[Git][security-tracker-team/security-tracker][master] Free DLA-3355-1
Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47d63ba9 by Tobias Frost at 2023-03-09T22:30:38+01:00
Free DLA-3355-1
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,7 +1,5 @@
[09 Mar 2023] DLA-3356-1 wireless-regdb - security update
[buster] - wireless-regdb 2022.04.08-2~deb10u1
-[09 Mar 2023] DLA-3355-1 wireless-regdb - security update
- [buster] - wireless-regdb 2022.04.08-2~deb10u1
[06 Mar 2023] DLA-3354-1 kopanocore - security update
{CVE-2019-19907 CVE-2022-26562}
[buster] - kopanocore 8.7.0-3+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d63ba935d6ed95ddd5e20e1a0c865c65b57ce6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d63ba935d6ed95ddd5e20e1a0c865c65b57ce6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21f11c9a by Salvatore Bonaccorso at 2023-03-09T21:15:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -41,23 +41,23 @@ CVE-2023-1296
CVE-2023-1295
RESERVED
CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker
Manager Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester File Tracker Manager System
CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate
Tracer Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Graduate Tracer System
CVE-2023-1292 (A vulnerability has been found in SourceCodester Sales Tracker
Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1291 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1290 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1289
RESERVED
CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA
Live Co ...)
- TODO: check
+ NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE
CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration
V6R2013xE a ...)
- TODO: check
+ NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE
CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2023-1285
RESERVED
CVE-2023-27984
@@ -342,7 +342,7 @@ CVE-2023-1252
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1)
CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Akinsoft Wolvox
CVE-2023-1250
RESERVED
CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
@@ -4744,9 +4744,9 @@ CVE-2023-26211
CVE-2023-26210
RESERVED
CVE-2023-26209 (A improper restriction of excessive authentication attempts
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26208 (A improper restriction of excessive authentication attempts
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26207
RESERVED
CVE-2023-26206
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f11c9a0fbc8b5677f6a1d56e4976f4c1e5b4ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f11c9a0fbc8b5677f6a1d56e4976f4c1e5b4ae
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1efc0cd8 by security tracker role at 2023-03-09T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,65 @@
+CVE-2023-28004
+ RESERVED
+CVE-2023-28003
+ RESERVED
+CVE-2023-28002
+ RESERVED
+CVE-2023-28001
+ RESERVED
+CVE-2023-28000
+ RESERVED
+CVE-2023-27999
+ RESERVED
+CVE-2023-27998
+ RESERVED
+CVE-2023-27997
+ RESERVED
+CVE-2023-27996
+ RESERVED
+CVE-2023-27995
+ RESERVED
+CVE-2023-27994
+ RESERVED
+CVE-2023-27993
+ RESERVED
+CVE-2023-27992
+ RESERVED
+CVE-2023-27991
+ RESERVED
+CVE-2023-27990
+ RESERVED
+CVE-2023-27989
+ RESERVED
+CVE-2023-27988
+ RESERVED
+CVE-2023-27987
+ RESERVED
+CVE-2023-1297
+ RESERVED
+CVE-2023-1296
+ RESERVED
+CVE-2023-1295
+ RESERVED
+CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker
Manager Syste ...)
+ TODO: check
+CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate
Tracer Sys ...)
+ TODO: check
+CVE-2023-1292 (A vulnerability has been found in SourceCodester Sales Tracker
Managem ...)
+ TODO: check
+CVE-2023-1291 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-1290 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-1289
+ RESERVED
+CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA
Live Co ...)
+ TODO: check
+CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration
V6R2013xE a ...)
+ TODO: check
+CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1285
+ RESERVED
CVE-2023-27984
RESERVED
CVE-2023-27983
@@ -279,8 +341,8 @@ CVE-2023-1252
[bullseye] - linux 5.10.84-1
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1)
-CVE-2023-1251
- RESERVED
+CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-1250
RESERVED
CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
@@ -395,75 +457,99 @@ CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in
GitHub repository answerde
CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
NOT-FOR-US: Answer
CVE-2023-1236 (Inappropriate implementation in Internals in Google Chrome
prior to 11 ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1235 (Type confusion in DevTools in Google Chrome prior to
111.0.5563.64 all ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1234 (Inappropriate implementation in Intents in Google Chrome on
Android pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1233 (Insufficient policy enforcement in Resource Timing in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1232 (Insufficient policy enforcement in Resource Timing in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1231 (Inappropriate implementation in Autofill in Google Chrome on
Android p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1230 (Inappropriate implementation in WebApp Installs in Google
Chrome on An ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1229 (Inappropriate implementation in Permission prompts in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1228 (Insufficient policy enforcement in Intents in Google Chrome on
Android ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1227 (Use after free in Core in Google Chrome on Lacros prior to
111.0.5563. ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1226 (Insufficient policy enforcement in Web Payments API in Google
Chrome p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium (see DSA 5046)
CVE-2023-1225 (Insufficient policy enforcement in Navigation in Google Chrome
on iOS ...)
+ {DSA-5371-1}
- chro
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3356-1 for wireless-regdb
Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7dd0c36f by Tobias Frost at 2023-03-09T20:22:09+01:00
Reserve DLA-3356-1 for wireless-regdb
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,7 @@
+[09 Mar 2023] DLA-3356-1 wireless-regdb - security update
+ [buster] - wireless-regdb 2022.04.08-2~deb10u1
+[09 Mar 2023] DLA-3355-1 wireless-regdb - security update
+ [buster] - wireless-regdb 2022.04.08-2~deb10u1
[06 Mar 2023] DLA-3354-1 kopanocore - security update
{CVE-2019-19907 CVE-2022-26562}
[buster] - kopanocore 8.7.0-3+deb10u1
=
data/dla-needed.txt
=
@@ -318,11 +318,6 @@ trafficserver
NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same
fix as CVE-2022-31778 (marked as to be ignored), but no proof on that…
NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6.
--
-wireless-regdb (tobi)
- NOTE: 20230306: Programming language: database.
- NOTE: 20230306: VCS: https://salsa.debian.org/kernel-team/wireless-regdb
- NOTE: 20230306: Maintainer notes: To be updated regularly; used by
linux-image.
---
wordpress (guilhem)
NOTE: 20230302: Programming language: PHP.
NOTE: 20230302: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dd0c36f0226230da4c4cec84de6d6bdf4dde915
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dd0c36f0226230da4c4cec84de6d6bdf4dde915
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d834c14 by Moritz Mühlenhoff at 2023-03-09T20:15:59+01:00
chromium DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[09 Mar 2023] DSA-5371-1 chromium - security update
+ {CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217
CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222
CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232
CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236}
+ [bullseye] - chromium 111.0.5563.64-1~deb11u1
[07 Mar 2023] DSA-5370-1 apr - security update
{CVE-2022-24963}
[bullseye] - apr 1.7.0-6+deb11u2
=
data/dsa-needed.txt
=
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
apache2 (jmm)
--
-chromium (jmm)
---
jupyter-core
Maintainer asked for availability to prepare updates
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d834c148e9f2ab610e0fb390208d5a137e16dfd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d834c148e9f2ab610e0fb390208d5a137e16dfd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 932653e2 by Moritz Muehlenhoff at 2023-03-09T20:06:33+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2023-27976 CVE-2023-27975 RESERVED CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wh ...) - TODO: check + NOT-FOR-US: Bitwarden CVE-2023-27973 RESERVED CVE-2023-27972 @@ -29,7 +29,7 @@ CVE-2023-27971 CVE-2023-1284 RESERVED CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0. ...) - TODO: check + NOT-FOR-US: qwik CVE-2023-1282 RESERVED CVE-2023-1281 @@ -39,11 +39,11 @@ CVE-2023-1280 CVE-2023-1279 RESERVED CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: IBOS CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...) - TODO: check + NOT-FOR-US: kylin-system-updater CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wi ...) - TODO: check + NOT-FOR-US: Bitwarden CVE-2017-20182 RESERVED CVE-2014-125093 @@ -1461,7 +1461,7 @@ CVE-2023-27488 CVE-2023-27487 RESERVED CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...) - TODO: check + NOT-FOR-US: xCAT CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...) NOT-FOR-US: thmmniii/fbs-core CVE-2023-27484 @@ -1469,7 +1469,7 @@ CVE-2023-27484 CVE-2023-27483 RESERVED CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...) - TODO: check + - homeassistant (bug #839786) CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...) @@ -1489,7 +1489,7 @@ CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geos - owslib NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...) - TODO: check + NOT-FOR-US: Goutil CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-27473 @@ -2826,7 +2826,7 @@ CVE-2023-26924 CVE-2023-26923 RESERVED CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...) - TODO: check + NOT-FOR-US: Varisicte CVE-2023-26921 RESERVED CVE-2023-26920 @@ -9507,7 +9507,7 @@ CVE-2023-24535 CVE-2023-24534 RESERVED CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorrect re ...) - TODO: check + NOT-FOR-US: filippo.io/nistec (also included in golang, but tracked as CVE-2023-24533 for it) CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...) - golang-1.20 1.20.2-1 [experimental] - golang-1.19 1.19.7-1 @@ -11600,7 +11600,7 @@ CVE-2023-23762 CVE-2023-23761 RESERVED CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) - TODO: check + NOT-FOR-US: Github Enterprise Server CVE-2023-23759 RESERVED CVE-2023-23758 @@ -90933,7 +90933,6 @@ CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, sc - rust-crossbeam-utils-0.7 NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926 NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781 - TODO: check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) NOT-FOR-US: darylldoyle svg-sanitizer CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) @@ -99373,7 +99372,7 @@ CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk- CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...) NOT-FOR-US: Rancher CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...) - TODO: check + NOT-FOR-US: SuSE CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...) - ruby-xmlhash (bug #1010667) [bullseye] - ruby-xmlhash (Minor issue) @@ -112797,7 +112796,6 @@ CVE-2021-3838 - php-dompdf 2.0.2+dfsg-1 NOTE: https://github.com/dompdf/dompdf/issues/
[Git][security-tracker-team/security-tracker][master] qemu: quick recheck for recent pending patches
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 41cf69b6 by Sylvain Beucler at 2023-03-09T17:15:38+01:00 qemu: quick recheck for recent pending patches - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11960,6 +11960,7 @@ CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest versi [bullseye] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151 NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html + NOTE: No sanctioned upstream patch as of 2023-03-09 CVE-2023-0329 RESERVED CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) @@ -27315,6 +27316,7 @@ CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567 NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html NOTE: patch proposal 2: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html + NOTE: No sanctioned upstream patch as of 2023-03-09 CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via gofo ...) NOT-FOR-US: Tenda CVE-2022-45042 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41cf69b657066985b5775bd986dbde637ec8b1ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41cf69b657066985b5775bd986dbde637ec8b1ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: qemu: quick recheck for old pending patches
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a29c3f3 by Sylvain Beucler at 2023-03-09T16:55:53+01:00
qemu: quick recheck for old pending patches
- - - - -
07076ab5 by Sylvain Beucler at 2023-03-09T16:55:55+01:00
CVE-2022-1050/qemu: referenced merged patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -78376,9 +78376,8 @@ CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin
before 5.2, used as a co
CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's
paravirtual RD ...)
- qemu 1:7.1+dfsg-2 (bug #1014589)
[bullseye] - qemu (Minor issue)
- [buster] - qemu (Minor issue, waiting for sanctioned patch,
patch included in unstable)
[stretch] - qemu (rdma devices introduced in v2.12)
- NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2022-04/msg00273.html
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99
(master, after v7.2.0)
CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The
pcs da ...)
{DSA-5226-1 DLA-3108-1}
- pcs 0.11.3-1
@@ -117160,7 +117159,7 @@ CVE-2021-3735 (A deadlock issue was found in the AHCI
controller device of QEMU.
[bullseye] - qemu (Minor issue)
[buster] - qemu (Minor issue, waiting for patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
- NOTE: No upstream patch as of 2022-11-08
+ NOTE: No upstream patch as of 2023-03-09
CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure,
triggerab ...)
[experimental] - knot-resolver 5.4.1-1
- knot-resolver 5.4.1-2 (bug #991463)
@@ -168425,7 +168424,7 @@ CVE-2021-20255 (A stack overflow via an infinite
recursion vulnerability was fou
[buster] - qemu (Minor issue, waiting for sanctioned patch,
fixed in stretch-lts)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map
Windows ...)
{DLA-2668-1}
- samba 2:4.13.5+dfsg-2 (bug #987811)
@@ -169278,7 +169277,7 @@ CVE-2020-35503 (A NULL pointer dereference flaw was
found in the megasas-gen2 SC
[buster] - qemu (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory
leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
@@ -185305,7 +185304,7 @@ CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can
trigger a NULL pointer der
[buster] - qemu (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has
a NULL p ...)
- qemu (bug #971390)
[bookworm] - qemu (Minor issue, revisit when fixed upstream)
@@ -185313,7 +185312,7 @@ CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c
in QEMU before 5.1.1 has a
[buster] - qemu (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL
pointer d ...)
- qemu (bug #970939)
[bookworm] - qemu (Minor issue, revisit when fixed upstream)
@@ -185321,7 +185320,7 @@ CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c
in QEMU 5.0.0 has a NULL poi
[buster] - qemu (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for
Ruby. Mult ...)
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-37519/memcached
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8636ece by Salvatore Bonaccorso at 2023-03-09T15:49:09+01:00 Add CVE-2021-37519/memcached - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -123757,7 +123757,10 @@ CVE-2021-37521 CVE-2021-37520 RESERVED CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...) - TODO: check + - memcached 1.6.10+dfsg-1 + [bullseye] - memcached (Minor issue) + NOTE: https://github.com/memcached/memcached/issues/805 + NOTE: https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d (1.6.10) CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...) NOT-FOR-US: Vivium CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8636ece86cad8f4007a6de747253f2e44c25f71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8636ece86cad8f4007a6de747253f2e44c25f71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d955929 by Salvatore Bonaccorso at 2023-03-09T15:44:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14203,13 +14203,13 @@ CVE-2023-22894 CVE-2023-22893 RESERVED CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...) - TODO: check + NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...) - TODO: check + NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated user ...) - TODO: check + NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...) - TODO: check + NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22888 RESERVED CVE-2023-22887 @@ -21914,7 +21914,7 @@ CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access c CVE-2022-46753 RESERVED CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-46751 RESERVED CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...) @@ -22917,7 +22917,7 @@ CVE-2022-46396 CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: Arm Mali CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) - TODO: check + NOT-FOR-US: Arm Mali CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...) - mbedtls 2.28.2-1 [bullseye] - mbedtls (The vulnerable code was introduced later) @@ -49234,7 +49234,7 @@ CVE-2022-37941 CVE-2022-37940 RESERVED CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...) - TODO: check + NOT-FOR-US: HPE CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...) NOT-FOR-US: HPE CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...) @@ -83846,7 +83846,7 @@ CVE-2022-25711 (Memory corruption in camera due to improper validation of array CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...) NOT-FOR-US: Snapdragon CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer offset w ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...) NOT-FOR-US: Qualcomm CVE-2022-25707 @@ -83854,7 +83854,7 @@ CVE-2022-25707 CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...) NOT-FOR-US: Qualcomm CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer overflow ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-25704 RESERVED CVE-2022-25703 @@ -83876,7 +83876,7 @@ CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use ra CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...) NOT-FOR-US: Snapdragon CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range pointer offset ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...) NOT-FOR-US: Qualcomm CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...) @@ -83954,7 +83954,7 @@ CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...) NOT-FOR-US: Qualcomm CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed in WMI U ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...) NOT-FOR-US: Qualcomm CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...) @@ -95664,7 +95664,7 @@ CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line inte CVE-2022-22298 RESERVED CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) NOT-FOR-US: Sourcecodester CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) @@ -97680,11 +97680,11 @@ CVE-2021-45480
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2ebeb82 by Salvatore Bonaccorso at 2023-03-09T10:17:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1483,7 +1483,7 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1) NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4) CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...) - TODO: check + NOT-FOR-US: wasmtime CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...) [experimental] - owslib 0.28.1-1~exp1 - owslib @@ -2494,7 +2494,7 @@ CVE-2023-27090 CVE-2023-27089 RESERVED CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...) - TODO: check + NOT-FOR-US: feiqu-opensource Background Vertical CVE-2023-27087 RESERVED CVE-2023-27086 @@ -2758,7 +2758,7 @@ CVE-2023-26958 CVE-2023-26957 RESERVED CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) @@ -2766,15 +2766,15 @@ CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26951 RESERVED CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...) NOT-FOR-US: onekeyadmin CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26947 RESERVED CVE-2023-26946 @@ -3843,7 +3843,7 @@ CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...) NOT-FOR-US: mailcow CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...) - TODO: check + NOT-FOR-US: wasmtime CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...) @@ -8771,7 +8771,7 @@ CVE-2023-24784 CVE-2023-24783 RESERVED CVE-2023-24782 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Funadmin CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) @@ -8781,7 +8781,7 @@ CVE-2023-24779 CVE-2023-24778 RESERVED CVE-2023-24777 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Funadmin CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: Funadmin CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) @@ -10234,7 +10234,7 @@ CVE-2023-24284 CVE-2023-24283 RESERVED CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...) - TODO: check + NOT-FOR-US: Poly Trio 8800 CVE-2023-24281 RESERVED CVE-2023-24280 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2ebeb826bbe84b865e402c53ce99fe2d2d28a43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2ebeb826bbe84b865e402c53ce99fe2d2d28a43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0edc4ba by security tracker role at 2023-03-09T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2023-27984
+ RESERVED
+CVE-2023-27983
+ RESERVED
+CVE-2023-27982
+ RESERVED
+CVE-2023-27981
+ RESERVED
+CVE-2023-27980
+ RESERVED
+CVE-2023-27979
+ RESERVED
+CVE-2023-27978
+ RESERVED
+CVE-2023-27977
+ RESERVED
+CVE-2023-27976
+ RESERVED
+CVE-2023-27975
+ RESERVED
+CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password
auto-fill wh ...)
+ TODO: check
+CVE-2023-27973
+ RESERVED
+CVE-2023-27972
+ RESERVED
+CVE-2023-27971
+ RESERVED
+CVE-2023-1284
+ RESERVED
+CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to
0.21.0. ...)
+ TODO: check
+CVE-2023-1282
+ RESERVED
+CVE-2023-1281
+ RESERVED
+CVE-2023-1280
+ RESERVED
+CVE-2023-1279
+ RESERVED
+CVE-2023-1278 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-1277 (A vulnerability, which was classified as critical, was found in
kylin- ...)
+ TODO: check
+CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password
auto-fill wi ...)
+ TODO: check
+CVE-2017-20182
+ RESERVED
+CVE-2014-125093
+ RESERVED
+CVE-2013-10020
+ RESERVED
CVE-2023-27970
RESERVED
CVE-2023-27969
@@ -104,14 +156,14 @@ CVE-2023-1268
RESERVED
CVE-2023-1267 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Ulkem Company PtteM Kart
-CVE-2023-27986 [emacsclient-mail.desktop Emacs Lisp code injection]
+CVE-2023-27986 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is
vulnerable to E ...)
- emacs (bug #1032538)
[bullseye] - emacs (Vulnerable code not present,
introduced in 28.1)
[buster] - emacs (Vulnerable code not present,
introduced in 28.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2
NOTE: Introduced by:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c
(emacs-28.0.90)
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
-CVE-2023-27985 [emacsclient-mail.desktop shell command injection]
+CVE-2023-27985 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is
vulnerable to s ...)
- emacs (bug #1032538)
[bullseye] - emacs (Vulnerable code not present,
introduced in 28.1)
[buster] - emacs (Vulnerable code not present,
introduced in 28.1)
@@ -1408,8 +1460,8 @@ CVE-2023-27488
RESERVED
CVE-2023-27487
RESERVED
-CVE-2023-27486
- RESERVED
+CVE-2023-27486 (xCAT is a toolkit for deployment and administration of
computer cluste ...)
+ TODO: check
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for
students. In v ...)
NOT-FOR-US: thmmniii/fbs-core
CVE-2023-27484
@@ -1430,8 +1482,8 @@ CVE-2023-27478 (libmemcached-awesome is an open source
C/C++ client library and
[buster] - libmemcached (Vulnerable code introduced
later)
NOTE: Introduced with:
https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63
(1.1.0-beta1)
NOTE: Fixed by:
https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9
(1.1.4)
-CVE-2023-27477
- RESERVED
+CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly.
Wasmtime's code ...)
+ TODO: check
CVE-2023-27476 (OWSLib is a Python package for client programming with Open
Geospatial ...)
[experimental] - owslib 0.28.1-1~exp1
- owslib
@@ -2705,8 +2757,8 @@ CVE-2023-26958
RESERVED
CVE-2023-26957
RESERVED
-CVE-2023-26956
- RESERVED
+CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file
read vu ...)
+ TODO: check
CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
@@ -2721,8 +2773,8 @@ CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to
contain a stored cross-site
TODO: check
CVE-2023-26949 (An arbitrary file upload vulnerability in the component
/admin1/config ...)
NOT-FOR-US: onekeyadmin
-CVE-2023-26948
- RESERVED
+CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file
read vu ...)
+ TODO: check
CVE-2023-26947
RESERVED
CVE-2023-26946
@@ -3790,8 +3842,8 @@ CVE-2023-26491 (RSSHub is an open source and extensible
