[Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2023-2884{0,1,2}/docker.io
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b882291 by Salvatore Bonaccorso at 2023-04-06T06:45:47+02:00
Add initial tracking for CVE-2023-2884{0,1,2}/docker.io
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1769,11 +1769,21 @@ CVE-2023-28844 (Nextcloud server is an open source home
cloud implementation. In
CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop
web comm ...)
NOT-FOR-US: PrestaShop
CVE-2023-28842 (Moby) is an open source container framework developed by
Docker Inc. t ...)
- TODO: check
+ - docker.io 20.10.24+dfsg1-1
+ NOTE:
https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
+ NOTE:
https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
CVE-2023-28841 (Moby is an open source container framework developed by Docker
Inc. th ...)
- TODO: check
+ - docker.io 20.10.24+dfsg1-1
+ NOTE:
https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
+ NOTE:
https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
+ NOTE: https://github.com/moby/moby/issues/43382
+ NOTE: https://github.com/moby/moby/pull/45118
CVE-2023-28840 (Moby is an open source container framework developed by Docker
Inc. th ...)
- TODO: check
+ - docker.io 20.10.24+dfsg1-1
+ NOTE:
https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
+ NOTE:
https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
+ NOTE: https://github.com/moby/moby/issues/43382
+ NOTE: https://github.com/moby/moby/pull/45118
CVE-2023-28839
RESERVED
CVE-2023-28838 (GLPI is a free asset and IT management software package.
Starting in v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b88229122dfd51a1f50d1a1cfc37f911db52dc3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b88229122dfd51a1f50d1a1cfc37f911db52dc3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-26437/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee3e090a by Salvatore Bonaccorso at 2023-04-06T06:37:41+02:00 Track fixed version for CVE-2023-26437/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8828,7 +8828,7 @@ CVE-2023-26439 CVE-2023-26438 RESERVED CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...) - - pdns-recursor (bug #1033941) + - pdns-recursor 4.8.4-1 (bug #1033941) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html CVE-2023-26436 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3e090a0ca7a086b569463bf4cf5f1888b7af9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3e090a0ca7a086b569463bf4cf5f1888b7af9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3385-1 for trafficserver
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37314e97 by Markus Koschany at 2023-04-05T23:58:12+02:00
Reserve DLA-3385-1 for trafficserver
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -71078,7 +71078,6 @@ CVE-2022-31779 (Improper Input Validation vulnerability
in HTTP/2 header parsing
CVE-2022-31778 (Improper Input Validation vulnerability in handling the
Transfer-Encod ...)
{DSA-5206-1}
- trafficserver 9.1.3+ds-1
- [buster] - trafficserver (Minor issue, intrusive to backport)
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-31777 (A stored cross-site scripting (XSS) vulnerability in Apache
Spark 3.2. ...)
NOT-FOR-US: Apache Spark
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DLA-3385-1 trafficserver - security update
+ {CVE-2022-31778 CVE-2022-31779 CVE-2022-32749 CVE-2022-37392}
+ [buster] - trafficserver 8.1.6+ds-1~deb10u1
[05 Apr 2023] DLA-3384-1 tomcat9 - security update
{CVE-2022-42252 CVE-2023-28708}
[buster] - tomcat9 9.0.31-1~deb10u8
=
data/dla-needed.txt
=
@@ -293,16 +293,6 @@ tinymce
NOTE: 20221227: Programming language: PHP.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git
--
-trafficserver (Markus Koschany)
- NOTE: 20230202: Programming language: C.
- NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010)
suggest CVE-2022-31779 may have already been investigated. (lamby)
- NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/trafficserver.git
- NOTE: 20230209: very difficult to identify exact patches and on top
significant refactoring, especially CVE-2022-31778
- NOTE: 20230209; CVE-2022-32749 is possibly
https://github.com/apache/trafficserver/pull/9243, (see security tracker)
- NOTE: 20230209: CVE-2022-37392 mihgt be
https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1
- NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same
fix as CVE-2022-31778 (marked as to be ignored), but no proof on that…
- NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6.
---
udisks2 (tobi)
NOTE: 20230404: Programming language: C, Python.
NOTE: 20230404: CVE-2021-3802 (kernel panic) fixed in all other dists
(Debian 11.2, DLA-2809-1 for stretch) (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37314e97462db45e1a7cf8b9e1e14c73c2cb9870
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37314e97462db45e1a7cf8b9e1e14c73c2cb9870
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a640576c by Salvatore Bonaccorso at 2023-04-05T22:59:42+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -340,27 +340,27 @@ CVE-2023-29274 CVE-2023-29273 RESERVED CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...) - TODO: check + NOT-FOR-US: Keysight IXIA Hawkeye CVE-2023-1859 RESERVED CVE-2023-1858 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) - TODO: check + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1857 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) - TODO: check + NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Management ...) - TODO: check + NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-1855 RESERVED CVE-2023-1854 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1853 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1852 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1851 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1850 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a640576c0cd548866b154e074cc63a31ed3c4a47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a640576c0cd548866b154e074cc63a31ed3c4a47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb2b6397 by Salvatore Bonaccorso at 2023-04-05T22:40:53+02:00
Reserve DSA number for ghostscript update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DSA-5383-1 ghostscript - security update
+ {CVE-2023-28879}
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u4
[05 Apr 2023] DSA-5382-1 cairosvg - security update
{CVE-2023-27586}
[bullseye] - cairosvg 2.5.0-1.1+deb11u1
=
data/dsa-needed.txt
=
@@ -17,8 +17,6 @@ apache2
--
chromium
--
-ghostscript (carnil)
---
gpac (aron)
--
jupyter-core
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb2b63978c599b4cf48a6734f22e31af3d1d9511
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb2b63978c599b4cf48a6734f22e31af3d1d9511
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89139661 by Salvatore Bonaccorso at 2023-04-05T22:28:46+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2023-29391 CVE-2023-29390 RESERVED CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from other ECUs ...) - TODO: check + NOT-FOR-US: Toyota CVE-2023-29388 RESERVED CVE-2023-29387 @@ -43,29 +43,29 @@ CVE-2023-1889 CVE-2023-1888 RESERVED CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1885 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1884 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1883 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1882 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1881 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-1880 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1879 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-1876 (Deserialization of Untrusted Data in GitHub repository microweber/micr ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-1875 RESERVED CVE-2023-1874 @@ -101,7 +101,7 @@ CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-S CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WCFM Membership plugin for WordPress CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: WCFM Frontend Manager plugin for WordPress CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89139661e0a3412b68110158a8fbcc3ac4fa8f93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89139661e0a3412b68110158a8fbcc3ac4fa8f93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix reference
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 18a68156 by Moritz Mühlenhoff at 2023-04-05T22:21:38+02:00 fix reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34169,6 +34169,7 @@ CVE-2023-20942 CVE-2023-20941 RESERVED - linux (Android-specific kernel patch) + NOTE: https://android.googlesource.com/kernel/common/+/f63204236560b6f38b6e015c53eb6304d988 CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...) NOT-FOR-US: Android CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18a68156f111ae35125a474cb3eb83c10202aeda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18a68156f111ae35125a474cb3eb83c10202aeda You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2023-25587 and CVE-2023-22608
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ddd284f by Salvatore Bonaccorso at 2023-04-05T22:18:53+02:00 Remove notes for CVE-2023-25587 and CVE-2023-22608 Withdrawn as they were no security issues. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11503,10 +11503,6 @@ CVE-2023-25588 RESERVED CVE-2023-25587 REJECTED - - binutils 2.40-1 (unimportant) - NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29846 - NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 (binutils-2_40) - NOTE: binutils not covered by security support CVE-2023-25586 RESERVED CVE-2023-25585 @@ -20479,10 +20475,6 @@ CVE-2023-22609 REJECTED CVE-2023-22608 REJECTED - - binutils 2.40-1 (unimportant) - NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936 - NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09 (binutils-2_40) - NOTE: binutils not covered by security support CVE-2023-22607 REJECTED CVE-2023-22606 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ddd284f751508371adac84edb0c630864fcaf31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ddd284f751508371adac84edb0c630864fcaf31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2023-1103
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af947b0a by Salvatore Bonaccorso at 2023-04-05T22:15:22+02:00 Remove notes for CVE-2023-1103 The CVE was rejected as it is a duplicate of CVE-2022-4821. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6542,7 +6542,6 @@ CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpres NOT-FOR-US: flatpressblog CVE-2023-1103 REJECTED - NOT-FOR-US: flatpressblog CVE-2023-1102 RESERVED CVE-2023-1101 (SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af947b0adeae81fa91733b8b02b9277f18aace77 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af947b0adeae81fa91733b8b02b9277f18aace77 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60d8e1d8 by Salvatore Bonaccorso at 2023-04-05T22:14:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75,19 +75,19 @@ CVE-2023-1873 CVE-2023-1872 RESERVED CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1869 (The YourChannel plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1868 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1867 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) - TODO: check + NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1864 RESERVED CVE-2023-1863 @@ -97,19 +97,19 @@ CVE-2023-1862 CVE-2023-1861 RESERVED CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...) - TODO: check + NOT-FOR-US: WCFM Membership plugin for WordPress CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WCFM Membership plugin for WordPress CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...) TODO: check CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...) - TODO: check + NOT-FOR-US: WCFM Frontend Manager plugin for WordPress CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WCFM Frontend Manager plugin for WordPress CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site ...) - TODO: check + NOT-FOR-US: WCFM Marketplace plugin for WordPress CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WCFM Marketplace plugin for WordPress CVE-2021-4335 RESERVED CVE-2021-4334 @@ -8493,7 +8493,7 @@ CVE-2023-26538 CVE-2023-26537 RESERVED CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-26535 RESERVED CVE-2023-26534 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60d8e1d874c266702ad63d1a2334228ac552da29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60d8e1d874c266702ad63d1a2334228ac552da29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0315a05 by security tracker role at 2023-04-05T20:10:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2023-29399 + RESERVED +CVE-2023-29398 + RESERVED +CVE-2023-29397 + RESERVED +CVE-2023-29396 + RESERVED +CVE-2023-29395 + RESERVED +CVE-2023-29394 + RESERVED +CVE-2023-29393 + RESERVED +CVE-2023-29392 + RESERVED +CVE-2023-29391 + RESERVED +CVE-2023-29390 + RESERVED +CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from other ECUs ...) + TODO: check +CVE-2023-29388 + RESERVED +CVE-2023-29387 + RESERVED +CVE-2023-29386 + RESERVED +CVE-2023-29385 + RESERVED +CVE-2023-29384 + RESERVED +CVE-2023-1893 + RESERVED +CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...) + TODO: check +CVE-2023-1891 + RESERVED +CVE-2023-1890 + RESERVED +CVE-2023-1889 + RESERVED +CVE-2023-1888 + RESERVED +CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...) + TODO: check +CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...) + TODO: check +CVE-2023-1885 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-1884 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + TODO: check +CVE-2023-1883 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) + TODO: check +CVE-2023-1882 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) + TODO: check +CVE-2023-1881 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + TODO: check +CVE-2023-1880 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + TODO: check +CVE-2023-1879 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...) + TODO: check +CVE-2023-1876 (Deserialization of Untrusted Data in GitHub repository microweber/micr ...) + TODO: check +CVE-2023-1875 + RESERVED +CVE-2023-1874 + RESERVED +CVE-2023-1873 + RESERVED +CVE-2023-1872 + RESERVED +CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-1869 (The YourChannel plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2023-1868 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) + TODO: check +CVE-2023-1867 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) + TODO: check +CVE-2023-1864 + RESERVED +CVE-2023-1863 + RESERVED +CVE-2023-1862 + RESERVED +CVE-2023-1861 + RESERVED +CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...) + TODO: check +CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...) + TODO: check +CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2021-4335 + RESERVED +CVE-2021-4334 + RESERVED +CVE-2014-125094 + RESERVED CVE-2023-29383 RESERVED CVE-2023-29382 @@ -221,28 +339,28 @@ CVE-2023-29274 RESERVED CVE-2023-29273 RESERVED -CVE-2023-1860 - RESERVED +CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...) + TODO: check CVE-2023-1859 RESERVED -CVE-2023-1858 - RESERVED -CVE-2023-1857 - RESERVED -CVE-2023-1856 - RESERVED +CVE-2023-1858 (A vulnerability was found in SourceCodester
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for cairosvg update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
437b70e9 by Salvatore Bonaccorso at 2023-04-05T22:07:29+02:00
Reserve DSA number for cairosvg update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DSA-5382-1 cairosvg - security update
+ {CVE-2023-27586}
+ [bullseye] - cairosvg 2.5.0-1.1+deb11u1
[05 Apr 2023] DSA-5381-1 tomcat9 - security update
{CVE-2022-42252 CVE-2022-45143 CVE-2023-28708}
[bullseye] - tomcat9 9.0.43-2~deb11u6
=
data/dsa-needed.txt
=
@@ -15,8 +15,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
apache2
Regressions: #1033408, maybe #1033284
--
-cairosvg (carnil)
---
chromium
--
ghostscript (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/437b70e94fb64cee4a13037b3437b038e26b3e3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/437b70e94fb64cee4a13037b3437b038e26b3e3c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5381-1 for tomcat9
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
baa5071f by Markus Koschany at 2023-04-05T21:50:16+02:00
Reserve DSA-5381-1 for tomcat9
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -31967,7 +31967,6 @@ CVE-2022-3933 (The Essential Real Estate WordPress
plugin before 3.9.6 does not
NOT-FOR-US: WordPress plugin
CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to
9.0.68 and ...)
- tomcat9 9.0.70-1
- [bullseye] - tomcat9 (Minor issue, fix along in future
update)
[buster] - tomcat9 (The vulnerable code was introduced
later)
- tomcat8
NOTE:
https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
(9.0.69)
@@ -42817,7 +42816,6 @@ CVE-2022-42253
RESERVED
CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67,
10.0.0-M1 to 10. ...)
- tomcat9 9.0.68-1
- [bullseye] - tomcat9 (Minor issue, fix along in future
update)
- tomcat8
NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
NOTE:
https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
(9.0.68)
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DSA-5381-1 tomcat9 - security update
+ {CVE-2022-42252 CVE-2022-45143 CVE-2023-28708}
+ [bullseye] - tomcat9 9.0.43-2~deb11u6
[29 Mar 2023] DSA-5380-1 xorg-server - security update
{CVE-2023-1393}
[bullseye] - xorg-server 2:1.20.11-1+deb11u6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa5071fa0ec69cb89324abe638a02ca28a68978
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa5071fa0ec69cb89324abe638a02ca28a68978
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3384-1 for tomcat9
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
743234c3 by Markus Koschany at 2023-04-05T21:42:21+02:00
Reserve DLA-3384-1 for tomcat9
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -42818,7 +42818,6 @@ CVE-2022-42253
CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67,
10.0.0-M1 to 10. ...)
- tomcat9 9.0.68-1
[bullseye] - tomcat9 (Minor issue, fix along in future
update)
- [buster] - tomcat9 (Minor issue, occurs when system is
explicitly configured in an insecure way)
- tomcat8
NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
NOTE:
https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
(9.0.68)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DLA-3384-1 tomcat9 - security update
+ {CVE-2022-42252 CVE-2023-28708}
+ [buster] - tomcat9 9.0.31-1~deb10u8
[05 Apr 2023] DLA-3383-1 grunt - security update
{CVE-2022-1537}
[buster] - grunt 1.0.1-8+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743234c38e09e5d1474d68e9395e716ad3c2df72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743234c38e09e5d1474d68e9395e716ad3c2df72
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove unrelated URL from CVE-2023-20941
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91e03c81 by Salvatore Bonaccorso at 2023-04-05T21:14:55+02:00 Remove unrelated URL from CVE-2023-20941 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34059,7 +34059,6 @@ CVE-2023-20942 CVE-2023-20941 RESERVED - linux (Android-specific kernel patch) - NOTE: https://gerrit.wikimedia.org/r/c/operations/puppet/+/906030/ CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...) NOT-FOR-US: Android CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e03c81184b9ae368462ac7b367dcb5918c23db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e03c81184b9ae368462ac7b367dcb5918c23db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark cgminer as removed from all supported suites
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79eeb566 by Salvatore Bonaccorso at 2023-04-05T20:58:12+02:00 Mark cgminer as removed from all supported suites - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -939,3 +939,4 @@ golang-1.18 axtls rust-crossbeam-utils-0.7 mariadb-10.6 +cgminer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79eeb566fbf8de5e910877c50bb3e9e89be22613 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79eeb566fbf8de5e910877c50bb3e9e89be22613 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark cgimer as removed from the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d98084e9 by Salvatore Bonaccorso at 2023-04-05T20:56:55+02:00 Mark cgimer as removed from the archive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -338098,7 +338098,7 @@ CVE-2018-10059 (Cacti before 1.1.37 has XSS because the get_current_page functio NOTE: get_current_page was added in the 1.x series NOTE: PHP_SELF/SCRIPT_NAME inconsistency protection in global/include.php in v<1.1.4 CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...) - - cgminer (bug #900929) + - cgminer (bug #900929) [stretch] - cgminer (Minor issue) [jessie] - cgminer (Minor issue) - bfgminer (bug #900930) @@ -338106,7 +338106,7 @@ CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5 NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1 NOTE: Mitigated by toolchain hardening to plain crash CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...) - - cgminer (bug #900929) + - cgminer (bug #900929) [stretch] - cgminer (Minor issue) [jessie] - cgminer (Minor issue) - bfgminer (bug #900930) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98084e925952fb22129e843f3a698692fea846f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98084e925952fb22129e843f3a698692fea846f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: re-add grunt
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0040624c by Sylvain Beucler at 2023-04-05T20:03:01+02:00 dla: re-add grunt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,6 +102,11 @@ golang-yaml.v2 NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't). -- +grunt + NOTE: 20230404: Programming language: JavaScript. + NOTE: 20230404: CVE-2022-0436 fixed in all other dists (Debian 11.4, ELA-672-1 for stretch) (Beuc/front-desk) + NOTE: 20230405: Re-added since today's DLA didn't fix the above CVE, please apply a fix or clarify the tracker (Beuc/front-desk) +-- hdf5 NOTE: 20230318: Programming language: C. NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0040624cad4f8ab6fdd957087b6a65428a9aefb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0040624cad4f8ab6fdd957087b6a65428a9aefb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ruby-rack ( with utkarsh as mentor )
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d1461ca by Scarlett Moore at 2023-04-05T10:51:21-07:00 Claim ruby-rack ( with utkarsh as mentor ) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -257,7 +257,7 @@ ruby-loofah (dleidert) NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts list. (lamby) NOTE: 20230403: Everything ready, just waiting for ruby-rails-html-sanitizer/utkarsh (dleidert) -- -ruby-rack +ruby-rack ( utkarsh & sgmoore ) NOTE: 20230313: Programming language: Ruby. NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1461caa7465a504b6219e42f26f10f732efb9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1461caa7465a504b6219e42f26f10f732efb9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim udisks2 in dla-needed.txt
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a78684a by Tobias Frost at 2023-04-05T19:25:00+02:00 LTS: claim udisks2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -298,7 +298,7 @@ trafficserver (Markus Koschany) NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same fix as CVE-2022-31778 (marked as to be ignored), but no proof on that… NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6. -- -udisks2 +udisks2 (tobi) NOTE: 20230404: Programming language: C, Python. NOTE: 20230404: CVE-2021-3802 (kernel panic) fixed in all other dists (Debian 11.2, DLA-2809-1 for stretch) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a78684a993b98d1ab3e542258f81c5c96d9d26f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a78684a993b98d1ab3e542258f81c5c96d9d26f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new opensmtpd issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a6c651b by Moritz Mühlenhoff at 2023-04-05T19:17:31+02:00 new opensmtpd issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -119,7 +119,8 @@ CVE-2023-29325 CVE-2023-29324 RESERVED CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...) - TODO: check + - opensmtpd + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig CVE-2023-29322 RESERVED CVE-2023-29321 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6c651b7e04344dc4b18e0a38454379a66b0aa8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6c651b7e04344dc4b18e0a38454379a66b0aa8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3383-1 for grunt
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e36a2bd6 by Chris Lamb at 2023-04-05T18:06:31+01:00
Reserve DLA-3383-1 for grunt
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -76661,7 +76661,6 @@ CVE-2022-1538
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race
condit ...)
- grunt 1.5.3-1
[bullseye] - grunt (Minor issue)
- [buster] - grunt (Minor issue)
NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
NOTE:
https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
(v1.5.3)
CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and
classified ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Apr 2023] DLA-3383-1 grunt - security update
+ {CVE-2022-1537}
+ [buster] - grunt 1.0.1-8+deb10u2
[05 Apr 2023] DLA-3382-1 openimageio - security update
{CVE-2022-36354 CVE-2022-41639 CVE-2022-41838 CVE-2022-41977
CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593
CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598
CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}
[buster] - openimageio 2.0.5~dfsg0-1+deb10u1
=
data/dla-needed.txt
=
@@ -102,10 +102,6 @@ golang-yaml.v2
NOTE: 20230125: VCS:
https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
NOTE: 20230125: Special attention: limited support; requires rebuilding
reverse build dependencies (though recent bullseye updates didn't).
--
-grunt (Chris Lamb)
- NOTE: 20230404: Programming language: JavaScript.
- NOTE: 20220528: CVE-2022-0436 fixed in all other dists (Debian 11.4,
ELA-672-1 for stretch) (Beuc/front-desk)
---
hdf5
NOTE: 20230318: Programming language: C.
NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e36a2bd67ca7d8ef7bc6480e0d1c8517b17c2986
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e36a2bd67ca7d8ef7bc6480e0d1c8517b17c2986
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-45143,tomcat9: buster is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 989ac170 by Markus Koschany at 2023-04-05T18:28:24+02:00 CVE-2022-45143,tomcat9: buster is not affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31967,7 +31967,7 @@ CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...) - tomcat9 9.0.70-1 [bullseye] - tomcat9 (Minor issue, fix along in future update) - [buster] - tomcat9 (Minor issue, fix along in future update) + [buster] - tomcat9 (The vulnerable code was introduced later) - tomcat8 NOTE: https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e (9.0.69) NOTE: https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf (8.5.84) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989ac1705dbcd1f07f3fda221fc0dbb0bfaf02f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989ac1705dbcd1f07f3fda221fc0dbb0bfaf02f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d9ed3ea by Moritz Mühlenhoff at 2023-04-05T18:01:55+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33716,46 +33716,66 @@ CVE-2023-21101 RESERVED CVE-2023-21100 RESERVED + NOT-FOR-US: Android CVE-2023-21099 RESERVED + NOT-FOR-US: Android CVE-2023-21098 RESERVED + NOT-FOR-US: Android CVE-2023-21097 RESERVED + NOT-FOR-US: Android CVE-2023-21096 RESERVED + NOT-FOR-US: Android CVE-2023-21095 RESERVED CVE-2023-21094 RESERVED + NOT-FOR-US: Android CVE-2023-21093 RESERVED + NOT-FOR-US: Android CVE-2023-21092 RESERVED + NOT-FOR-US: Android CVE-2023-21091 RESERVED + NOT-FOR-US: Android CVE-2023-21090 RESERVED + NOT-FOR-US: Android CVE-2023-21089 RESERVED + NOT-FOR-US: Android CVE-2023-21088 RESERVED + NOT-FOR-US: Android CVE-2023-21087 RESERVED + NOT-FOR-US: Android CVE-2023-21086 RESERVED + NOT-FOR-US: Android CVE-2023-21085 RESERVED + NOT-FOR-US: Android CVE-2023-21084 RESERVED + NOT-FOR-US: Android CVE-2023-21083 RESERVED + NOT-FOR-US: Android CVE-2023-21082 RESERVED + NOT-FOR-US: Android CVE-2023-21081 RESERVED + NOT-FOR-US: Android CVE-2023-21080 RESERVED + NOT-FOR-US: Android CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) @@ -33982,6 +34002,7 @@ CVE-2023-20968 (In multiple locations of p2p_iface.cpp, there is a possible out NOT-FOR-US: Android CVE-2023-20967 RESERVED + NOT-FOR-US: Android CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-20965 @@ -34016,6 +34037,7 @@ CVE-2023-20951 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possibl NOT-FOR-US: Android CVE-2023-20950 RESERVED + NOT-FOR-US: Android CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...) NOT-FOR-US: Linux kernel of the Pixel phone CVE-2023-20948 (In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out ...) @@ -34035,7 +34057,8 @@ CVE-2023-20942 NOT-FOR-US: Android CVE-2023-20941 RESERVED - NOT-FOR-US: Android + - linux (Android-specific kernel patch) + NOTE: https://gerrit.wikimedia.org/r/c/operations/puppet/+/906030/ CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...) NOT-FOR-US: Android CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...) @@ -34051,6 +34074,7 @@ CVE-2023-20936 (In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out NOT-FOR-US: Android CVE-2023-20935 RESERVED + NOT-FOR-US: Android CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...) NOT-FOR-US: Android CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...) @@ -34109,6 +34133,7 @@ CVE-2023-20910 (In addNetworkSuggestions of WifiManager.java, there is a possibl NOT-FOR-US: Android CVE-2023-20909 RESERVED + NOT-FOR-US: Android CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...) NOT-FOR-US: Android CVE-2023-20907 @@ -36846,6 +36871,7 @@ CVE-2023-20472 RESERVED CVE-2023-20471 RESERVED + NOT-FOR-US: Android CVE-2023-20470 RESERVED CVE-2023-20469 @@ -36862,6 +36888,7 @@ CVE-2023-20464 RESERVED CVE-2023-20463 RESERVED + NOT-FOR-US: Android CVE-2023-20462 RESERVED CVE-2023-20461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ed3ea20226adb56f034663a0a3909599f5291 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ed3ea20226adb56f034663a0a3909599f5291 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: php-cas: clarification
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: ca3f5556 by Sylvain Beucler at 2023-04-05T12:53:29+02:00 dla: php-cas: clarification - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -194,7 +194,7 @@ php-cas NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola) NOTE: 20221107: php-cas only has 2 reverse-deps in buster (fusiondirectory, ocsinventory-reports), NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk) - NOTE: 20221110: upcoming DSA (Beuc/front-desk) + NOTE: 20221110: a DSA is planned (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- pluxml View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3f555694b519f2a3774fd960deb4e7f3e5ad55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3f555694b519f2a3774fd960deb4e7f3e5ad55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim grunt.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 3839c34d by Chris Lamb at 2023-04-05T10:03:54+01:00 data/dla-needed.txt: Claim grunt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,7 +102,7 @@ golang-yaml.v2 NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't). -- -grunt +grunt (Chris Lamb) NOTE: 20230404: Programming language: JavaScript. NOTE: 20220528: CVE-2022-0436 fixed in all other dists (Debian 11.4, ELA-672-1 for stretch) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3839c34daff53b37550781d09ac497edef3db874 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3839c34daff53b37550781d09ac497edef3db874 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium CVEs fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 63ab8d74 by Salvatore Bonaccorso at 2023-04-05T10:32:48+02:00 Track fixed version for chromium CVEs fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -413,46 +413,46 @@ CVE-2023-28384 CVE-2023-1824 RESERVED CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...) - - chromium + - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1809 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63ab8d74220d2c9e115a9c4ac5bfc668e5cce768 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63ab8d74220d2c9e115a9c4ac5bfc668e5cce768 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 66b45845 by Salvatore Bonaccorso at 2023-04-05T10:31:46+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -413,33 +413,47 @@ CVE-2023-28384 CVE-2023-1824 RESERVED CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-1809 RESERVED CVE-2023-1808 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66b458458deff31e936d2b43a92d2ec0603a874a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66b458458deff31e936d2b43a92d2ec0603a874a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1649353b by Salvatore Bonaccorso at 2023-04-05T10:29:21+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -17,6 +17,8 @@ apache2 -- cairosvg (carnil) -- +chromium +-- ghostscript (carnil) -- gpac (aron) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1649353bd99645a1f8963899207e0c7b08ec2846 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1649353bd99645a1f8963899207e0c7b08ec2846 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e45b4df6 by Salvatore Bonaccorso at 2023-04-05T10:27:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,15 +243,15 @@ CVE-2023-1851 CVE-2023-1850 RESERVED CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll System 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll System ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1845 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1844 RESERVED CVE-2023-1843 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e45b4df60b0c9cffc276b37da0946c2f3283bd63 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e45b4df60b0c9cffc276b37da0946c2f3283bd63 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 57c0b23b by Moritz Mühlenhoff at 2023-04-05T10:12:26+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -632,16 +632,20 @@ CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29138 RESERVED + NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2023-29136 RESERVED CVE-2023-29135 RESERVED + NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29134 RESERVED + NOT-FOR-US: Cargo MediaWiki extension CVE-2023-29133 RESERVED + NOT-FOR-US: Cargo MediaWiki extension CVE-2023-29132 [Irssi SA-2023-03 / Use after free in printing routine] RESERVED - irssi (bug #1033785) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c0b23b3afdffb906d5b1e38a59066530828701 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c0b23b3afdffb906d5b1e38a59066530828701 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09dbcfe3 by security tracker role at 2023-04-05T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,265 @@ +CVE-2023-29383 + RESERVED +CVE-2023-29382 + RESERVED +CVE-2023-29381 + RESERVED +CVE-2023-29380 + RESERVED +CVE-2023-29379 + RESERVED +CVE-2023-29378 + RESERVED +CVE-2023-29377 + RESERVED +CVE-2023-29376 + RESERVED +CVE-2023-29375 + RESERVED +CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...) + TODO: check +CVE-2023-29373 + RESERVED +CVE-2023-29372 + RESERVED +CVE-2023-29371 + RESERVED +CVE-2023-29370 + RESERVED +CVE-2023-29369 + RESERVED +CVE-2023-29368 + RESERVED +CVE-2023-29367 + RESERVED +CVE-2023-29366 + RESERVED +CVE-2023-29365 + RESERVED +CVE-2023-29364 + RESERVED +CVE-2023-29363 + RESERVED +CVE-2023-29362 + RESERVED +CVE-2023-29361 + RESERVED +CVE-2023-29360 + RESERVED +CVE-2023-29359 + RESERVED +CVE-2023-29358 + RESERVED +CVE-2023-29357 + RESERVED +CVE-2023-29356 + RESERVED +CVE-2023-29355 + RESERVED +CVE-2023-29354 + RESERVED +CVE-2023-29353 + RESERVED +CVE-2023-29352 + RESERVED +CVE-2023-29351 + RESERVED +CVE-2023-29350 + RESERVED +CVE-2023-29349 + RESERVED +CVE-2023-29348 + RESERVED +CVE-2023-29347 + RESERVED +CVE-2023-29346 + RESERVED +CVE-2023-29345 + RESERVED +CVE-2023-29344 + RESERVED +CVE-2023-29343 + RESERVED +CVE-2023-29342 + RESERVED +CVE-2023-29341 + RESERVED +CVE-2023-29340 + RESERVED +CVE-2023-29339 + RESERVED +CVE-2023-29338 + RESERVED +CVE-2023-29337 + RESERVED +CVE-2023-29336 + RESERVED +CVE-2023-29335 + RESERVED +CVE-2023-29334 + RESERVED +CVE-2023-29333 + RESERVED +CVE-2023-29332 + RESERVED +CVE-2023-29331 + RESERVED +CVE-2023-29330 + RESERVED +CVE-2023-29329 + RESERVED +CVE-2023-29328 + RESERVED +CVE-2023-29327 + RESERVED +CVE-2023-29326 + RESERVED +CVE-2023-29325 + RESERVED +CVE-2023-29324 + RESERVED +CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...) + TODO: check +CVE-2023-29322 + RESERVED +CVE-2023-29321 + RESERVED +CVE-2023-29320 + RESERVED +CVE-2023-29319 + RESERVED +CVE-2023-29318 + RESERVED +CVE-2023-29317 + RESERVED +CVE-2023-29316 + RESERVED +CVE-2023-29315 + RESERVED +CVE-2023-29314 + RESERVED +CVE-2023-29313 + RESERVED +CVE-2023-29312 + RESERVED +CVE-2023-29311 + RESERVED +CVE-2023-29310 + RESERVED +CVE-2023-29309 + RESERVED +CVE-2023-29308 + RESERVED +CVE-2023-29307 + RESERVED +CVE-2023-29306 + RESERVED +CVE-2023-29305 + RESERVED +CVE-2023-29304 + RESERVED +CVE-2023-29303 + RESERVED +CVE-2023-29302 + RESERVED +CVE-2023-29301 + RESERVED +CVE-2023-29300 + RESERVED +CVE-2023-29299 + RESERVED +CVE-2023-29298 + RESERVED +CVE-2023-29297 + RESERVED +CVE-2023-29296 + RESERVED +CVE-2023-29295 + RESERVED +CVE-2023-29294 + RESERVED +CVE-2023-29293 + RESERVED +CVE-2023-29292 + RESERVED +CVE-2023-29291 + RESERVED +CVE-2023-29290 + RESERVED +CVE-2023-29289 + RESERVED +CVE-2023-29288 + RESERVED +CVE-2023-29287 + RESERVED +CVE-2023-29286 + RESERVED +CVE-2023-29285 + RESERVED +CVE-2023-29284 + RESERVED +CVE-2023-29283 + RESERVED +CVE-2023-29282 + RESERVED +CVE-2023-29281 + RESERVED +CVE-2023-29280 + RESERVED +CVE-2023-29279 + RESERVED +CVE-2023-29278 + RESERVED +CVE-2023-29277 + RESERVED +CVE-2023-29276 + RESERVED +CVE-2023-29275 + RESERVED +CVE-2023-29274 + RESERVED +CVE-2023-29273 + RESERVED +CVE-2023-1860 + RESERVED +CVE-2023-1859 + RESERVED +CVE-2023-1858 + RESERVED +CVE-2023-1857 + RESERVED +CVE-2023-1856 + RESERVED +CVE-2023-1855 + RESERVED +CVE-2023-1854 + RESERVED +CVE-2023-1853 + RESERVED +CVE-2023-1852 + RESERVED +CVE-2023-1851 + RESERVED +CVE-2023-1850 + RESERVED +CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) + TODO: check +CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) + TODO: check +CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll System 1.0 ...) + TODO: check +CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll System ...) + TODO: check +CVE-2023-1845 (A
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1838/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6aafaf2b by Salvatore Bonaccorso at 2023-04-05T09:47:03+02:00 Add CVE-2023-1838/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72,6 +72,10 @@ CVE-2023-1839 RESERVED CVE-2023-1838 RESERVED + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18) CVE-2023-1837 RESERVED CVE-2023-1836 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aafaf2bc93784f61a562aeeba628899b0a5d1ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aafaf2bc93784f61a562aeeba628899b0a5d1ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for smarty issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2c6b350 by Salvatore Bonaccorso at 2023-04-05T08:02:06+02:00 Add Debian bug references for smarty issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2713,8 +2713,8 @@ CVE-2023-28449 CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...) NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures) CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...) - - smarty3 - - smarty4 + - smarty3 (bug #1033964) + - smarty4 (bug #1033965) NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj NOTE: https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72 (v4.3.1) NOTE: https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad (v3.1.48) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c6b350870fa943afb65b056a7099f15b2769bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c6b350870fa943afb65b056a7099f15b2769bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
