE-2023-5726
- firefox  (Only affects Firefox on MacOS)
+   - firefox-esr  (Only affects Firefox ESR on MacOS)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
 CVE-2023-5725
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
 CVE-2023-5724
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724
 CVE-2023-5723
- firefox 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723
@@ -30,7 +45,9 @@ CVE-2023-5722
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
 CVE-2023-5721
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)
NOT-FOR-US: Synology
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe538f81c7ceb09b395488f8c764aea570feec5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe538f81c7ceb09b395488f8c764aea570feec5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-5363/openssl

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
784048eb by Salvatore Bonaccorso at 2023-10-24T17:10:38+02:00
Add CVE-2023-5363/openssl

- - - - -
4a3dcab5 by Salvatore Bonaccorso at 2023-10-24T17:11:18+02:00
Add openssl to dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -50,6 +50,11 @@ CVE-2023-5721
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)
NOT-FOR-US: Synology
+CVE-2023-5363 [Incorrect cipher key & IV length processing]
+   - openssl 
+   [bullseye] - openssl  (Vulnerable code not present)
+   [buster] - openssl  (Vulnerable code not present)
+   NOTE: https://www.openssl.org/news/secadv/20231024.txt
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)
NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)


=
data/dsa-needed.txt
=
@@ -46,6 +46,8 @@ openjdk-11/oldstable (jmm)
 --
 openjdk-17 (jmm)
 --
+openssl (carnil)
+--
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-45

2023-10-24 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82603b43 by Salvatore Bonaccorso at 2023-10-24T17:01:50+02:00
Add new firefox issues from mfsa2023-45

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,36 @@
+CVE-2023-5731
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
+CVE-2023-5730
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730
+CVE-2023-5729
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
+CVE-2023-5728
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728
+CVE-2023-5727
+   - firefox  (Only affects Firefox on Windows)
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727
+CVE-2023-5726
+   - firefox  (Only affects Firefox on MacOS)
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726
+CVE-2023-5725
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725
+CVE-2023-5724
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724
+CVE-2023-5723
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723
+CVE-2023-5722
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
+CVE-2023-5721
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format 
string i ...)
NOT-FOR-US: Synology
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core 
geeklog v.2.2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82603b43cec6a6cc1af7a6e539f40b55302238ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82603b43cec6a6cc1af7a6e539f40b55302238ed
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: add roundcube and assign to maintainer

2023-10-24 Thread Anton Gladky (@gladk)



Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
48b0cbf9 by Anton Gladky at 2023-10-24T18:35:36+02:00
LTS: add roundcube and assign to maintainer

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -193,6 +193,9 @@ ring
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230928: will be likely hard to fix see 
https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca)
 --
+roundcube (guilhem)
+  NOTE: 20231024: Added by Front-Desk (gladk)
+--
 salt
   NOTE: 20220814: Added by Front-Desk (gladk)
   NOTE: 20220814: I am not sure, whether it is possible to fix issues



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0cbf9c2541e3f71ca3a5bbc4ba31157fa50ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0cbf9c2541e3f71ca3a5bbc4ba31157fa50ad
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker4 issues

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssl update

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gst-plugins-bad1.0 update

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker5 issues

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3630-1 for roundcube

[Git][security-tracker-team/security-tracker][master] Track fixes for CVEs for firefox-esr via unstable

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Track proposed update for weborf via bullseye-pu

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5633/linux

[Git][security-tracker-team/security-tracker][master] Update CVE-2023-5633 with kernel-sec information

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-42459/fastdds

[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list and assign to jmm

[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2023-46

[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-5363/openssl

[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-45

[Git][security-tracker-team/security-tracker][master] LTS: add roundcube and assign to maintainer

20 matches

Site Navigation

Mail list logo

Footer information