[Git][security-tracker-team/security-tracker][master] Reserve DLA-3344-1 for nodejs
Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4835b67a by Guilhem Moulin at 2023-02-26T01:59:55+01:00
Reserve DLA-3344-1 for nodejs
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[26 Feb 2023] DLA-3344-1 nodejs - security update
+ {CVE-2022-43548 CVE-2023-23920}
+ [buster] - nodejs 10.24.0~dfsg-1~deb10u3
[24 Feb 2023] DLA-3343-1 mono - security update
{CVE-2023-26314}
[buster] - mono 5.18.0.240+dfsg-3+deb10u1
=
data/dla-needed.txt
=
@@ -163,12 +163,6 @@ node-nth-check
NOTE: 20221223: Module has been rewritten in Typescript since Buster
released (lamby).
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/node-nth-check.git
--
-nodejs (guilhem)
- NOTE: 20221105: Programming language: Javascript, C/C++, Python
- NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git
- NOTE: 20221105: Source code not checked. It may be so that the vulnerability
is not present in buster.
- NOTE: 20221209: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
---
nvidia-graphics-drivers
NOTE: 20221225: Programming language: binary blob.
NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4835b67ad0339dfba69860b2881ac6e151afa276
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4835b67ad0339dfba69860b2881ac6e151afa276
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-24809 (nethack) marked as no-dsa as it is a minor issue.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 87bc864a by Ola Lundqvist at 2023-02-26T00:00:29+01:00 CVE-2023-24809 (nethack) marked as no-dsa as it is a minor issue. - - - - - 6284f44b by Ola Lundqvist at 2023-02-26T00:21:56+01:00 LTS: add syslog-ng to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -4939,6 +4939,7 @@ CVE-2023-24810 (Misskey is an open source, decentralized social media platform. NOT-FOR-US: Misskey CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...) - nethack (bug #1031869) + [buster] - nethack (Minor issue) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch NOTE: https://nethack.org/security/CVE-2023-24809.html CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...) = data/dla-needed.txt = @@ -308,6 +308,10 @@ sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- +syslog-ng + NOTE: 20230226: Programming language: C. + NOTE: 20230226: No patch available and therefore we cannot fully determine whether the problem is applicable to the version in buster. (opal). +-- tinymce NOTE: 20221227: Programming language: PHP. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e00fb795632cb049452c0db63cdf3939cac5d2b...6284f44b64d5be646b904d68a18089b570257203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e00fb795632cb049452c0db63cdf3939cac5d2b...6284f44b64d5be646b904d68a18089b570257203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][fix_987283] Check whether the ignored-debian-bug-packages is changed
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker /
security-tracker
Commits:
32e39839 by Anton Gladky at 2023-02-25T23:26:12+01:00
Check whether the ignored-debian-bug-packages is changed
- - - - -
1 changed file:
- lib/python/security_db.py
Changes:
=
lib/python/security_db.py
=
@@ -967,6 +967,12 @@ class DB:
if has_changed(path + filename):
unchanged = False
break
+
+# Check if the ignored packages file has changed
+source_ignore_unreported = "data/packages/ignored-debian-bug-packages"
+if has_changed(path + filename):
+unchanged = False
+
if unchanged:
if self.verbose:
print(" finished (no changes)")
@@ -993,6 +999,20 @@ class DB:
print(" update removed packages")
self.readRemovedAndIgnoredPackages(cursor, path +
source_removed_packages, table = "removed_packages")
+
+# Add file print to database for ignored packages
+current_print = self.filePrint(source_ignore_unreported)
+cursor.execute(
+"""INSERT OR REPLACE INTO inodeprints (inodeprint, file)
+VALUES (?, ?)""", (current_print, source_ignore_unreported))
+
+if self.verbose:
+print(" update ignored packages")
+
+# Read list of packages, which should be ignored for the
status/unreported
+self.readRemovedAndIgnoredPackages(cursor, source_ignore_unreported,
table = "ignored_packages")
+
+
errors = []
if self.verbose:
@@ -1330,10 +1350,6 @@ class DB:
alias = config.get_release_alias(release)
self._calcTesting(c, bug_name, alias, release)
-# Read list of packages, which should be ignored for the
status/unreported
-source_ignore_unreported = "data/packages/ignored-debian-bug-packages"
-self.readRemovedAndIgnoredPackages(cursor, source_ignore_unreported,
table = "ignored_packages")
-
return result
def _calcUnstable(self, cursor, bug_name):
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][fix_987283] Simplify DELETE FROM functions
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker /
security-tracker
Commits:
0b6fc947 by Anton Gladky at 2023-02-25T22:45:48+01:00
Simplify DELETE FROM functions
- - - - -
1 changed file:
- lib/python/security_db.py
Changes:
=
lib/python/security_db.py
=
@@ -916,15 +916,10 @@ class DB:
else:
cleared[0] = True
-cursor.execute("DELETE FROM debian_bugs")
-cursor.execute("DELETE FROM bugs")
-cursor.execute("DELETE FROM package_notes")
-cursor.execute("DELETE FROM bugs_notes")
-cursor.execute("DELETE FROM bugs_xref")
-cursor.execute("DELETE FROM package_notes_nodsa")
-cursor.execute("DELETE FROM ignored_packages")
-cursor.execute("DELETE FROM removed_packages")
-cursor.execute("DELETE FROM next_point_update")
+tables = ['debian_bugs', 'bugs', 'package_notes', 'bugs_notes',
'bugs_xref', 'package_notes_nodsa', 'ignored_packages', 'removed_packages',
'next_point_update']
+
+for table in tables:
+cursor.execute(f"DELETE FROM {table}")
# The *_status tables are regenerated anyway, no need to
# delete them here.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6fc947c144ed57f38949cfe9c7cb3bccc48460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6fc947c144ed57f38949cfe9c7cb3bccc48460
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-23919/nodejs as not-affected for buster.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e00fb79 by Guilhem Moulin at 2023-02-25T21:40:19+01:00 Mark CVE-2023-23919/nodejs as not-affected for buster. And add reference to the disclosure report, where (unlike the CVE text) upstream claims v14 is unaffected. (The latest release of the v14.x LTS branch, namely v14.21.3, makes no mention of CVE-2023-23919 either.) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7339,7 +7339,9 @@ CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. 19 NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js 19.2.0, 18.14. ...) - nodejs (bug #1031834) + [buster] - nodejs (X509Certificate API introduced in v15.6.0) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919 + NOTE: https://hackerone.com/reports/1808596 NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js 19.6.1, ...) - nodejs (bug #1031834) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add links to follow-up commits for CVE-2022-32212/nodejs.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d7bcbe5 by Guilhem Moulin at 2023-02-25T19:21:16+01:00 Add links to follow-up commits for CVE-2022-32212/nodejs. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -60767,7 +60767,9 @@ CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions - nodejs 18.6.0+dfsg-3 NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) + NOTE: https://github.com/nodejs/node/commit/a1121b456c54b16d980881f821cd700c6a4ca537 (14.20.1) (follow-up) NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main) + NOTE: https://github.com/nodejs/node/commit/b358fb27a4253c6827378a64163448c04301e19c (main) (follow-up) CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat v3.18.6, v ...) NOT-FOR-US: Rockert.Chat CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's certificate, an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7bcbe5214b880c09c41e0de40ae4d5ecdc1954 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7bcbe5214b880c09c41e0de40ae4d5ecdc1954 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2017-1000
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec9c4000 by Salvatore Bonaccorso at 2023-02-25T15:06:15+01:00 Remove notes from CVE-2017-1000 It was rejected. It was said to be unused in the CNA pool for an issue during 2017. I fact we suspected its a duplicate of CVE-2017-1000112 and possibly was just a typo truncating the last digits. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -406319,12 +406319,6 @@ CVE-2017-1001 REJECTED CVE-2017-1000 REJECTED - - linux 4.12.6-1 - [stretch] - linux 4.9.30-2+deb9u4 - [jessie] - linux 3.16.43-2+deb8u4 - NOTE: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa - NOTE: Same commit as for CVE-2017-1000112 and thus probably should be treated - NOTE: as duplicate. Defer decision to MITRE. CVE-2017-0999 REJECTED CVE-2017-0998 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c40007a87d762ff2466a449fe10a8b4d57760 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c40007a87d762ff2466a449fe10a8b4d57760 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-24607/qt6-base via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f09c202 by Salvatore Bonaccorso at 2023-02-25T15:04:30+01:00 Track fixed version for CVE-2023-24607/qt6-base via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5451,7 +5451,7 @@ CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to - qtbase-opensource-src (bug #1031872) [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Minor issue) - - qt6-base (bug #1031871) + - qt6-base 6.4.2+dfsg-6 (bug #1031871) - qtbase-opensource-src-gles (bug #1031873) [bullseye] - qtbase-opensource-src-gles (Minor issue) NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f09c20260c2b22c02d1026a6b261f0df0e823ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f09c20260c2b22c02d1026a6b261f0df0e823ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim php7.3 in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: a8fd920d by Guilhem Moulin at 2023-02-25T13:28:42+01:00 LTS: claim php7.3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -192,7 +192,7 @@ php-cas NOTE: 20221110: upcoming DSA (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- -php7.3 +php7.3 (guilhem) NOTE: 20230225: Programming language: C. NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8fd920d971f2490d81fb86fbcff9ce02e5acd78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8fd920d971f2490d81fb86fbcff9ce02e5acd78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-24329 seems still unfixed in python3.11
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abf43d25 by Adrian Bunk at 2023-02-25T12:39:36+02:00 CVE-2023-24329 seems still unfixed in python3.11 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6347,7 +6347,7 @@ CVE-2023-24331 CVE-2023-24330 RESERVED CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 allows a ...) - - python3.11 3.11.1-1 + - python3.11 - python3.9 - python3.7 NOTE: https://pointernull.com/security/python-url-parse-problem.html @@ -6355,6 +6355,8 @@ CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 al NOTE: https://github.com/python/cpython/pull/99446 (backport for 3.11 branch) NOTE: https://github.com/python/cpython/commit/439b9cfaf43080e91c4ad69f312f21fa098befc7 (v3.12.0a2) NOTE: https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 (v3.11.1) + NOTE: The change linked above does not seem to fix the CVE: + NOTE: https://github.com/python/cpython/issues/102153 CVE-2023-24328 RESERVED CVE-2023-24327 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf43d2522cf68410e92410e0aafa1baf6e10080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf43d2522cf68410e92410e0aafa1baf6e10080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add php7.3 to dla-needed.txt
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c468dbd by Ola Lundqvist at 2023-02-25T11:34:55+01:00 LTS: add php7.3 to dla-needed.txt - - - - - 26bb340a by Ola Lundqvist at 2023-02-25T11:36:37+01:00 LTS: add mariadb-10.3 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,6 +130,12 @@ man2html (gladk) NOTE: 20221004: Please evalulate, whether the issue can be marked as . NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git -- +mariadb-10.3 + NOTE: 20230225: Programming language: C. + NOTE: 20230225: VCS: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster + NOTE: 20230225: Testsuite: https://lists.debian.org/debian-lts/2019/07/msg00049.html + NOTE: 20230225: Maintainer notes: Contact original maintainer, Otto. +-- netatalk NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) @@ -186,6 +192,10 @@ php-cas NOTE: 20221110: upcoming DSA (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- +php7.3 + NOTE: 20230225: Programming language: C. + NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html +-- pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba22d17af7c685e09af7137ad55f32bd036b729...26bb340ab3580fe8b51f6294317ebc4664230e95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba22d17af7c685e09af7137ad55f32bd036b729...26bb340ab3580fe8b51f6294317ebc4664230e95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-48338: Vulnerable code introduced after buster
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aba22d17 by Adrian Bunk at 2023-02-25T12:28:10+02:00
CVE-2022-48338: Vulnerable code introduced after buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -958,8 +958,10 @@ CVE-2022-48339 (An issue was discovered in GNU Emacs
through 28.2. htmlfontify.e
CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In
ruby-mode.el, th ...)
{DSA-5360-1}
- emacs 1:28.2+1-11 (bug #1031730)
+ [buster] - emacs (Vulnerable code introduced later)
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268
+ NOTE: Introduced by:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347
(27.1)
CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands
via shell ...)
{DSA-5360-1}
- emacs 1:28.2+1-11 (bug #1031730)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba22d17af7c685e09af7137ad55f32bd036b729
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba22d17af7c685e09af7137ad55f32bd036b729
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a318bda1 by Salvatore Bonaccorso at 2023-02-25T10:58:40+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-1031 RESERVED CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) - TODO: check + NOT-FOR-US: SourceCodester Online BoatReservation System CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1028 RESERVED CVE-2023-1027 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a318bda114529ce675fd1fd1f5b28645fe2b79d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b5fcac5 by security tracker role at 2023-02-25T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,17 @@
+CVE-2023-1031
+ RESERVED
+CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat
Reservati ...)
+ TODO: check
+CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1028
+ RESERVED
+CVE-2023-1027
+ RESERVED
+CVE-2023-1026
+ RESERVED
+CVE-2019-25105
+ RESERVED
CVE-2023-26543
RESERVED
CVE-2023-26542
@@ -699,6 +713,7 @@ CVE-2023-0943 (A vulnerability, which was classified as
problematic, has been fo
CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is
vulnerable to Re ...)
NOT-FOR-US: Japanized For WooCommerce plugin for WordPress
CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows
arbitrary ...)
+ {DLA-3343-1}
- mono 6.8.0.105+dfsg-3.3 (bug #972146)
[bullseye] - mono (Minor issue; will be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
@@ -6616,8 +6631,8 @@ CVE-2023-24191 (Online Food Ordering System v2 was
discovered to contain a cross
NOT-FOR-US: Online Food Ordering System
CVE-2023-24190
RESERVED
-CVE-2023-24189
- RESERVED
+CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7
allows atta ...)
+ TODO: check
CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal
vulnera ...)
NOT-FOR-US: ureport
CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9
allows at ...)
@@ -26396,8 +26411,8 @@ CVE-2022-44312 (PicoC Version 3.2.2 was discovered to
contain a heap buffer over
NOT-FOR-US: PicoC
CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds
read in the ...)
NOT-FOR-US: html2xhtml
-CVE-2022-44310
- RESERVED
+CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an
invalid p ...)
+ TODO: check
CVE-2022-44309
RESERVED
CVE-2022-44308
@@ -87310,8 +87325,8 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is
the Go client for the Si
TODO: check details, might as well affect
golang-github-apptainer-container-library-client
CVE-2022-23536 (Cortex provides multi-tenant, long term storage for
Prometheus. A loca ...)
NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus)
-CVE-2022-23535
- RESERVED
+CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded
database. ...)
+ TODO: check
CVE-2022-23534
RESERVED
CVE-2022-23533
@@ -125216,8 +125231,8 @@ CVE-2021-35292
RESERVED
CVE-2021-35291
RESERVED
-CVE-2021-35290
- RESERVED
+CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote
attacke ...)
+ TODO: check
CVE-2021-35289
RESERVED
CVE-2021-35288
@@ -127645,10 +127660,10 @@ CVE-2021-34251
CVE-2021-34250
REJECTED
NOT-FOR-US: baijiacms
-CVE-2021-34249
- RESERVED
-CVE-2021-34248
- RESERVED
+CVE-2021-34249 (SQL injection vulnerability in sourcecodester
online-book-store 1.0 al ...)
+ TODO: check
+CVE-2021-34248 (SQL injection vulnerability in sourcecodester
mobile-shop-system-php-m ...)
+ TODO: check
CVE-2021-34247
RESERVED
CVE-2021-34246
@@ -127809,8 +127824,8 @@ CVE-2021-34169
RESERVED
CVE-2021-34168
RESERVED
-CVE-2021-34167
- RESERVED
+CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS
3.0.2 allows ...)
+ TODO: check
CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food
Website 1. ...)
NOT-FOR-US: Sourcecodester
CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping
Cart 1. ...)
@@ -128032,8 +128047,8 @@ CVE-2021-34066 (An issue was discovered in
EdgeGallery/developer before v1.0. Th
NOT-FOR-US: EdgeGallery/developer
CVE-2021-34065
RESERVED
-CVE-2021-34064 (An issue found in Koel v.5.1.4 and before allows remote
attackers to g ...)
- TODO: check
+CVE-2021-34064
+ REJECTED
CVE-2021-34063
RESERVED
CVE-2021-34062
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
