[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-23346/pymatgen via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d02a5af by Salvatore Bonaccorso at 2024-02-26T06:19:35+01:00 Track fixed version for CVE-2024-23346/pymatgen via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -706,7 +706,7 @@ CVE-2024-24476 (A buffer overflow in Wireshark before 4.2.0 allows a remote atta NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19344 NOTE: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78 CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library ...) - - pymatgen (bug #1064514) + - pymatgen 2024.1.27+dfsg1-6 (bug #1064514) NOTE: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f NOTE: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a (v2024.2.20) CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d02a5aff9b834c1b2693f63cd92db810a7369cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d02a5aff9b834c1b2693f63cd92db810a7369cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-0567/gnutls28 for buster.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: d4e133cb by Guilhem Moulin at 2024-02-26T01:10:41+01:00 Triage CVE-2024-0567/gnutls28 for buster. Per https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09 “This affects GnuTLS 3.7.0 to 3.8.2”. (Likely introduced in https://gitlab.com/gnutls/gnutls/-/commit/d268f19510a95f92d11d8f8dc7d94fcae4d765cc .) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7894,7 +7894,7 @@ CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses - gnutls28 3.8.3-1 (bug #1061045) [bookworm] - gnutls28 3.7.9-2+deb12u2 [bullseye] - gnutls28 3.7.1-5+deb11u5 - [buster] - gnutls28 (Minor issue) + [buster] - gnutls28 (Vulnerabity introduced in 3.7) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1521 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e133cb452511b48ee719041ed721f8ae01ff33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e133cb452511b48ee719041ed721f8ae01ff33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take qemu
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab44afc3 by Adrian Bunk at 2024-02-25T22:34:27+02:00 dla: take qemu - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -234,7 +234,7 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- -qemu +qemu (Adrian Bunk) NOTE: 20240119: Added by Front-Desk (lamby) NOTE: 20240119: CVE-2023-1544 and CVE-2023-3354 already fixed in bullseye via DSA or point releases; to be fixed or . (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab44afc3878381574198af459c5f2cd12bd8d080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab44afc3878381574198af459c5f2cd12bd8d080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2024-0243 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb18488d by Salvatore Bonaccorso at 2024-02-25T21:32:04+01:00 Process CVE-2024-0243 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83,7 +83,7 @@ CVE-2024-1710 (The Addon Library plugin for WordPress is vulnerable to unauthori CVE-2024-1165 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Di ...) NOT-FOR-US: WordPress plugin CVE-2024-0243 (With the following crawler configuration: ```python from bs4 import B ...) - TODO: check + NOT-FOR-US: LanChain-ai Langchain CVE-2023-5775 (The BackWPup plugin for WordPress is vulnerable to Plaintext Storage o ...) NOT-FOR-US: WordPress plugin CVE-2023-43051 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb18488dcb65c9cff2d8b4b52724c2ccf8666d1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb18488dcb65c9cff2d8b4b52724c2ccf8666d1f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-21501/node-sanitize-html
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d7d25c9 by Salvatore Bonaccorso at 2024-02-25T21:31:08+01:00 Add CVE-2024-21501/node-sanitize-html - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -143,7 +143,12 @@ CVE-2024-22395 (Improper access control vulnerability has been identified in the CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable to Use o ...) NOT-FOR-US: fastecdsa CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are vulnerable to ...) - TODO: check + - node-sanitize-html + NOTE: https://github.com/apostrophecms/sanitize-html/pull/650 + NOTE: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf + NOTE: https://github.com/apostrophecms/apostrophe/discussions/4436 + NOTE: https://github.com/apostrophecms/sanitize-html/commit/075499d1b98c387f4200fd59972ca9b15796b51b (2.12.1) + NOTE: https://github.com/apostrophecms/sanitize-html/commit/1e2294c8001ce07c89448e03289818da631795ba (2.12.1) CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-25117/php-dompdf-svg-lib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6faa882 by Salvatore Bonaccorso at 2024-02-25T21:28:05+01:00 Add Debian bug reference for CVE-2024-25117/php-dompdf-svg-lib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -684,7 +684,7 @@ CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vu CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote attackers ...) NOT-FOR-US: He3 App for macOS CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...) - - php-dompdf-svg-lib + - php-dompdf-svg-lib (bug #1064781) [bookworm] - php-dompdf-svg-lib (Minor issue) NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6faa88224dd4fd301b29049bb24a7766efd4d84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6faa88224dd4fd301b29049bb24a7766efd4d84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-6110/python-openstackclient
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eec1a397 by Salvatore Bonaccorso at 2024-02-25T21:26:06+01:00 Track fixed version via unstable for CVE-2023-6110/python-openstackclient - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3013,7 +3013,7 @@ CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an attack [bullseye] - python-jwcrypto (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843 CVE-2023-6110 [deleting a non existing access rule deletes another existing access rule in it's scope] - - python-openstackclient + - python-openstackclient 6.3.0-2 [bookworm] - python-openstackclient (Minor issue) [bullseye] - python-openstackclient (Minor issue) [buster] - python-openstackclient (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec1a397b67f4f7de3a8bdce2ab20ebc2a64b4cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec1a397b67f4f7de3a8bdce2ab20ebc2a64b4cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-26130
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94f78f2f by Salvatore Bonaccorso at 2024-02-25T21:19:25+01:00 Add Debian bug reference for CVE-2024-26130 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -652,7 +652,7 @@ CVE-2024-26138 (The XWiki licensor application, which manages and enforce applic CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store events. ...) NOT-FOR-US: EventStoreDB (ESDB) CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives ...) - - python-cryptography + - python-cryptography (bug #1064778) [bookworm] - python-cryptography (Minor issue) [bullseye] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f78f2f9457cdd52597445136dcc16260a7186d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f78f2f9457cdd52597445136dcc16260a7186d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea924967 by security tracker role at 2024-02-25T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,58 +1,70 @@ -CVE-2022-48626 [moxart: fix potential use-after-free on remove path] +CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...) + TODO: check +CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...) + TODO: check +CVE-2024-0440 (Attacker, with permission to submit a link or submits a link via POST ...) + TODO: check +CVE-2024-0439 (As a manager, you should not be able to modify a series of settings. I ...) + TODO: check +CVE-2024-0436 (Theoretically, it would be possible for an attacker to brute-force the ...) + TODO: check +CVE-2024-0435 (User can send a chat that contains an XSS opportunity that will then r ...) + TODO: check +CVE-2022-48626 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.16.10-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) -CVE-2021-46905 [net: hso: fix NULL-deref on disconnect regression] +CVE-2021-46905 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (No Debian released version vulnerable)) NOTE: https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 (5.13-rc1) -CVE-2021-46904 [net: hso: fix null-ptr-deref during tty device unregistration] +CVE-2021-46904 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/8a12f8836145ffe37e9c8733dce18c22fb668b66 (5.12-rc7) -CVE-2023-52465 [power: supply: Fix null pointer dereference in smb2_probe] +CVE-2023-52465 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/88f04bc3e737155e13caddf0ba8ed19db87f0212 (6.8-rc1) -CVE-2023-52466 [PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()] +CVE-2023-52466 (In the Linux kernel, the following vulnerability has been resolved: P ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3171e46d677a668eed3086da78671f1e4f5b8405 (6.8-rc1) -CVE-2023-52467 [mfd: syscon: Fix null pointer dereference in of_syscon_register()] +CVE-2023-52467 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/41673c66b3d0c09915698fec5c13b24336f18dd1 (6.8-rc1) -CVE-2023-52468 [class: fix use-after-free in class_register()] +CVE-2023-52468 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/93ec4a3b76404bce01bd5c9032bef5df6feb1d62 (6.8-rc1) -CVE-2023-52469 [drivers/amd/pm: fix a use-after-free in kv_parse_power_table] +CVE-2023-52469 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/28dd788382c43b330480f57cd34cde0840896743 (6.8-rc1) -CVE-2023-52470 [drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()] +CVE-2023-52470 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/7a2464fac80d42f6f8819fed97a553e9c2f43310 (6.8-rc1) -CVE-2023-52471 [ice: Fix some null pointer dereference issues in ice_ptp.c] +CVE-2023-52471 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf (6.8-rc1) -CVE-2023-52472 [crypto: rsa - add a check for allocation failure] +CVE-2023-52472 (In the Linux kernel, the following
[Git][security-tracker-team/security-tracker][master] Tentatively take one package from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c724b68a by Salvatore Bonaccorso at 2024-02-25T21:02:58+01:00 Tentatively take one package from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,7 +25,7 @@ dnsdist (jmm) -- frr -- -gnutls28/oldstable +gnutls28/oldstable (carnil) -- gpac/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c724b68a8dcb193abdd7525603141e3b246f9fa5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c724b68a8dcb193abdd7525603141e3b246f9fa5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: retake
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab7a9284 by Adrian Bunk at 2024-02-25T21:34:45+02:00 dla: retake - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -276,7 +276,7 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -suricata +suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), @@ -312,7 +312,7 @@ varnish (Abhijith PA) NOTE: 20240122: Still fixing tests (abhijith) NOTE: 20240213: Fixing tests.(abhijith) -- -wireshark +wireshark (Adrian Bunk) NOTE: 20231118: Added by Front-Desk (apo) NOTE: 20231204: DLA pending (bunk) NOTE: 20231218: Debugging a problem with the update. (bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7a928481e437abd747e921182cf0359c53eb43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7a928481e437abd747e921182cf0359c53eb43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21cfe254 by Salvatore Bonaccorso at 2024-02-25T19:54:04+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,14 @@ +CVE-2022-48626 [moxart: fix potential use-after-free on remove path] + - linux 5.16.10-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) +CVE-2021-46905 [net: hso: fix NULL-deref on disconnect regression] + - linux (No Debian released version vulnerable)) + NOTE: https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 (5.13-rc1) +CVE-2021-46904 [net: hso: fix null-ptr-deref during tty device unregistration] + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/8a12f8836145ffe37e9c8733dce18c22fb668b66 (5.12-rc7) CVE-2023-52465 [power: supply: Fix null pointer dereference in smb2_probe] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21cfe254d66e2605d82e25389be0d5826a20dba4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21cfe254d66e2605d82e25389be0d5826a20dba4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libjwt spu/ospu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ff64865 by Moritz Mühlenhoff at 2024-02-25T19:37:59+01:00 libjwt spu/ospu - - - - - 2 changed files: - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -34,3 +34,5 @@ CVE-2022-22995 [bullseye] - netatalk 3.1.12~ds-8+deb11u2 CVE-2022-22846 [bullseye] - python-dnslib 0.9.14-1+deb11u1 +CVE-2024-25189 + [bullseye] - libjwt 1.10.2-1+deb11u1 = data/next-point-update.txt = @@ -48,3 +48,5 @@ CVE-2024-20290 [bookworm] - clamav 1.0.5+dfsg-1~deb12u1 CVE-2024-20328 [bookworm] - clamav 1.0.5+dfsg-1~deb12u1 +CVE-2024-25189 + [bookworm] - libjwt 1.10.2-1+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ff64865af1dca00314f77b1b2c6995744b01de7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ff64865af1dca00314f77b1b2c6995744b01de7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for iwd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba0bab7f by Salvatore Bonaccorso at 2024-02-25T11:40:59+01:00 Reserve DSA number for iwd - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[25 Feb 2024] DSA-5631-1 iwd - security update + {CVE-2023-52161} + [bullseye] - iwd 1.14-3+deb11u1 + [bookworm] - iwd 2.3-1+deb12u1 [23 Feb 2024] DSA-5630-1 thunderbird - security update {CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553} [bullseye] - thunderbird 1:115.8.0-1~deb11u1 = data/dsa-needed.txt = @@ -33,8 +33,6 @@ gtkwave -- h2o (jmm) -- -iwd (carnil) --- knot-resolver (jmm) -- libreswan (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0bab7f935b33b3fc66683aa8ed03f3aa006b56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0bab7f935b33b3fc66683aa8ed03f3aa006b56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Include temporary short description in listing
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86d6036b by Salvatore Bonaccorso at 2024-02-25T10:28:41+01:00 Include temporary short description in listing - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,47 +1,47 @@ -CVE-2023-52465 +CVE-2023-52465 [power: supply: Fix null pointer dereference in smb2_probe] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/88f04bc3e737155e13caddf0ba8ed19db87f0212 (6.8-rc1) -CVE-2023-52466 +CVE-2023-52466 [PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3171e46d677a668eed3086da78671f1e4f5b8405 (6.8-rc1) -CVE-2023-52467 +CVE-2023-52467 [mfd: syscon: Fix null pointer dereference in of_syscon_register()] - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/41673c66b3d0c09915698fec5c13b24336f18dd1 (6.8-rc1) -CVE-2023-52468 +CVE-2023-52468 [class: fix use-after-free in class_register()] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/93ec4a3b76404bce01bd5c9032bef5df6feb1d62 (6.8-rc1) -CVE-2023-52469 +CVE-2023-52469 [drivers/amd/pm: fix a use-after-free in kv_parse_power_table] - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/28dd788382c43b330480f57cd34cde0840896743 (6.8-rc1) -CVE-2023-52470 +CVE-2023-52470 [drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()] - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/7a2464fac80d42f6f8819fed97a553e9c2f43310 (6.8-rc1) -CVE-2023-52471 +CVE-2023-52471 [ice: Fix some null pointer dereference issues in ice_ptp.c] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf (6.8-rc1) -CVE-2023-52472 +CVE-2023-52472 [crypto: rsa - add a check for allocation failure] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 (6.8-rc1) -CVE-2023-52473 +CVE-2023-52473 [thermal: core: Fix NULL pointer dereference in zone registration error path] - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86d6036bb4d5e71a4dae20bc2448750afef6b64e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86d6036bb4d5e71a4dae20bc2448750afef6b64e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f4f5dc1 by Salvatore Bonaccorso at 2024-02-25T10:16:44+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,52 @@ +CVE-2023-52465 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/88f04bc3e737155e13caddf0ba8ed19db87f0212 (6.8-rc1) +CVE-2023-52466 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3171e46d677a668eed3086da78671f1e4f5b8405 (6.8-rc1) +CVE-2023-52467 + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/41673c66b3d0c09915698fec5c13b24336f18dd1 (6.8-rc1) +CVE-2023-52468 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/93ec4a3b76404bce01bd5c9032bef5df6feb1d62 (6.8-rc1) +CVE-2023-52469 + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/28dd788382c43b330480f57cd34cde0840896743 (6.8-rc1) +CVE-2023-52470 + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/7a2464fac80d42f6f8819fed97a553e9c2f43310 (6.8-rc1) +CVE-2023-52471 + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf (6.8-rc1) +CVE-2023-52472 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 (6.8-rc1) +CVE-2023-52473 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea (6.8-rc1) CVE-2024-27359 (Certain WithSecure products allow a Denial of Service because the engi ...) NOT-FOR-US: WithSecure CVE-2024-27350 (Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV ap ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f5dc1695a8dbe7171dc63ab7c412eeaab7a9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f5dc1695a8dbe7171dc63ab7c412eeaab7a9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim tiff
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c2f5980f by Abhijith PA at 2024-02-25T14:34:08+05:30 data/dla-needed.txt: claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -290,7 +290,7 @@ thunderbird NOTE: 20240222: Added by Front-Desk (pochu) NOTE: 20240222: send DLA after maintainer uploads 115.8.0 -- -tiff +tiff (Abhijith PA) NOTE: 20231231: Added by Front-Desk (lamby) NOTE: 20231231: CVE-2023-3576 already fixed in bullseye via DSA or point release(s). (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f5980fe61407b6d95a9febf6a10b2816dc336d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f5980fe61407b6d95a9febf6a10b2816dc336d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] This CVE is due to a regression introduced in 9.50
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: bb242bbb by Abhijith PA at 2024-02-25T14:24:35+05:30 This CVE is due to a regression introduced in 9.50 https://bugs.ghostscript.com/show_bug.cgi?id=701877 https://git.ghostscript.com/?p=ghostpdl.git;h=da03855bf9ca18eab05d4ac870d73f457758a77f ghostscript in buster not backported this patch. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -4426,6 +4426,7 @@ CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource cons NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1 CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...) - ghostscript 9.53.0~dfsg-1 + [buster] - ghostscript (regression introduced in version 9.50) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702229 NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?8c7bd787defa071c96289b7da9397f673fddb874 (ghostpdl-9.53.0rc1) CVE-2018-25098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmaso ...) = data/dla-needed.txt = @@ -106,9 +106,6 @@ frr (Abhijith PA) NOTE: 20231119: Added by Front-Desk (apo) NOTE: 20240206: Continuing fixing the remaining issues (abhijith) -- -ghostscript (Abhijith PA) - NOTE: 20240212: Added by Front-Desk (lamby) --- gnutls28 (guilhem) NOTE: 20240122: Added by Front-Desk (Beuc) NOTE: 20240122: Incomplete fix for CVE-2023-5981/DLA-3660-1 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb242bbb9429518387c46f3219a8d190aac64911 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb242bbb9429518387c46f3219a8d190aac64911 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove tag information for commit not in v5.7.1 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fff77d28 by Salvatore Bonaccorso at 2024-02-25T09:52:33+01:00 Remove tag information for commit not in v5.7.1 upstream - - - - - 2e27e2c8 by Salvatore Bonaccorso at 2024-02-25T09:52:52+01:00 CVE-2023-46317: Add upstream commit reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2718,7 +2718,7 @@ CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 51 NOTE: https://github.com/CZ-NIC/knot-resolver/commit/24699e9f206a8f957b516cad22a8e5790d226836 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/a05cf1d379d1af0958587bd111f791b72f404364 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/9b421cdf91f987e0254a06ff2c4e8fbf76dc2b58 (v5.7.1) - NOTE: https://github.com/CZ-NIC/knot-resolver/commit/5e80624b18d40ae44be704751d3b22943edf287f (v5.7.1) + NOTE: https://github.com/CZ-NIC/knot-resolver/commit/5e80624b18d40ae44be704751d3b22943edf287f NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f9ba52e6f54bc1db122870df50cb364cb977436e (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/b044babbee358dc305d770a1dab3a877c49468a7 (v5.7.1) NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released @@ -23263,6 +23263,7 @@ CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 NOTE: https://github.com/CZ-NIC/knot-resolver/commit/7aec8ebdf1428afcb7f5bc62764149ffeaf3d3fe (v6.0.6) + NOTE: https://github.com/CZ-NIC/knot-resolver/commit/49876a99ba9ee2dc7ca4b4bfb5431891974bdf10 (v5.7.0) CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...) NOT-FOR-US: Stable Diffusion webui Infinite Image Browsing CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e9c2ca5c2504f8a8e819ba8f3d6e1db5fd40b34...2e27e2c8e716dec4e94259c7e08f591f376c4386 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e9c2ca5c2504f8a8e819ba8f3d6e1db5fd40b34...2e27e2c8e716dec4e94259c7e08f591f376c4386 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag information
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e9c2ca5 by Salvatore Bonaccorso at 2024-02-25T09:45:45+01:00 Add upstream tag information - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93,7 +93,7 @@ CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests. `ares__read [bookworm] - c-ares (Minor issue) [bullseye] - c-ares (Minor issue) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q - NOTE: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 + NOTE: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 (cares-1_27_0) CVE-2024-23320 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...) NOT-FOR-US: Apache DolphinScheduler CVE-2024-22776 (Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-bas ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e9c2ca5c2504f8a8e819ba8f3d6e1db5fd40b34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e9c2ca5c2504f8a8e819ba8f3d6e1db5fd40b34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b062c94 by Salvatore Bonaccorso at 2024-02-25T09:42:38+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-27359 (Certain WithSecure products allow a Denial of Service because the engi ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2024-27350 (Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV ap ...) - TODO: check + NOT-FOR-US: Amazon Fire OS CVE-2024-1871 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1758 (The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Ser ...) NOT-FOR-US: WordPress plugin CVE-2024-1710 (The Addon Library plugin for WordPress is vulnerable to unauthorized a ...) @@ -69,7 +69,7 @@ CVE-2024-22988 (An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to exec CVE-2024-22395 (Improper access control vulnerability has been identified in the SMA10 ...) NOT-FOR-US: SMA100 SSL-VPN virtual office portal CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable to Use o ...) - TODO: check + NOT-FOR-US: fastecdsa CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are vulnerable to ...) TODO: check CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b062c945e26e8a864cff0d23961d2bd51c622ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b062c945e26e8a864cff0d23961d2bd51c622ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: dla-needed.txt: improve libssh note
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a7a2809 by Sean Whitton at 2024-02-25T16:33:20+08:00 LTS: dla-needed.txt: improve libssh note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -157,12 +157,12 @@ libreswan -- libssh NOTE: 20231219: Added by Front-Desk (ta) - NOTE: 20240225: Patches backported, tests pass. The backport should be - NOTE: 20240225: reviewed. I haven't yet tested that Terrapin is actually - NOTE: 20240225: mitigated. Upstream have provided some input on doing that: + NOTE: 20240225: Patches backported, tests pass. The backport needs review. + NOTE: 20240225: I haven't yet tested that Terrapin is actually mitigated. + NOTE: 20240225: Upstream have provided some input on doing that: NOTE: 20240225: <https://archive.libssh.org/libssh/2024-01/000.html>. NOTE: 20240225: I've asked upstream whether it's okay to restore the evp - NOTE: 20240225: functions and types: + NOTE: 20240225: functions and types (commit 3eb99562): NOTE: 20240225: <https://archive.libssh.org/libssh/2024-02/007.html> NOTE: 20240225: (spwhitton). -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a7a2809204a8e7c203c1e43d80002eb05e0381f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a7a2809204a8e7c203c1e43d80002eb05e0381f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc09fc86 by security tracker role at 2024-02-25T08:11:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-27359 (Certain WithSecure products allow a Denial of Service because the engi ...) + TODO: check +CVE-2024-27350 (Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV ap ...) + TODO: check +CVE-2024-1871 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check CVE-2024-1758 (The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Ser ...) NOT-FOR-US: WordPress plugin CVE-2024-1710 (The Addon Library plugin for WordPress is vulnerable to unauthorized a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc09fc86ef6ffdfaeed7d97d75a90413014648fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc09fc86ef6ffdfaeed7d97d75a90413014648fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits