Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> Hi Christoph Berg,
>
> On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote:
> >
> > Re: Leandro Cunha
> > > The
> > > next job would be to make it available through backports and I would
> > > choose to remove this package from
Source: python-pymysql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-pymysql.
We should also fix this in a DSA, could you prepare debdiffs for
bookworm-security and bullseye-security?
CVE-2024-36039[0]:
| PyMySQL
Source: npgsql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for npgsql.
CVE-2024-32655[0]:
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()`
| method in
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tinyproxy.
CVE-2023-40533[0]:
| An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1
| while parsing HTTP requests. In certain
Source: jupyterhub
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterhub.
CVE-2024-28233[0]:
| JupyterHub is an open source multi-user server for Jupyter
| notebooks. By tricking a user into visiting a malicious
Source: gdcm
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gdcm.
These are fixed in 3.0.24:
CVE-2024-25569[0]:
| An out-of-bounds read vulnerability exists in the
| RAWCodec::DecodeBytes functionality of Mathieu
Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with
Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
|
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21102[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that
Source: sngrep
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sngrep.
CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
|
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-29195[0]:
| The azure-c-shared-utility is a C library for AMQP/MQTT
| communication to Azure Cloud Services. This
Source: request-tracker5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker5.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: request-tracker4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker4.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: fontforge
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for fontforge.
CVE-2024-25081[0]:
| Splinefont in FontForge through 20230101 allows command injection
| via crafted filenames.
CVE-2024-25082[1]:
|
Source: ruby-rack
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rack.
CVE-2024-26141[0]:
Reject Range headers which are too large
https://github.com/rack/rack/releases/tag/v2.2.8.1
Source: pymatgen
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2024-23346[0]:
| Pymatgen (Python Materials Genomics) is an open-source Python
| library for materials analysis. A critical security
Source: iwd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for iwd.
CVE-2023-52161[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
While this mentions a patch for wpasupplication, it's not obvious
if this was
Source: wpa
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for wpa.
CVE-2023-52160[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
If you fix the
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-46809[0]:
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-25110[0]:
| The UAMQP is a general purpose C library for AMQP 1.0. During a call
| to open_get_offered_capabilities, a
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-0321[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.
Am Fri, Jan 05, 2024 at 12:08:54PM +0100 schrieb Chris Hofstaedtler:
> On Sun, Sep 03, 2023 at 08:26:00PM +0200, Moritz Mühlenhoff wrote:
> > severity 877016 serious
> > thanks
> >
> > Am Thu, Sep 28, 2017 at 06:51:30AM -0700 schrieb Mattia Dongili:
> > > On W
Source: ring
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pjsig, which is
bundled in ring:
CVE-2023-38703[0]:
| PJSIP is a free and open source multimedia communication library
| written in C with high level API in C,
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2023-37457[0]:
| Asterisk is an open source private branch exchange and telephony
| toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0
Source: ruby-sidekiq
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in
Source: lrzip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lrzip.
CVE-2023-39741[0]:
| lrzip v0.651 was discovered to contain a heap overflow via the
| libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.
Source: w3m
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for w3m.
CVE-2023-4255[0]:
| An out-of-bounds write issue has been discovered in the backspace
| handling of the checkType() function in etc.c within the W3M
|
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for clickhouse.
CVE-2023-48298[0]:
| ClickHouse® is an open-source column-oriented database management
| system that allows generating analytical data
Source: lwip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lwip.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
|
Source: gemmi
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for gemmi.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
|
Source: falcosecurity-libs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for falcosecurity-libs.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()`
Source: cacti
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for cacti.
CVE-2023-49084[0]:
| Cacti is a robust performance and fault management framework and a
| frontend to RRDTool - a Time Series Database (TSDB). While
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-48958[0]:
| gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
| gf_mpd_resolve_url media_tools/mpd.c:4589.
Source: nss
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nss.
CVE-2023-6135[0]:
| Multiple NSS NIST curves were susceptible to a side-channel attack
| known as "Minerva". This attack could potentially allow an attacker
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-47384[0]:
| MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
| contain a memory leak in the function gf_isom_add_chapter at
|
Source: snort
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
CVE-2023-20246[0]:
| Multiple Cisco products are affected by a vulnerability in Snort
| access control policies that could allow an unauthenticated,
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for frr.
CVE-2023-38407[0]:
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read
| beyond the end of the stream during labeled unicast parsing.
Source: salt
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for salt.
CVE-2023-34049[0]:
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
If you fix the vulnerability please also make sure to
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2023-29449[0]:
| JavaScript preprocessing, webhooks and global scripts can cause
| uncontrolled CPU, memory, and disk I/O utilization.
|
Source: node-browserify-sign
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-browserify-sign.
CVE-2023-46234[0]:
| browserify-sign is a package to duplicate the functionality of
| node's crypto public key functions,
Source: open-vm-tools
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for open-vm-tools.
CVE-2023-34059[0]:
| open-vm-tools contains a file descriptor hijack vulnerability in the
| vmware-user-suid-wrapper. A malicious actor
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2023-42459[0]:
| Fast DDS is a C++ implementation of the DDS (Data Distribution
| Service) standard of the OMG (Object Management Group). In
Source: trafficserver
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for trafficserver.
CVE-2023-41752[0]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Traffic Server.This issue
Source: node-babel7
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-babel7.
CVE-2023-45133[0]:
| Babel is a compiler for writingJavaScript. In `@babel/traverse`
| prior to versions 7.23.2 and 8.0.0-alpha.4 and all
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2023-32721[0]:
| A stored XSS has been found in the Zabbix web application in the
| Maps element if a URL field is set with spaces before URL.
Source: trafficserver
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for trafficserver.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server resource
| consumption) because request cancellation can reset
Source: nghttp2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nghttp2.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server resource
| consumption) because request cancellation can reset many
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-22524[0]:
| Buffer Overflow vulnerability in FreeImage_Load function in
| FreeImage Library 3.19.0(r1828) allows attackers to cuase a
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21428[0]:
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp
| in FreeImage 3.18.0 allows remote attackers to run
Source: nuget
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nuget.
CVE-2023-29337[0]:
Does https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
affect nuget as packaged in Debian?
If you fix the
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-36823[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Using
| carefully crafted input, an attacker may be able to
Source: restrictedpython
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for restrictedpython.
CVE-2023-37271[0]:
| RestrictedPython is a tool that helps to define a subset of the
| Python language which allows users to provide
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2023-37192[0]:
| Memory management and protection issues in Bitcoin Core v22 allows
| attackers to modify the stored sending address within the
Source: cjose
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for cjose.
CVE-2023-37464[0]:
| OpenIDC/cjose is a C library implementing the Javascript Object
| Signing and Encryption (JOSE). The AES GCM decryption routine
|
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-34432[0]:
| A heap buffer overflow vulnerability was found in sox, in the
| lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can
| lead
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters:
> Source: gpac
> Source-Version: 2.2.1+dfsg1-1
> Done: Reinhard Tartler
> Changes:
> gpac (2.2.1+dfsg1-1) experimental; urgency=medium
> .
>* New upstream version,
> closes: #1033116, #1034732, #1034187, #1036701,
1025011, thanks to Moritz Mühlenhoff
It's nice that there's renewed interest, but this involves also taking
care of netatalk in stable, there's a range of issues (full list at
https://security-tracker.debian.org/tracker/source-package/netatalk)
which need to be backported to bullseye-security.
I'm re
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for asterisk.
CVE-2023-27585[0]:
| PJSIP is a free and open source multimedia communication library
| written in C. A buffer overflow vulnerability in versions
Source: libraw
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libraw.
CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an
Source: openjdk-11
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-11.
CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE).
Source: openjdk-17
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-17.
CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE).
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for frr.
CVE-2022-43681[0]:
| An out-of-bounds read exists in the BGP daemon of FRRouting FRR
| through 8.4. When sending a malformed BGP OPEN message that ends
Source: slic3r
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for slic3r.
CVE-2022-36788[0]:
| A heap-based buffer overflow vulnerability exists in the TriangleMesh
| clone functionality of Slic3r libslic3r 1.3.0 and Master
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for consul.
CVE-2021-41803[0]:
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
| properly validate the node or segment names prior to interpolation
Source: dogecoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for dogecoin.
CVE-2021-37491[0]:
| An issue discovered in src/wallet/wallet.cpp in Dogecoin Project
| Dogecoin Core 1.14.3 and earlier allows attackers to view
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2023-21982[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are
Source: owslib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for owslib.
CVE-2023-27476[0]:
| OWSLib is a Python package for client programming with Open Geospatial
| Consortium (OGC) web service interface standards, and
Source: bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for bzip2.
CVE-2023-29415[0]:
| An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial
| of service (process hang) can occur with a crafted archive
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23456[0]:
| A heap-based buffer overflow issue was discovered in UPX in
| PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2023-0996[0]:
| There is a vulnerability in the strided image data parsing code in the
| emscripten wrapper for libheif. An attacker could exploit
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-23537[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based
Source: py7zr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for py7zr.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD support is enabled. If the
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23457[0]:
| A Segmentation fault was found in UPX in
| PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with
| a crafted
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for emacs.
CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hdf5. The reports
mentioned a vendor disclosure, but not sure when/how.
CVE-2022-26061[0]:
| A heap-based buffer overflow vulnerability exists in the gif2h5
|
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rails.
CVE-2023-22796[0]:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
Source: pgpool2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2023-22332[0]:
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to
| 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to
severity 1027788 important
thanks
Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.12.0-1
> Severity: grave
>
> Dear Moritz,
>
> after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my
> local leafnode instance anymore and Gnus refuses
Source: swift
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for swift.
CVE-2022-47950:
OSSA-2023-001: Arbitrary file access through custom S3 XML entities
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
Fixed in 7.0.6
CVE-2023-21884[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core).
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in 8.0.32.
CVE-2023-21863[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer).
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
>
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity:
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > >
Source: python-git
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-git.
CVE-2022-24439[0]:
| All versions of package gitpython are vulnerable to Remote Code
| Execution (RCE) due to improper user input validation,
Source: ruby-rails-html-sanitizer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rails-html-sanitizer.
CVE-2022-23517[0]:
| rails-html-sanitizer is responsible for sanitizing HTML fragments in
| Rails applications.
Am Wed, Dec 28, 2022 at 05:31:34PM +0100 schrieb Moritz Mühlenhoff:
> Source: openimageio
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for openimageio.
And two more
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43592[0]:
| An information disclosure vulnerability exists in the
| DPXOutput::close() functionality of OpenImageIO Project
1 - 100 of 1016 matches
Mail list logo
