[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-3981/grub2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4d4b353 by Salvatore Bonaccorso at 2023-02-09T06:34:53+01:00 Track fixed version via unstable for CVE-2021-3981/grub2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -96179,7 +96179,7 @@ CVE-2021-3982 (Linux distributions using CAP_SYS_NICE for gnome-shell may be exp NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known as grub. ...) - - grub2 (bug #1001414) + - grub2 2.06-8 (bug #1001414) [bullseye] - grub2 (Minor issue) [buster] - grub2 (Minor issue) [stretch] - grub2 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d4b3537e1fe6754aa2d5b82882b56dc65294e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d4b3537e1fe6754aa2d5b82882b56dc65294e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-22452/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96c430b7 by Salvatore Bonaccorso at 2023-02-09T06:29:25+01:00 Update information for CVE-2020-22452/phpmyadmin The issue was already fixed earlier, 5.0.2 upstream includes the fix and so the 4:5.0.4+dfsg1-1 upload to unstable as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185860,7 +185860,7 @@ CVE-2020-22454 CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...) NOT-FOR-US: Untis WebUntis CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery in Creat ...) - - phpmyadmin 4:5.2.0+dfsg1-2 + - phpmyadmin 4:5.0.4+dfsg1-1 NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/15898 NOTE: https://github.com/phpmyadmin/phpmyadmin/pull/16004 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/20e3d2fa9f5dc55fd25209963b5f26705d3e8020 (RELEASE_5_0_2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c430b7465ecdc5d49aeb1462719b0e6dd93b5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c430b7465ecdc5d49aeb1462719b0e6dd93b5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3314-1 for libsdl2
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85d09bd6 by Markus Koschany at 2023-02-09T00:44:58+01:00
Reserve DLA-3314-1 for libsdl2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -10121,7 +10121,6 @@ CVE-2022-4744
CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in
GLES_CreateTex ...)
- libsdl2 2.26.0+dfsg-1
[bullseye] - libsdl2 (Minor issue)
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290
NOTE: https://github.com/libsdl-org/SDL/pull/6269
NOTE: Fixed by:
https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
(prerelease-2.25.1)
@@ -125975,7 +125974,6 @@ CVE-2021-33657 (There is a heap overflow problem in
video/SDL_pixels.c in SDL (S
[stretch] - libsdl1.2 (Minor issue)
- libsdl2 2.0.20+dfsg-2
[bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1
- [buster] - libsdl2 (Minor issue)
[stretch] - libsdl2 (Minor issue)
NOTE:
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
(release-2.0.20)
CVE-2021-33656 (When setting font with malicous data by ioctl cmd
PIO_FONT,kernel will ...)
@@ -204144,13 +204142,11 @@ CVE-2020-14410 (SDL (Simple DirectMedia Layer)
through 2.0.12 has a heap-based b
{DLA-2536-1}
- libsdl1.2 (Only affects SDL2)
- libsdl2 2.0.14+dfsg2-2
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer
Overflow ...)
{DLA-2536-1}
- libsdl2 2.0.14+dfsg2-2
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with
CVE-2019-7637
@@ -260560,7 +260556,6 @@ CVE-2019-13627 (It was discovered that there was a
ECDSA timing attack in the li
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60
(1.8.5)
CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a
heap-based buff ...)
- libsdl2 2.0.10+dfsg1-1
- [buster] - libsdl2 (Minor issue)
[stretch] - libsdl2 (Minor issue)
[jessie] - libsdl2 (Minor issue)
- libsdl1.2 (Vulnerable code added later)
@@ -260601,7 +260596,6 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has
a heap-based buffer over-r
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-2804-1 DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
- [buster] - libsdl2 (Minor issue)
[jessie] - libsdl2 (can be fixed along with more important
patches)
- libsdl1.2 1.2.15+dfsg2-5
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
@@ -279137,7 +279131,6 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
@@ -279158,7 +279151,6 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
@@ -279167,7 +279159,6 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 (Minor issue)
- sdl-image1.2 1.2.12-11 (bug #932755)
[buster] - sdl-image1.2 1.2.12-10+deb10u1
[stretch] - sdl-image1.2 1.2.12-5+deb9u2
@@ -279309,7 +279300,6 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
- [buster] - libsdl2 (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE:
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-24813/php-dompdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f5caab7 by Salvatore Bonaccorso at 2023-02-08T22:31:30+01:00 Track fixed version for CVE-2023-24813/php-dompdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2058,7 +2058,7 @@ CVE-2023-24815 CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...) NOT-FOR-US: Typo3 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...) - - php-dompdf + - php-dompdf 2.0.3+dfsg-1 NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75 CVE-2023-24812 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f5caab70b207fd6295b8b4db2f0d06540a18d27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f5caab70b207fd6295b8b4db2f0d06540a18d27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark golang-1.18 as removed from everwhere supported
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20ce6f91 by Salvatore Bonaccorso at 2023-02-08T22:29:04+01:00 Mark golang-1.18 as removed from everwhere supported - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -935,3 +935,4 @@ ruby3.0 guacamole-client printfilters-ppd php8.1 +golang-1.18 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ce6f9198be0e5c38ba8d74ea013d0c6a58c4f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ce6f9198be0e5c38ba8d74ea013d0c6a58c4f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dfb157c8 by Salvatore Bonaccorso at 2023-02-08T22:14:28+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,9 +31,9 @@ CVE-2023-0750 CVE-2023-0749 RESERVED CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) - TODO: check + NOT-FOR-US: btcpayserver CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) - TODO: check + NOT-FOR-US: btcpayserver CVE-2023-0746 RESERVED CVE-2023-0745 @@ -73,15 +73,15 @@ CVE-2023-25590 CVE-2023-25589 RESERVED CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) NOT-FOR-US: Answer CVE-2023-0738 @@ -386,7 +386,7 @@ CVE-2023-0692 CVE-2023-0691 RESERVED CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) - TODO: check + NOT-FOR-US: HashiCorp Boundary CVE-2023-0689 RESERVED CVE-2023-0688 @@ -598,7 +598,7 @@ CVE-2023-25398 CVE-2023-25397 RESERVED CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) - TODO: check + NOT-FOR-US: Caphyon Advanced Installer CVE-2023-25395 RESERVED CVE-2023-25394 @@ -4554,7 +4554,7 @@ CVE-2023-23848 CVE-2023-23847 RESERVED CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-23845 RESERVED CVE-2023-23844 @@ -5878,7 +5878,7 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could a CVE-2023-23476 RESERVED CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23474 RESERVED CVE-2023-23473 @@ -9516,7 +9516,7 @@ CVE-2022-48076 CVE-2022-48075 RESERVED CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: NoMachine CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) NOT-FOR-US: Phicomm CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...) @@ -14455,7 +14455,7 @@ CVE-2022-46936 CVE-2022-46935 RESERVED CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site scripting (XS ...) - TODO: check + NOT-FOR-US: kkFileView CVE-2022-46933 RESERVED CVE-2022-46932 @@ -14813,7 +14813,7 @@ CVE-2022-46844 CVE-2022-46843 RESERVED CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2022-46841 RESERVED CVE-2022-46840 @@ -14927,7 +14927,7 @@ CVE-2022-46817 CVE-2022-46816 RESERVED CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...) - TODO: check + NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin CVE-2022-46814 RESERVED CVE-2022-46813 @@ -18156,7 +18156,7 @@ CVE-2022-45757 CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...) NOT-FOR-US: SENS CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...) - TODO: check + NOT-FOR-US: EyouCMS CVE-2022-45754 RESERVED CVE-2022-45753 @@ -18619,9 +18619,9 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera CVE-2022-45528 RESERVED CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...) - TODO: check + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...) - TODO: check + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3313-1 for wireshark
Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e19dfaa3 by Tobias Frost at 2023-02-08T21:49:15+01:00
Reserve DLA-3313-1 for wireshark
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -14547,7 +14547,6 @@ CVE-2021-4243 (A vulnerability was found in claviska
jquery-minicolors up to 2.3
CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol
dissectors in ...)
- wireshark 4.0.2-1
[bullseye] - wireshark (Minor issue)
- [buster] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[08 Feb 2023] DLA-3313-1 wireshark - security update
+ {CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415
CVE-2023-0417}
+ [buster] - wireshark 2.6.20-0+deb10u5
[08 Feb 2023] DLA-3312-1 shim - security update
[buster] - shim 15.7-1~deb10u1
[08 Feb 2023] DLA-3311-1 heimdal - security update
=
data/dla-needed.txt
=
@@ -349,11 +349,6 @@ trafficserver
NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010)
suggest CVE-2022-31779 may have already been investigated. (lamby)
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/trafficserver.git
--
-wireshark (tobi)
- NOTE: 20230123: Programming language: C.
- NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them
pile up like last time. (utkarsh).
- NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/wireshark.git
---
xfig (gladk)
NOTE: 20230105: Programming language: C.
NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19dfaa3a6901d3e30d81b491c219899535fc2c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19dfaa3a6901d3e30d81b491c219899535fc2c8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Add meta-ifnrormation
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e30ea9a by Anton Gladky at 2023-02-08T21:39:39+01:00 LTS: Add meta-ifnrormation - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -201,6 +201,8 @@ openimageio -- openssl NOTE: 20230208: Programming language: C. + NOTE: 20230208: Special attention: Very high popcon! + NOTE: 20230208: VCS: https://salsa.debian.org/lts-team/packages/openssl.git -- php-cas NOTE: 20221105: Programming language: PHP. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e30ea9a0994990bf3668b5c3293d5ef735683a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e30ea9a0994990bf3668b5c3293d5ef735683a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-22452/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d28a237d by Salvatore Bonaccorso at 2023-02-08T21:17:58+01:00 Add CVE-2020-22452/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185863,7 +185863,12 @@ CVE-2020-22454 CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...) NOT-FOR-US: Untis WebUntis CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery in Creat ...) - TODO: check + - phpmyadmin 4:5.2.0+dfsg1-2 + NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/15898 + NOTE: https://github.com/phpmyadmin/phpmyadmin/pull/16004 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/20e3d2fa9f5dc55fd25209963b5f26705d3e8020 (RELEASE_5_0_2) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca42395ee4b2936d3702524f8fb8bec1e9502bc7 (RELEASE_5_0_2) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f6af795eb380aef11a2924b8be91dfbb4a7562b6 (RELEASE_5_0_2) CVE-2020-22451 RESERVED CVE-2020-22450 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28a237db745081288c409cc59a52c7d6318ee9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28a237db745081288c409cc59a52c7d6318ee9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,53 @@
+CVE-2023-25611
+ RESERVED
+CVE-2023-25610
+ RESERVED
+CVE-2023-25609
+ RESERVED
+CVE-2023-25608
+ RESERVED
+CVE-2023-25607
+ RESERVED
+CVE-2023-25606
+ RESERVED
+CVE-2023-25605
+ RESERVED
+CVE-2023-25604
+ RESERVED
+CVE-2023-25603
+ RESERVED
+CVE-2023-25602
+ RESERVED
+CVE-2023-25601
+ RESERVED
+CVE-2023-0753
+ RESERVED
+CVE-2023-0752
+ RESERVED
+CVE-2023-0751
+ RESERVED
+CVE-2023-0750
+ RESERVED
+CVE-2023-0749
+ RESERVED
+CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver
prior to ...)
+ TODO: check
+CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
+ TODO: check
+CVE-2023-0746
+ RESERVED
+CVE-2023-0745
+ RESERVED
+CVE-2022-48321
+ RESERVED
+CVE-2022-48320
+ RESERVED
+CVE-2022-48319
+ RESERVED
+CVE-2022-48318
+ RESERVED
+CVE-2022-48317
+ RESERVED
CVE-2023-25600
RESERVED
CVE-2023-25599
@@ -22,16 +72,16 @@ CVE-2023-25590
RESERVED
CVE-2023-25589
RESERVED
-CVE-2023-0744
- RESERVED
-CVE-2023-0743
- RESERVED
-CVE-2023-0742
- RESERVED
-CVE-2023-0741
- RESERVED
-CVE-2023-0740
- RESERVED
+CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer
prior to ...)
+ TODO: check
+CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository
answerdev/an ...)
+ TODO: check
+CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository
answerdev/answer ...)
+ TODO: check
+CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer
prior t ...)
NOT-FOR-US: Answer
CVE-2023-0738
@@ -286,33 +336,43 @@ CVE-2023-25499
CVE-2023-24019
RESERVED
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to
110.0.5481.77 allow ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome
prior to ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to
110.0.5481.77 all ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to
110.0.5481.7 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to
110.0.5481.77 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior
to 110 ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77
allowed ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to
110.0.5481.77 a ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google
Chrome on A ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77
allowed a ...)
+ {DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium (see DSA 5046)
CVE-2023-0695
@@ -325,8 +385,8 @@ CVE-2023-0692
RESERVED
CVE-2023-0691
RESERVED
-CVE-2023-0690
- RESERVED
+CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue
where w ...)
+ TODO: check
CVE-2023-0689
RESERVED
CVE-2023-0688
@@ -537,8 +597,8 @@ CVE-2023-25398
RESERVED
CVE-2023-25397
RESERVED
-CVE-2023-25396
- RESERVED
+CVE-2023-25396 (Privilege escalation in the MSI repair functionality in
Caphyon Advanc ...)
+ TODO: check
CVE-2023-25395
RESERVED
CVE-2023-25394
@@ -1114,8 +1174,8 @@ CVE-2023-25154
RESERVED
CVE-2023-25153
RESERVED
-CVE-2023-25152
-
[Git][security-tracker-team/security-tracker][master] CVE-2023-23931: Directly refer to commit in repository
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5298de27 by Salvatore Bonaccorso at 2023-02-08T21:07:34+01:00 CVE-2023-23931: Directly refer to commit in repository - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4307,7 +4307,7 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi - python-cryptography [bullseye] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r - NOTE: https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 + NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 CVE-2023-23930 RESERVED CVE-2023-23929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5298de27253d8d3b1a8c3a1623dad394bf4fc6d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5298de27253d8d3b1a8c3a1623dad394bf4fc6d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for ncurses via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 381fe374 by Salvatore Bonaccorso at 2023-02-08T20:56:51+01:00 Track proposed update for ncurses via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -112,3 +112,5 @@ CVE-2022-24895 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 CVE-2022-24894 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 +CVE-2022-29458 + [bullseye] - ncurses 6.2+20201114-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381fe37403683d176544ae97fcd22f9216cfbf45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381fe37403683d176544ae97fcd22f9216cfbf45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge temporary RUSTSEC-2023-0004 entry with CVE-2023-22895
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f2c39d2 by Salvatore Bonaccorso at 2023-02-08T20:49:11+01:00 Merge temporary RUSTSEC-2023-0004 entry with CVE-2023-22895 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -206,11 +206,6 @@ CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate G NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester -CVE-2023- [RUSTSEC-2023-0004] - - rust-bzip2 0.4.4-1 - [bullseye] - rust-bzip2 (Minor issue) - NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html - NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 CVE-2023- [RUSTSEC-2023-0005] - rust-tokio 1.24.2-1 [bullseye] - rust-tokio (Vulnerable code not present) @@ -7338,6 +7333,7 @@ CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a - rust-bzip2 0.4.4-1 (bug #1029158) [bullseye] - rust-bzip2 (Minor issue) [buster] - rust-bzip2 (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) CVE-2023-22894 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2c39d294c68e983245c0f19d3a73c5507223b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2c39d294c68e983245c0f19d3a73c5507223b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6175987 by Moritz Mühlenhoff at 2023-02-08T20:09:47+01:00
chromium DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[08 Feb 2023] DSA-5345-1 chromium - security update
+ {CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700
CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}
+ [bullseye] - chromium 110.0.5481.77-1~deb11u1
[08 Feb 2023] DSA-5344-1 heimdal - security update
{CVE-2022-45142}
[bullseye] - heimdal 7.7.0+dfsg-2+deb11u3
=
data/dsa-needed.txt
=
@@ -16,8 +16,6 @@ apr-util (carnil)
--
apr (carnil)
--
-chromium
---
frr
--
haproxy (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6175987e90631812b3eba07f953a22c51e181bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6175987e90631812b3eba07f953a22c51e181bf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5029,7 +5029,7 @@ CVE-2023-23698 CVE-2023-23697 RESERVED CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-23695 RESERVED CVE-2023-23694 @@ -6885,7 +6885,7 @@ CVE-2023-23028 CVE-2023-23027 RESERVED CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2023-23025 RESERVED CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...) @@ -6915,7 +6915,7 @@ CVE-2023-23013 CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...) NOT-FOR-US: craigrodway classroombookings CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...) - TODO: check + NOT-FOR-US: InvoicePlane CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2023-23009 @@ -7322,7 +7322,7 @@ CVE-2023-22902 CVE-2023-22901 RESERVED CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) - TODO: check + NOT-FOR-US: Efence CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) - zip4j 2.11.2-3 (bug #1029038) [bullseye] - zip4j (Minor issue) @@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...) @@ -9281,7 +9281,7 @@ CVE-2022-48168 CVE-2022-48167 RESERVED CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...) - TODO: check + NOT-FOR-US: Wavlink CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) NOT-FOR-US: Wavlink CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) @@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution CVE-2022-48115 RESERVED CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...) NOT-FOR-US: TOTOLINK CVE-2022-48112 @@ -9443,7 +9443,7 @@ CVE-2022-48087 CVE-2022-48086 RESERVED CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...) - TODO: check + NOT-FOR-US: Softr CVE-2022-48084 RESERVED CVE-2022-48083 @@ -10895,7 +10895,7 @@ CVE-2022-47764 CVE-2022-47763 RESERVED CVE-2022-47762 (In gin-vue-admin 2.5.5, the download module has a Path Traversal ...) - TODO: check + NOT-FOR-US: gin-vue-admin CVE-2022-47761 RESERVED CVE-2022-47760 @@ -12906,11 +12906,11 @@ CVE-2022-47454 CVE-2022-47453 RESERVED CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...) NOT-FOR-US: GE Digital CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...) @@ -13008,21 +13008,21 @@ CVE-2022-47421 CVE-2022-47420 RESERVED CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...) - TODO: check + NOT-FOR-US: Mayan EDMS DMS CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47416
[Git][security-tracker-team/security-tracker][master] new python-cryptography issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 75b97445 by Moritz Muehlenhoff at 2023-02-08T17:28:13+01:00 new python-cryptography issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4309,7 +4309,10 @@ CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receiv CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...) NOT-FOR-US: OpenDDS CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives ...) - TODO: check + - python-cryptography + [bullseye] - python-cryptography (Minor issue) + NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r + NOTE: https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 CVE-2023-23930 RESERVED CVE-2023-23929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75b97445f81c01035032b65a01b5bda088bb531c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75b97445f81c01035032b65a01b5bda088bb531c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] sofia-sip fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13c14bc7 by Moritz Muehlenhoff at 2023-02-08T17:24:50+01:00
sofia-sip fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -8003,7 +8003,7 @@ CVE-2023-22742 (libgit2 is a cross-platform, linkable
library implementation of
NOTE:
https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq
CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
{DLA-3292-1}
- - sofia-sip (bug #1029654)
+ - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654)
NOTE:
https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6
(v1.13.11)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
CVE-2023-22740 (Discourse is an open source platform for community discussion.
Version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c14bc7088fa907d8ad6701e90b5bd980b5a127
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c14bc7088fa907d8ad6701e90b5bd980b5a127
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] one more mplayer issue fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 12263c4b by Moritz Muehlenhoff at 2023-02-08T17:24:12+01:00 one more mplayer issue fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39377,7 +39377,7 @@ CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Ov CVE-2022-38857 RESERVED CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer (unimportant; bug #1021013) + - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2395 NOTE: Crash in CLI tool, no security impact CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12263c4bdee089778a11cf4cee0bfd82fbf7ac22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12263c4bdee089778a11cf4cee0bfd82fbf7ac22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-38725/syslog-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8fdf727 by Salvatore Bonaccorso at 2023-02-08T16:12:21+01:00 Add CVE-2022-38725/syslog-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39882,7 +39882,8 @@ CVE-2022-38727 CVE-2022-38726 RESERVED CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...) - TODO: check + - syslog-ng 3.38.1-1 + NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fdf727f7bcb7f2332ef4450d1679c9504d8c5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fdf727f7bcb7f2332ef4450d1679c9504d8c5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for sofia-sip
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61ac7f22 by Salvatore Bonaccorso at 2023-02-08T15:57:35+01:00 Update notes for sofia-sip - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -58,7 +58,7 @@ salt samba -- sofia-sip - Maintainer proposed debdiff for review with additional question + Maintainer proposed debdiff for review with additional question and sent a followup -- sox patch needed for CVE-2021-40426, check with upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac7f22b348afd13e431f9fe38819637f0b3c96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac7f22b348afd13e431f9fe38819637f0b3c96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] symfony spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c7b5c577 by Moritz Mühlenhoff at 2023-02-08T15:24:22+01:00 symfony spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -108,3 +108,7 @@ CVE-2022-48279 [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 CVE-2023-24021 [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 +CVE-2022-24895 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 +CVE-2022-24894 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b5c577bad465ac777a336fda9d051d76d0f3a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b5c577bad465ac777a336fda9d051d76d0f3a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31898798 by Moritz Muehlenhoff at 2023-02-08T14:55:26+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,21 +33,21 @@ CVE-2023-0741 CVE-2023-0740 RESERVED CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0738 RESERVED CVE-2023-0737 RESERVED CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-0734 RESERVED CVE-2023-0733 RESERVED CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-25588 RESERVED CVE-2023-25587 @@ -203,9 +203,9 @@ CVE-2023-0709 CVE-2023-0708 RESERVED CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023- [RUSTSEC-2023-0004] - rust-bzip2 0.4.4-1 [bullseye] - rust-bzip2 (Minor issue) @@ -337,7 +337,7 @@ CVE-2023-0689 CVE-2023-0688 RESERVED CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) - TODO: check + NOT-FOR-US: XpressEngine CVE-2023-25498 RESERVED CVE-2023-25497 @@ -964,11 +964,11 @@ CVE-2022-48316 CVE-2022-48315 RESERVED CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...) - TODO: check + NOT-FOR-US: Custom-Content-Width CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been ...) - TODO: check + NOT-FOR-US: OpenSeaMap CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth ...) - TODO: check + NOT-FOR-US: weblabyrinth CVE-2023-25198 RESERVED CVE-2023-25197 @@ -986,13 +986,13 @@ CVE-2022-48312 CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...) - kafka (bug #786460) CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...) - TODO: check + NOT-FOR-US: eXo Chat CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...) NOT-FOR-US: paxswill EVE Ship Replacement Program CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: WangGuard CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...) - TODO: check + NOT-FOR-US: WikiSEO CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...) - harfbuzz (bug #1030612) [bullseye] - harfbuzz (Minor issue) @@ -1062,7 +1062,7 @@ CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0. CVE-2023-0670 RESERVED CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...) - TODO: check + NOT-FOR-US: Fortra GoAnywhere MFT CVE-2023-0668 RESERVED CVE-2023-0667 @@ -1076,7 +1076,7 @@ CVE-2023-0664 CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...) NOT-FOR-US: Calendar Event Management System CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...) - TODO: check + NOT-FOR-US: HP CVE-2023-25173 RESERVED CVE-2023-25172 @@ -1464,7 +1464,7 @@ CVE-2023-25018 CVE-2023-25017 RESERVED CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) NOT-FOR-US: Clockwork Web CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) @@ -1973,9 +1973,9 @@ CVE-2016-15023 (A vulnerability, which was classified as problematic, was found CVE-2023-24831 RESERVED CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...) - TODO: check + NOT-FOR-US: Onedev CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) - TODO: check + NOT-FOR-US: syft CVE-2023-24826 RESERVED CVE-2023-24825 @@ -2001,7 +2001,7 @@
[Git][security-tracker-team/security-tracker][master] graphite-web fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11d9092b by Moritz Muehlenhoff at 2023-02-08T14:21:00+01:00
graphite-web fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10152,19 +10152,19 @@ CVE-2022-4731 (A vulnerability, which was classified
as problematic, was found i
NOT-FOR-US: myapnea
CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been
classified as p ...)
{DLA-3309-1}
- - graphite-web (bug #1026992)
+ - graphite-web 1.1.8-1.1 (bug #1026992)
NOTE:
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2746
NOTE: https://github.com/graphite-project/graphite-web/pull/2785
CVE-2022-4729 (A vulnerability was found in Graphite Web and classified as
problemati ...)
{DLA-3309-1}
- - graphite-web (bug #1026992)
+ - graphite-web 1.1.8-1.1 (bug #1026992)
NOTE:
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2745
NOTE: https://github.com/graphite-project/graphite-web/pull/2785
CVE-2022-4728 (A vulnerability has been found in Graphite Web and classified
as probl ...)
{DLA-3309-1}
- - graphite-web (bug #1026992)
+ - graphite-web 1.1.8-1.1 (bug #1026992)
NOTE:
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2744
NOTE: https://github.com/graphite-project/graphite-web/pull/2785
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d9092bfb60c12ee9a0aa5bf7f6a0e897aa25cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d9092bfb60c12ee9a0aa5bf7f6a0e897aa25cb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openssh fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f6c7f0e3 by Moritz Muehlenhoff at 2023-02-08T14:20:06+01:00 openssh fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1453,7 +1453,7 @@ CVE-2023-0636 CVE-2023-0635 RESERVED CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...) - - openssh + - openssh 1:9.2p1-1 [bullseye] - openssh (Vulnerable code not present) [buster] - openssh (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c7f0e36812d1546bdb86df1d641538c32edbac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c7f0e36812d1546bdb86df1d641538c32edbac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for heimdal update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebf03ffc by Salvatore Bonaccorso at 2023-02-08T13:30:21+01:00
Reserve DSA number for heimdal update
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[08 Feb 2023] DSA-5344-1 heimdal - security update
+ {CVE-2022-45142}
+ [bullseye] - heimdal 7.7.0+dfsg-2+deb11u3
[07 Feb 2023] DSA-5343-1 openssl - security update
{CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286}
[bullseye] - openssl 1.1.1n-0+deb11u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf03ffc3aab474bf8721c7051768d116c02ba65
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf03ffc3aab474bf8721c7051768d116c02ba65
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] more mplayer issues fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f882696 by Moritz Muehlenhoff at 2023-02-08T13:13:48+01:00
more mplayer issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -39322,14 +39322,14 @@ CVE-2022-38867
RESERVED
CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2
(r38388)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide
By Zero ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2401
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144
(r38386)
@@ -39342,7 +39342,7 @@ CVE-2022-38864 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94
(r38391)
CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2405
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d
(r38393)
@@ -39359,7 +39359,7 @@ CVE-2022-38861 (The MPlayer Project mplayer
SVN-r38374-13.0.1 is vulnerable to m
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1
(r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide
By Zero ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2402
NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401
@@ -39369,7 +39369,7 @@ CVE-2022-38859
RESERVED
CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2396
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca
(r38385)
@@ -39382,7 +39382,7 @@ CVE-2022-38856 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
NOTE: Crash in CLI tool, no security impact
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2392
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7
(r38384)
@@ -39390,7 +39390,7 @@ CVE-2022-38855 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
CVE-2022-38854
RESERVED
CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2398
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e
(r38380)
NOTE: Followup:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8
(r38392)
@@ -39399,14 +39399,14 @@ CVE-2022-38852
RESERVED
CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to
Out-of-bounds R ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2393
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935
(r38382)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable
to Divide ...)
{DLA-3255-1}
- - mplayer (unimportant)
+ - mplayer 2:1.5+svn38408-1 (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2399
NOTE:
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3312-1 for shim
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c772926a by Emilio Pozuelo Monfort at 2023-02-08T12:59:13+01:00
Reserve DLA-3312-1 for shim
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[08 Feb 2023] DLA-3312-1 shim - security update
+ [buster] - shim 15.7-1~deb10u1
[08 Feb 2023] DLA-3311-1 heimdal - security update
{CVE-2022-45142}
[buster] - heimdal 7.5.0+dfsg-3+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c772926a55384447a37cdd12a86d21c2f6c7b7ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c772926a55384447a37cdd12a86d21c2f6c7b7ee
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] record bug number for heimdal CVE-2022-45142
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a0a1f7b by Helmut Grohne at 2023-02-08T12:52:37+01:00 record bug number for heimdal CVE-2022-45142 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20067,7 +20067,7 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0. NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1 CVE-2022-45142 [gsskrb5: fix accidental logic inversions] RESERVED - - heimdal + - heimdal (bug #1030849) NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 CVE-2022-45141 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0a1f7b28ede4da703f3078b485c6e4432e34ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0a1f7b28ede4da703f3078b485c6e4432e34ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] issue DLA-3311-1 for heimdal CVE-2022-45142
Helmut Grohne pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41508f7c by Helmut Grohne at 2023-02-08T12:37:05+01:00
issue DLA-3311-1 for heimdal CVE-2022-45142
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[08 Feb 2023] DLA-3311-1 heimdal - security update
+ {CVE-2022-45142}
+ [buster] - heimdal 7.5.0+dfsg-3+deb10u2
[07 Feb 2023] DLA-3310-1 xorg-server - security update
{CVE-2023-0494}
[buster] - xorg-server 2:1.20.4-1+deb10u8
=
data/dla-needed.txt
=
@@ -102,11 +102,6 @@ haproxy
NOTE: 20230207: VCS: https://salsa.debian.org/haproxy-team/haproxy.git
NOTE: 20230207: method was called h2_frt_decode_headers in buster (pochu)
--
-heimdal (Helmut Grohne)
- NOTE: 20230206: Programming language: C
- NOTE: 20230206: Special attention: Do review patches, even those, coming
from upstream.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/heimdal/
---
imagemagick (Roberto C. Sánchez)
NOTE: 20220904: Programming language: C.
NOTE: 20220904: VCS:
https://salsa.debian.org/lts-team/packages/imagemagick.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41508f7cc45ef642ba5823bbbdd866a6da4cece1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41508f7cc45ef642ba5823bbbdd866a6da4cece1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 518865db by Salvatore Bonaccorso at 2023-02-08T09:35:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -155,47 +155,47 @@ CVE-2023-25535 CVE-2023-22660 RESERVED CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: Interactive Geo Maps plugin for WordPress CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0729 RESERVED CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0721 RESERVED CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0714 RESERVED CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0710 RESERVED CVE-2023-0709 @@ -946,9 +946,9 @@ CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been decl CVE-2023-0686 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0683 RESERVED CVE-2023-0682 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518865dbd8bc1a8a50c780d06f09dd91b6afd047 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518865dbd8bc1a8a50c780d06f09dd91b6afd047 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2022-45142/heimdal
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ba8e750 by Salvatore Bonaccorso at 2023-02-08T09:30:25+01:00 Add additional reference for CVE-2022-45142/heimdal - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20069,6 +20069,7 @@ CVE-2022-45142 [gsskrb5: fix accidental logic inversions] RESERVED - heimdal NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 CVE-2022-45141 RESERVED - samba 2:4.16.0+dfsg-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba8e7508b4f92eec20788e519ec443ec3dbc1f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba8e7508b4f92eec20788e519ec443ec3dbc1f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c2d3861 by security tracker role at 2023-02-08T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2023-25600 + RESERVED +CVE-2023-25599 + RESERVED +CVE-2023-25598 + RESERVED +CVE-2023-25597 + RESERVED +CVE-2023-25596 + RESERVED +CVE-2023-25595 + RESERVED +CVE-2023-25594 + RESERVED +CVE-2023-25593 + RESERVED +CVE-2023-25592 + RESERVED +CVE-2023-25591 + RESERVED +CVE-2023-25590 + RESERVED +CVE-2023-25589 + RESERVED +CVE-2023-0744 + RESERVED +CVE-2023-0743 + RESERVED +CVE-2023-0742 + RESERVED +CVE-2023-0741 + RESERVED +CVE-2023-0740 + RESERVED +CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) + TODO: check +CVE-2023-0738 + RESERVED +CVE-2023-0737 + RESERVED +CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) + TODO: check +CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) + TODO: check +CVE-2023-0734 + RESERVED +CVE-2023-0733 + RESERVED +CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) + TODO: check CVE-2023-25588 RESERVED CVE-2023-25587 @@ -104,48 +154,48 @@ CVE-2023-25535 RESERVED CVE-2023-22660 RESERVED -CVE-2023-0731 - RESERVED -CVE-2023-0730 - RESERVED +CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check CVE-2023-0729 RESERVED -CVE-2023-0728 - RESERVED -CVE-2023-0727 - RESERVED -CVE-2023-0726 - RESERVED -CVE-2023-0725 - RESERVED -CVE-2023-0724 - RESERVED -CVE-2023-0723 - RESERVED -CVE-2023-0722 - RESERVED +CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check CVE-2023-0721 RESERVED -CVE-2023-0720 - RESERVED -CVE-2023-0719 - RESERVED -CVE-2023-0718 - RESERVED -CVE-2023-0717 - RESERVED -CVE-2023-0716 - RESERVED -CVE-2023-0715 - RESERVED +CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check CVE-2023-0714 RESERVED -CVE-2023-0713 - RESERVED -CVE-2023-0712 - RESERVED -CVE-2023-0711 - RESERVED +CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check CVE-2023-0710 RESERVED CVE-2023-0709 @@ -240,44 +290,34 @@ CVE-2023-25499 RESERVED CVE-2023-24019 RESERVED -CVE-2023-0705 - RESERVED +CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) -CVE-2023-0704 - RESERVED +CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) -CVE-2023-0703 - RESERVED +CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...)
