[Git][security-tracker-team/security-tracker][master] Reserve DLA-3619-1 for batik
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
797dbe3a by Bastien Roucariès at 2023-10-14T21:53:16+00:00
Reserve DLA-3619-1 for batik
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -61008,14 +61008,12 @@ CVE-2022-44730 (Server-Side Request Forgery (SSRF)
vulnerability in Apache Softw
- batik 1.17+dfsg-1
[bookworm] - batik 1.16+dfsg-1+deb12u1
[bullseye] - batik 1.12-4+deb11u2
- [buster] - batik (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/3
NOTE: https://issues.apache.org/jira/browse/BATIK-1347
CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache
Software Fo ...)
- batik 1.17+dfsg-1
[bookworm] - batik 1.16+dfsg-1+deb12u1
[bullseye] - batik 1.12-4+deb11u2
- [buster] - batik (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/2
NOTE: https://issues.apache.org/jira/browse/BATIK-1349
CVE-2022-44728
@@ -76346,7 +76344,6 @@ CVE-2022-40147 (A vulnerability has been identified in
Industrial Edge Managemen
CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
[bullseye] - batik (Minor issue)
- [buster] - batik (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3
NOTE: https://issues.apache.org/jira/browse/BATIK-1335
NOTE: http://svn.apache.org/viewvc?view=revision=1903910
@@ -80421,7 +80418,6 @@ CVE-2022-38649 (Improper Neutralization of Special
Elements used in an OS Comman
CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
[bullseye] - batik (Minor issue)
- [buster] - batik (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4
NOTE: https://issues.apache.org/jira/browse/BATIK-1333
NOTE: http://svn.apache.org/viewvc?view=revision=1903625
@@ -81165,7 +81161,6 @@ CVE-2020-36592
CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
[bullseye] - batik (Minor issue)
- [buster] - batik (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2
NOTE: https://issues.apache.org/jira/browse/BATIK-1331
NOTE: http://svn.apache.org/viewvc?view=revision=1903462
@@ -252113,7 +252108,6 @@ CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and
earlier is vulnerable to serv
CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request
forgery, caused ...)
- batik 1.14-1 (bug #984829)
[bullseye] - batik (Minor issue)
- [buster] - batik (Minor issue)
[stretch] - batik (Minor issue)
NOTE:
https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f2d1110877ea9e0287987098f6
CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need
to be ex ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[14 Oct 2023] DLA-3619-1 batik - security update
+ {CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146
CVE-2022-44729 CVE-2022-44730}
+ [buster] - batik 1.10-2+deb10u3
[14 Oct 2023] DLA-3618-1 node-babel - security update
{CVE-2023-45133}
[buster] - node-babel 6.26.0+dfsg-3+deb10u1
=
data/dla-needed.txt
=
@@ -35,10 +35,6 @@ axis (Markus Koschany)
NOTE: 20231009: Any update will first have to go into bullseye/bookworm/sid
NOTE: 20231009: to avoid buster having higher version than bullseye. (bunk)
--
-batik (rouca)
- NOTE: 20231007: Added by Front-Desk (Beuc)
- NOTE: 20231007: Follow fixes from bullseye 11.8 (2 CVEs) (Beuc/front-desk)
---
bind9 (Thorsten Alteholz)
NOTE: 20230921: Added by Front-Desk (apo)
NOTE: 20231008: backporting patches
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797dbe3a8bc35f439085897c276f3a0f6e0b4f96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797dbe3a8bc35f439085897c276f3a0f6e0b4f96
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 41dd6c86 by Moritz Muehlenhoff at 2023-10-14T23:12:49+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: zzzcms CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) - TODO: check + NOT-FOR-US: yhz66 Sandbox CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) - TODO: check + NOT-FOR-US: i-Educar CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41914 - slurm-wlm 23.02.6-1 - slurm-wlm-contrib 23.02.6-1 @@ -22,7 +22,7 @@ CVE-2023-41914 CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) NOT-FOR-US: qdPM CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) @@ -21805,7 +21805,7 @@ CVE-2023-30996 CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) NOT-FOR-US: IBM CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) NOT-FOR-US: IBM CVE-2023-30992 @@ -31799,7 +31799,7 @@ CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) NOT-FOR-US: OpenShift CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) - jenkins CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) @@ -66097,7 +66097,7 @@ CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) NOT-FOR-US: IBM CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) NOT-FOR-US: IBM CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) @@ -66417,7 +66417,7 @@ CVE-2022-43742 CVE-2022-43741 RESERVED CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43739 RESERVED CVE-2022-43738 @@ -95517,7 +95517,7 @@ CVE-2022-33167 CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) NOT-FOR-US: IBM CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) @@ -95525,7 +95525,7 @@ CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for CVE-2022-33162 RESERVED CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...) @@ -96539,7 +96539,7 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71803f1d by security tracker role at 2023-10-14T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) + TODO: check +CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) + TODO: check +CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) + TODO: check +CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) + TODO: check +CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check CVE-2023-41914 - slurm-wlm 23.02.6-1 - slurm-wlm-contrib 23.02.6-1 @@ -118,13 +134,13 @@ CVE-2023-32973 (A buffer copy without checking size of input vulnerability has b NOT-FOR-US: QNAP CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP -CVE-2023-42663 +CVE-2023-42663 (Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...) - airflow (bug #819700) -CVE-2023-42792 +CVE-2023-42792 (Apache Airflow, in versions prior to 2.7.2, contains a security vulner ...) - airflow (bug #819700) -CVE-2023-45348 +CVE-2023-45348 (Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerabili ...) - airflow (bug #819700) -CVE-2023-42780 +CVE-2023-42780 (Apache Airflow, versions prior to 2.7.2, contains a security vulnerabi ...) - airflow (bug #819700) CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) - froxlor (bug #581792) @@ -21788,8 +21804,8 @@ CVE-2023-30996 RESERVED CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) NOT-FOR-US: IBM -CVE-2023-30994 - RESERVED +CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) + TODO: check CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) NOT-FOR-US: IBM CVE-2023-30992 @@ -31782,8 +31798,8 @@ CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and NOT-FOR-US: WI-SUN CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) NOT-FOR-US: OpenShift -CVE-2023-1259 - RESERVED +CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) - jenkins CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) @@ -66080,8 +66096,8 @@ CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 NOT-FOR-US: IBM CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) NOT-FOR-US: IBM -CVE-2022-43868 - RESERVED +CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) + TODO: check CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) NOT-FOR-US: IBM CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) @@ -66400,8 +66416,8 @@ CVE-2022-43742 RESERVED CVE-2022-43741 RESERVED -CVE-2022-43740 - RESERVED +CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) + TODO: check CVE-2022-43739 RESERVED CVE-2022-43738 @@ -95500,16 +95516,16 @@ CVE-2022-33167 RESERVED CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) NOT-FOR-US: IBM -CVE-2022-33165 - RESERVED +CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) + TODO: check CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) NOT-FOR-US: IBM CVE-2022-33162 RESERVED -CVE-2022-33161 - RESERVED +CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) + TODO: check CVE-2022-33160
[Git][security-tracker-team/security-tracker][master] LTS: take freeimage
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 7eaec764 by Anton Gladky at 2023-10-14T21:13:52+02:00 LTS: take freeimage - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,7 +79,7 @@ flatpak NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk) -- -freeimage +freeimage (gladk) NOTE: 20230826: Added by Front-Desk (utkarsh) NOTE: 20230826: Anton Gladky is the maintainer. Please sync with him about the NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eaec764449d7cded838abbe46955ae73dff8dc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eaec764449d7cded838abbe46955ae73dff8dc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark progress on imagemagick/buster
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b109fc6 by Bastien Roucariès at 2023-10-14T15:28:07+00:00 Mark progress on imagemagick/buster - - - - - 3e47fda8 by Bastien Roucariès at 2023-10-14T15:29:34+00:00 Take cepth - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,7 +50,7 @@ cairosvg NOTE: 20230323: Added by Front-Desk (gladk) NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert/inactive) -- -ceph +ceph (rouca) NOTE: 20231013: Added by Front-Desk (ta) -- cinder @@ -104,6 +104,7 @@ i2p imagemagick NOTE: 20230622: Added by Front-Desk (Beuc) NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) + NOTE: 20231014: Some work under git branch debian/buster but unease -- jetty9 NOTE: 20231011: Added by Front-Desk (ta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072...3e47fda8b61209ef209a22281c7f67f23d6066b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072...3e47fda8b61209ef209a22281c7f67f23d6066b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f0fb8e8f by Moritz Muehlenhoff at 2023-10-14T16:20:41+02:00 xen fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1081,23 +1081,23 @@ CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling] - linux NOTE: https://xenbits.xen.org/xsa/advisory-441.html CVE-2023-34328 [A PV vCPU can place a breakpoint over the live GDT] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34327 [An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34325 [Multiple vulnerabilities in libfsimage disk handling] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-443.html CVE-2023-34326 [x86/AMD: missing IOMMU TLB flushing] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-442.html CVE-2023-34323 [xenstored: A transaction conflict can crash C Xenstored] - - xen (unimportant) + - xen 4.17.2+55-g0b56bed864-1 (unimportant) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-440.html NOTE: Debian uses the ocaml-based xenstored @@ -5948,13 +5948,13 @@ CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1 NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests] - - xen + - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen (Minor issue, fix along in future DSA or point release) [bullseye] - xen (Minor issue, fix along in future DSA or point release) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-438.html CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated] - - xen (bug #1051954) + - xen 4.17.2+55-g0b56bed864-1 (bug #1051954) [bookworm] - xen (Minor issue, fix along in future DSA) [bullseye] - xen (Minor issue, fix along in future DSA) [buster] - xen (DSA 4677-1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new slurm issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d9a31bf9 by Moritz Muehlenhoff at 2023-10-14T16:18:02+02:00 new slurm issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2023-41914 + - slurm-wlm 23.02.6-1 + - slurm-wlm-contrib 23.02.6-1 + [bookworm] - slurm-wlm-contrib (Contrib not supported) + NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31bf919656a64d07a2edd40dfbddc5a779503 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31bf919656a64d07a2edd40dfbddc5a779503 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 413fc10a by Moritz Muehlenhoff at 2023-10-14T12:53:18+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) TODO: check CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) - TODO: check + NOT-FOR-US: qdPM CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) - TODO: check + NOT-FOR-US: qdPM CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) TODO: check CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) - TODO: check + NOT-FOR-US: VitogateqdPM CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) - TODO: check + NOT-FOR-US: Farmbot-Web-App CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...) - TODO: check + NOT-FOR-US: ZPE CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: Vrite CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...) @@ -24425,7 +24425,7 @@ CVE-2023-30156 CVE-2023-30155 RESERVED CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) NOT-FOR-US: PrestaShop module CVE-2023-30152 @@ -24437,7 +24437,7 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Inj CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) NOT-FOR-US: PrestaShop module CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30147 RESERVED CVE-2023-30146 (Assmann Digitus Plug IP Camera HT-IP211HDP, version 2.000.022 all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413fc10abe25c52b24bbb6c7921c7c6f22044e46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413fc10abe25c52b24bbb6c7921c7c6f22044e46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5837e687 by Moritz Muehlenhoff at 2023-10-14T12:50:39+02:00 new zabbix issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26175,7 +26175,8 @@ CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...) - TODO: check + - zabbix + NOTE: https://support.zabbix.com/browse/ZBX-23388 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...) - zabbix [bookworm] - zabbix (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5837e68755cd2633c36f1a996875ca0af3002f37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5837e68755cd2633c36f1a996875ca0af3002f37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b34c3279 by security tracker role at 2023-10-14T08:11:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE
802.15.4 nR ...)
+ TODO: check
+CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c
can ca ...)
+ TODO: check
+CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add
Attachments fea ...)
+ TODO: check
+CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and
directories by n ...)
+ TODO: check
+CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and
resultant heap ...)
+ TODO: check
+CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an
unauthenticat ...)
+ TODO: check
+CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot
farm automa ...)
+ TODO: check
+CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru
v.5.8.13 and v. ...)
+ TODO: check
+CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
NOT-FOR-US: Vrite
CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository
vriteio/vrite ...)
@@ -173,6 +191,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of
third-party packages
CVE-2023-45138 (Change Request is an pplication allowing users to request
changes on a ...)
NOT-FOR-US: XWiki addon
CVE-2023-45133 (Babel is a compiler for writingJavaScript. In
`@babel/traverse` prior ...)
+ {DLA-3618-1}
- node-babel
- node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880)
NOTE: github.com:
https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
@@ -959,7 +978,7 @@ CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow
Scheduler Elevation of Pri
NOT-FOR-US: Microsoft
CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36417 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
@@ -24405,8 +24424,8 @@ CVE-2023-30156
RESERVED
CVE-2023-30155
RESERVED
-CVE-2023-30154
- RESERVED
+CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module
AfterMail ...)
+ TODO: check
CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module
for Pre ...)
NOT-FOR-US: PrestaShop module
CVE-2023-30152
@@ -24417,8 +24436,8 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0
are vulnerable to SQL Inj
NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete
(cityautocomplete ...)
NOT-FOR-US: PrestaShop module
-CVE-2023-30148
- RESERVED
+CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in
Opart op ...)
+ TODO: check
CVE-2023-30147
RESERVED
CVE-2023-30146 (Assmann Digitus Plug IP Camera HT-IP211HDP, version
2.000.022 all ...)
@@ -36583,8 +36602,8 @@ CVE-2023-26157
RESERVED
CVE-2023-26156
RESERVED
-CVE-2023-26155
- RESERVED
+CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to
Command Inject ...)
+ TODO: check
CVE-2023-26154
RESERVED
CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are
vulnerable to Co ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
