Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: c2276290 by Sylvain Beucler at 2024-08-13T11:09:00+02:00 CVE-2022-27240,CVE-2023-49208/glewlwyd: reference introductory commit - - - - - de678a4c by Sylvain Beucler at 2024-08-13T11:09:00+02:00 dla: more packages to sync with bookworm pu; drop roundcube - - - - - 2 changed files: - data/CVE/list - data/dla-needed.prospective Changes: ===================================== data/CVE/list ===================================== @@ -69533,8 +69533,9 @@ CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a poss - glewlwyd 2.7.6+ds-1 [bookworm] - glewlwyd 2.7.5-3+deb12u1 [bullseye] - glewlwyd <no-dsa> (Minor issue) - [buster] - glewlwyd <not-affected> (Vulnerable code not present) + [buster] - glewlwyd <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812 (v2.7.6) + NOTE: Introduced by: https://github.com/babelouest/glewlwyd/commit/13265133e8287f246f2feecb24449179d20c9f0e (v2.0.0b1) CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) NOT-FOR-US: Pandora FMS CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -190252,8 +190253,9 @@ CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plu CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...) - glewlwyd 2.6.1-2 [bullseye] - glewlwyd <no-dsa> (Minor issue) - [buster] - glewlwyd <no-dsa> (Minor issue) + [buster] - glewlwyd <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2) + NOTE: Introduced by: https://github.com/babelouest/glewlwyd/commit/e5007f6e102f1260a9562654c4e88f1c6de12c02 (v2.0.0-b1) CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an informatio ...) {DSA-5157-1 DLA-3009-1} - cifs-utils 2:6.14-1.1 (bug #1010818) ===================================== data/dla-needed.prospective ===================================== @@ -32,6 +32,10 @@ NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see: NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian....@packages.debian.org;tag=pu +-- +amanda + NOTE: 20240815: Added by Front-Desk (Beuc) + NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 12.4 (CVE-2023-30577) (Beuc/front-desk) -- bind9 NOTE: 20240729: Added by oldstable Security Team (carnil) @@ -107,6 +111,11 @@ glance (Thomas Goirand) NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk) NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk) -- +glewlwyd + NOTE: 20240815: Added by Front-Desk (Beuc) + NOTE: 20240815: Follow fixes from bookworm 12.6 (2 CVEs) + NOTE: 20240815: Consider fixing postponed CVEs (Beuc/front-desk) +-- gpac NOTE: 20240815: Added by Front-Desk (Beuc) NOTE: 20240815: Considered for EOL @@ -122,6 +131,11 @@ indent NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142 NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk) -- +libxml2 + NOTE: 20240815: Added by Front-Desk (Beuc) + NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2022-2309) (low-priority) + NOTE: 20240815: Consider fixing CVE-2016-3709 (Beuc/front-desk) +-- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- @@ -187,10 +201,6 @@ ring NOTE: 20230301: might make sense to rebase to current version (jmm) NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk) -- -roundcube - NOTE: 20240805: Added by oldstable Security Team (jmm) - NOTE: 20240815: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk) --- ruby-httparty NOTE: 20240815: Added by Front-Desk (Beuc) NOTE: 20240815: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eac65a69e3740fdd6a76d0378edaaa26a3bb0993...de678a4c0e66f4669c1851dc629346e412acf9f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eac65a69e3740fdd6a76d0378edaaa26a3bb0993...de678a4c0e66f4669c1851dc629346e412acf9f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits