[Git][security-tracker-team/security-tracker][master] Track fixed version for rust-self-cell issue via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89b21739 by Salvatore Bonaccorso at 2023-11-14T07:14:27+01:00 Track fixed version for rust-self-cell issue via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54,7 +54,7 @@ CVE-2023- [tor TROVE-2023-004] NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) CVE-2023- [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] - - rust-self-cell (bug #1055895) + - rust-self-cell 1.0.2-1 (bug #1055895) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html NOTE: https://github.com/Voultapher/self_cell/issues/49 CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b2173966c4510b9cc16b6d5b7c2cf146fc1918 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b2173966c4510b9cc16b6d5b7c2cf146fc1918 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark two golang issues as unimportant
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f2ba75b by Moritz Muehlenhoff at 2023-11-13T22:58:01+01:00 mark two golang issues as unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -697,33 +697,27 @@ CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Pr CVE-2023-4 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) NOT-FOR-US: Samsung CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reserved de ...) - - golang-1.21 1.21.4-1 - - golang-1.20 1.20.11-1 - - golang-1.19 - [bookworm] - golang-1.19 (Minor issue) - - golang-1.15 - [bullseye] - golang-1.15 (Minor issue) - - golang-1.11 - [buster] - golang-1.11 (Minor issue) + - golang-1.21 1.21.4-1 (unimportant) + - golang-1.20 1.20.11-1 (unimportant) + - golang-1.19 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY NOTE: https://github.com/golang/go/issues/63713 NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) - TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths + NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...) - - golang-1.21 1.21.4-1 - - golang-1.20 1.20.11-1 - - golang-1.19 - [bookworm] - golang-1.19 (Minor issue) - - golang-1.15 - [bullseye] - golang-1.15 (Minor issue) - - golang-1.11 - [buster] - golang-1.11 (Minor issue) + - golang-1.21 1.21.4-1 (unimportant) + - golang-1.20 1.20.11-1 (unimportant) + - golang-1.19 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY NOTE: https://github.com/golang/go/issues/63713 NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) - TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths + NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac [buster] - gpac (EOL in buster LTS) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f2ba75bab7f8928204dfed82d3dcfb8a6be1f16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f2ba75bab7f8928204dfed82d3dcfb8a6be1f16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for postgresql-13 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 25b6c975 by Salvatore Bonaccorso at 2023-11-13T22:20:17+01:00 Reserve DSA number for postgresql-13 update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[13 Nov 2023] DSA-5554-1 postgresql-13 - security update + {CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417} + [bullseye] - postgresql-13 13.13-0+deb11u1 [13 Nov 2023] DSA-5553-1 postgresql-15 - security update {CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418} [bookworm] - postgresql-15 15.5-0+deb12u1 = data/dsa-needed.txt = @@ -46,9 +46,6 @@ php-horde-turba/oldstable -- phppgdamin -- -postgresql-13/oldstable (carnil) - Maintainer has prepared updates --- py7zr/oldstable -- python3.11/stable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b6c97522036b1e5b54bbe087cb659360929ce0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b6c97522036b1e5b54bbe087cb659360929ce0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for postgresql-15
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7ff9965 by Salvatore Bonaccorso at 2023-11-13T22:03:50+01:00 Reserve DSA number for postgresql-15 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[13 Nov 2023] DSA-5553-1 postgresql-15 - security update + {CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418} + [bookworm] - postgresql-15 15.5-0+deb12u1 [12 Nov 2023] DSA-5552-1 ffmpeg - security update {CVE-2022-4907} [bookworm] - ffmpeg 7:5.1.4-0+deb12u1 = data/dsa-needed.txt = @@ -46,9 +46,6 @@ php-horde-turba/oldstable -- phppgdamin -- -postgresql-15/stable (carnil) - Maintainer has prepared updates --- postgresql-13/oldstable (carnil) Maintainer has prepared updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7ff996564555a5a34761cf687c0236498bdfcb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7ff996564555a5a34761cf687c0236498bdfcb9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add clamav to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fda347f by Markus Koschany at 2023-11-13T21:35:37+01:00 Add clamav to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,10 @@ cinder NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- +clamav + NOTE: 20231113: Added by Front-Desk (apo) + NOTE: 20231113: Please upgrade to 0.103.10 to include the fix for CVE-2023-40477 (libclamunrar). +-- curl NOTE: 20231103: Added by Front-Desk (lamby) NOTE: 20231103: Sync with stable. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fda347fcc8485c94ccb6c9fe4e9fe258949cae9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fda347fcc8485c94ccb6c9fe4e9fe258949cae9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-46894 as unimportant with a reationale from maintainer
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 117a941f by Salvatore Bonaccorso at 2023-11-13T21:29:14+01:00 Mark CVE-2023-46894 as unimportant with a reationale from maintainer - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -333,8 +333,12 @@ CVE-2023-47237 (Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson CVE-2023-47110 (blockreassurance adds an information block aimed at offering helpful i ...) NOT-FOR-US: blockreassurance CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view sensitiv ...) - - esptool (bug #1055773) + - esptool (bug #1055773; unimportant) NOTE: https://github.com/espressif/esptool/issues/926 + NOTE: Old revisions of one of the supported chipsets were using AES ECB for secure + NOTE: boot and flash encryption, but newer ones have switched to newer cryptographic + NOTE: algorithms. esptool keeps support for the older algorithms, in order to keep + NOTE: the ability to work with older revisions of the hardware. CVE-2023-46743 (application-collabora is an integration of Collabora Online in XWiki. ...) NOT-FOR-US: XWiki CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/117a941f3bdcd270056f612ca4b181545210c8f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bec878b by Salvatore Bonaccorso at 2023-11-13T21:19:19+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,37 +1,38 @@ CVE-2023-6104 REJECTED CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and classifi ...) - TODO: check + NOT-FOR-US: Intelbras CVE-2023-6102 (A vulnerability, which was classified as problematic, was found in Mai ...) - TODO: check + NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6101 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6100 (A vulnerability classified as problematic was found in Maiwei Safety P ...) - TODO: check + NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6099 (A vulnerability classified as critical has been found in Shenzhen Youk ...) - TODO: check + NOT-FOR-US: Shenzhen Youkate Industrial Facial Love Cloud Payment System CVE-2023-6098 (An XSS vulnerability has been discovered in ICS Business Manager affec ...) - TODO: check + NOT-FOR-US: ICS Business Manager CVE-2023-6097 (A SQL injection vulnerability has been found in ICS Business Manager, ...) - TODO: check + NOT-FOR-US: ICS Business Manager CVE-2023-5999 REJECTED CVE-2023-48068 (DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2023-48063 (An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerab ...) - TODO: check + NOT-FOR-US: dreamer_cms + NOT-FOR-US: Dreamer CMS CVE-2023-48060 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-48058 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-47801 (An issue was discovered in Click Studios Passwordstate before 9811. Ex ...) - TODO: check + NOT-FOR-US: Click Studios Passwordstate CVE-2023-47621 (Guest Entries is a php library which allows users to create, update & ...) - TODO: check + NOT-FOR-US: Guest Entries CVE-2023-46092 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Web ...) - TODO: check + NOT-FOR-US: LionScripts.Com Webmaster Tools CVE-2023-40335 (Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cl ...) - TODO: check + NOT-FOR-US: Jeremy O'Connell Cleverwise Daily Quotes CVE-2023-39166 (Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Compo ...) TODO: check CVE-2023-35877 (Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bec878bf29e1b54729a5ff6e231333af381d0ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bec878bf29e1b54729a5ff6e231333af381d0ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cf9f327 by security tracker role at 2023-11-13T20:12:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2023-6104 + REJECTED +CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and classifi ...) + TODO: check +CVE-2023-6102 (A vulnerability, which was classified as problematic, was found in Mai ...) + TODO: check +CVE-2023-6101 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-6100 (A vulnerability classified as problematic was found in Maiwei Safety P ...) + TODO: check +CVE-2023-6099 (A vulnerability classified as critical has been found in Shenzhen Youk ...) + TODO: check +CVE-2023-6098 (An XSS vulnerability has been discovered in ICS Business Manager affec ...) + TODO: check +CVE-2023-6097 (A SQL injection vulnerability has been found in ICS Business Manager, ...) + TODO: check +CVE-2023-5999 + REJECTED +CVE-2023-48068 (DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vu ...) + TODO: check +CVE-2023-48063 (An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerab ...) + TODO: check +CVE-2023-48060 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-48058 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-47801 (An issue was discovered in Click Studios Passwordstate before 9811. Ex ...) + TODO: check +CVE-2023-47621 (Guest Entries is a php library which allows users to create, update & ...) + TODO: check +CVE-2023-46092 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Web ...) + TODO: check +CVE-2023-40335 (Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cl ...) + TODO: check +CVE-2023-39166 (Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Compo ...) + TODO: check +CVE-2023-35877 (Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User ...) + TODO: check +CVE-2023-32123 (Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 al ...) + TODO: check CVE-2023- [tor TROVE-2023-006] - tor 0.4.8.9-1 [bookworm] - tor (Vulnerable code introduced with 0.4.8.1-alpha) @@ -60,7 +100,7 @@ CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle C NOT-FOR-US: WordPress plugin CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM -CVE-2023-38363 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) +CVE-2023-38363 (IBM CICS TX Advanced 10.1 does not set the secure attribute on authori ...) NOT-FOR-US: IBM CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) NOT-FOR-US: WordPress plugin @@ -26001,8 +26041,8 @@ CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-31231 RESERVED -CVE-2023-31230 - RESERVED +CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...) + TODO: check CVE-2023-31229 RESERVED CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cf9f327c3fd26aa3640b666229c6a6100e9e005 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cf9f327c3fd26aa3640b666229c6a6100e9e005 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rust-self-cell issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14231931 by Salvatore Bonaccorso at 2023-11-13T21:06:28+01:00 Add Debian bug reference for rust-self-cell issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2023- [tor TROVE-2023-004] NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) CVE-2023- [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] - - rust-self-cell + - rust-self-cell (bug #1055895) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html NOTE: https://github.com/Voultapher/self_cell/issues/49 CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14231931119df6aa82e3361941133796a05a1188 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14231931119df6aa82e3361941133796a05a1188 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on tor issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30f5efad by Salvatore Bonaccorso at 2023-11-13T20:53:57+01:00 Update information on tor issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,16 @@ CVE-2023- [tor TROVE-2023-006] - tor 0.4.8.9-1 + [bookworm] - tor (Vulnerable code introduced with 0.4.8.1-alpha) + [bullseye] - tor (Vulnerable code introduced with 0.4.8.1-alpha) + [buster] - tor (Vulnerable code introduced with 0.4.8.1-alpha) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog - NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/be751a46e3941d9e6af093a307107db443b2968c + NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/e62b8bce5a88f8fa38a62ab503df7f0eecfb1d22 (tor-0.4.8.9) + NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/83aecca561e5c284a7279e1fc5784871abe5304b (tor-0.4.8.9) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40883 (non public ATM) CVE-2023- [tor TROVE-2023-004] - tor 0.4.8.8-1 NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog - NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) CVE-2023- [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] - rust-self-cell View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f5efad4926bea7a4f7a918ae077983aaac2b99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f5efad4926bea7a4f7a918ae077983aaac2b99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Clarify relation of CVE-2022-4949 with CVE-2023-34325 (XSA-443)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 999536ee by Salvatore Bonaccorso at 2023-11-13T19:04:10+01:00 Clarify relation of CVE-2022-4949 with CVE-2023-34325 (XSA-443) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,9 +103,12 @@ CVE-2023-6075 (A vulnerability classified as problematic has been found in PHPGu CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...) NOT-FOR-US: PHPGurukul CVE-2023-4949 (An attacker with local access to a system (either through a disk or ex ...) - - grub + - grub (unimportant) NOTE: https://xenbits.xenproject.org/xsa/advisory-443.html - TODO: said to affect grub-legacy only, but need some additional cross-references verified + NOTE: grub-legancy has not secure boot support. The CVE is specific for the src:grub + NOTE: issue "An attacker with local access to a system (either through a disk or external + NOTE: drive) can present a modified XFS partition to grub-legacy in such a way to exploit + NOTE: a memory corruption in grub's XFS file system implementation." CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Telit Cinterion CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists in Telit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/999536eea11a113c3228fa15d7dc33fc772f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/999536eea11a113c3228fa15d7dc33fc772f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dnstdist/HTTP2
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cd48e2fb by Moritz Muehlenhoff at 2023-11-13T18:29:52+01:00 dnstdist/HTTP2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5807,6 +5807,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource - nghttp2 1.57.0-1 (bug #1053769) - jetty9 9.4.53-1 - netty 1:4.1.48-8 (bug #1054234) + - dnsdist 1.8.2-2 NOTE: Tomcat: https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49 (10.1.14) NOTE: Tomcat: https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a (9.0.81) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version @@ -5814,6 +5815,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0) NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.9) NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe + NOTE: dnsdist: h2o change breaks the ABI, hence dnsdist switched to a vendored fix in 1.8.2-2 NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1) NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44134.html NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44136.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd48e2fb6a1519b1788df18c2743550853a797e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd48e2fb6a1519b1788df18c2743550853a797e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new tor issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5caf69a9 by Moritz Muehlenhoff at 2023-11-13T17:54:22+01:00 new tor issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2023- [tor TROVE-2023-006] + - tor 0.4.8.9-1 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/be751a46e3941d9e6af093a307107db443b2968c + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40883 (non public ATM) +CVE-2023- [tor TROVE-2023-004] + - tor 0.4.8.8-1 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) CVE-2023- [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] - rust-self-cell NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5caf69a923778ebd321f726398ebb72d19f2bf11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5caf69a923778ebd321f726398ebb72d19f2bf11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d9321df2 by Roberto C. Sánchez at 2023-11-13T11:20:27-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Roberto C. Sánchez robe...@connexer.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,7 +44,7 @@ curl NOTE: 20231103: Added by Front-Desk (lamby) NOTE: 20231103: Sync with stable. (lamby) -- -docker.io (rouca/santiago) +docker.io NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) NOTE: 20230424: Is in preparation. (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9321df25fffd2d528ad4fd147a83d33e5851e43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9321df25fffd2d528ad4fd147a83d33e5851e43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add note
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab9f5770 by Adrian Bunk at 2023-11-13T16:29:45+02:00 dla: add note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -78,6 +78,7 @@ freerdp2 (tobi) galera-3 (Adrian Bunk) NOTE: 20231028: Added by Front-Desk (gladk) NOTE: 20231028: Acc. to CVE notes the open issue is fixed in 26.4.12. Please, try to find a corresponding commit and try to backport it. Otherwise - no-dsa. (gladk) + NOTE: 20231113: Investigating whether vulnerability already existed before commit introducing current code. (bunk) -- horizon NOTE: 20231101: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9f5770de889597897c46bda419053e7a4407c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9f5770de889597897c46bda419053e7a4407c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new rust-self-cell issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ded15c9a by Moritz Muehlenhoff at 2023-11-13T14:53:47+01:00 new rust-self-cell issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023- [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] + - rust-self-cell + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html + NOTE: https://github.com/Voultapher/self_cell/issues/49 CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) NOT-FOR-US: Hanwha Vision PNV-A6081R CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded15c9a08fc0b702a8b74f7a11416caa77c3cf2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded15c9a08fc0b702a8b74f7a11416caa77c3cf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qt6-svg n/a, could potentially affect experimental, but not really worth checking further
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 17f81088 by Moritz Muehlenhoff at 2023-11-13T14:17:04+01:00 qt6-svg n/a, could potentially affect experimental, but not really worth checking further - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2535,8 +2535,8 @@ CVE-2023-31422 (An issue was discovered by Elastic whereby sensitive information CVE-2023-31421 (It was discovered that when acting as TLS clients, Beats, Elastic Agen ...) NOT-FOR-US: Elastic CVE-2023-45872 + - qt6-svg (Doesn't affect any version uploaded to unstable) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067 - TODO: check, seems to only affect a r0 version of qtsvg CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Linux K ...) - linux 6.5.10-1 NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17f810889c0462ba970398514fe4b491649cdf66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17f810889c0462ba970398514fe4b491649cdf66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3eda7a17 by Moritz Muehlenhoff at 2023-11-13T13:02:12+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) - TODO: check + NOT-FOR-US: Hanwha Vision PNV-A6081R CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2023-5037 @@ -101,7 +101,7 @@ CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earli [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) CVE-2023-47129 (Statmic is a core Laravel content management system Composer package. ...) - TODO: check + NOT-FOR-US: Statmic CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...) NOT-FOR-US: Piccolo ORM (not the same as src:piccolo) CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...) @@ -174,7 +174,7 @@ CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a defaul CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal vulnerability le ...) NOT-FOR-US: SysAid CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized ...) - TODO: check + NOT-FOR-US: sentry-javascript CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 ...) @@ -233,9 +233,9 @@ CVE-2023-6039 (A use-after-free flaw was found in lan78xx_disconnect in drivers/ [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 (6.5-rc5) CVE-2023-4612 (Improper Authentication vulnerability in Apereo CAS injakarta.servlet. ...) - TODO: check + NOT-FOR-US: Apereo CAS CVE-2023-4218 (In Eclipse IDE versions < 2023-09 (4.29) some files with xml content a ...) - TODO: check + - eclipse CVE-2023-47616 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Telit Cinterion CVE-2023-47615 (A CWE-526: Exposure of Sensitive Information Through Environmental Var ...) @@ -981,7 +981,7 @@ CVE-2023-46084 (Improper Neutralization of Special Elements used in an SQL Comma CVE-2023-45830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45827 (Dot diver is a lightweight, powerful, and dependency-free TypeScript u ...) - TODO: check + NOT-FOR-US: Dot diver CVE-2023-45657 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45163 (The 1E-Exchange-CommandLinePing instruction that is part of the Networ ...) @@ -47325,7 +47325,7 @@ CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/mo CVE-2023-0437 RESERVED CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...) - TODO: check + NOT-FOR-US: MongoDB Atlas Kubernetes Operator CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...) NOT-FOR-US: MongoDB .NET/C# Driver CVE-2023-24371 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eda7a1723994d10f6dfa552ff9a5b0943b5689e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eda7a1723994d10f6dfa552ff9a5b0943b5689e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 485b3a90 by Salvatore Bonaccorso at 2023-11-13T09:29:41+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,65 +1,65 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) TODO: check CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5037 REJECTED CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47652 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47516 (Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Categ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47230 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47163 (Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence ...) - TODO: check + NOT-FOR-US: Remarshal CVE-2023-46638 (Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46636 (Cross-Site Request Forgery (CSRF) vulnerability in David St\xf6ckl Cus ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46634 (Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46629 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remov ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46625 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Man ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46620 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46619 (Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialW ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46618 (Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Serge ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46207 (Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Mot ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46201 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41239 (Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38363 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35041 (Cross-Site Request Forgery (CSRF) vulnerability leading to Local File ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34384 (Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34378 (Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34013 (Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33207 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\xf ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32588 (Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Pos ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32583 (Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP A ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6084 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-47037 (We failed to
[Git][security-tracker-team/security-tracker][master] lts: take postgresql-11
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 124b8dff by Emilio Pozuelo Monfort at 2023-11-13T09:13:57+01:00 lts: take postgresql-11 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -168,6 +168,9 @@ osslsigncode NOTE: 20230925: Added by Front-Desk (apo) NOTE: 20230925: Maybe a new upstream release should just do the trick here. -- +postgresql-11 (Emilio) + NOTE: 20231113: Added by pochu to take care of the announcement +-- postgresql-multicorn NOTE: 20231108: Added by Front-Desk (santiago) NOTE: 20231108: Need to handle incompatibilities with versions in debian packages, brought up by PEP 440. See https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/70 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124b8dffded463da01410e0547cd1249d5b98305 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124b8dffded463da01410e0547cd1249d5b98305 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 238e87a2 by security tracker role at 2023-11-13T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) + TODO: check +CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) + TODO: check +CVE-2023-5037 + REJECTED +CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) + TODO: check +CVE-2023-47652 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + TODO: check +CVE-2023-47516 (Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Categ ...) + TODO: check +CVE-2023-47230 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...) + TODO: check +CVE-2023-47163 (Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence ...) + TODO: check +CVE-2023-46638 (Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWe ...) + TODO: check +CVE-2023-46636 (Cross-Site Request Forgery (CSRF) vulnerability in David St\xf6ckl Cus ...) + TODO: check +CVE-2023-46634 (Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My ...) + TODO: check +CVE-2023-46629 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remov ...) + TODO: check +CVE-2023-46625 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Man ...) + TODO: check +CVE-2023-46620 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) + TODO: check +CVE-2023-46619 (Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialW ...) + TODO: check +CVE-2023-46618 (Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Serge ...) + TODO: check +CVE-2023-46207 (Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Mot ...) + TODO: check +CVE-2023-46201 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) + TODO: check +CVE-2023-41239 (Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress ...) + TODO: check +CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church ...) + TODO: check +CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) + TODO: check +CVE-2023-38363 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) + TODO: check +CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) + TODO: check +CVE-2023-35041 (Cross-Site Request Forgery (CSRF) vulnerability leading to Local File ...) + TODO: check +CVE-2023-34384 (Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter F ...) + TODO: check +CVE-2023-34378 (Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP H ...) + TODO: check +CVE-2023-34013 (Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Po ...) + TODO: check +CVE-2023-33207 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\xf ...) + TODO: check +CVE-2023-32588 (Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Pos ...) + TODO: check +CVE-2023-32583 (Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP A ...) + TODO: check CVE-2023-6084 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-47037 (We failed to applyCVE-2023-40611 in 2.7.1 and this vulnerability was m ...) @@ -26034,8 +26096,8 @@ CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...) NOT-FOR-US: WordPress plugin -CVE-2023-31219 - RESERVED +CVE-2023-31219 (Server-Side Request Forgery (SSRF) vulnerability in WPChill Download M ...) + TODO: check CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -31130,8 +31192,8 @@ CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TM NOT-FOR-US: WordPress plugin CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd ...) NOT-FOR-US: WordPress plugin -CVE-2023-29425 - RESERVED +CVE-2023-29425 (Cross-Site