Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
540519a2 by security tracker role at 2023-05-01T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-25085 (A vulnerability classified as problematic was found in
Responsive Menu ...)
+ TODO: check
+CVE-2015-10105 (A vulnerability, which was classified as critical, was found
in IP Bla ...)
+ TODO: check
+CVE-2015-10104 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
CVE-2023-2430 [io_uring/msg_ring: fix missing lock on overflow for IOPOLL]
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -6846,7 +6852,7 @@ CVE-2023-28929
CVE-2023-28928
RESERVED
CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP
packet wi ...)
- {DSA-5387-1}
+ {DSA-5387-1 DLA-3410-1}
- openvswitch 3.1.0-2 (bug #1034042)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1
NOTE:
https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9
(v3.1.1)
@@ -7453,6 +7459,7 @@ CVE-2023-28758 (An issue was discovered in Veritas
NetBackup before 8.3.0.2. BPC
CVE-2023-28757
RESERVED
CVE-2023-28756 (A ReDoS issue was discovered in the Time component through
0.2.1 in Ru ...)
+ {DLA-3408-1}
- ruby3.1 <unfixed>
- ruby2.7 <removed>
- ruby2.5 <removed>
@@ -7463,6 +7470,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time
component through 0.2.1
NOTE: Fixed by:
https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11
(v0.2.2)
NOTE:
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
CVE-2023-28755 (A ReDoS issue was discovered in the URI component through
0.12.0 in Ru ...)
+ {DLA-3408-1}
- rubygems <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
@@ -7890,6 +7898,7 @@ CVE-2023-28627 (pymedusa is an automatic video library
manager for TV Shows. In
CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and
renderer w ...)
NOT-FOR-US: comrak
CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module
for the ...)
+ {DLA-3409-1}
- libapache2-mod-auth-openidc <unfixed> (bug #1033916)
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
(v2.4.13.2)
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
@@ -146463,12 +146472,14 @@ CVE-2021-32794 (ArchiSteamFarm is a C# application
with primary purpose of idlin
CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage
a Pi-hol ...)
NOT-FOR-US: Pi-hole
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ {DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
(v2.4.9)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
(v2.4.9)
CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ {DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
@@ -146482,11 +146493,13 @@ CVE-2021-32788 (Discourse is an open source
discussion platform. In versions pri
CVE-2021-32787 (Sourcegraph is a code search and navigation engine.
Sourcegraph before ...)
NOT-FOR-US: Sourcegraph
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ {DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544
(v2.4.9)
CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ {DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
@@ -148335,7 +148348,7 @@ CVE-2021-32068 (The AWV and MiCollab Client Service
components in Mitel MiCollab
CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before
9.3 cou ...)
NOT-FOR-US: Mitel
CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through
2.7.3, an ...)
- {DSA-5066-1 DLA-2780-1}
+ {DSA-5066-1 DLA-3408-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -149267,7 +149280,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted
PDF file can trigger an Ou
NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
NOTE:
https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through
2.7.3, an ...)
- {DSA-5066-1 DLA-2780-1}
+ {DSA-5066-1 DLA-3408-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -197098,7 +197111,7 @@ CVE-2014-10402 (An issue was discovered in the DBI
module through 1.643 for Perl
NOTE: Test case:
https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94
(master)
CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through
2.6.6, an ...)
- {DLA-2392-1 DLA-2391-1}
+ {DLA-3408-1 DLA-2392-1 DLA-2391-1}
- ruby2.7 2.7.1-4
- ruby2.5 <removed>
[buster] - ruby2.5 2.5.5-3+deb10u3
@@ -237547,7 +237560,7 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds
(OOB) read vulnerability in mo
NOTE: Debian does not build mod_cap and does not use the embedded
libcap.
NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An
open red ...)
- {DLA-2298-1 DLA-2130-1}
+ {DLA-3409-1 DLA-2298-1 DLA-2130-1}
- libapache2-mod-auth-openidc 2.4.1-1
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -270148,7 +270161,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for
WordPress has SQL injection via
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying
non-public ...)
NOT-FOR-US: WordPress plugin
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -270156,7 +270169,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -270347,7 +270360,7 @@ CVE-2019-16203 (Brocade Fabric OS Versions before
v8.2.2a and v8.2.1d could expo
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain
situations. ...)
NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x
through 2.5 ...)
- {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -363211,7 +363224,7 @@ CVE-2017-17744 (A cross-site scripting (XSS)
vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted
administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x befo ...)
- {DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-3408-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1
DLA-1358-1}
- jruby 9.3.9.0+ds-1 (bug #972230)
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540519a2734ba13010dd8fb76654f2403f3dc131
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/540519a2734ba13010dd8fb76654f2403f3dc131
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
