[Git][security-tracker-team/security-tracker][master] Take libreoffice in dla-needed.txt
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 52f1eb24 by Santiago Ruano Rincón at 2023-08-06T19:53:54-03:00 Take libreoffice in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -83,7 +83,7 @@ libhtmlcleaner-java (Markus Koschany) NOTE: 20230806: https://github.com/amplafi/htmlcleaner/issues/13#issuecomment-1597626510 NOTE: 20230806: Please, check the upper link, whether the patch can be got (gladk) -- -libreoffice +libreoffice (santiago) NOTE: 20230530: Added by Front-Desk (pochu) NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith) NOTE: 20230718: CVE-2023-2255.diff fails to build. (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f1eb249789c2a133c792bf2abd8ae3773e419a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f1eb249789c2a133c792bf2abd8ae3773e419a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim hdf5 and libhtmlcleaner-java in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 31e15e03 by Markus Koschany at 2023-08-07T00:22:52+02:00 Claim hdf5 and libhtmlcleaner-java in dla-needed.txt - - - - - e06f3d17 by Markus Koschany at 2023-08-07T00:25:15+02:00 Triage remaining CVE for openimageio as no-dsa Minor issues - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -31202,6 +31202,7 @@ CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput:: - openimageio (bug #1034150) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/pull/3768 NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) @@ -31219,6 +31220,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::deco - openimageio (bug #1034150) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/pull/3768 NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) = data/dla-needed.txt = @@ -62,7 +62,7 @@ glib2.0 (santiago) NOTE: 20230710: WIP (santiago) NOTE: 20230724: buster should be ready. need if it's possible to run same reporter's fuzz test -- -hdf5 +hdf5 (Markus Koschany) NOTE: 20230318: Added by Front-Desk (utkarsh) NOTE: 20230318: Consider fixing all the no-dsa and postponed issues as well. (utkarsh) NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably @@ -78,7 +78,7 @@ imagemagick NOTE: 20230622: Added by Front-Desk (Beuc) NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) -- -libhtmlcleaner-java +libhtmlcleaner-java (Markus Koschany) NOTE: 20230806: Added by Front-Desk (gladk) NOTE: 20230806: https://github.com/amplafi/htmlcleaner/issues/13#issuecomment-1597626510 NOTE: 20230806: Please, check the upper link, whether the patch can be got (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7424d3b91318bf9ee796f6be175c61e93684d5e...e06f3d1715ca8c01dabd773a7ec93c8e77b81d6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7424d3b91318bf9ee796f6be175c61e93684d5e...e06f3d1715ca8c01dabd773a7ec93c8e77b81d6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3518-1 for openimageio
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e7424d3b by Markus Koschany at 2023-08-07T00:16:21+02:00 Reserve DLA-3518-1 for openimageio - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Aug 2023] DLA-3518-1 openimageio - security update + {CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2023-24472 CVE-2023-36183} + [buster] - openimageio 2.0.5~dfsg0-1+deb10u2 [06 Aug 2023] DLA-3517-1 pdfcrack - security update {CVE-2020-22336} [buster] - pdfcrack 0.16-3+deb10u1 = data/dla-needed.txt = @@ -116,10 +116,6 @@ nvidia-cuda-toolkit open-vm-tools (Abhijith PA) NOTE: 20230731: Added by Front-Desk (apo) -- -openimageio (Markus Koschany) - NOTE: 20230406: Re-added due to regressions (apo) - NOTE: 20230612: Backporting is mostly done, but still some failures. (gladk) --- openjdk-11 (Emilio) NOTE: 20230419: Added by Front-Desk (ola) NOTE: 20230522: waiting for sid update (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7424d3b91318bf9ee796f6be175c61e93684d5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7424d3b91318bf9ee796f6be175c61e93684d5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 16f66a18 by Moritz Muehlenhoff at 2023-08-06T23:51:57+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,7 +243,11 @@ CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL inj NOT-FOR-US: ai-dev aitable CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...) - cargo + [bookworm] - cargo (Minor issue) + [bullseye] - cargo (Minor issue) - rust-cargo + [bookworm] - rust-cargo (Minor issue) + [bullseye] - rust-cargo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2 NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 @@ -527,7 +531,7 @@ CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attack CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML ...) NOT-FOR-US: Verint Engagement Management CVE-2023-4016 (Under some circumstances, this weakness allows a user who has access t ...) - - procps (bug #1042887) + - procps (bug #1042887) NOTE: https://gitlab.com/procps-ng/procps/-/issues/297 CVE-2023-3739 (Insufficient validation of untrusted input in Chromad in Google Chrome ...) {DSA-5456-1} @@ -1553,6 +1557,7 @@ CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1. NOT-FOR-US: WordPress plugin CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) - znuny 6.5.3-1 + NOTE: https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836 CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x @@ -1949,6 +1954,8 @@ CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 al NOT-FOR-US: Grav CMStduck-platform CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp + [bookworm] - python-aiohttp (Minor issue) + [bullseye] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w NOTE: https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 NOTE: https://hackerone.com/reports/2001873 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16f66a182d0737180f801c002ac8fda900a19a6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16f66a182d0737180f801c002ac8fda900a19a6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add gawk
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d9c15ff2 by Anton Gladky at 2023-08-06T22:34:53+02:00 LTS: add gawk - - - - - 1da15071 by Anton Gladky at 2023-08-06T22:37:52+02:00 LTS: add libhtmlcleaner-java - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,11 @@ dogecoin firefox-esr (Emilio) NOTE: 20230802: Added by pochu -- +gawk + NOTE: 20230806: Added by Front-Desk (gladk) + NOTE: 20230806: Please, check, whether CVE is applicable for buster + NOTE: 20230806: poc are available in the mailing list (gladk) +-- ghostscript (Adrian Bunk) NOTE: 20230803: Added by Front-Desk (gladk) -- @@ -73,6 +78,11 @@ imagemagick NOTE: 20230622: Added by Front-Desk (Beuc) NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) -- +libhtmlcleaner-java + NOTE: 20230806: Added by Front-Desk (gladk) + NOTE: 20230806: https://github.com/amplafi/htmlcleaner/issues/13#issuecomment-1597626510 + NOTE: 20230806: Please, check the upper link, whether the patch can be got (gladk) +-- libreoffice NOTE: 20230530: Added by Front-Desk (pochu) NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fcf9282efdb89459070b0d18c2db15bc5264d3ef...1da15071a3d33dd9831419435ba35e6a1a49e6f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fcf9282efdb89459070b0d18c2db15bc5264d3ef...1da15071a3d33dd9831419435ba35e6a1a49e6f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fcf9282e by security tracker role at 2023-08-06T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + TODO: check +CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...) + TODO: check +CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...) + TODO: check +CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...) + TODO: check +CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory Management Syste ...) + TODO: check +CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory Management ...) + TODO: check +CVE-2023-4182 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-4181 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) @@ -28083,7 +28099,7 @@ CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affecte CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...) NOT-FOR-US: Starlite CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...) - {DLA-3346-1} + {DSA-5470-1 DLA-3346-1} - python-werkzeug 2.2.2-3 (bug #1031370) NOTE: https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b (2.2.3) NOTE: https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9 (2.2.3) @@ -32817,7 +32833,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...) NOT-FOR-US: Discourse CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...) - {DLA-3346-1} + {DSA-5470-1 DLA-3346-1} - python-werkzeug 2.2.2-3 (bug #1031370) NOTE: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 (2.2.3) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q @@ -216072,6 +216088,7 @@ CVE-2020-22338 CVE-2020-22337 RESERVED CVE-2020-22336 (An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers t ...) + {DLA-3517-1} - pdfcrack 0.19-1 NOTE: https://sourceforge.net/p/pdfcrack/bugs/12/ CVE-2020-22335 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-38686/matrix-sydent
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4c7afd5 by Salvatore Bonaccorso at 2023-08-06T21:37:57+02:00 Add Debian bug reference for CVE-2023-38686/matrix-sydent - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -127,7 +127,7 @@ CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the computer CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, ...) TODO: check CVE-2023-38686 (Sydent is an identity server for the Matrix communications protocol. P ...) - - matrix-sydent + - matrix-sydent (bug #1043162) NOTE: https://github.com/matrix-org/sydent/pull/574 NOTE: https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 (v2.5.6) NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c7afd5479c51575b430513a397bc4f70bf07eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c7afd5479c51575b430513a397bc4f70bf07eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-3978/golang-golang-x-net
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cdf25024 by Salvatore Bonaccorso at 2023-08-06T21:37:08+02:00 Add Debian bug reference for CVE-2023-3978/golang-golang-x-net - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -480,7 +480,7 @@ CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 all CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for WordPress is v ...) NOT-FOR-US: Bus Ticket Booking with Seat Reservation plugin for WordPress CVE-2023-3978 (Text nodes not in the HTML namespace are incorrectly literally rendere ...) - - golang-golang-x-net + - golang-golang-x-net (bug #1043163) - golang-golang-x-net-dev NOTE: https://go.dev/cl/514896 NOTE: https://go.dev/issue/61615 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf2502403523ccf389353816ce0b936b907593e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf2502403523ccf389353816ce0b936b907593e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-2940{7,8}/golang-golang-x-image
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce98abaf by Salvatore Bonaccorso at 2023-08-06T21:31:19+02:00 Add Debian bug reference for CVE-2023-2940{7,8}/golang-golang-x-image - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15846,12 +15846,12 @@ CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a clien [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI CVE-2023-29408 (The TIFF decoder does not place a limit on the size of compressed tile ...) - - golang-golang-x-image + - golang-golang-x-image (bug #1043159) NOTE: https://go.dev/issue/61582 NOTE: https://go.dev/cl/514897 NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) CVE-2023-29407 (A maliciously-crafted image can cause excessive CPU consumption in dec ...) - - golang-golang-x-image + - golang-golang-x-image (bug #1043159) NOTE: https://go.dev/issue/61581 NOTE: https://go.dev/cl/514897 NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce98abaf0b31e45ff45e1a3707a1ccb9d10f4b3e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce98abaf0b31e45ff45e1a3707a1ccb9d10f4b3e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for tmate-ssh-server issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a28b3f92 by Salvatore Bonaccorso at 2023-08-06T21:21:58+02:00 Track fixed version via unstable for tmate-ssh-server issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -124335,13 +124335,13 @@ CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authenticatio CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...) NOT-FOR-US: ManageEngine CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...) - - tmate-ssh-server (bug #1001225) + - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) [bullseye] - tmate-ssh-server (Minor issue) NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...) - - tmate-ssh-server (bug #1001225) + - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) [bullseye] - tmate-ssh-server (Minor issue) NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28b3f926060a3aa0cf9b3c3637a6195717f5082 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28b3f926060a3aa0cf9b3c3637a6195717f5082 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for python-werkzeug update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a3b35de by Salvatore Bonaccorso at 2023-08-06T14:34:00+02:00 Reserve DSA number for python-werkzeug update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Aug 2023] DSA-5470-1 python-werkzeug - security update + {CVE-2023-23934 CVE-2023-25577} + [bullseye] - python-werkzeug 1.0.1+dfsg1-2+deb11u1 [05 Aug 2023] DSA-5469-1 thunderbird - security update {CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056} [bullseye] - thunderbird 1:102.14.0-1~deb11u1 = data/dsa-needed.txt = @@ -59,8 +59,6 @@ python-glance-store/oldstable -- python-os-brick/oldstable -- -python-werkzeug/oldstable (carnil) --- ring might make sense to rebase to current version -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3b35de372c5554edb6d92db0ca0590d268f04f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3b35de372c5554edb6d92db0ca0590d268f04f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5227678 by Salvatore Bonaccorso at 2023-08-06T14:06:07+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) - TODO: check + NOT-FOR-US: admidio CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) - TODO: check + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4179 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4177 (A vulnerability was found in EmpowerID up to 7.205.0.0. It has been ra ...) - TODO: check + NOT-FOR-US: EmpowerID CVE-2023-4176 (A vulnerability was found in SourceCodester Hospital Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Hospital Management System CVE-2023-4175 (A vulnerability was found in mooSocial mooTravel 3.1.8 and classified ...) - TODO: check + NOT-FOR-US: mooSocial mooTravel CVE-2023-4174 (A vulnerability has been found in mooSocial mooStore 3.1.6 and classif ...) - TODO: check + NOT-FOR-US: mooSocial mooStore CVE-2023-4173 (A vulnerability, which was classified as problematic, was found in moo ...) - TODO: check + NOT-FOR-US: mooSocial mooStore CVE-2023-4172 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System CVE-2023-4171 (A vulnerability classified as problematic was found in Chengdu Flash F ...) - TODO: check + NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System CVE-2023-37874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Dimit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37873 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37581 (Insufficient input validation and sanitation in Weblog Category name, ...) - TODO: check + NOT-FOR-US: Apache Roller CVE-2023-36689 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36686 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36678 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34377 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jose ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insubmodule ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) TODO: check CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b52276784a7e46af27ed8041e8e121755acb278f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b52276784a7e46af27ed8041e8e121755acb278f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3517-1 for pdfcrack
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 0db57fd3 by Adrian Bunk at 2023-08-06T14:42:04+03:00 Reserve DLA-3517-1 for pdfcrack - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Aug 2023] DLA-3517-1 pdfcrack - security update + {CVE-2020-22336} + [buster] - pdfcrack 0.16-3+deb10u1 [05 Aug 2023] DLA-3516-1 burp - security update {CVE-2017-16516 CVE-2022-24795} [buster] - burp 2.1.32-2+deb10u1 = data/dla-needed.txt = @@ -121,9 +121,6 @@ openjdk-11 (Emilio) openssl (gladk) NOTE: 20230731: Added by Front-Desk (apo) -- -pdfcrack (Adrian Bunk) - NOTE: 20230731: Added by Front-Desk (apo) --- poppler (Adrian Bunk) NOTE: 20230804: Added by Front-Desk (gladk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0db57fd36c75ff163199d16b6387ca302ca5f16e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0db57fd36c75ff163199d16b6387ca302ca5f16e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2eea82c4 by security tracker role at 2023-08-06T08:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) + TODO: check +CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) + TODO: check +CVE-2023-4179 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-4177 (A vulnerability was found in EmpowerID up to 7.205.0.0. It has been ra ...) + TODO: check +CVE-2023-4176 (A vulnerability was found in SourceCodester Hospital Management System ...) + TODO: check +CVE-2023-4175 (A vulnerability was found in mooSocial mooTravel 3.1.8 and classified ...) + TODO: check +CVE-2023-4174 (A vulnerability has been found in mooSocial mooStore 3.1.6 and classif ...) + TODO: check +CVE-2023-4173 (A vulnerability, which was classified as problematic, was found in moo ...) + TODO: check +CVE-2023-4172 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-4171 (A vulnerability classified as problematic was found in Chengdu Flash F ...) + TODO: check +CVE-2023-37874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Dimit ...) + TODO: check +CVE-2023-37873 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + TODO: check +CVE-2023-37581 (Insufficient input validation and sanitation in Weblog Category name, ...) + TODO: check +CVE-2023-36689 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) + TODO: check +CVE-2023-36686 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlow ...) + TODO: check +CVE-2023-36678 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-b ...) + TODO: check +CVE-2023-34377 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jose ...) + TODO: check +CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insubmodule ...) + TODO: check +CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) TODO: check CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...) @@ -612,7 +650,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ...) - {DSA-5464-1} + {DSA-5469-1 DSA-5464-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 @@ -622,7 +660,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...) - {DSA-5464-1} + {DSA-5469-1 DSA-5464-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 @@ -654,7 +692,7 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi - firefox 116.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...) - {DSA-5464-1} + {DSA-5469-1 DSA-5464-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 @@ -664,7 +702,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...) - {DSA-5464-1} + {DSA-5469-1 DSA-5464-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 @@ -674,7 +712,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049 NOTE: