[Git][security-tracker-team/security-tracker][master] Reserve DLA-3619-1 for batik
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 797dbe3a by Bastien Roucariès at 2023-10-14T21:53:16+00:00 Reserve DLA-3619-1 for batik - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -61008,14 +61008,12 @@ CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache Softw - batik 1.17+dfsg-1 [bookworm] - batik 1.16+dfsg-1+deb12u1 [bullseye] - batik 1.12-4+deb11u2 - [buster] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1347 CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) - batik 1.17+dfsg-1 [bookworm] - batik 1.16+dfsg-1+deb12u1 [bullseye] - batik 1.12-4+deb11u2 - [buster] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1349 CVE-2022-44728 @@ -76346,7 +76344,6 @@ CVE-2022-40147 (A vulnerability has been identified in Industrial Edge Managemen CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) - [buster] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1335 NOTE: http://svn.apache.org/viewvc?view=revision=1903910 @@ -80421,7 +80418,6 @@ CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS Comman CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) - [buster] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4 NOTE: https://issues.apache.org/jira/browse/BATIK-1333 NOTE: http://svn.apache.org/viewvc?view=revision=1903625 @@ -81165,7 +81161,6 @@ CVE-2020-36592 CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) - [buster] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1331 NOTE: http://svn.apache.org/viewvc?view=revision=1903462 @@ -252113,7 +252108,6 @@ CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to serv CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...) - batik 1.14-1 (bug #984829) [bullseye] - batik (Minor issue) - [buster] - batik (Minor issue) [stretch] - batik (Minor issue) NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f2d1110877ea9e0287987098f6 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[14 Oct 2023] DLA-3619-1 batik - security update + {CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 CVE-2022-44729 CVE-2022-44730} + [buster] - batik 1.10-2+deb10u3 [14 Oct 2023] DLA-3618-1 node-babel - security update {CVE-2023-45133} [buster] - node-babel 6.26.0+dfsg-3+deb10u1 = data/dla-needed.txt = @@ -35,10 +35,6 @@ axis (Markus Koschany) NOTE: 20231009: Any update will first have to go into bullseye/bookworm/sid NOTE: 20231009: to avoid buster having higher version than bullseye. (bunk) -- -batik (rouca) - NOTE: 20231007: Added by Front-Desk (Beuc) - NOTE: 20231007: Follow fixes from bullseye 11.8 (2 CVEs) (Beuc/front-desk) --- bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797dbe3a8bc35f439085897c276f3a0f6e0b4f96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797dbe3a8bc35f439085897c276f3a0f6e0b4f96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 41dd6c86 by Moritz Muehlenhoff at 2023-10-14T23:12:49+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: zzzcms CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) - TODO: check + NOT-FOR-US: yhz66 Sandbox CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) - TODO: check + NOT-FOR-US: i-Educar CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41914 - slurm-wlm 23.02.6-1 - slurm-wlm-contrib 23.02.6-1 @@ -22,7 +22,7 @@ CVE-2023-41914 CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) NOT-FOR-US: qdPM CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) @@ -21805,7 +21805,7 @@ CVE-2023-30996 CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) NOT-FOR-US: IBM CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) NOT-FOR-US: IBM CVE-2023-30992 @@ -31799,7 +31799,7 @@ CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) NOT-FOR-US: OpenShift CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) - jenkins CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) @@ -66097,7 +66097,7 @@ CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) NOT-FOR-US: IBM CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) NOT-FOR-US: IBM CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) @@ -66417,7 +66417,7 @@ CVE-2022-43742 CVE-2022-43741 RESERVED CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43739 RESERVED CVE-2022-43738 @@ -95517,7 +95517,7 @@ CVE-2022-33167 CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) NOT-FOR-US: IBM CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) @@ -95525,7 +95525,7 @@ CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for CVE-2022-33162 RESERVED CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...) @@ -96539,7 +96539,7 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71803f1d by security tracker role at 2023-10-14T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) + TODO: check +CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) + TODO: check +CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) + TODO: check +CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) + TODO: check +CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check CVE-2023-41914 - slurm-wlm 23.02.6-1 - slurm-wlm-contrib 23.02.6-1 @@ -118,13 +134,13 @@ CVE-2023-32973 (A buffer copy without checking size of input vulnerability has b NOT-FOR-US: QNAP CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP -CVE-2023-42663 +CVE-2023-42663 (Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...) - airflow (bug #819700) -CVE-2023-42792 +CVE-2023-42792 (Apache Airflow, in versions prior to 2.7.2, contains a security vulner ...) - airflow (bug #819700) -CVE-2023-45348 +CVE-2023-45348 (Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerabili ...) - airflow (bug #819700) -CVE-2023-42780 +CVE-2023-42780 (Apache Airflow, versions prior to 2.7.2, contains a security vulnerabi ...) - airflow (bug #819700) CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) - froxlor (bug #581792) @@ -21788,8 +21804,8 @@ CVE-2023-30996 RESERVED CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) NOT-FOR-US: IBM -CVE-2023-30994 - RESERVED +CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) + TODO: check CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) NOT-FOR-US: IBM CVE-2023-30992 @@ -31782,8 +31798,8 @@ CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and NOT-FOR-US: WI-SUN CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) NOT-FOR-US: OpenShift -CVE-2023-1259 - RESERVED +CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) - jenkins CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) @@ -66080,8 +66096,8 @@ CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 NOT-FOR-US: IBM CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) NOT-FOR-US: IBM -CVE-2022-43868 - RESERVED +CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) + TODO: check CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) NOT-FOR-US: IBM CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) @@ -66400,8 +66416,8 @@ CVE-2022-43742 RESERVED CVE-2022-43741 RESERVED -CVE-2022-43740 - RESERVED +CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) + TODO: check CVE-2022-43739 RESERVED CVE-2022-43738 @@ -95500,16 +95516,16 @@ CVE-2022-33167 RESERVED CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) NOT-FOR-US: IBM -CVE-2022-33165 - RESERVED +CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) + TODO: check CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) NOT-FOR-US: IBM CVE-2022-33162 RESERVED -CVE-2022-33161 - RESERVED +CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) + TODO: check CVE-2022-33160
[Git][security-tracker-team/security-tracker][master] LTS: take freeimage
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 7eaec764 by Anton Gladky at 2023-10-14T21:13:52+02:00 LTS: take freeimage - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,7 +79,7 @@ flatpak NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk) -- -freeimage +freeimage (gladk) NOTE: 20230826: Added by Front-Desk (utkarsh) NOTE: 20230826: Anton Gladky is the maintainer. Please sync with him about the NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eaec764449d7cded838abbe46955ae73dff8dc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eaec764449d7cded838abbe46955ae73dff8dc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark progress on imagemagick/buster
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b109fc6 by Bastien Roucariès at 2023-10-14T15:28:07+00:00 Mark progress on imagemagick/buster - - - - - 3e47fda8 by Bastien Roucariès at 2023-10-14T15:29:34+00:00 Take cepth - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,7 +50,7 @@ cairosvg NOTE: 20230323: Added by Front-Desk (gladk) NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert/inactive) -- -ceph +ceph (rouca) NOTE: 20231013: Added by Front-Desk (ta) -- cinder @@ -104,6 +104,7 @@ i2p imagemagick NOTE: 20230622: Added by Front-Desk (Beuc) NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) + NOTE: 20231014: Some work under git branch debian/buster but unease -- jetty9 NOTE: 20231011: Added by Front-Desk (ta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072...3e47fda8b61209ef209a22281c7f67f23d6066b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072...3e47fda8b61209ef209a22281c7f67f23d6066b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f0fb8e8f by Moritz Muehlenhoff at 2023-10-14T16:20:41+02:00 xen fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1081,23 +1081,23 @@ CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling] - linux NOTE: https://xenbits.xen.org/xsa/advisory-441.html CVE-2023-34328 [A PV vCPU can place a breakpoint over the live GDT] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34327 [An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34325 [Multiple vulnerabilities in libfsimage disk handling] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-443.html CVE-2023-34326 [x86/AMD: missing IOMMU TLB flushing] - - xen + - xen 4.17.2+55-g0b56bed864-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-442.html CVE-2023-34323 [xenstored: A transaction conflict can crash C Xenstored] - - xen (unimportant) + - xen 4.17.2+55-g0b56bed864-1 (unimportant) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-440.html NOTE: Debian uses the ocaml-based xenstored @@ -5948,13 +5948,13 @@ CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1 NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests] - - xen + - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen (Minor issue, fix along in future DSA or point release) [bullseye] - xen (Minor issue, fix along in future DSA or point release) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-438.html CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated] - - xen (bug #1051954) + - xen 4.17.2+55-g0b56bed864-1 (bug #1051954) [bookworm] - xen (Minor issue, fix along in future DSA) [bullseye] - xen (Minor issue, fix along in future DSA) [buster] - xen (DSA 4677-1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb8e8fdb27dd14252d9e7aabdadb41e1ace072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new slurm issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d9a31bf9 by Moritz Muehlenhoff at 2023-10-14T16:18:02+02:00 new slurm issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2023-41914 + - slurm-wlm 23.02.6-1 + - slurm-wlm-contrib 23.02.6-1 + [bookworm] - slurm-wlm-contrib (Contrib not supported) + NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31bf919656a64d07a2edd40dfbddc5a779503 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31bf919656a64d07a2edd40dfbddc5a779503 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 413fc10a by Moritz Muehlenhoff at 2023-10-14T12:53:18+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) TODO: check CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) - TODO: check + NOT-FOR-US: qdPM CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) - TODO: check + NOT-FOR-US: qdPM CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) TODO: check CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) - TODO: check + NOT-FOR-US: VitogateqdPM CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) - TODO: check + NOT-FOR-US: Farmbot-Web-App CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...) - TODO: check + NOT-FOR-US: ZPE CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: Vrite CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...) @@ -24425,7 +24425,7 @@ CVE-2023-30156 CVE-2023-30155 RESERVED CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) NOT-FOR-US: PrestaShop module CVE-2023-30152 @@ -24437,7 +24437,7 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Inj CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) NOT-FOR-US: PrestaShop module CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30147 RESERVED CVE-2023-30146 (Assmann Digitus Plug IP Camera HT-IP211HDP, version 2.000.022 all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413fc10abe25c52b24bbb6c7921c7c6f22044e46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413fc10abe25c52b24bbb6c7921c7c6f22044e46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5837e687 by Moritz Muehlenhoff at 2023-10-14T12:50:39+02:00 new zabbix issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26175,7 +26175,8 @@ CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...) - TODO: check + - zabbix + NOTE: https://support.zabbix.com/browse/ZBX-23388 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...) - zabbix [bookworm] - zabbix (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5837e68755cd2633c36f1a996875ca0af3002f37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5837e68755cd2633c36f1a996875ca0af3002f37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b34c3279 by security tracker role at 2023-10-14T08:11:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) + TODO: check +CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) + TODO: check +CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) + TODO: check +CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) + TODO: check +CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) + TODO: check +CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) + TODO: check +CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) + TODO: check +CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...) + TODO: check +CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: Vrite CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...) @@ -173,6 +191,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...) NOT-FOR-US: XWiki addon CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...) + {DLA-3618-1} - node-babel - node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880) NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 @@ -959,7 +978,7 @@ CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Pri NOT-FOR-US: Microsoft CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-36417 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability) +CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft @@ -24405,8 +24424,8 @@ CVE-2023-30156 RESERVED CVE-2023-30155 RESERVED -CVE-2023-30154 - RESERVED +CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...) + TODO: check CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) NOT-FOR-US: PrestaShop module CVE-2023-30152 @@ -24417,8 +24436,8 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Inj NOT-FOR-US: PrestaShop leocustomajax CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) NOT-FOR-US: PrestaShop module -CVE-2023-30148 - RESERVED +CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...) + TODO: check CVE-2023-30147 RESERVED CVE-2023-30146 (Assmann Digitus Plug IP Camera HT-IP211HDP, version 2.000.022 all ...) @@ -36583,8 +36602,8 @@ CVE-2023-26157 RESERVED CVE-2023-26156 RESERVED -CVE-2023-26155 - RESERVED +CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...) + TODO: check CVE-2023-26154 RESERVED CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits