[Git][security-tracker-team/security-tracker][master] Reserve DLA-3426-3 for netatalk
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4c80589 by Markus Koschany at 2023-08-13T23:35:48+02:00
Reserve DLA-3426-3 for netatalk
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[13 Aug 2023] DLA-3426-3 netatalk - regression update
+ [buster] - netatalk 3.1.12~ds-3+deb10u3
[13 Aug 2023] DLA-3527-1 sox - security update
{CVE-2023-32627}
[buster] - sox 14.4.2+git20190427-1+deb10u3
=
data/dla-needed.txt
=
@@ -104,11 +104,6 @@ mediawiki
NOTE: 20230810: Experimental issue-based workflow: please self-assign and
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/31
NOTE: 20230810: Check DSA-5447-1 (Beuc/front-desk)
--
-netatalk (Markus Koschany)
- NOTE: 20230812: Added by Front-Desk (Beuc)
- NOTE: 20230812: Experimental issue-based workflow: please self-assign and
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/38
- NOTE: 20230812: Regression update request:
https://lists.debian.org/debian-lts/2023/08/msg00014.html (Beuc/front-desk)
---
nodejs (guilhem)
NOTE: 20230731: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c80589b26289a7afe2a3d919c50e5950add739
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c80589b26289a7afe2a3d919c50e5950add739
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0de458a1 by security tracker role at 2023-08-13T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,59 @@
+CVE-2023-39406 (Permission control vulnerability in the XLayout component.
Successful ...)
+ TODO: check
+CVE-2023-39405 (Vulnerability of out-of-bounds parameter read/write in the
Wi-Fi modul ...)
+ TODO: check
+CVE-2023-39404 (Vulnerability of input parameter verification in certain APIs
in the w ...)
+ TODO: check
+CVE-2023-39403 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39402 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39401 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39400 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39399 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39398 (Parameter verification vulnerability in the installd module.
Successfu ...)
+ TODO: check
+CVE-2023-39397 (Input parameter verification vulnerability in the
communication system ...)
+ TODO: check
+CVE-2023-39396 (Deserialization vulnerability in the input module. Successful
exploita ...)
+ TODO: check
+CVE-2023-39395 (Mismatch vulnerability in the serialization process in the
communicati ...)
+ TODO: check
+CVE-2023-39394 (Vulnerability of API privilege escalation in the wifienhance
module. S ...)
+ TODO: check
+CVE-2023-39393 (Vulnerability of insecure signatures in the
ServiceWifiResources modul ...)
+ TODO: check
+CVE-2023-39392 (Vulnerability of insecure signatures in the OsuLogin module.
Successfu ...)
+ TODO: check
+CVE-2023-39391 (Vulnerability of system file information leakage in the USB
Service mo ...)
+ TODO: check
+CVE-2023-39390 (Vulnerability of input parameter verification in certain APIs
in the w ...)
+ TODO: check
+CVE-2023-39389 (Vulnerability of input parameters being not strictly verified
in the P ...)
+ TODO: check
+CVE-2023-39388 (Vulnerability of input parameters being not strictly verified
in the P ...)
+ TODO: check
+CVE-2023-39387 (Vulnerability of permission control in the window management
module. S ...)
+ TODO: check
+CVE-2023-39386 (Vulnerability of input parameters being not strictly verified
in the P ...)
+ TODO: check
+CVE-2023-39385 (Vulnerability of configuration defects in the media module of
certain ...)
+ TODO: check
+CVE-2023-39384 (Vulnerability of incomplete permission verification in the
input metho ...)
+ TODO: check
+CVE-2023-39383 (Vulnerability of input parameters being not strictly verified
in the A ...)
+ TODO: check
+CVE-2023-39382 (Input verification vulnerability in the audio module.
Successful explo ...)
+ TODO: check
+CVE-2023-39381 (Input verification vulnerability in the storage module.
Successful exp ...)
+ TODO: check
+CVE-2023-39380 (Permission control vulnerability in the audio module.
Successful explo ...)
+ TODO: check
+CVE-2021-46895 (Vulnerability of defects introduced in the design process in
the Multi ...)
+ TODO: check
CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following
locations: ...)
NOT-FOR-US: zephyr-rtos
CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin
for WordP ...)
@@ -4922,6 +4978,7 @@ CVE-2023-34318 (A heap buffer overflow vulnerability was
found in sox, in the st
CVE-2023-34316 (An attacker could bypass the latest Delta Electronics
InfraSuite Devic ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-32627 (A floating point exception vulnerability was found in sox, in
the read ...)
+ {DLA-3527-1}
- sox (bug #1041112)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
NOTE: https://sourceforge.net/p/sox/bugs/369/
@@ -12243,7 +12300,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business
integration in Devolutions
CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin
before 32 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2255 (Improper access control in editor components of The Document
Foundatio ...)
- {DSA-5415-1}
+ {DSA-5415-1 DLA-3526-1}
- libreoffice 4:7.4.5-3
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254
@@ -26781,7 +26838,7 @@ CVE-2023-0952 (Improper access controls on entries in
Devolutions Server 2022.3
CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions
Server 2
[Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: e47056c8 by Thorsten Alteholz at 2023-08-13T20:44:44+02:00 update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,6 +23,7 @@ rather than remove/replace existing ones. -- amanda (Thorsten Alteholz) NOTE: 20230730: Added by Front-Desk (apo) + NOTE: 20230813: testing packages (ta) -- cairosvg (gladk) NOTE: 20230323: Added by Front-Desk (gladk) @@ -197,7 +198,7 @@ rar (Markus Koschany) ring (Thorsten Alteholz) NOTE: 20221120: Added by Front-Desk (ta) NOTE: 20230507: testing package - NOTE: 20230730: testing package, not all tests pass yet + NOTE: 20230813: testing package, not all tests pass yet -- ruby-loofah NOTE: 20221231: Added by Front-Desk (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47056c8c5814246254f5fb5ce4fcd7713f03527 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47056c8c5814246254f5fb5ce4fcd7713f03527 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Fix typo in CVE identifier for DLA-3526-1/libreoffice
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8cec7480 by Salvatore Bonaccorso at 2023-08-13T20:30:23+02:00
Fix typo in CVE identifier for DLA-3526-1/libreoffice
- - - - -
7383f789 by Salvatore Bonaccorso at 2023-08-13T20:30:55+02:00
Remove no-dsa tagged entry which got an update in DLA-3526-1
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -70467,7 +70467,6 @@ CVE-2022-38746
CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to
add an e ...)
- libreoffice 1:7.3.1-1
[bullseye] - libreoffice 1:7.0.4-4+deb11u6
- [buster] - libreoffice (Minor issue)
NOTE:
https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745
CVE-2022-2993 (There is an error in the condition of the last if-statement in
the fun ...)
=
data/DLA/list
=
@@ -2,7 +2,7 @@
{CVE-2023-32627}
[buster] - sox 14.4.2+git20190427-1+deb10u3
[13 Aug 2023] DLA-3526-1 libreoffice - security update
- {CVE-2022-3874 CVE-2023-0950 CVE-2023-2255}
+ {CVE-2022-38745 CVE-2023-0950 CVE-2023-2255}
[buster] - libreoffice 1:6.1.5-3+deb10u10
[10 Aug 2023] DLA-3495-2 php-dompdf - regression update
{CVE-2021-3838}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abf132f2ce72a314592693cc1f33394c7aadfafb...7383f789e41b4e71684d0c53ff848485f75d40e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/abf132f2ce72a314592693cc1f33394c7aadfafb...7383f789e41b4e71684d0c53ff848485f75d40e9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Slightly wrap longer note line
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abf132f2 by Salvatore Bonaccorso at 2023-08-13T19:06:46+02:00 Slightly wrap longer note line - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4925,7 +4925,8 @@ CVE-2023-32627 (A floating point exception vulnerability was found in sox, in th - sox (bug #1041112) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 NOTE: https://sourceforge.net/p/sox/bugs/369/ - NOTE: POC posted upstream is masked by fix of CVE-2021-3643, however sampling rate == 0, thus FPE is not fixed by CVE-2021-3643 + NOTE: POC posted upstream is masked by fix of CVE-2021-3643, however sampling rate == 0, + NOTE: thus FPE is not fixed by CVE-2021-3643 CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf132f2ce72a314592693cc1f33394c7aadfafb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf132f2ce72a314592693cc1f33394c7aadfafb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3527-1 for sox
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73ae2bce by Bastien Roucariès at 2023-08-13T17:02:25+00:00
Reserve DLA-3527-1 for sox
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[13 Aug 2023] DLA-3527-1 sox - security update
+ {CVE-2023-32627}
+ [buster] - sox 14.4.2+git20190427-1+deb10u3
[13 Aug 2023] DLA-3526-1 libreoffice - security update
{CVE-2022-3874 CVE-2023-0950 CVE-2023-2255}
[buster] - libreoffice 1:6.1.5-3+deb10u10
=
data/dla-needed.txt
=
@@ -235,9 +235,6 @@ samba (Lee Garrett)
NOTE: 20230807: functional test framework is however needed (WIP) as most
NOTE: 20230807: CVEs/bugfixes don't have test coverage.
--
-sox (rouca)
- NOTE: 20230731: Added by Front-Desk (apo)
---
suricata (Adrian Bunk)
NOTE: 20230620: Added by Front-Desk (Beuc)
NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with
last LTS update in Jessie,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ae2bce6350edbc50fd68eeb56c38b5ea8d841a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ae2bce6350edbc50fd68eeb56c38b5ea8d841a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim sox
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 1577786f by Bastien Roucariès at 2023-08-13T17:00:46+00:00 Claim sox - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -235,7 +235,7 @@ samba (Lee Garrett) NOTE: 20230807: functional test framework is however needed (WIP) as most NOTE: 20230807: CVEs/bugfixes don't have test coverage. -- -sox +sox (rouca) NOTE: 20230731: Added by Front-Desk (apo) -- suricata (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1577786f65061c74febc4f0e37d582a64bd5ab53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1577786f65061c74febc4f0e37d582a64bd5ab53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3526-1 for libreoffice
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c65308d by Bastien Roucariès at 2023-08-13T16:24:29+00:00
Reserve DLA-3526-1 for libreoffice
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[13 Aug 2023] DLA-3526-1 libreoffice - security update
+ {CVE-2022-3874 CVE-2023-0950 CVE-2023-2255}
+ [buster] - libreoffice 1:6.1.5-3+deb10u10
[10 Aug 2023] DLA-3495-2 php-dompdf - regression update
{CVE-2021-3838}
[buster] - php-dompdf 0.6.2+dfsg-3+deb10u2
=
data/dla-needed.txt
=
@@ -90,11 +90,6 @@ intel-microcode (utkarsh)
NOTE: 20230809: Upcoming DSA. (Beuc/front-desk)
NOTE: 20230809: will co-ordinate with hmh. (utkarsh)
--
-libreoffice (rouca)
- NOTE: 20230530: Added by Front-Desk (pochu)
- NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith)
- NOTE: 20230718: CVE-2023-2255.diff fails to build. (abhijith)
---
linux (Ben Hutchings)
NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c65308deeca5da91e199f7bcf2bcbdbd6ccabd7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c65308deeca5da91e199f7bcf2bcbdbd6ccabd7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take orthanc
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 55e76921 by Anton Gladky at 2023-08-13T17:53:16+02:00 LTS: take orthanc - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -153,7 +153,7 @@ openjdk-11 (Emilio) openssl (gladk) NOTE: 20230731: Added by Front-Desk (apo) -- -orthanc +orthanc (gladk) NOTE: 20230812: Added by Front-Desk (Beuc) NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/41 NOTE: 20230812: Check DSA-5473-1 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e76921bad76df0b69bd533d9bebd92b41b2d5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e76921bad76df0b69bd533d9bebd92b41b2d5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add a note about the POC upstream of CVE-2023-32627
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a7f1062 by Bastien Roucariès at 2023-08-13T14:46:29+00:00 Add a note about the POC upstream of CVE-2023-32627 Note that a previous fix render upstream POC unusble for testing but FPE is still present - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4925,6 +4925,7 @@ CVE-2023-32627 (A floating point exception vulnerability was found in sox, in th - sox (bug #1041112) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 NOTE: https://sourceforge.net/p/sox/bugs/369/ + NOTE: POC posted upstream is masked by fix of CVE-2021-3643, however sampling rate == 0, thus FPE is not fixed by CVE-2021-3643 CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7f106212a539c31fa8d41974d32252c9732cef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7f106212a539c31fa8d41974d32252c9732cef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim lxc in dla-needed.txt
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b3c6b2a by Santiago Ruano Rincón at 2023-08-13T11:10:55-03:00 Claim lxc in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -98,7 +98,7 @@ libreoffice (rouca) linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- -lxc +lxc (santiago) NOTE: 20230812: Added by Front-Desk (Beuc) NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/44 NOTE: 20230812: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3c6b2af5ac5a64c648a5011d08e47d9cd4ecf5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3c6b2af5ac5a64c648a5011d08e47d9cd4ecf5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-3153/ovn
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f3a820a by Salvatore Bonaccorso at 2023-08-13T14:55:57+02:00 Add Debian bug reference for CVE-2023-3153/ovn - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8193,7 +8193,7 @@ CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5 CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...) NOT-FOR-US: Advantech CVE-2023-3153 [service monitor MAC flow is not rate limited] - - ovn + - ovn (bug #1043598) [bookworm] - ovn (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 NOTE: https://github.com/ovn-org/ovn/issues/198 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f3a820acaff16ccbf3a46023c8da3f1dec9ffec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f3a820acaff16ccbf3a46023c8da3f1dec9ffec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-34318: fixed by same fix as CVE-2021-23159
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 55f0616d by Bastien Roucariès at 2023-08-13T12:50:48+00:00 CVE-2023-34318: fixed by same fix as CVE-2021-23159 Tested poc under trixie and gdb tracing. Fail early (before the location of leak) by: Implausible dictionary size in HCOM header Cross tested also under valgrind - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4913,10 +4913,12 @@ CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the ls CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) - - sox (bug #104) + - sox 14.4.2+git20190427-3.2 (bug #104) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283 NOTE: https://sourceforge.net/p/sox/bugs/368/ - TODO: check, might be fixed along with the fix for CVE-2021-23159 + NOTE: Same fix as for CVE-2021-23159 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f0616d8f1b2e3f83bc218676943dc1a65b2d34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f0616d8f1b2e3f83bc218676943dc1a65b2d34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add todo item for CVE-2023-34318
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b5297b6 by Salvatore Bonaccorso at 2023-08-13T13:55:06+02:00 Add todo item for CVE-2023-34318 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4916,6 +4916,7 @@ CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the st - sox (bug #104) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283 NOTE: https://sourceforge.net/p/sox/bugs/368/ + TODO: check, might be fixed along with the fix for CVE-2021-23159 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5297b6c9d59dcacaea106d3cfe6c4f9f916dff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5297b6c9d59dcacaea106d3cfe6c4f9f916dff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for CVE-2023-34432
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e46880b1 by Salvatore Bonaccorso at 2023-08-13T13:48:51+02:00 Add note for CVE-2023-34432 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4909,6 +4909,7 @@ CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the ls [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ + NOTE: Same fix as for CVE-2021-23159 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46880b127e3f7d8c29e2771a075065c71f1713e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46880b127e3f7d8c29e2771a075065c71f1713e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-23537 and CVE-2022-23547
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c015380 by Salvatore Bonaccorso at 2023-08-13T13:13:15+02:00
Track fixed version via unstable for CVE-2022-23537 and CVE-2022-23547
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -115084,14 +115084,14 @@ CVE-2022-23548 (Discourse is an option source
discussion platform. Prior to vers
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5358-1 DLA-3335-1}
- - asterisk (bug #1032092)
+ - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5358-1 DLA-3335-1}
- - asterisk (bug #1032092)
+ - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c015380cac0fbb8aa0aa56073bc9eb2f8ebf971
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c015380cac0fbb8aa0aa56073bc9eb2f8ebf971
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-27585/asterisk via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6b5000e by Salvatore Bonaccorso at 2023-08-13T13:10:58+02:00
Track fixed version for CVE-2023-27585/asterisk via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -23382,7 +23382,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on
Cairo, a 2D graphics libra
NOTE: Introduced in
https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c
(0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5438-1 DLA-3394-1}
- - asterisk (bug #1036697)
+ - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697)
- pjproject
- ring
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5000e24cb35ffdb48174a4c54ea9a5dfa272a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5000e24cb35ffdb48174a4c54ea9a5dfa272a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-34432
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d8072c4 by Salvatore Bonaccorso at 2023-08-13T13:00:00+02:00 Update information for CVE-2023-34432 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4904,10 +4904,11 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - - sox (bug #1041110) + - sox 14.4.2+git20190427-3.2 (bug #1041110) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ - TODO: needs further investigation, claimed to be fixed with patch applied for CVE-2021-23159 and CVE-2021-23172 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8072c45ab953fb6283a1a1ec3e74621066f3f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8072c45ab953fb6283a1a1ec3e74621066f3f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add todo item for CVE-2023-34432
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 38a0a716 by Salvatore Bonaccorso at 2023-08-13T12:38:50+02:00 Add todo item for CVE-2023-34432 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4907,6 +4907,7 @@ CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the ls - sox (bug #1041110) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ + TODO: needs further investigation, claimed to be fixed with patch applied for CVE-2021-23159 and CVE-2021-23172 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a0a716d7ac214b8ab5b8e164b9d7d8d374037f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a0a716d7ac214b8ab5b8e164b9d7d8d374037f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-26590
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a8c108ea by Salvatore Bonaccorso at 2023-08-13T12:30:53+02:00 Update information for CVE-2023-26590 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4940,9 +4940,12 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - - sox (bug #1041113) + - sox 14.4.2+git20190427-3.1 (bug #1041113) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ + NOTE: Same fix as for CVE-2022-31650 CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) NOT-FOR-US: Dynacase CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c108eab1ebf125fff0b565f00982ebbd112cf2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c108eab1ebf125fff0b565f00982ebbd112cf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim flask-security in dla-needed.txt
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker Commits: 825f954a by Sean Whitton at 2023-08-13T11:27:08+01:00 LTS: claim flask-security in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ flask (Sean Whitton) NOTE: 20230811: Check DSA-5442-1 (Beuc/front-desk) NOTE: 20230811: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/35 -- -flask-security +flask-security (Sean Whitton) NOTE: 20230811: Added by Front-Desk (Beuc) NOTE: 20230811: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/37 NOTE: 20230811: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825f954ac6e042fc6c090ea86d40bfde8774f683 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825f954ac6e042fc6c090ea86d40bfde8774f683 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2023-4265 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 746de173 by Salvatore Bonaccorso at 2023-08-13T12:25:09+02:00 Process CVE-2023-4265 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following locations: ...) - TODO: check + NOT-FOR-US: zephyr-rtos CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-3452 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746de1731382334c77061c7646cabc162872e8c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746de1731382334c77061c7646cabc162872e8c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Mark CVE-2023-26590 as not-affected"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08d4ab66 by Salvatore Bonaccorso at 2023-08-13T12:20:25+02:00 Revert Mark CVE-2023-26590 as not-affected This reverts commit 4009500a2ff716b394a38b09c42a73cbe257228f. The correct entry should be note the version including the fix landing in unstable, and separately if still in the supported suites in the security-tracker a respective suite entry. Additionally a note should clarify why this CVE is fixed by a particular change from the different CVE. - - - - - b04805f9 by Salvatore Bonaccorso at 2023-08-13T12:20:57+02:00 Revert Mark CVE-2023-34432 as not affected This reverts commit b13f24703fd76432c9930e121d4a21e867eb71ee. The correct entry should be note the version including the fix landing in unstable, and separately if still in the supported suites in the security-tracker a respective suite entry. Additionally a note should clarify why this CVE is fixed by a particular change from the different CVE. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4904,10 +4904,9 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - - sox (fixed by fix of CVE-2021-23159 and CVE-2021-23172) + - sox (bug #1041110) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ - NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2021-23159.patch CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) @@ -4941,10 +4940,9 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - - sox (Fixed by CVE-2022-31650 patch) + - sox (bug #1041113) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ - NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) NOT-FOR-US: Dynacase CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b13f24703fd76432c9930e121d4a21e867eb71ee...b04805f916c3dc30fece016fbc4c4dcbd9ddf87c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-34432 as not affected
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: b13f2470 by Bastien Roucariès at 2023-08-13T10:17:54+00:00 Mark CVE-2023-34432 as not affected Fixed by previous debian fixes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4904,9 +4904,10 @@ CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - - sox (bug #1041110) + - sox (fixed by fix of CVE-2021-23159 and CVE-2021-23172) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ + NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2021-23159.patch CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b13f24703fd76432c9930e121d4a21e867eb71ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b13f24703fd76432c9930e121d4a21e867eb71ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-26590 as not-affected
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 4009500a by Bastien Roucariès at 2023-08-13T10:03:51+00:00 Mark CVE-2023-26590 as not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4940,9 +4940,10 @@ CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not imp CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - - sox (bug #1041113) + - sox (Fixed by CVE-2022-31650 patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ + NOTE: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) NOT-FOR-US: Dynacase CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4009500a2ff716b394a38b09c42a73cbe257228f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4009500a2ff716b394a38b09c42a73cbe257228f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim flash in dla-needed.txt
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c1c034c by Sean Whitton at 2023-08-13T10:47:06+01:00 LTS: claim flash in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,7 +51,7 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- -flask +flask (Sean Whitton) NOTE: 20230811: Added by Front-Desk (Beuc) NOTE: 20230811: Check DSA-5442-1 (Beuc/front-desk) NOTE: 20230811: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/35 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c1c034c7a3ce99ff5271060141b9fc3bd192f11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c1c034c7a3ce99ff5271060141b9fc3bd192f11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 612c76a7 by security tracker role at 2023-08-13T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following locations: ...) + TODO: check CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-3452 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/612c76a78253cd7d67f7466484ee78115ff83cc3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/612c76a78253cd7d67f7466484ee78115ff83cc3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-33953/grpc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fb623f6 by Salvatore Bonaccorso at 2023-08-13T08:35:24+02:00 Add CVE-2023-33953/grpc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -439,7 +439,9 @@ CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers ...) NOT-FOR-US: CSZCMS CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...) - TODO: check + - grpc + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890 + NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022 CVE-2023-33469 (In instances where the screen is visible and remote mouse connection i ...) NOT-FOR-US: KramerAV CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb623f682b5cadba006ec9d6c9fd41e948b3771 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb623f682b5cadba006ec9d6c9fd41e948b3771 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream issue reference for CVE-2023-3153/ovn
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ffe0655 by Salvatore Bonaccorso at 2023-08-13T08:03:39+02:00 Reference upstream issue reference for CVE-2023-3153/ovn - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8183,6 +8183,7 @@ CVE-2023-3153 [service monitor MAC flow is not rate limited] - ovn [bookworm] - ovn (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 + NOTE: https://github.com/ovn-org/ovn/issues/198 CVE-2023-3152 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffe0655018165407e2aa32959c49588c353c707 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffe0655018165407e2aa32959c49588c353c707 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
