[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim librecad.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e1e49f5 by Chris Lamb at 2022-06-05T07:44:47+01:00 data/dla-needed.txt: Claim librecad. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -142,7 +142,7 @@ libmatio (Abhijith PA) NOTE: 20220529: Programming language: C. NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk) -- -librecad +librecad (Chris Lamb) NOTE: 20220605: Programming language: C++. -- libvirt (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1e49f53cb7d89e7c81f4f7889eaa48737ce4d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1e49f53cb7d89e7c81f4f7889eaa48737ce4d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 47b2d016 by Chris Lamb at 2022-06-05T07:43:17+01:00 data/dla-needed.txt: Correct ordering - - - - - 783d5445 by Chris Lamb at 2022-06-05T07:43:31+01:00 data/dla-needed.txt: Claim php-horde-mime-viewer. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -138,13 +138,13 @@ liblouis (Andreas Rönnquist) NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, NOTE: 20220503: Patch not applied upstream yet. -- -librecad - NOTE: 20220605: Programming language: C++. --- libmatio (Abhijith PA) NOTE: 20220529: Programming language: C. NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk) -- +librecad + NOTE: 20220605: Programming language: C++. +-- libvirt (Thorsten Alteholz) NOTE: 20220529: Programming language: C. NOTE: 20220522: testing package @@ -219,7 +219,7 @@ pdns NOTE: 20220506: package builds but does not run a test suite, and I lack the NOTE: 20220506: know-how for testing manually (enrico) -- -php-horde-mime-viewer +php-horde-mime-viewer (Chris Lamb) NOTE: 20220605: Programming language: PHP. -- php-horde-turba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/be7d2238822f4f916f5fc95da674897b4439eccc...783d5445fcafc614034507a56421f10e64a11194 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/be7d2238822f4f916f5fc95da674897b4439eccc...783d5445fcafc614034507a56421f10e64a11194 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2022-31001, CVE-2022-31002 and CVE-2022-31003 as postponed for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a191a12 by Thorsten Alteholz at 2022-06-05T00:41:24+02:00 mark CVE-2022-31001, CVE-2022-31002 and CVE-2022-31003 as postponed for Stretch - - - - - e460a70e by Thorsten Alteholz at 2022-06-05T00:44:25+02:00 mark CVEs of swdtools as no-dsa - - - - - be7d2238 by Thorsten Alteholz at 2022-06-05T00:50:04+02:00 add librecad - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -3436,14 +3436,17 @@ CVE-2022-31004 (CVEProject/cve-services is an open source project used to operat NOT-FOR-US: CVEProject/cve-services CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - sofia-sip + [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - sofia-sip + [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - sofia-sip + [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...) @@ -45889,33 +45892,43 @@ CVE-2021-42205 RESERVED CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/169 CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/176 CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/171 CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/175 CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/170 CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/173 CVE-2021-42198 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/168 CVE-2021-42197 (An issue was discovered in swftools through 20201222 through a memory ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/177 CVE-2021-42196 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/172 CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools + [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/174 CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...) NOT-FOR-US: Eyoucms = data/dla-needed.txt = @@ -138,6 +138,9 @@ liblouis (Andreas Rönnquist) NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, NOTE: 20220503: Patch not applied upstream yet. -- +librecad + NOTE: 20220605: Programming language: C++. +-- libmatio (Abhijith PA) NOTE: 20220529: Programming language: C. NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/
[Git][security-tracker-team/security-tracker][master] 2 commits: add keepass2
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f29441ef by Thorsten Alteholz at 2022-06-05T00:24:38+02:00 add keepass2 - - - - - 37d8581c by Thorsten Alteholz at 2022-06-05T00:33:58+02:00 add php-horde-mime-viewer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,6 +118,10 @@ jupyter-notebook NOTE: 20220529: Programming language: Python. NOTE: 20220528: wrt CVE-2021-32798, caja is bundled (not external), cf. README.source (Beuc/front-desk) -- +keepass2 + NOTE: 20220529: Programming language: C# + NOTE: 20220605: no patch available yet +-- kvmtool NOTE: 20220529: Programming language: C. NOTE: 20220402: stretch-specific, orphaned package (Beuc/front-desk) @@ -212,6 +216,9 @@ pdns NOTE: 20220506: package builds but does not run a test suite, and I lack the NOTE: 20220506: know-how for testing manually (enrico) -- +php-horde-mime-viewer + NOTE: 20220605: Programming language: PHP. +-- php-horde-turba NOTE: 20220603: Programming language: PHP. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e732e749fef57cb2359c2af58a947c8c15bb8b6a...37d8581cb8a79e74202e5a5a1b00f9aff824735d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e732e749fef57cb2359c2af58a947c8c15bb8b6a...37d8581cb8a79e74202e5a5a1b00f9aff824735d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e732e749 by Salvatore Bonaccorso at 2022-06-04T22:24:21+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53,7 +53,7 @@ CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classif CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) NOT-FOR-US: Brandbugle CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) - TODO: check + NOT-FOR-US: MINMAX CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) NOT-FOR-US: easyii CMS CVE-2020-36533 (A vulnerability was found in Klapp App and classified as problematic. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e732e749fef57cb2359c2af58a947c8c15bb8b6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e732e749fef57cb2359c2af58a947c8c15bb8b6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: deed1231 by Salvatore Bonaccorso at 2022-06-04T22:16:57+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,9 +35,9 @@ CVE-2018-25034 CVE-2017-20017 RESERVED CVE-2020-36544 (A vulnerability has been found in SialWeb CMS and classified as proble ...) - TODO: check + NOT-FOR-US: SialWeb CMS CVE-2020-36543 (A vulnerability, which was classified as critical, was found in SialWe ...) - TODO: check + NOT-FOR-US: SialWeb CMS CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) NOT-FOR-US: Demokratian CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deed123148fa8804a11359c5b5a0dc0cd6a582ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deed123148fa8804a11359c5b5a0dc0cd6a582ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb893ee4 by security tracker role at 2022-06-04T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,43 @@ -CVE-2020-36544 +CVE-2019-25070 RESERVED -CVE-2020-36543 +CVE-2019-25069 RESERVED +CVE-2019-25068 + RESERVED +CVE-2019-25067 + RESERVED +CVE-2019-25066 + RESERVED +CVE-2019-25065 + RESERVED +CVE-2018-25044 + RESERVED +CVE-2018-25043 + RESERVED +CVE-2018-25042 + RESERVED +CVE-2018-25041 + RESERVED +CVE-2018-25040 + RESERVED +CVE-2018-25039 + RESERVED +CVE-2018-25038 + RESERVED +CVE-2018-25037 + RESERVED +CVE-2018-25036 + RESERVED +CVE-2018-25035 + RESERVED +CVE-2018-25034 + RESERVED +CVE-2017-20017 + RESERVED +CVE-2020-36544 (A vulnerability has been found in SialWeb CMS and classified as proble ...) + TODO: check +CVE-2020-36543 (A vulnerability, which was classified as critical, was found in SialWe ...) + TODO: check CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) NOT-FOR-US: Demokratian CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) @@ -1440,7 +1476,7 @@ CVE-2022-31748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748 CVE-2022-31747 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1463,7 +1499,7 @@ CVE-2022-31743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743 CVE-2022-31742 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1472,7 +1508,7 @@ CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 CVE-2022-31741 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1481,7 +1517,7 @@ CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 CVE-2022-31740 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1498,7 +1534,7 @@ CVE-2022-31739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739 CVE-2022-31738 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1507,7 +1543,7 @@ CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 CVE-2022-31737 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1516,7 +1552,7 @@ CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 CVE-2022-31736 RESERVED - {DSA-5156-1 DLA-3041-1 DLA-3040-1} + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -2766,7 +2802,7 @@ CVE-2022-1835 RESERVED CVE-2022-1834 RESERVED - {DLA-3041-1} + {DSA-5158-1 DLA-3041-1} - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 CVE-2022-1833 @@ -2904,7 +2940,7 @@ CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub re NOT-FOR-US: Trudesk CVE-2022-1802 RESERVED - {DSA-5143-1 DLA-3041-1 DLA-3021-1} + {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - thunderbird 1:91.10.0-1 @@ -6596,7 +6632,7 @@ CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/li NOT-FOR-US: livehelperchat CVE-2022-1529 RESERVED - {DSA-5143-1 DLA-3041-1 DLA-3021-1} + {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - thunderbird 1:91.10.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/c
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-30629/gotlang-1.17
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d0c78d05 by Salvatore Bonaccorso at 2022-06-04T21:10:10+02:00 Track fixed version for CVE-2022-30629/gotlang-1.17 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4457,7 +4457,7 @@ CVE-2022-30630 CVE-2022-30629 RESERVED - golang-1.18 1.18.3-1 - - golang-1.17 + - golang-1.17 1.17.11-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0c78d05a4906f7519aed9690ef8d1b1c4f84518 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0c78d05a4906f7519aed9690ef8d1b1c4f84518 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fdb0470 by Salvatore Bonaccorso at 2022-06-04T21:00:03+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,19 +3,19 @@ CVE-2020-36544 CVE-2020-36543 RESERVED CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) - TODO: check + NOT-FOR-US: Demokratian CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) - TODO: check + NOT-FOR-US: Demokratian CVE-2020-36540 (A vulnerability, which was classified as critical, was found in Neetai ...) - TODO: check + NOT-FOR-US: Neetai Tech CVE-2020-36539 (A vulnerability was found in Lógico y Creativo 1.0 and classified ...) - TODO: check + NOT-FOR-US: Logico y Creativo CVE-2020-36538 (A vulnerability was found in Eatan CMS. It has been declared as critic ...) NOT-FOR-US: Eatan CMS CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classified as ...) NOT-FOR-US: Everywhere CMS CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) - TODO: check + NOT-FOR-US: Brandbugle CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) TODO: check CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) @@ -1427,7 +1427,7 @@ CVE-2020-36527 (A vulnerability, which was classified as problematic, has been f CVE-2020-36526 (A vulnerability classified as problematic was found in Countdown Timer ...) TODO: check CVE-2020-36525 (A vulnerability classified as problematic has been found in Linking. T ...) - TODO: check + NOT-FOR-US: Linking CVE-2020-36524 (A vulnerability was found in Refined Toolkit. It has been rated as pro ...) TODO: check CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been declared as pr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fdb047044e0820d883c66e047b297dc1938473c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fdb047044e0820d883c66e047b297dc1938473c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nvidia-graphics-drivers-tesla-450 spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5fa6abd5 by Moritz Mühlenhoff at 2022-06-04T19:55:20+02:00 nvidia-graphics-drivers-tesla-450 spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -104,3 +104,9 @@ CVE-2022-28185 [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb11u1 CVE-2022-24775 [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u1 +CVE-2022-28181 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 +CVE-2022-28185 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 +CVE-2022-28192 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa6abd59322d7cc96629e03d47b28e895d7c975 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fa6abd59322d7cc96629e03d47b28e895d7c975 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 10f512a0 by Moritz Mühlenhoff at 2022-06-04T19:51:09+02:00 thunderbird DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[04 Jun 2022] DSA-5158-1 thunderbird - security update + {CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747} + [buster] - thunderbird 1:91.10.0-1~deb10u1 + [bullseye] - thunderbird 1:91.10.0-1~deb11u1 [03 Jun 2022] DSA-5157-1 cifs-utils - security update {CVE-2022-27239 CVE-2022-29869} [buster] - cifs-utils 2:6.8-2+deb10u1 = data/dsa-needed.txt = @@ -54,8 +54,6 @@ sox spi (seb) 2022-05-25: maintainer proposed debdiffs -- -thunderbird (jmm) --- unzip unclear information, initial report indicates writable memory corruption, but some identified patch is just for a NULL deref, needs more clarification View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f512a09b1f12912d96cb941157e1da1923272a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f512a09b1f12912d96cb941157e1da1923272a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9835c586 by Moritz Mühlenhoff at 2022-06-04T19:48:50+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6572,6 +6572,8 @@ CVE-2022-1538 RESERVED CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...) - grunt 1.5.3-1 + [bullseye] - grunt (Minor issue) + [buster] - grunt (Minor issue) NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/ NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3) CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...) @@ -31512,6 +31514,8 @@ CVE-2021-45768 RESERVED CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1982 NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0) @@ -31521,16 +31525,22 @@ CVE-2021-45765 RESERVED CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1971 NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1974 NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1978 NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0) @@ -31538,6 +31548,8 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address NOT-FOR-US: ROPium CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1966 NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0) @@ -33150,6 +33162,8 @@ CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1973 NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0) @@ -43575,18 +43589,24 @@ CVE-2021-42615 RESERVED CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...) - halibut 1.3-1 + [bullseye] - halibut (Minor issue) + [buster] - halibut (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...) - halibut 1.3-1 + [bullseye] - halibut (Minor issue) + [buster] - halibut (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-4261
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8eb3c13c by Salvatore Bonaccorso at 2022-06-04T12:05:09+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,31 +11,31 @@ CVE-2020-36540 (A vulnerability, which was classified as critical, was found in CVE-2020-36539 (A vulnerability was found in Lógico y Creativo 1.0 and classified ...) TODO: check CVE-2020-36538 (A vulnerability was found in Eatan CMS. It has been declared as critic ...) - TODO: check + NOT-FOR-US: Eatan CMS CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classified as ...) - TODO: check + NOT-FOR-US: Everywhere CMS CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) TODO: check CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) TODO: check CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) - TODO: check + NOT-FOR-US: easyii CMS CVE-2020-36533 (A vulnerability was found in Klapp App and classified as problematic. ...) - TODO: check + NOT-FOR-US: Klapp App CVE-2020-36532 (A vulnerability has been found in Klapp App and classified as problema ...) - TODO: check + NOT-FOR-US: Klapp App CVE-2020-36531 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SevOne Network Management System CVE-2020-36530 (A vulnerability classified as critical was found in SevOne Network Man ...) - TODO: check + NOT-FOR-US: SevOne Network Management System CVE-2020-36529 (A vulnerability classified as critical has been found in SevOne Networ ...) - TODO: check + NOT-FOR-US: SevOne Network Management System CVE-2019-25064 RESERVED CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been classi ...) - TODO: check + NOT-FOR-US: Sricam IP CCTV Camera CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...) - TODO: check + NOT-FOR-US: Sricam IP CCTV Camera CVE-2022-32287 RESERVED CVE-2022-32286 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb3c13ccf321d2db6cc27421c7cfac71bba002c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb3c13ccf321d2db6cc27421c7cfac71bba002c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc42f32a by security tracker role at 2022-06-04T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2020-36544 + RESERVED +CVE-2020-36543 + RESERVED +CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) + TODO: check +CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) + TODO: check +CVE-2020-36540 (A vulnerability, which was classified as critical, was found in Neetai ...) + TODO: check +CVE-2020-36539 (A vulnerability was found in Lógico y Creativo 1.0 and classified ...) + TODO: check +CVE-2020-36538 (A vulnerability was found in Eatan CMS. It has been declared as critic ...) + TODO: check +CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classified as ...) + TODO: check +CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) + TODO: check +CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) + TODO: check +CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) + TODO: check +CVE-2020-36533 (A vulnerability was found in Klapp App and classified as problematic. ...) + TODO: check +CVE-2020-36532 (A vulnerability has been found in Klapp App and classified as problema ...) + TODO: check +CVE-2020-36531 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2020-36530 (A vulnerability classified as critical was found in SevOne Network Man ...) + TODO: check +CVE-2020-36529 (A vulnerability classified as critical has been found in SevOne Networ ...) + TODO: check +CVE-2019-25064 + RESERVED +CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been classi ...) + TODO: check +CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...) + TODO: check CVE-2022-32287 RESERVED CVE-2022-32286 @@ -4464,8 +4502,8 @@ CVE-2022-1705 RESERVED CVE-2022-1704 RESERVED -CVE-2022-1703 - RESERVED +CVE-2022-1703 (Improper neutralization of special elements in the SonicWall SSL-VPN S ...) + TODO: check CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) NOT-FOR-US: SonicWall CVE-2022-1701 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) @@ -7132,8 +7170,8 @@ CVE-2022-29786 RESERVED CVE-2022-29785 RESERVED -CVE-2022-29784 - RESERVED +CVE-2022-29784 (PublicCMS V4.0.202204.a and below contains an information leak via the ...) + TODO: check CVE-2022-29783 RESERVED CVE-2022-29782 @@ -7144,8 +7182,8 @@ CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat NOT-FOR-US: njs CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs -CVE-2022-29778 - RESERVED +CVE-2022-29778 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attacke ...) + TODO: check CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) NOT-FOR-US: Onlyoffice Document Server CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) @@ -7154,14 +7192,14 @@ CVE-2022-29775 RESERVED CVE-2022-29774 RESERVED -CVE-2022-29773 - RESERVED +CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...) + TODO: check CVE-2022-29772 RESERVED CVE-2022-29771 RESERVED -CVE-2022-29770 - RESERVED +CVE-2022-29770 (XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting ...) + TODO: check CVE-2022-29769 RESERVED CVE-2022-29768 @@ -17581,8 +17619,8 @@ CVE-2022-26136 RESERVED CVE-2022-26135 RESERVED -CVE-2022-26134 - RESERVED +CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) + TODO: check CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...) NOT-FOR-US: Atlassian Bitbucket Data Center CVE-2022-26132 @@ -18162,8 +18200,8 @@ CVE-2022-24068 RESERVED CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...) NOT-FOR-US: simple-git -CVE-2022-24065 - RESERVED +CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...) + TODO: check CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...)
[Git][security-tracker-team/security-tracker][master] mark three test/418 issues as ignored
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e6fb370 by Moritz Mühlenhoff at 2022-06-04T10:03:58+02:00 mark three test/418 issues as ignored - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11587,7 +11587,7 @@ CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1011143) - [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) @@ -11629,7 +11629,7 @@ CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1011143) - [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) @@ -11674,7 +11674,7 @@ CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1011143) - [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6fb370e832d25eb034d657ac436a68b594bd32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6fb370e832d25eb034d657ac436a68b594bd32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: nats-server entered Debian, move some NFUs to source package entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c12c346 by Salvatore Bonaccorso at 2022-06-04T09:17:05+02:00 nats-server entered Debian, move some NFUs to source package entry - - - - - 8aa27ef3 by Salvatore Bonaccorso at 2022-06-04T09:17:33+02:00 Associate CVE-2021-3127 with nats-erver and golang-github-nats-io-jwt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16059,7 +16059,10 @@ CVE-2022-26654 CVE-2022-26653 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...) - NOT-FOR-US: nats-server + - nats-server (Fixed before initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2022-26652.txt + NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 + NOTE: http://www.openwall.com/lists/oss-security/2022/03/10/1 CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...) - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Fix in next upload) @@ -22337,7 +22340,8 @@ CVE-2022-24452 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE-2022-24451 (VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...) - NOT-FOR-US: nats-server + - nats-server (Fixed before initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2022-24450.txt CVE-2022-24449 (Solar appScreener through 3.10.4, when a valid license is not present, ...) NOT-FOR-US: Solar appScreener CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...) @@ -91923,7 +91927,11 @@ CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html NOTE: https://github.com/servo/rust-smallvec/issues/252 CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...) - NOT-FOR-US: nats-server + - golang-github-nats-io-jwt 2.2.0-1 + - nats-server (Fixed before initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2021-3127.txt + NOTE: https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c + NOTE: https://github.com/nats-io/jwt/pull/149 CVE-2021-3126 RESERVED CVE-2021-23896 (Cleartext Transmission of Sensitive Information vulnerability in the a ...) @@ -110173,7 +110181,9 @@ CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft g CVE-2020-28467 RESERVED CVE-2020-28466 (This affects all versions of package github.com/nats-io/nats-server/se ...) - NOT-FOR-US: nats-server + - nats-server (Fixed before initial upload to Debian) + NOTE: https://github.com/nats-io/nats-server/pull/1731 + NOTE: http://www.openwall.com/lists/oss-security/2021/03/16/2 CVE-2020-28465 RESERVED CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...) @@ -203757,7 +203767,8 @@ CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...) NOT-FOR-US: mxGraph CVE-2019-13126 (An integer overflow in NATS Server before 2.0.2 allows a remote attack ...) - NOT-FOR-US: NATS Server + - nats-server (Fixed before initial upload to Debian) + NOTE: https://github.com/nats-io/nats-server/pull/1053 CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...) NOT-FOR-US: Tencent CVE-2019-13124 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24c771b6d2d5c5d624d379772e710d7cce06df89...8aa27ef33519fc32b615162cd42e0b75d77a6cd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24c771b6d2d5c5d624d379772e710d7cce06df89...8aa27ef33519fc32b615162cd42e0b75d77a6cd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2021-39705 (withdrawn by its CNA as not a security issue)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 24c771b6 by Salvatore Bonaccorso at 2022-06-04T09:06:46+02:00 Remove notes from CVE-2021-39705 (withdrawn by its CNA as not a security issue) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52049,7 +52049,6 @@ CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way t NOT-FOR-US: Android CVE-2021-39705 REJECTED - NOT-FOR-US: Android CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible unauthori ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c771b6d2d5c5d624d379772e710d7cce06df89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c771b6d2d5c5d624d379772e710d7cce06df89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits