[Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 03b044cf by Thorsten Alteholz at 2023-05-22T02:10:53+02:00 update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -71,6 +71,7 @@ libcap2 (Abhijith PA) libfastjson (Thorsten Alteholz) NOTE: 20230507: Programming language: C. NOTE: 20230507: the CVE was fixed in json-c already + NOTE: 20230521: an RCE CVE of cups-filter made a mess of the timing -- libraw (guilhem) NOTE: 20230520: Programming language: C++. @@ -181,6 +182,7 @@ ring (Thorsten Alteholz) NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git NOTE: 20230507: testing package + NOTE: 20230521: an RCE CVE of cups-filter made a mess of the timing -- ruby-loofah NOTE: 20221231: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b044cf88afc3351833a772c596d3588e5c1c99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b044cf88afc3351833a772c596d3588e5c1c99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3430-1 for cups-filters
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f461f1b9 by Thorsten Alteholz at 2023-05-22T00:24:13+02:00 Reserve DLA-3430-1 for cups-filters - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[22 May 2023] DLA-3430-1 cups-filters - security update + {CVE-2023-24805} + [buster] - cups-filters 1.21.6-5+deb10u1 [21 May 2023] DLA-3429-1 imagemagick - security update {CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547} [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 = data/dla-needed.txt = @@ -18,9 +18,6 @@ cairosvg NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert) NOTE: 20230519: VCS: https://salsa.debian.org/lts-team/packages/cairosvg.git -- -cups-filters (Thorsten Alteholz) - NOTE: 20230517: Programming language: C. --- docker.io NOTE: 20230303: Programming language: Go. NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f461f1b90cdbd7ce0dfa0a394e5e1ae8e95a5556 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f461f1b90cdbd7ce0dfa0a394e5e1ae8e95a5556 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3429-1 for imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: ed2d1ded by Bastien Roucariès at 2023-05-21T22:08:26+00:00 Reserve DLA-3429-1 for imagemagick - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -76193,7 +76193,6 @@ CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813 NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033 @@ -76203,7 +76202,6 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985 @@ -76213,7 +76211,6 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962 @@ -88387,7 +88384,6 @@ CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.) {DLA-3007-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680 @@ -132077,7 +132073,6 @@ CVE-2021-39213 (GLPI is a free Asset and IT management software package. Startin CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 @@ -180993,7 +180988,6 @@ CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A pot [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...) @@ -181001,7 +180995,6 @@ CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an int [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...) @@ -181016,7 +181009,6 @@ CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and be [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may
[Git][security-tracker-team/security-tracker][master] Take libraw from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d7cedde by Salvatore Bonaccorso at 2023-05-21T22:28:36+02:00 Take libraw from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,7 +25,7 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions -- -libraw +libraw (carnil) -- libssh -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7cedde243ed9f6a9ee796ffce8e09e7a938f1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7cedde243ed9f6a9ee796ffce8e09e7a938f1f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb6dde22 by Salvatore Bonaccorso at 2023-05-21T22:27:05+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: hledger CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) NOT-FOR-US: WordPress plugin CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb6dde22dbe840898924903ca5a1c0515df6dc6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb6dde22dbe840898924903ca5a1c0515df6dc6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-2157
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e00bd633 by Salvatore Bonaccorso at 2023-05-21T22:24:02+02:00 Add Debian bug reference for CVE-2023-2157 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2811,7 +2811,7 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 RESERVED - - imagemagick + - imagemagick (bug #1036476) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e00bd6334b92d8b16949d274541cf6081ea50033 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e00bd6334b92d8b16949d274541cf6081ea50033 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36636f51 by security tracker role at 2023-05-21T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored Cross-Site Sc ...) + TODO: check CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) NOT-FOR-US: WordPress plugin CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) @@ -3849,7 +3851,7 @@ CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redi NOT-FOR-US: Mattermost Desktop App CVE-2023-1999 RESERVED - {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 @@ -20603,6 +20605,7 @@ CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19. CVE-2023-24806 REJECTED CVE-2023-24805 (cups-filters contains backends, filters, and other software required t ...) + {DSA-5407-1} - cups-filters 1.28.17-3 (bug #1036224) NOTE: https://www.openwall.com/lists/oss-security/2023/05/17/5 NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36636f513626718796ce3e885b2becc58deaa4d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36636f513626718796ce3e885b2becc58deaa4d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-2283: Use full commit hash id
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1635ee12 by Salvatore Bonaccorso at 2023-05-21T21:29:36+02:00 CVE-2023-2283: Use full commit hash id - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1655,9 +1655,9 @@ CVE-2023-2283 [Authorization bypass in pki_verify_data_signature] - libssh 0.10.5-1 (bug #1035832) [buster] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt - NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5) - NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5) - NOTE: Commit https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces vulnerable function (libssh-0.9.0) + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5) + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5) + NOTE: Vulnerable function introduced with: https://git.libssh.org/projects/libssh.git/commit/?id=fd9446553b5e06c95c67945959b228e44c870b73 (libssh-0.9.0) CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...) NOT-FOR-US: Devolutions CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1635ee12ba3bbaa32f087d7c0f5312c7b57fef29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-32668/texlive-bin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69eb6940 by Salvatore Bonaccorso at 2023-05-21T21:10:51+02:00 Add Debian bug reference for CVE-2023-32668/texlive-bin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -720,7 +720,7 @@ CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path c - postgresql-11 NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...) - - texlive-bin + - texlive-bin (bug #1036470) [bullseye] - texlive-bin (Minor issue) [buster] - texlive-bin (Minor issue) NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69eb69403bb31f259ee43717b228468fb1ed3faa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69eb69403bb31f259ee43717b228468fb1ed3faa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for virtuoso-opensource issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff1a2c8e by Salvatore Bonaccorso at 2023-05-21T21:02:29+02:00 Add Debian bug reference for virtuoso-opensource issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -378,125 +378,125 @@ CVE-2023-31843 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137 NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09 CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138 NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830 CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139 NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140 NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494 CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129 NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131 CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134 NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526 CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135 NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...) - - virtuoso-opensource + - virtuoso-opensource (bug #1036467) [bullseye] - virtuoso-opensource (Minor issue) NOTE:
[Git][security-tracker-team/security-tracker][master] libwebp DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 30de8d07 by Moritz Mühlenhoff at 2023-05-21T19:59:11+02:00 libwebp DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[21 May 2023] DSA-5408-1 libwebp - security update + {CVE-2023-1999} + [bullseye] - libwebp 0.6.1-2.1+deb11u1 [21 May 2023] DSA-5407-1 cups-filters - security update {CVE-2023-24805} [bullseye] - cups-filters 1.28.7-1+deb11u2 = data/dsa-needed.txt = @@ -29,8 +29,6 @@ libraw -- libssh -- -libwebp (jmm) --- nbconvert -- netatalk View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30de8d07d8df6322e3cd3272338ed904496451da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30de8d07d8df6322e3cd3272338ed904496451da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add imagemagick6 commit for CVE-2021-39212
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a520114 by Bastien Roucariès at 2023-05-21T15:49:07+00:00 Add imagemagick6 commit for CVE-2021-39212 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -132079,6 +132079,8 @@ CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74 CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a520114d4ceb09f5dfed3e29c0ea80237422181 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a520114d4ceb09f5dfed3e29c0ea80237422181 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-2283/libssh [buster] vulnerable code introduced later.
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 60062332 by Tobias Frost at 2023-05-21T15:56:01+02:00 CVE-2023-2283/libssh [buster] vulnerable code introduced later. Vulnerablity is in function pki_verify_data_signature and explained in [1] Commit that introduces vulnerable function: https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 Commit that starts using the function: https://git.libssh.org/projects/libssh.git/commit/?id=db51fa1 git tag --contains fd94465 shows that this commit no earlier than 0.9.0 part of any release. The implementation present in buster, 0.8.7, does not have the refactoring and errors out correctly with return SSH_ERROR in the verify functiob pki_signature_verify that will in a later version call the vulnearble pki_verify_data_signature(). [1] https://www.libssh.org/security/advisories/CVE-2023-2283.txt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1653,9 +1653,11 @@ CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk < CVE-2023-2283 [Authorization bypass in pki_verify_data_signature] RESERVED - libssh 0.10.5-1 (bug #1035832) + [buster] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5) + NOTE: Commit https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces vulnerable function (libssh-0.9.0) CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...) NOT-FOR-US: Devolutions CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for cups-filters
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b318874 by Salvatore Bonaccorso at 2023-05-21T15:46:00+02:00 Reserve DSA number for cups-filters - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[21 May 2023] DSA-5407-1 cups-filters - security update + {CVE-2023-24805} + [bullseye] - cups-filters 1.28.7-1+deb11u2 [20 May 2023] DSA-5406-1 texlive-bin - security update {CVE-2023-32700} [bullseye] - texlive-bin 2020.20200327.54578-7+deb11u1 = data/dsa-needed.txt = @@ -16,8 +16,6 @@ asterisk -- cinder -- -cups-filters (carnil) --- gpac (aron) -- jupyter-core View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b318874533e9576c6e9418382d2d2e21689a22a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b318874533e9576c6e9418382d2d2e21689a22a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for dokuwiki via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed10daa6 by Salvatore Bonaccorso at 2023-05-21T15:41:24+02:00 Track fixed version for dokuwiki via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -127,7 +127,7 @@ CVE-2023-32762 - qtbase-opensource-src-gles TODO: check for more details on actual fixes needed for network/access/qhsts.cpp CVE-2023- [XSS in RSS syntax] - - dokuwiki (bug #1036279) + - dokuwiki 0.0.20220731.a-2 (bug #1036279) [bullseye] - dokuwiki (Minor issue) NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967 NOTE: https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed10daa6c6f67898ac3c22f1c6db12cc0885bcf3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed10daa6c6f67898ac3c22f1c6db12cc0885bcf3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for two libraw issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d5718cf by Salvatore Bonaccorso at 2023-05-21T14:06:43+02:00 Track fixed version for two libraw issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7806,7 +7806,7 @@ CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file uploa CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...) - - libraw (bug #1036281) + - libraw 0.20.2-2.1 (bug #1036281) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240 NOTE: https://github.com/LibRaw/LibRaw/issues/557 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master) @@ -149725,7 +149725,7 @@ CVE-2021-32143 RESERVED CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows atta ...) [experimental] - libraw 0.21.1-1 - - libraw (bug #1031790) + - libraw 0.20.2-2.1 (bug #1031790) [bullseye] - libraw (Minor issue) [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/400 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d5718cf9b7f8a32c6d7e824c20b477b5f633843 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d5718cf9b7f8a32c6d7e824c20b477b5f633843 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-4219 is not for strech
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ff03e2d by Bastien Roucariès at 2023-05-21T11:54:59+00:00 CVE-2021-4219 is not for strech Code introduced later. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -98012,7 +98012,7 @@ CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Vulnerable code introduced later) - [stretch] - imagemagick (Minor issue, DoS) + [stretch] - imagemagick (Vulnerable code introduced later) NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/b51ead044753d771646fe1dfd6fb1db0b562a5f0 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7f1b2b9b816baaa956381ff80c3b120e83faa95 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ff03e2d57a459b0ab684599a22a48dae2e9588e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ff03e2d57a459b0ab684599a22a48dae2e9588e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take cups-filters prepared by Thorsten for DSA release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e878c362 by Salvatore Bonaccorso at 2023-05-21T13:10:53+02:00 Take cups-filters prepared by Thorsten for DSA release - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,7 +16,7 @@ asterisk -- cinder -- -cups-filters +cups-filters (carnil) -- gpac (aron) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e878c362a1a96a2c12a3b9ab92ba3294b6b619ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e878c362a1a96a2c12a3b9ab92ba3294b6b619ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afe52d21 by Salvatore Bonaccorso at 2023-05-21T11:48:33+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) - TODO: check + NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone ...) NOT-FOR-US: Obsidian CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability in "Re ...) @@ -15,7 +15,7 @@ CVE-2023-2824 (A vulnerability was found in SourceCodester Dental Clinic Appoint CVE-2023-2823 (A vulnerability was found in SourceCodester Class Scheduling System 1. ...) NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-2822 (A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It ...) - TODO: check + NOT-FOR-US: Ellucian Ethos Identity CVE-2023-2736 (The Groundhogg plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2735 (The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site ...) @@ -21928,7 +21928,7 @@ CVE-2023-24416 CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...) NOT-FOR-US: WordPress plugin CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24413 RESERVED CVE-2023-24412 @@ -23237,7 +23237,7 @@ CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23888 @@ -27275,7 +27275,7 @@ CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tric CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) NOT-FOR-US: WordPress plugin CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22688 RESERVED CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...) @@ -33190,7 +33190,7 @@ CVE-2022-47136 CVE-2022-47135 RESERVED CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47133 RESERVED CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afe52d21a25e7d2bb053de30924915969c1a1176 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afe52d21a25e7d2bb053de30924915969c1a1176 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 623b63be by security tracker role at 2023-05-21T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) + TODO: check +CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) + TODO: check CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone ...) NOT-FOR-US: Obsidian CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability in "Re ...) @@ -21923,8 +21927,8 @@ CVE-2023-24416 RESERVED CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...) NOT-FOR-US: WordPress plugin -CVE-2023-24414 - RESERVED +CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) + TODO: check CVE-2023-24413 RESERVED CVE-2023-24412 @@ -23232,8 +23236,8 @@ CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi NOT-FOR-US: WordPress plugin CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin -CVE-2023-23890 - RESERVED +CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb R ...) + TODO: check CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23888 @@ -27270,8 +27274,8 @@ CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tric NOT-FOR-US: WordPress plugin CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) NOT-FOR-US: WordPress plugin -CVE-2023-22689 - RESERVED +CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + TODO: check CVE-2023-22688 RESERVED CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...) @@ -33185,8 +33189,8 @@ CVE-2022-47136 RESERVED CVE-2022-47135 RESERVED -CVE-2022-47134 - RESERVED +CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...) + TODO: check CVE-2022-47133 RESERVED CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) @@ -127275,6 +127279,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity) + {DLA-3428-1} - node-nth-check 2.0.1-1 [bullseye] - node-nth-check 2.0.0-1+deb11u1 [stretch] - node-nth-check (Nodejs in stretch not covered by security support) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623b63bedc2f8f517521046f24876cd1259562cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623b63bedc2f8f517521046f24876cd1259562cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2804/libjpeg-turbo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57062131 by Salvatore Bonaccorso at 2023-05-21T09:27:01+02:00 Add CVE-2023-2804/libjpeg-turbo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,6 +49,10 @@ CVE-2023-2814 (A vulnerability classified as problematic has been found in Sourc NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...) TODO: check +CVE-2023-2804 + - libjpeg-turbo (Vulnerable code not present) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...) NOT-FOR-US: Foxit CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5706213125cfe3d7ec79a2c649db029161eef954 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5706213125cfe3d7ec79a2c649db029161eef954 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2157/imagemagick
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2db58f1b by Salvatore Bonaccorso at 2023-05-21T09:14:49+02:00 Add CVE-2023-2157/imagemagick - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2799,6 +2799,9 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 RESERVED + - imagemagick + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) - linux [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2db58f1b3b1af76acba5adb56d2d11714e3f46d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2db58f1b3b1af76acba5adb56d2d11714e3f46d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits