[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-3981/grub2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4d4b353 by Salvatore Bonaccorso at 2023-02-09T06:34:53+01:00 Track fixed version via unstable for CVE-2021-3981/grub2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -96179,7 +96179,7 @@ CVE-2021-3982 (Linux distributions using CAP_SYS_NICE for gnome-shell may be exp NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known as grub. ...) - - grub2 (bug #1001414) + - grub2 2.06-8 (bug #1001414) [bullseye] - grub2 (Minor issue) [buster] - grub2 (Minor issue) [stretch] - grub2 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d4b3537e1fe6754aa2d5b82882b56dc65294e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d4b3537e1fe6754aa2d5b82882b56dc65294e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-22452/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96c430b7 by Salvatore Bonaccorso at 2023-02-09T06:29:25+01:00 Update information for CVE-2020-22452/phpmyadmin The issue was already fixed earlier, 5.0.2 upstream includes the fix and so the 4:5.0.4+dfsg1-1 upload to unstable as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185860,7 +185860,7 @@ CVE-2020-22454 CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...) NOT-FOR-US: Untis WebUntis CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery in Creat ...) - - phpmyadmin 4:5.2.0+dfsg1-2 + - phpmyadmin 4:5.0.4+dfsg1-1 NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/15898 NOTE: https://github.com/phpmyadmin/phpmyadmin/pull/16004 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/20e3d2fa9f5dc55fd25209963b5f26705d3e8020 (RELEASE_5_0_2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c430b7465ecdc5d49aeb1462719b0e6dd93b5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c430b7465ecdc5d49aeb1462719b0e6dd93b5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3314-1 for libsdl2
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 85d09bd6 by Markus Koschany at 2023-02-09T00:44:58+01:00 Reserve DLA-3314-1 for libsdl2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -10121,7 +10121,6 @@ CVE-2022-4744 CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...) - libsdl2 2.26.0+dfsg-1 [bullseye] - libsdl2 (Minor issue) - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290 NOTE: https://github.com/libsdl-org/SDL/pull/6269 NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1) @@ -125975,7 +125974,6 @@ CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (S [stretch] - libsdl1.2 (Minor issue) - libsdl2 2.0.20+dfsg-2 [bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1 - [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20) CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kernel will ...) @@ -204144,13 +204142,11 @@ CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based b {DLA-2536-1} - libsdl1.2 (Only affects SDL2) - libsdl2 2.0.14+dfsg2-2 - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...) {DLA-2536-1} - libsdl2 2.0.14+dfsg2-2 - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637 @@ -260560,7 +260556,6 @@ CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the li NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5) CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...) - libsdl2 2.0.10+dfsg1-1 - [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) [jessie] - libsdl2 (Minor issue) - libsdl1.2 (Vulnerable code added later) @@ -260601,7 +260596,6 @@ CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-r CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1} - libsdl2 2.0.10+dfsg1-1 - [buster] - libsdl2 (Minor issue) [jessie] - libsdl2 (can be fixed along with more important patches) - libsdl1.2 1.2.15+dfsg2-5 [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 @@ -279137,7 +279131,6 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf @@ -279158,7 +279151,6 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2) @@ -279167,7 +279159,6 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 (Minor issue) - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 @@ -279309,7 +279300,6 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1 - libsdl2 2.0.10+dfsg1-1 (bug #924610) - [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494 NOTE:
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-24813/php-dompdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f5caab7 by Salvatore Bonaccorso at 2023-02-08T22:31:30+01:00 Track fixed version for CVE-2023-24813/php-dompdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2058,7 +2058,7 @@ CVE-2023-24815 CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...) NOT-FOR-US: Typo3 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...) - - php-dompdf + - php-dompdf 2.0.3+dfsg-1 NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75 CVE-2023-24812 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f5caab70b207fd6295b8b4db2f0d06540a18d27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f5caab70b207fd6295b8b4db2f0d06540a18d27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark golang-1.18 as removed from everwhere supported
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20ce6f91 by Salvatore Bonaccorso at 2023-02-08T22:29:04+01:00 Mark golang-1.18 as removed from everwhere supported - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -935,3 +935,4 @@ ruby3.0 guacamole-client printfilters-ppd php8.1 +golang-1.18 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ce6f9198be0e5c38ba8d74ea013d0c6a58c4f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ce6f9198be0e5c38ba8d74ea013d0c6a58c4f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dfb157c8 by Salvatore Bonaccorso at 2023-02-08T22:14:28+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,9 +31,9 @@ CVE-2023-0750 CVE-2023-0749 RESERVED CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) - TODO: check + NOT-FOR-US: btcpayserver CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) - TODO: check + NOT-FOR-US: btcpayserver CVE-2023-0746 RESERVED CVE-2023-0745 @@ -73,15 +73,15 @@ CVE-2023-25590 CVE-2023-25589 RESERVED CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) NOT-FOR-US: Answer CVE-2023-0738 @@ -386,7 +386,7 @@ CVE-2023-0692 CVE-2023-0691 RESERVED CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) - TODO: check + NOT-FOR-US: HashiCorp Boundary CVE-2023-0689 RESERVED CVE-2023-0688 @@ -598,7 +598,7 @@ CVE-2023-25398 CVE-2023-25397 RESERVED CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) - TODO: check + NOT-FOR-US: Caphyon Advanced Installer CVE-2023-25395 RESERVED CVE-2023-25394 @@ -4554,7 +4554,7 @@ CVE-2023-23848 CVE-2023-23847 RESERVED CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-23845 RESERVED CVE-2023-23844 @@ -5878,7 +5878,7 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could a CVE-2023-23476 RESERVED CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23474 RESERVED CVE-2023-23473 @@ -9516,7 +9516,7 @@ CVE-2022-48076 CVE-2022-48075 RESERVED CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: NoMachine CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) NOT-FOR-US: Phicomm CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...) @@ -14455,7 +14455,7 @@ CVE-2022-46936 CVE-2022-46935 RESERVED CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site scripting (XS ...) - TODO: check + NOT-FOR-US: kkFileView CVE-2022-46933 RESERVED CVE-2022-46932 @@ -14813,7 +14813,7 @@ CVE-2022-46844 CVE-2022-46843 RESERVED CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2022-46841 RESERVED CVE-2022-46840 @@ -14927,7 +14927,7 @@ CVE-2022-46817 CVE-2022-46816 RESERVED CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...) - TODO: check + NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin CVE-2022-46814 RESERVED CVE-2022-46813 @@ -18156,7 +18156,7 @@ CVE-2022-45757 CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...) NOT-FOR-US: SENS CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...) - TODO: check + NOT-FOR-US: EyouCMS CVE-2022-45754 RESERVED CVE-2022-45753 @@ -18619,9 +18619,9 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera CVE-2022-45528 RESERVED CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...) - TODO: check + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...) - TODO: check + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3313-1 for wireshark
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: e19dfaa3 by Tobias Frost at 2023-02-08T21:49:15+01:00 Reserve DLA-3313-1 for wireshark - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -14547,7 +14547,6 @@ CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3 CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...) - wireshark 4.0.2-1 [bullseye] - wireshark (Minor issue) - [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986 = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Feb 2023] DLA-3313-1 wireshark - security update + {CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0417} + [buster] - wireshark 2.6.20-0+deb10u5 [08 Feb 2023] DLA-3312-1 shim - security update [buster] - shim 15.7-1~deb10u1 [08 Feb 2023] DLA-3311-1 heimdal - security update = data/dla-needed.txt = @@ -349,11 +349,6 @@ trafficserver NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010) suggest CVE-2022-31779 may have already been investigated. (lamby) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/trafficserver.git -- -wireshark (tobi) - NOTE: 20230123: Programming language: C. - NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them pile up like last time. (utkarsh). - NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/wireshark.git --- xfig (gladk) NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19dfaa3a6901d3e30d81b491c219899535fc2c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19dfaa3a6901d3e30d81b491c219899535fc2c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Add meta-ifnrormation
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e30ea9a by Anton Gladky at 2023-02-08T21:39:39+01:00 LTS: Add meta-ifnrormation - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -201,6 +201,8 @@ openimageio -- openssl NOTE: 20230208: Programming language: C. + NOTE: 20230208: Special attention: Very high popcon! + NOTE: 20230208: VCS: https://salsa.debian.org/lts-team/packages/openssl.git -- php-cas NOTE: 20221105: Programming language: PHP. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e30ea9a0994990bf3668b5c3293d5ef735683a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e30ea9a0994990bf3668b5c3293d5ef735683a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-22452/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d28a237d by Salvatore Bonaccorso at 2023-02-08T21:17:58+01:00 Add CVE-2020-22452/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -185863,7 +185863,12 @@ CVE-2020-22454 CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...) NOT-FOR-US: Untis WebUntis CVE-2020-22452 (SQL Injection vulnerability in function getTableCreationQuery in Creat ...) - TODO: check + - phpmyadmin 4:5.2.0+dfsg1-2 + NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/15898 + NOTE: https://github.com/phpmyadmin/phpmyadmin/pull/16004 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/20e3d2fa9f5dc55fd25209963b5f26705d3e8020 (RELEASE_5_0_2) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca42395ee4b2936d3702524f8fb8bec1e9502bc7 (RELEASE_5_0_2) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f6af795eb380aef11a2924b8be91dfbb4a7562b6 (RELEASE_5_0_2) CVE-2020-22451 RESERVED CVE-2020-22450 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28a237db745081288c409cc59a52c7d6318ee9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28a237db745081288c409cc59a52c7d6318ee9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2023-25611 + RESERVED +CVE-2023-25610 + RESERVED +CVE-2023-25609 + RESERVED +CVE-2023-25608 + RESERVED +CVE-2023-25607 + RESERVED +CVE-2023-25606 + RESERVED +CVE-2023-25605 + RESERVED +CVE-2023-25604 + RESERVED +CVE-2023-25603 + RESERVED +CVE-2023-25602 + RESERVED +CVE-2023-25601 + RESERVED +CVE-2023-0753 + RESERVED +CVE-2023-0752 + RESERVED +CVE-2023-0751 + RESERVED +CVE-2023-0750 + RESERVED +CVE-2023-0749 + RESERVED +CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) + TODO: check +CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) + TODO: check +CVE-2023-0746 + RESERVED +CVE-2023-0745 + RESERVED +CVE-2022-48321 + RESERVED +CVE-2022-48320 + RESERVED +CVE-2022-48319 + RESERVED +CVE-2022-48318 + RESERVED +CVE-2022-48317 + RESERVED CVE-2023-25600 RESERVED CVE-2023-25599 @@ -22,16 +72,16 @@ CVE-2023-25590 RESERVED CVE-2023-25589 RESERVED -CVE-2023-0744 - RESERVED -CVE-2023-0743 - RESERVED -CVE-2023-0742 - RESERVED -CVE-2023-0741 - RESERVED -CVE-2023-0740 - RESERVED +CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) + TODO: check +CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) + TODO: check +CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + TODO: check +CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) + TODO: check +CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + TODO: check CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) NOT-FOR-US: Answer CVE-2023-0738 @@ -286,33 +336,43 @@ CVE-2023-25499 CVE-2023-24019 RESERVED CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...) + {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0695 @@ -325,8 +385,8 @@ CVE-2023-0692 RESERVED CVE-2023-0691 RESERVED -CVE-2023-0690 - RESERVED +CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) + TODO: check CVE-2023-0689 RESERVED CVE-2023-0688 @@ -537,8 +597,8 @@ CVE-2023-25398 RESERVED CVE-2023-25397 RESERVED -CVE-2023-25396 - RESERVED +CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) + TODO: check CVE-2023-25395 RESERVED CVE-2023-25394 @@ -1114,8 +1174,8 @@ CVE-2023-25154 RESERVED CVE-2023-25153 RESERVED -CVE-2023-25152 -
[Git][security-tracker-team/security-tracker][master] CVE-2023-23931: Directly refer to commit in repository
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5298de27 by Salvatore Bonaccorso at 2023-02-08T21:07:34+01:00 CVE-2023-23931: Directly refer to commit in repository - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4307,7 +4307,7 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi - python-cryptography [bullseye] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r - NOTE: https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 + NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 CVE-2023-23930 RESERVED CVE-2023-23929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5298de27253d8d3b1a8c3a1623dad394bf4fc6d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5298de27253d8d3b1a8c3a1623dad394bf4fc6d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for ncurses via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 381fe374 by Salvatore Bonaccorso at 2023-02-08T20:56:51+01:00 Track proposed update for ncurses via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -112,3 +112,5 @@ CVE-2022-24895 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 CVE-2022-24894 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 +CVE-2022-29458 + [bullseye] - ncurses 6.2+20201114-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381fe37403683d176544ae97fcd22f9216cfbf45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381fe37403683d176544ae97fcd22f9216cfbf45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge temporary RUSTSEC-2023-0004 entry with CVE-2023-22895
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f2c39d2 by Salvatore Bonaccorso at 2023-02-08T20:49:11+01:00 Merge temporary RUSTSEC-2023-0004 entry with CVE-2023-22895 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -206,11 +206,6 @@ CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate G NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester -CVE-2023- [RUSTSEC-2023-0004] - - rust-bzip2 0.4.4-1 - [bullseye] - rust-bzip2 (Minor issue) - NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html - NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 CVE-2023- [RUSTSEC-2023-0005] - rust-tokio 1.24.2-1 [bullseye] - rust-tokio (Vulnerable code not present) @@ -7338,6 +7333,7 @@ CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a - rust-bzip2 0.4.4-1 (bug #1029158) [bullseye] - rust-bzip2 (Minor issue) [buster] - rust-bzip2 (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) CVE-2023-22894 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2c39d294c68e983245c0f19d3a73c5507223b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2c39d294c68e983245c0f19d3a73c5507223b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c6175987 by Moritz Mühlenhoff at 2023-02-08T20:09:47+01:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[08 Feb 2023] DSA-5345-1 chromium - security update + {CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705} + [bullseye] - chromium 110.0.5481.77-1~deb11u1 [08 Feb 2023] DSA-5344-1 heimdal - security update {CVE-2022-45142} [bullseye] - heimdal 7.7.0+dfsg-2+deb11u3 = data/dsa-needed.txt = @@ -16,8 +16,6 @@ apr-util (carnil) -- apr (carnil) -- -chromium --- frr -- haproxy (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6175987e90631812b3eba07f953a22c51e181bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6175987e90631812b3eba07f953a22c51e181bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5029,7 +5029,7 @@ CVE-2023-23698 CVE-2023-23697 RESERVED CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-23695 RESERVED CVE-2023-23694 @@ -6885,7 +6885,7 @@ CVE-2023-23028 CVE-2023-23027 RESERVED CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2023-23025 RESERVED CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...) @@ -6915,7 +6915,7 @@ CVE-2023-23013 CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...) NOT-FOR-US: craigrodway classroombookings CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...) - TODO: check + NOT-FOR-US: InvoicePlane CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2023-23009 @@ -7322,7 +7322,7 @@ CVE-2023-22902 CVE-2023-22901 RESERVED CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) - TODO: check + NOT-FOR-US: Efence CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) - zip4j 2.11.2-3 (bug #1029038) [bullseye] - zip4j (Minor issue) @@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...) @@ -9281,7 +9281,7 @@ CVE-2022-48168 CVE-2022-48167 RESERVED CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...) - TODO: check + NOT-FOR-US: Wavlink CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) NOT-FOR-US: Wavlink CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) @@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution CVE-2022-48115 RESERVED CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...) NOT-FOR-US: TOTOLINK CVE-2022-48112 @@ -9443,7 +9443,7 @@ CVE-2022-48087 CVE-2022-48086 RESERVED CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...) - TODO: check + NOT-FOR-US: Softr CVE-2022-48084 RESERVED CVE-2022-48083 @@ -10895,7 +10895,7 @@ CVE-2022-47764 CVE-2022-47763 RESERVED CVE-2022-47762 (In gin-vue-admin 2.5.5, the download module has a Path Traversal ...) - TODO: check + NOT-FOR-US: gin-vue-admin CVE-2022-47761 RESERVED CVE-2022-47760 @@ -12906,11 +12906,11 @@ CVE-2022-47454 CVE-2022-47453 RESERVED CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...) NOT-FOR-US: GE Digital CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...) @@ -13008,21 +13008,21 @@ CVE-2022-47421 CVE-2022-47420 RESERVED CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...) - TODO: check + NOT-FOR-US: Mayan EDMS DMS CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47416
[Git][security-tracker-team/security-tracker][master] new python-cryptography issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 75b97445 by Moritz Muehlenhoff at 2023-02-08T17:28:13+01:00 new python-cryptography issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4309,7 +4309,10 @@ CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receiv CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...) NOT-FOR-US: OpenDDS CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives ...) - TODO: check + - python-cryptography + [bullseye] - python-cryptography (Minor issue) + NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r + NOTE: https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 CVE-2023-23930 RESERVED CVE-2023-23929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75b97445f81c01035032b65a01b5bda088bb531c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75b97445f81c01035032b65a01b5bda088bb531c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] sofia-sip fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 13c14bc7 by Moritz Muehlenhoff at 2023-02-08T17:24:50+01:00 sofia-sip fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8003,7 +8003,7 @@ CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) {DLA-3292-1} - - sofia-sip (bug #1029654) + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654) NOTE: https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6 (v1.13.11) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54 CVE-2023-22740 (Discourse is an open source platform for community discussion. Version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c14bc7088fa907d8ad6701e90b5bd980b5a127 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c14bc7088fa907d8ad6701e90b5bd980b5a127 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] one more mplayer issue fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 12263c4b by Moritz Muehlenhoff at 2023-02-08T17:24:12+01:00 one more mplayer issue fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39377,7 +39377,7 @@ CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Ov CVE-2022-38857 RESERVED CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer (unimportant; bug #1021013) + - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2395 NOTE: Crash in CLI tool, no security impact CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12263c4bdee089778a11cf4cee0bfd82fbf7ac22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12263c4bdee089778a11cf4cee0bfd82fbf7ac22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-38725/syslog-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8fdf727 by Salvatore Bonaccorso at 2023-02-08T16:12:21+01:00 Add CVE-2022-38725/syslog-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39882,7 +39882,8 @@ CVE-2022-38727 CVE-2022-38726 RESERVED CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...) - TODO: check + - syslog-ng 3.38.1-1 + NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fdf727f7bcb7f2332ef4450d1679c9504d8c5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fdf727f7bcb7f2332ef4450d1679c9504d8c5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for sofia-sip
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61ac7f22 by Salvatore Bonaccorso at 2023-02-08T15:57:35+01:00 Update notes for sofia-sip - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -58,7 +58,7 @@ salt samba -- sofia-sip - Maintainer proposed debdiff for review with additional question + Maintainer proposed debdiff for review with additional question and sent a followup -- sox patch needed for CVE-2021-40426, check with upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac7f22b348afd13e431f9fe38819637f0b3c96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac7f22b348afd13e431f9fe38819637f0b3c96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] symfony spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c7b5c577 by Moritz Mühlenhoff at 2023-02-08T15:24:22+01:00 symfony spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -108,3 +108,7 @@ CVE-2022-48279 [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 CVE-2023-24021 [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 +CVE-2022-24895 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 +CVE-2022-24894 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b5c577bad465ac777a336fda9d051d76d0f3a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b5c577bad465ac777a336fda9d051d76d0f3a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31898798 by Moritz Muehlenhoff at 2023-02-08T14:55:26+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,21 +33,21 @@ CVE-2023-0741 CVE-2023-0740 RESERVED CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) - TODO: check + NOT-FOR-US: Answer CVE-2023-0738 RESERVED CVE-2023-0737 RESERVED CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-0734 RESERVED CVE-2023-0733 RESERVED CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-25588 RESERVED CVE-2023-25587 @@ -203,9 +203,9 @@ CVE-2023-0709 CVE-2023-0708 RESERVED CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023- [RUSTSEC-2023-0004] - rust-bzip2 0.4.4-1 [bullseye] - rust-bzip2 (Minor issue) @@ -337,7 +337,7 @@ CVE-2023-0689 CVE-2023-0688 RESERVED CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) - TODO: check + NOT-FOR-US: XpressEngine CVE-2023-25498 RESERVED CVE-2023-25497 @@ -964,11 +964,11 @@ CVE-2022-48316 CVE-2022-48315 RESERVED CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...) - TODO: check + NOT-FOR-US: Custom-Content-Width CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been ...) - TODO: check + NOT-FOR-US: OpenSeaMap CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth ...) - TODO: check + NOT-FOR-US: weblabyrinth CVE-2023-25198 RESERVED CVE-2023-25197 @@ -986,13 +986,13 @@ CVE-2022-48312 CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...) - kafka (bug #786460) CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...) - TODO: check + NOT-FOR-US: eXo Chat CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...) NOT-FOR-US: paxswill EVE Ship Replacement Program CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: WangGuard CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...) - TODO: check + NOT-FOR-US: WikiSEO CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...) - harfbuzz (bug #1030612) [bullseye] - harfbuzz (Minor issue) @@ -1062,7 +1062,7 @@ CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0. CVE-2023-0670 RESERVED CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...) - TODO: check + NOT-FOR-US: Fortra GoAnywhere MFT CVE-2023-0668 RESERVED CVE-2023-0667 @@ -1076,7 +1076,7 @@ CVE-2023-0664 CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...) NOT-FOR-US: Calendar Event Management System CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...) - TODO: check + NOT-FOR-US: HP CVE-2023-25173 RESERVED CVE-2023-25172 @@ -1464,7 +1464,7 @@ CVE-2023-25018 CVE-2023-25017 RESERVED CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) NOT-FOR-US: Clockwork Web CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) @@ -1973,9 +1973,9 @@ CVE-2016-15023 (A vulnerability, which was classified as problematic, was found CVE-2023-24831 RESERVED CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...) - TODO: check + NOT-FOR-US: Onedev CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) - TODO: check + NOT-FOR-US: syft CVE-2023-24826 RESERVED CVE-2023-24825 @@ -2001,7 +2001,7 @@
[Git][security-tracker-team/security-tracker][master] graphite-web fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 11d9092b by Moritz Muehlenhoff at 2023-02-08T14:21:00+01:00 graphite-web fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10152,19 +10152,19 @@ CVE-2022-4731 (A vulnerability, which was classified as problematic, was found i NOT-FOR-US: myapnea CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...) {DLA-3309-1} - - graphite-web (bug #1026992) + - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2746 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 CVE-2022-4729 (A vulnerability was found in Graphite Web and classified as problemati ...) {DLA-3309-1} - - graphite-web (bug #1026992) + - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2745 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 CVE-2022-4728 (A vulnerability has been found in Graphite Web and classified as probl ...) {DLA-3309-1} - - graphite-web (bug #1026992) + - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2744 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d9092bfb60c12ee9a0aa5bf7f6a0e897aa25cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d9092bfb60c12ee9a0aa5bf7f6a0e897aa25cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openssh fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f6c7f0e3 by Moritz Muehlenhoff at 2023-02-08T14:20:06+01:00 openssh fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1453,7 +1453,7 @@ CVE-2023-0636 CVE-2023-0635 RESERVED CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...) - - openssh + - openssh 1:9.2p1-1 [bullseye] - openssh (Vulnerable code not present) [buster] - openssh (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c7f0e36812d1546bdb86df1d641538c32edbac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c7f0e36812d1546bdb86df1d641538c32edbac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for heimdal update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebf03ffc by Salvatore Bonaccorso at 2023-02-08T13:30:21+01:00 Reserve DSA number for heimdal update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[08 Feb 2023] DSA-5344-1 heimdal - security update + {CVE-2022-45142} + [bullseye] - heimdal 7.7.0+dfsg-2+deb11u3 [07 Feb 2023] DSA-5343-1 openssl - security update {CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286} [bullseye] - openssl 1.1.1n-0+deb11u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf03ffc3aab474bf8721c7051768d116c02ba65 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf03ffc3aab474bf8721c7051768d116c02ba65 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] more mplayer issues fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f882696 by Moritz Muehlenhoff at 2023-02-08T13:13:48+01:00 more mplayer issues fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39322,14 +39322,14 @@ CVE-2022-38867 RESERVED CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388) NOTE: Crash in CLI tool, no security impact CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2401 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386) @@ -39342,7 +39342,7 @@ CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2405 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393) @@ -39359,7 +39359,7 @@ CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to m NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2402 NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401 @@ -39369,7 +39369,7 @@ CVE-2022-38859 RESERVED CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2396 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385) @@ -39382,7 +39382,7 @@ CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: Crash in CLI tool, no security impact CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2392 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384) @@ -39390,7 +39390,7 @@ CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Ov CVE-2022-38854 RESERVED CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2398 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) @@ -39399,14 +39399,14 @@ CVE-2022-38852 RESERVED CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2393 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382) NOTE: Crash in CLI tool, no security impact CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...) {DLA-3255-1} - - mplayer (unimportant) + - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2399 NOTE:
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3312-1 for shim
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: c772926a by Emilio Pozuelo Monfort at 2023-02-08T12:59:13+01:00 Reserve DLA-3312-1 for shim - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[08 Feb 2023] DLA-3312-1 shim - security update + [buster] - shim 15.7-1~deb10u1 [08 Feb 2023] DLA-3311-1 heimdal - security update {CVE-2022-45142} [buster] - heimdal 7.5.0+dfsg-3+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c772926a55384447a37cdd12a86d21c2f6c7b7ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c772926a55384447a37cdd12a86d21c2f6c7b7ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] record bug number for heimdal CVE-2022-45142
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a0a1f7b by Helmut Grohne at 2023-02-08T12:52:37+01:00 record bug number for heimdal CVE-2022-45142 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20067,7 +20067,7 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0. NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1 CVE-2022-45142 [gsskrb5: fix accidental logic inversions] RESERVED - - heimdal + - heimdal (bug #1030849) NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 CVE-2022-45141 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0a1f7b28ede4da703f3078b485c6e4432e34ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0a1f7b28ede4da703f3078b485c6e4432e34ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] issue DLA-3311-1 for heimdal CVE-2022-45142
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 41508f7c by Helmut Grohne at 2023-02-08T12:37:05+01:00 issue DLA-3311-1 for heimdal CVE-2022-45142 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Feb 2023] DLA-3311-1 heimdal - security update + {CVE-2022-45142} + [buster] - heimdal 7.5.0+dfsg-3+deb10u2 [07 Feb 2023] DLA-3310-1 xorg-server - security update {CVE-2023-0494} [buster] - xorg-server 2:1.20.4-1+deb10u8 = data/dla-needed.txt = @@ -102,11 +102,6 @@ haproxy NOTE: 20230207: VCS: https://salsa.debian.org/haproxy-team/haproxy.git NOTE: 20230207: method was called h2_frt_decode_headers in buster (pochu) -- -heimdal (Helmut Grohne) - NOTE: 20230206: Programming language: C - NOTE: 20230206: Special attention: Do review patches, even those, coming from upstream. - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/heimdal/ --- imagemagick (Roberto C. Sánchez) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41508f7cc45ef642ba5823bbbdd866a6da4cece1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41508f7cc45ef642ba5823bbbdd866a6da4cece1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 518865db by Salvatore Bonaccorso at 2023-02-08T09:35:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -155,47 +155,47 @@ CVE-2023-25535 CVE-2023-22660 RESERVED CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: Interactive Geo Maps plugin for WordPress CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0729 RESERVED CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0721 RESERVED CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0714 RESERVED CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0710 RESERVED CVE-2023-0709 @@ -946,9 +946,9 @@ CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been decl CVE-2023-0686 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0683 RESERVED CVE-2023-0682 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518865dbd8bc1a8a50c780d06f09dd91b6afd047 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518865dbd8bc1a8a50c780d06f09dd91b6afd047 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2022-45142/heimdal
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ba8e750 by Salvatore Bonaccorso at 2023-02-08T09:30:25+01:00 Add additional reference for CVE-2022-45142/heimdal - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20069,6 +20069,7 @@ CVE-2022-45142 [gsskrb5: fix accidental logic inversions] RESERVED - heimdal NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 CVE-2022-45141 RESERVED - samba 2:4.16.0+dfsg-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba8e7508b4f92eec20788e519ec443ec3dbc1f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba8e7508b4f92eec20788e519ec443ec3dbc1f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c2d3861 by security tracker role at 2023-02-08T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2023-25600 + RESERVED +CVE-2023-25599 + RESERVED +CVE-2023-25598 + RESERVED +CVE-2023-25597 + RESERVED +CVE-2023-25596 + RESERVED +CVE-2023-25595 + RESERVED +CVE-2023-25594 + RESERVED +CVE-2023-25593 + RESERVED +CVE-2023-25592 + RESERVED +CVE-2023-25591 + RESERVED +CVE-2023-25590 + RESERVED +CVE-2023-25589 + RESERVED +CVE-2023-0744 + RESERVED +CVE-2023-0743 + RESERVED +CVE-2023-0742 + RESERVED +CVE-2023-0741 + RESERVED +CVE-2023-0740 + RESERVED +CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...) + TODO: check +CVE-2023-0738 + RESERVED +CVE-2023-0737 + RESERVED +CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) + TODO: check +CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) + TODO: check +CVE-2023-0734 + RESERVED +CVE-2023-0733 + RESERVED +CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) + TODO: check CVE-2023-25588 RESERVED CVE-2023-25587 @@ -104,48 +154,48 @@ CVE-2023-25535 RESERVED CVE-2023-22660 RESERVED -CVE-2023-0731 - RESERVED -CVE-2023-0730 - RESERVED +CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check CVE-2023-0729 RESERVED -CVE-2023-0728 - RESERVED -CVE-2023-0727 - RESERVED -CVE-2023-0726 - RESERVED -CVE-2023-0725 - RESERVED -CVE-2023-0724 - RESERVED -CVE-2023-0723 - RESERVED -CVE-2023-0722 - RESERVED +CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check CVE-2023-0721 RESERVED -CVE-2023-0720 - RESERVED -CVE-2023-0719 - RESERVED -CVE-2023-0718 - RESERVED -CVE-2023-0717 - RESERVED -CVE-2023-0716 - RESERVED -CVE-2023-0715 - RESERVED +CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check CVE-2023-0714 RESERVED -CVE-2023-0713 - RESERVED -CVE-2023-0712 - RESERVED -CVE-2023-0711 - RESERVED +CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check +CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + TODO: check CVE-2023-0710 RESERVED CVE-2023-0709 @@ -240,44 +290,34 @@ CVE-2023-25499 RESERVED CVE-2023-24019 RESERVED -CVE-2023-0705 - RESERVED +CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) -CVE-2023-0704 - RESERVED +CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) -CVE-2023-0703 - RESERVED +CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...)