[Git][security-tracker-team/security-tracker][master] Reserve DLA-3344-1 for nodejs
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 4835b67a by Guilhem Moulin at 2023-02-26T01:59:55+01:00 Reserve DLA-3344-1 for nodejs - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Feb 2023] DLA-3344-1 nodejs - security update + {CVE-2022-43548 CVE-2023-23920} + [buster] - nodejs 10.24.0~dfsg-1~deb10u3 [24 Feb 2023] DLA-3343-1 mono - security update {CVE-2023-26314} [buster] - mono 5.18.0.240+dfsg-3+deb10u1 = data/dla-needed.txt = @@ -163,12 +163,6 @@ node-nth-check NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby). NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-nth-check.git -- -nodejs (guilhem) - NOTE: 20221105: Programming language: Javascript, C/C++, Python - NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git - NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster. - NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html --- nvidia-graphics-drivers NOTE: 20221225: Programming language: binary blob. NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4835b67ad0339dfba69860b2881ac6e151afa276 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4835b67ad0339dfba69860b2881ac6e151afa276 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-24809 (nethack) marked as no-dsa as it is a minor issue.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 87bc864a by Ola Lundqvist at 2023-02-26T00:00:29+01:00 CVE-2023-24809 (nethack) marked as no-dsa as it is a minor issue. - - - - - 6284f44b by Ola Lundqvist at 2023-02-26T00:21:56+01:00 LTS: add syslog-ng to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -4939,6 +4939,7 @@ CVE-2023-24810 (Misskey is an open source, decentralized social media platform. NOT-FOR-US: Misskey CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...) - nethack (bug #1031869) + [buster] - nethack (Minor issue) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch NOTE: https://nethack.org/security/CVE-2023-24809.html CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...) = data/dla-needed.txt = @@ -308,6 +308,10 @@ sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- +syslog-ng + NOTE: 20230226: Programming language: C. + NOTE: 20230226: No patch available and therefore we cannot fully determine whether the problem is applicable to the version in buster. (opal). +-- tinymce NOTE: 20221227: Programming language: PHP. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e00fb795632cb049452c0db63cdf3939cac5d2b...6284f44b64d5be646b904d68a18089b570257203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e00fb795632cb049452c0db63cdf3939cac5d2b...6284f44b64d5be646b904d68a18089b570257203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][fix_987283] Check whether the ignored-debian-bug-packages is changed
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker Commits: 32e39839 by Anton Gladky at 2023-02-25T23:26:12+01:00 Check whether the ignored-debian-bug-packages is changed - - - - - 1 changed file: - lib/python/security_db.py Changes: = lib/python/security_db.py = @@ -967,6 +967,12 @@ class DB: if has_changed(path + filename): unchanged = False break + +# Check if the ignored packages file has changed +source_ignore_unreported = "data/packages/ignored-debian-bug-packages" +if has_changed(path + filename): +unchanged = False + if unchanged: if self.verbose: print(" finished (no changes)") @@ -993,6 +999,20 @@ class DB: print(" update removed packages") self.readRemovedAndIgnoredPackages(cursor, path + source_removed_packages, table = "removed_packages") + +# Add file print to database for ignored packages +current_print = self.filePrint(source_ignore_unreported) +cursor.execute( +"""INSERT OR REPLACE INTO inodeprints (inodeprint, file) +VALUES (?, ?)""", (current_print, source_ignore_unreported)) + +if self.verbose: +print(" update ignored packages") + +# Read list of packages, which should be ignored for the status/unreported +self.readRemovedAndIgnoredPackages(cursor, source_ignore_unreported, table = "ignored_packages") + + errors = [] if self.verbose: @@ -1330,10 +1350,6 @@ class DB: alias = config.get_release_alias(release) self._calcTesting(c, bug_name, alias, release) -# Read list of packages, which should be ignored for the status/unreported -source_ignore_unreported = "data/packages/ignored-debian-bug-packages" -self.readRemovedAndIgnoredPackages(cursor, source_ignore_unreported, table = "ignored_packages") - return result def _calcUnstable(self, cursor, bug_name): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][fix_987283] Simplify DELETE FROM functions
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker Commits: 0b6fc947 by Anton Gladky at 2023-02-25T22:45:48+01:00 Simplify DELETE FROM functions - - - - - 1 changed file: - lib/python/security_db.py Changes: = lib/python/security_db.py = @@ -916,15 +916,10 @@ class DB: else: cleared[0] = True -cursor.execute("DELETE FROM debian_bugs") -cursor.execute("DELETE FROM bugs") -cursor.execute("DELETE FROM package_notes") -cursor.execute("DELETE FROM bugs_notes") -cursor.execute("DELETE FROM bugs_xref") -cursor.execute("DELETE FROM package_notes_nodsa") -cursor.execute("DELETE FROM ignored_packages") -cursor.execute("DELETE FROM removed_packages") -cursor.execute("DELETE FROM next_point_update") +tables = ['debian_bugs', 'bugs', 'package_notes', 'bugs_notes', 'bugs_xref', 'package_notes_nodsa', 'ignored_packages', 'removed_packages', 'next_point_update'] + +for table in tables: +cursor.execute(f"DELETE FROM {table}") # The *_status tables are regenerated anyway, no need to # delete them here. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6fc947c144ed57f38949cfe9c7cb3bccc48460 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6fc947c144ed57f38949cfe9c7cb3bccc48460 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-23919/nodejs as not-affected for buster.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e00fb79 by Guilhem Moulin at 2023-02-25T21:40:19+01:00 Mark CVE-2023-23919/nodejs as not-affected for buster. And add reference to the disclosure report, where (unlike the CVE text) upstream claims v14 is unaffected. (The latest release of the v14.x LTS branch, namely v14.21.3, makes no mention of CVE-2023-23919 either.) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7339,7 +7339,9 @@ CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. 19 NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js 19.2.0, 18.14. ...) - nodejs (bug #1031834) + [buster] - nodejs (X509Certificate API introduced in v15.6.0) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919 + NOTE: https://hackerone.com/reports/1808596 NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js 19.6.1, ...) - nodejs (bug #1031834) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add links to follow-up commits for CVE-2022-32212/nodejs.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d7bcbe5 by Guilhem Moulin at 2023-02-25T19:21:16+01:00 Add links to follow-up commits for CVE-2022-32212/nodejs. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -60767,7 +60767,9 @@ CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions - nodejs 18.6.0+dfsg-3 NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) + NOTE: https://github.com/nodejs/node/commit/a1121b456c54b16d980881f821cd700c6a4ca537 (14.20.1) (follow-up) NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main) + NOTE: https://github.com/nodejs/node/commit/b358fb27a4253c6827378a64163448c04301e19c (main) (follow-up) CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat v3.18.6, v ...) NOT-FOR-US: Rockert.Chat CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's certificate, an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7bcbe5214b880c09c41e0de40ae4d5ecdc1954 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7bcbe5214b880c09c41e0de40ae4d5ecdc1954 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2017-1000
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec9c4000 by Salvatore Bonaccorso at 2023-02-25T15:06:15+01:00 Remove notes from CVE-2017-1000 It was rejected. It was said to be unused in the CNA pool for an issue during 2017. I fact we suspected its a duplicate of CVE-2017-1000112 and possibly was just a typo truncating the last digits. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -406319,12 +406319,6 @@ CVE-2017-1001 REJECTED CVE-2017-1000 REJECTED - - linux 4.12.6-1 - [stretch] - linux 4.9.30-2+deb9u4 - [jessie] - linux 3.16.43-2+deb8u4 - NOTE: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa - NOTE: Same commit as for CVE-2017-1000112 and thus probably should be treated - NOTE: as duplicate. Defer decision to MITRE. CVE-2017-0999 REJECTED CVE-2017-0998 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c40007a87d762ff2466a449fe10a8b4d57760 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c40007a87d762ff2466a449fe10a8b4d57760 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-24607/qt6-base via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f09c202 by Salvatore Bonaccorso at 2023-02-25T15:04:30+01:00 Track fixed version for CVE-2023-24607/qt6-base via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5451,7 +5451,7 @@ CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to - qtbase-opensource-src (bug #1031872) [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Minor issue) - - qt6-base (bug #1031871) + - qt6-base 6.4.2+dfsg-6 (bug #1031871) - qtbase-opensource-src-gles (bug #1031873) [bullseye] - qtbase-opensource-src-gles (Minor issue) NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f09c20260c2b22c02d1026a6b261f0df0e823ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f09c20260c2b22c02d1026a6b261f0df0e823ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim php7.3 in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: a8fd920d by Guilhem Moulin at 2023-02-25T13:28:42+01:00 LTS: claim php7.3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -192,7 +192,7 @@ php-cas NOTE: 20221110: upcoming DSA (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- -php7.3 +php7.3 (guilhem) NOTE: 20230225: Programming language: C. NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8fd920d971f2490d81fb86fbcff9ce02e5acd78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8fd920d971f2490d81fb86fbcff9ce02e5acd78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-24329 seems still unfixed in python3.11
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abf43d25 by Adrian Bunk at 2023-02-25T12:39:36+02:00 CVE-2023-24329 seems still unfixed in python3.11 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6347,7 +6347,7 @@ CVE-2023-24331 CVE-2023-24330 RESERVED CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 allows a ...) - - python3.11 3.11.1-1 + - python3.11 - python3.9 - python3.7 NOTE: https://pointernull.com/security/python-url-parse-problem.html @@ -6355,6 +6355,8 @@ CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 al NOTE: https://github.com/python/cpython/pull/99446 (backport for 3.11 branch) NOTE: https://github.com/python/cpython/commit/439b9cfaf43080e91c4ad69f312f21fa098befc7 (v3.12.0a2) NOTE: https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 (v3.11.1) + NOTE: The change linked above does not seem to fix the CVE: + NOTE: https://github.com/python/cpython/issues/102153 CVE-2023-24328 RESERVED CVE-2023-24327 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf43d2522cf68410e92410e0aafa1baf6e10080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf43d2522cf68410e92410e0aafa1baf6e10080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add php7.3 to dla-needed.txt
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c468dbd by Ola Lundqvist at 2023-02-25T11:34:55+01:00 LTS: add php7.3 to dla-needed.txt - - - - - 26bb340a by Ola Lundqvist at 2023-02-25T11:36:37+01:00 LTS: add mariadb-10.3 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,6 +130,12 @@ man2html (gladk) NOTE: 20221004: Please evalulate, whether the issue can be marked as . NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git -- +mariadb-10.3 + NOTE: 20230225: Programming language: C. + NOTE: 20230225: VCS: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster + NOTE: 20230225: Testsuite: https://lists.debian.org/debian-lts/2019/07/msg00049.html + NOTE: 20230225: Maintainer notes: Contact original maintainer, Otto. +-- netatalk NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) @@ -186,6 +192,10 @@ php-cas NOTE: 20221110: upcoming DSA (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- +php7.3 + NOTE: 20230225: Programming language: C. + NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html +-- pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba22d17af7c685e09af7137ad55f32bd036b729...26bb340ab3580fe8b51f6294317ebc4664230e95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba22d17af7c685e09af7137ad55f32bd036b729...26bb340ab3580fe8b51f6294317ebc4664230e95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-48338: Vulnerable code introduced after buster
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: aba22d17 by Adrian Bunk at 2023-02-25T12:28:10+02:00 CVE-2022-48338: Vulnerable code introduced after buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -958,8 +958,10 @@ CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.e CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) + [buster] - emacs (Vulnerable code introduced later) NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268 + NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (27.1) CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba22d17af7c685e09af7137ad55f32bd036b729 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba22d17af7c685e09af7137ad55f32bd036b729 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a318bda1 by Salvatore Bonaccorso at 2023-02-25T10:58:40+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-1031 RESERVED CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) - TODO: check + NOT-FOR-US: SourceCodester Online BoatReservation System CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1028 RESERVED CVE-2023-1027 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b5fcac5 by security tracker role at 2023-02-25T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2023-1031 + RESERVED +CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) + TODO: check +CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-1028 + RESERVED +CVE-2023-1027 + RESERVED +CVE-2023-1026 + RESERVED +CVE-2019-25105 + RESERVED CVE-2023-26543 RESERVED CVE-2023-26542 @@ -699,6 +713,7 @@ CVE-2023-0943 (A vulnerability, which was classified as problematic, has been fo CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: Japanized For WooCommerce plugin for WordPress CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...) + {DLA-3343-1} - mono 6.8.0.105+dfsg-3.3 (bug #972146) [bullseye] - mono (Minor issue; will be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1 @@ -6616,8 +6631,8 @@ CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross NOT-FOR-US: Online Food Ordering System CVE-2023-24190 RESERVED -CVE-2023-24189 - RESERVED +CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...) + TODO: check CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...) NOT-FOR-US: ureport CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...) @@ -26396,8 +26411,8 @@ CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer over NOT-FOR-US: PicoC CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the ...) NOT-FOR-US: html2xhtml -CVE-2022-44310 - RESERVED +CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an invalid p ...) + TODO: check CVE-2022-44309 RESERVED CVE-2022-44308 @@ -87310,8 +87325,8 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Si TODO: check details, might as well affect golang-github-apptainer-container-library-client CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...) NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus) -CVE-2022-23535 - RESERVED +CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database. ...) + TODO: check CVE-2022-23534 RESERVED CVE-2022-23533 @@ -125216,8 +125231,8 @@ CVE-2021-35292 RESERVED CVE-2021-35291 RESERVED -CVE-2021-35290 - RESERVED +CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote attacke ...) + TODO: check CVE-2021-35289 RESERVED CVE-2021-35288 @@ -127645,10 +127660,10 @@ CVE-2021-34251 CVE-2021-34250 REJECTED NOT-FOR-US: baijiacms -CVE-2021-34249 - RESERVED -CVE-2021-34248 - RESERVED +CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...) + TODO: check +CVE-2021-34248 (SQL injection vulnerability in sourcecodester mobile-shop-system-php-m ...) + TODO: check CVE-2021-34247 RESERVED CVE-2021-34246 @@ -127809,8 +127824,8 @@ CVE-2021-34169 RESERVED CVE-2021-34168 RESERVED -CVE-2021-34167 - RESERVED +CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows ...) + TODO: check CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...) NOT-FOR-US: Sourcecodester CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...) @@ -128032,8 +128047,8 @@ CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. Th NOT-FOR-US: EdgeGallery/developer CVE-2021-34065 RESERVED -CVE-2021-34064 (An issue found in Koel v.5.1.4 and before allows remote attackers to g ...) - TODO: check +CVE-2021-34064 + REJECTED CVE-2021-34063 RESERVED CVE-2021-34062 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list