[Git][security-tracker-team/security-tracker][master] Reserve DLA-3499-1 for libapache2-mod-auth-openidc

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2da979ec by Guilhem Moulin at 2023-07-19T00:39:49+02:00
Reserve DLA-3499-1 for libapache2-mod-auth-openidc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -111492,7 +111492,6 @@ CVE-2022-23528
 CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication 
and autho ...)
- libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
-   [buster] - libapache2-mod-auth-openidc  (Minor issue)
NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8
 (v2.4.12.2)
 CVE-2022-23526 (Helm is a tool for managing Charts, pre-configured Kubernetes 
resource ...)
@@ -139809,7 +139808,6 @@ CVE-2021-39192 (Ghost is a Node.js content management 
system. An error in the im
 CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for 
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1
-   [buster] - libapache2-mod-auth-openidc  (Minor issue; can be 
fixed via point release)
[stretch] - libapache2-mod-auth-openidc  (Minor issue)
NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2
NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[19 Jul 2023] DLA-3499-1 libapache2-mod-auth-openidc - security update
+   {CVE-2021-39191 CVE-2022-23527}
+   [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u3
 [18 Jul 2023] DLA-3498-1 bind9 - security update
{CVE-2023-2828}
[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u9


=
data/dla-needed.txt
=
@@ -80,10 +80,6 @@ imagemagick
 --
 iperf3 (Markus Koschany)
 --
-libapache2-mod-auth-openidc (guilhem)
-  NOTE: 20230620: Added by Front-Desk (Beuc)
-  NOTE: 20230620: Follow fix from bullseye 11.7 (CVE-2022-23527) + 1 postponed 
CVE-2021-39191 (Beuc/front-desk)
---
 libreoffice (Abhijith PA)
   NOTE: 20230530: Added by Front-Desk (pochu)
   NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2da979ecb1f86e6827671057f764ce3f3a3b7195

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2da979ecb1f86e6827671057f764ce3f3a3b7195
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-47085 but with unclear status

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e0c9a2e by Salvatore Bonaccorso at 2023-07-18T22:57:02+02:00
Add CVE-2022-47085 but with unclear status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -40819,7 +40819,9 @@ CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b 
contains a segmentation v
NOTE: https://github.com/gpac/gpac/issues/2337
NOTE: 
https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 
(v2.2.0)
 CVE-2022-47085 (An issue was discovered in ostree before 2022.7 allows 
attackers to ca ...)
-   TODO: check
+   - ostree 
+   NOTE: https://github.com/ostreedev/ostree/issues/2775
+   TODO: check, affected bindings seems not present in src:ostree itself
 CVE-2022-47084
RESERVED
 CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0c9a2e766f53d8c3e27ff74f48d4bd3d027f24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0c9a2e766f53d8c3e27ff74f48d4bd3d027f24
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82321fd6 by Salvatore Bonaccorso at 2023-07-18T22:56:12+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18667,15 +18667,15 @@ CVE-2023-28025
 CVE-2023-28024
RESERVED
 CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI 
Softwar ...)
-   TODO: check
+   NOT-FOR-US: HCL
 CVE-2023-28022
RESERVED
 CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.)
-   TODO: check
+   NOT-FOR-US: HCL
 CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows 
malicious use ...)
-   TODO: check
+   NOT-FOR-US: HCL
 CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 
14 allo ...)
-   TODO: check
+   NOT-FOR-US: HCL
 CVE-2023-28018
RESERVED
 CVE-2023-28017
@@ -26230,7 +26230,7 @@ CVE-2023-25484 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-25483
RESERVED
 CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel 
WP Tile ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove 
Podlove Sub ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-25480
@@ -26244,11 +26244,11 @@ CVE-2023-25477
 CVE-2023-25476
RESERVED
 CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir 
Prelovac S ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi 
About M ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-25473 (Cross-Site Request Forgery (CSRF) vulnerability in Miro 
Mannino Flickr ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove 
Podlove Pod ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-25471
@@ -27316,7 +27316,7 @@ CVE-2023-25038 (Cross-Site Request Forgery (CSRF) 
vulnerability in 984.Ru For th
 CVE-2023-25037
RESERVED
 CVE-2023-25036 (Cross-Site Request Forgery (CSRF) vulnerability in 
akhlesh-nagar, a.An ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-25035
RESERVED
 CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP 
Clean U ...)
@@ -29420,7 +29420,7 @@ CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in I
 CVE-2023-24391
RESERVED
 CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WeSe ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-24389
RESERVED
 CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt 
Booking ca ...)
@@ -31414,7 +31414,7 @@ CVE-2023-23662
 CVE-2023-23661
RESERVED
 CVE-2023-23660 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in 
MainWP MainW ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP 
Matomo Exten ...)
NOT-FOR-US: MainWP Matomo Extension
 CVE-2023-23658
@@ -39715,7 +39715,7 @@ CVE-2022-47423 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin 
Accept St ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Repu ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-47420
RESERVED
 CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. 
Successful  ...)
@@ -40606,7 +40606,7 @@ CVE-2022-47171 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Unli ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-47169 (Cross-Site Request Forgery (CSRF) vulnerability in StaxWP 
Visibility L ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-47168
RESERVED
 CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram 
Kocharyan Cray ...)
@@ -41468,7 +41468,7 @@ CVE-2022-46859
 CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Amin A.R ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert 
plugin <= ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION 
Woocommerce P ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
@@ -44650,7 +44650,7 @@ CVE-2022-45830
 CVE-2022-45829 (Auth. Path Traversal vulnerability inEasy WP SMTP 

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3618/tiff

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5cc3e1dd by Salvatore Bonaccorso at 2023-07-18T22:45:39+02:00
Update status for CVE-2023-3618/tiff

Thanks: László Böszörményi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -921,10 +921,11 @@ CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and 
earlier ignores the "Re
 CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 
and earl ...)
NOT-FOR-US: Jenkins plugin
 CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can 
lead to ...)
-   - tiff  (bug #1040945)
+   - tiff 4.5.1~rc3-1 (bug #1040945)
[bookworm] - tiff  (Minor issue)
[bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
+   NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8
 (v4.5.1rc1)
 CVE-2023-3603
- libssh  (Vulnerable code not present in 0.10.5/any 
released version)
NOTE: 
https://git.libssh.org/projects/libssh.git/commit/?id=fe80f47b0ae8902d229ef9b8a1b4fa949b92e720



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc3e1dd854d91503f2da9818a2f2ca21c33eb69

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc3e1dd854d91503f2da9818a2f2ca21c33eb69
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2023-37476: Add reference to commit in 3.7.4

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a850690c by Salvatore Bonaccorso at 2023-07-18T22:36:36+02:00
CVE-2023-37476: Add reference to commit in 3.7.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -218,7 +218,8 @@ CVE-2023-37479 (Open Enclave is a hardware-agnostic open 
source library for deve
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A 
carefull ...)
- openrefine  (bug #1041422)
NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
-   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
 (master)
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/c40c84d8170c4d61c6a0926531b552a50caa5651
 (3.7.4)
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the 
avro cod ...)
NOT-FOR-US: Hamba avro
 CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded 
to Mete ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a850690c9be76dcfd46d41480dbf69e1414dbd3d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a850690c9be76dcfd46d41480dbf69e1414dbd3d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2023-3724 upstream commit

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f9fd77e by Salvatore Bonaccorso at 2023-07-18T22:33:22+02:00
Add upstream tag reference for CVE-2023-3724 upstream commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -84,7 +84,7 @@ CVE-2018-25088 (A vulnerability, which was classified as 
critical, was found in
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) 
extension nor  ...)
- wolfssl 
NOTE: https://github.com/wolfSSL/wolfssl/pull/6412
-   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa
 (v5.6.2-stable)
 CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9fd77e6f9e2ceb0340778449a8e93c453d433c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f9fd77e6f9e2ceb0340778449a8e93c453d433c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-33265/hazelcast

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a76db07 by Salvatore Bonaccorso at 2023-07-18T22:24:09+02:00
Add CVE-2023-33265/hazelcast

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -64,7 +64,7 @@ CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting 
(XSS) vulnerabilit
 CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
wppal Ea ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 
5.2.3,  ...)
-   TODO: check
+   - hazelcast  (bug #745640)
 CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient 
input valida ...)
NOT-FOR-US: SolarWinds
 CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
CRUDLab  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a76db0744aa816c97857d4a850acb027c3c7d3e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a76db0744aa816c97857d4a850acb027c3c7d3e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-37788/golang-github-elazarl-goproxy

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89643fea by Salvatore Bonaccorso at 2023-07-18T22:23:19+02:00
Add CVE-2023-37788/golang-github-elazarl-goproxy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,7 +11,8 @@ CVE-2023-37892 (Cross-Site Request Forgery (CSRF) 
vulnerability in Kemal YAZICI
 CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin 
WPAdmin AWS ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead 
to a De ...)
-   TODO: check
+   - golang-github-elazarl-goproxy 
+   NOTE: https://github.com/elazarl/goproxy/issues/502
 CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer 
overflow via t ...)
NOT-FOR-US: D-LINK
 CVE-2023-37481 (Fides is an open-source privacy engineering platform for 
managing data ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89643feaf848fc8849bdbd818815eeca6d14d3c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89643feaf848fc8849bdbd818815eeca6d14d3c8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ddb100b by Salvatore Bonaccorso at 2023-07-18T22:22:50+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,81 +1,81 @@
 CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a 
remote  ...)
-   TODO: check
+   NOT-FOR-US: Ap Page Builder
 CVE-2023-38326
REJECTED
 CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
an insec ...)
-   TODO: check
+   NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David 
Pokorny Repla ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal 
YAZICI - Plug ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin 
WPAdmin AWS ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead 
to a De ...)
TODO: check
 CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer 
overflow via t ...)
-   TODO: check
+   NOT-FOR-US: D-LINK
 CVE-2023-37481 (Fides is an open-source privacy engineering platform for 
managing data ...)
TODO: check
 CVE-2023-37480 (Fides is an open-source privacy engineering platform for 
managing data ...)
TODO: check
 CVE-2023-37477 (1Panel is an open source Linux server operation and 
maintenance manage ...)
-   TODO: check
+   NOT-FOR-US: 1Panel
 CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme 
Classif ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media 
Library Helpe ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix 
chat/voip ...)
TODO: check
 CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a 
stack overf ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2023-36670 (A remotely exploitable command injection vulnerability was 
found on th ...)
-   TODO: check
+   NOT-FOR-US: Kratos NGC-IDU
 CVE-2023-36669 (Missing Authentication for a Critical Function within the 
Kratos NGC I ...)
-   TODO: check
+   NOT-FOR-US: Kratos NGC-IDU
 CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
CodePeop ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) 
vulnerability in Mag ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-36120
REJECTED
 CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a crypto ...)
-   TODO: check
+   NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a remote ...)
-   TODO: check
+   NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may 
cause a i ...)
-   TODO: check
+   NOT-FOR-US: AMI SPx
 CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause 
an auth ...)
-   TODO: check
+   NOT-FOR-US: AMI SPx
 CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 
6.0.5,and 6.1p ...)
TODO: check
 CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a direct ...)
-   TODO: check
+   NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) 
vulnerability in H ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
wppal Ea ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 
5.2.3,  ...)
TODO: check
 CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient 
input valida ...)
-   TODO: check
+   NOT-FOR-US: SolarWinds
 CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting 

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02e8b15f by Salvatore Bonaccorso at 2023-07-18T22:16:53+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -73,7 +73,7 @@ CVE-2023-31441 (In NATO Communications and Information Agency 
anet (aka Advisor
 CVE-2023-2913 (An executable used in Rockwell Automation ThinManager 
ThinServer can b ...)
TODO: check
 CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
-   TODO: check
+   NOT-FOR-US: YARPP plugin for WordPress
 CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin 
up to  ...)
TODO: check
 CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection 
Instrument up  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e8b15f83a9cb1e16c2aad88203c29264cb37e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e8b15f83a9cb1e16c2aad88203c29264cb37e8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fef2175a by security tracker role at 2023-07-18T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,85 @@
+CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a 
remote  ...)
+   TODO: check
+CVE-2023-38326
+   REJECTED
+CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
an insec ...)
+   TODO: check
+CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David 
Pokorny Repla ...)
+   TODO: check
+CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal 
YAZICI - Plug ...)
+   TODO: check
+CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin 
WPAdmin AWS ...)
+   TODO: check
+CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead 
to a De ...)
+   TODO: check
+CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer 
overflow via t ...)
+   TODO: check
+CVE-2023-37481 (Fides is an open-source privacy engineering platform for 
managing data ...)
+   TODO: check
+CVE-2023-37480 (Fides is an open-source privacy engineering platform for 
managing data ...)
+   TODO: check
+CVE-2023-37477 (1Panel is an open source Linux server operation and 
maintenance manage ...)
+   TODO: check
+CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme 
Classif ...)
+   TODO: check
+CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media 
Library Helpe ...)
+   TODO: check
+CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix 
chat/voip ...)
+   TODO: check
+CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
+   TODO: check
+CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
+   TODO: check
+CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
+   TODO: check
+CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a 
segmentatio ...)
+   TODO: check
+CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a 
stack overf ...)
+   TODO: check
+CVE-2023-36670 (A remotely exploitable command injection vulnerability was 
found on th ...)
+   TODO: check
+CVE-2023-36669 (Missing Authentication for a Critical Function within the 
Kratos NGC I ...)
+   TODO: check
+CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
CodePeop ...)
+   TODO: check
+CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) 
vulnerability in Mag ...)
+   TODO: check
+CVE-2023-36120
+   REJECTED
+CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a crypto ...)
+   TODO: check
+CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a remote ...)
+   TODO: check
+CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may 
cause a i ...)
+   TODO: check
+CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause 
an auth ...)
+   TODO: check
+CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 
6.0.5,and 6.1p ...)
+   TODO: check
+CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a direct ...)
+   TODO: check
+CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) 
vulnerability in H ...)
+   TODO: check
+CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
wppal Ea ...)
+   TODO: check
+CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 
5.2.3,  ...)
+   TODO: check
+CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient 
input valida ...)
+   TODO: check
+CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
CRUDLab  ...)
+   TODO: check
+CVE-2023-31441 (In NATO Communications and Information Agency anet (aka 
Advisor Networ ...)
+   TODO: check
+CVE-2023-2913 (An executable used in Rockwell Automation ThinManager 
ThinServer can b ...)
+   TODO: check
+CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
+   TODO: check
+CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin 
up to  ...)
+   TODO: check
+CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection 
Instrument up  ...)
+   TODO: check
+CVE-2018-25088 (A vulnerability, which was classified as critical, was found 
in Blue Y ...)
+   TODO: check
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) 
extension nor  ...)
- wolfssl 
NOTE: 

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-38409/linux and sync with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a6abb770 by Salvatore Bonaccorso at 2023-07-18T22:07:45+02:00
Update status for CVE-2023-38409/linux and sync with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -99,7 +99,9 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel 
before 6.3.4. ksmbd
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3)
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
-   - linux 6.3.7-1
+   - linux 6.1.25-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (6.3-rc7)
 CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)
NOT-FOR-US: Creston



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6abb7703bfd3ed37337b4a6d8e9076016c1e137

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6abb7703bfd3ed37337b4a6d8e9076016c1e137
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2023-38426/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca83b462 by Salvatore Bonaccorso at 2023-07-18T22:03:11+02:00
Sync status for CVE-2023-38426/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -94,6 +94,7 @@ CVE-2023-38427 (An issue was discovered in the Linux kernel 
before 6.3.8. fs/smb
NOTE: 
https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (6.4-rc6)
 CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. 
ksmbd has an ...)
- linux 6.3.7-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca83b462e05249e022dbf0fa86cea17e966299d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca83b462e05249e022dbf0fa86cea17e966299d3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38429/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb84d4e0 by Salvatore Bonaccorso at 2023-07-18T22:01:04+02:00
Sync CVE-2023-38429/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -76,6 +76,7 @@ CVE-2023-38430 (An issue was discovered in the Linux kernel 
before 6.3.9. ksmbd
NOTE: 
https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (6.4-rc6)
 CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)
- linux 6.3.7-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb84d4e0e78c74defc82a36ed1540dc7b068490a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb84d4e0e78c74defc82a36ed1540dc7b068490a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38428/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61ac741b by Salvatore Bonaccorso at 2023-07-18T21:59:21+02:00
Sync CVE-2023-38428/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -81,6 +81,7 @@ CVE-2023-38429 (An issue was discovered in the Linux kernel 
before 6.3.4. fs/ksm
NOTE: 
https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3)
 CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/smb ...)
- linux 6.3.7-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (6.4-rc3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac741b65c0a02c0ff9ebb47bc0863cfc4278ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ac741b65c0a02c0ff9ebb47bc0863cfc4278ad
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Drop v prefix from kernel commits for kernel-sec consistency

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbe14f3c by Salvatore Bonaccorso at 2023-07-18T21:56:11+02:00
Drop v prefix from kernel commits for kernel-sec consistency

Though ... that said, it is inconsistent with security-tracker practice
to identify the upstream commits. Feel free to revert.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -78,12 +78,12 @@ CVE-2023-38429 (An issue was discovered in the Linux kernel 
before 6.3.4. fs/ksm
- linux 6.3.7-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (v6.4-rc3)
+   NOTE: 
https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3)
 CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/smb ...)
- linux 6.3.7-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (v6.4-rc3)
+   NOTE: 
https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (6.4-rc3)
 CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1
@@ -94,10 +94,10 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel 
before 6.3.4. ksmbd
- linux 6.3.7-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (v6.4-rc3)
+   NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3)
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
- linux 6.3.7-1
-   NOTE: 
https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (v6.3-rc7)
+   NOTE: 
https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (6.3-rc7)
 CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)
NOT-FOR-US: Creston
 CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations 
Manager (VI ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbe14f3c2b4cd87232d04dabdbb9230cc1861cab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbe14f3c2b4cd87232d04dabdbb9230cc1861cab
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38427/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb30cced by Salvatore Bonaccorso at 2023-07-18T21:55:28+02:00
Sync CVE-2023-38427/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -86,9 +86,10 @@ CVE-2023-38428 (An issue was discovered in the Linux kernel 
before 6.3.4. fs/ksm
NOTE: 
https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (v6.4-rc3)
 CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (v6.4-rc6)
+   NOTE: 
https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (6.4-rc6)
 CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. 
ksmbd has an ...)
- linux 6.3.7-1
[bullseye] - linux  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb30ccedc0c2ee5d2bab2b490cfd32aba6d803f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb30ccedc0c2ee5d2bab2b490cfd32aba6d803f6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38430/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1654109d by Salvatore Bonaccorso at 2023-07-18T21:54:08+02:00
Sync CVE-2023-38430/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -70,9 +70,10 @@ CVE-2023-38431 (An issue was discovered in the Linux kernel 
before 6.3.8. fs/smb
NOTE: 
https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (6.4-rc6)
 CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. 
ksmbd does n ...)
- linux 6.3.11-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (v6.4-rc6)
+   NOTE: 
https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (6.4-rc6)
 CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)
- linux 6.3.7-1
[bullseye] - linux  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1654109d6aca8ba0445623f76b4d25df1f08f0c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1654109d6aca8ba0445623f76b4d25df1f08f0c5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38432/linux with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e89ec396 by Salvatore Bonaccorso at 2023-07-18T21:47:52+02:00
Sync CVE-2023-38432/linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -58,9 +58,10 @@ CVE-2023-38434 (xHTTP 72f812d has a double free in 
close_connection in xhttp.c v
NOT-FOR-US: xHTTP
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
- linux 6.3.11-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (v6.4)
+   NOTE: 
https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (6.4)
 CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e89ec3968473718f3a9b7ebfdb9fcdb3e310e08f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e89ec3968473718f3a9b7ebfdb9fcdb3e310e08f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync CVE-2023-38431 with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8e55fd35 by Salvatore Bonaccorso at 2023-07-18T21:45:57+02:00
Sync CVE-2023-38431 with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -63,9 +63,10 @@ CVE-2023-38432 (An issue was discovered in the Linux kernel 
before 6.3.10. fs/sm
NOTE: 
https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (v6.4)
 CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
+   [bookworm] - linux 6.1.37-1
[bullseye] - linux  (Vulnerable code not present)
[buster] - linux  (Vulnerable code not present)
-   NOTE: 
https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (v6.4-rc6)
+   NOTE: 
https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (6.4-rc6)
 CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. 
ksmbd does n ...)
- linux 6.3.11-1
[bullseye] - linux  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e55fd35c33a038ac29abdb2442f957ea976d1d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e55fd35c33a038ac29abdb2442f957ea976d1d6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e4a97a19 by Moritz Mühlenhoff at 2023-07-18T20:58:06+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1028,7 +1028,7 @@ CVE-2023-37374 (A vulnerability has been identified in 
Tecnomatix Plant Simulati
 CVE-2023-37280 (Pimcore Admin Classic Bundle provides a Backend UI for Pimcore 
based o ...)
NOT-FOR-US: Pimcore Admin Classic Bundle
 CVE-2023-37271 (RestrictedPython is a tool that helps to define a subset of 
the Python ...)
-   - restrictedpython 
+   - restrictedpython  (bug #1041429)
NOTE: 
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh
NOTE: 
https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531
 (master)
NOTE: 
https://github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002
 (5.3)
@@ -1767,7 +1767,7 @@ CVE-2023-33008 (Deserialization of Untrusted Data 
vulnerability in Apache Softwa
 CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository 
outline/outli ...)
NOT-FOR-US: Outline
 CVE-2023-37192 (Memory management and protection issues in Bitcoin Core v22 
allows att ...)
-   - bitcoin 
+   - bitcoin  (bug #1041427)
 CVE-2023-36859 (PiiGAB M-Bus   SoftwarePack 900S  does not correctly sanitize 
user inp ...)
NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-36829 (Sentry is an error tracking and performance monitoring 
platform. Start ...)
@@ -1849,12 +1849,12 @@ CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable 
to Remote Command Executio
 CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System 
v1.0 al ...)
NOT-FOR-US: Food Ordering System
 CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in 
environments wher ...)
-   - sqlfluff 
+   - sqlfluff  (bug #1041428)
[bookworm] - sqlfluff  (Minor issue)
NOTE: 
https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
 CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using 
carefully ...)
-   - ruby-sanitize 
+   - ruby-sanitize  (bug #1041430)
NOTE: 
https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
 (v6.0.2)
NOTE: 
https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
 CVE-2023-36462 (Mastodon is a free, open-source social network server based on 
Activit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4a97a1916ab4e2ca7714ebdd22be916803b66a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4a97a1916ab4e2ca7714ebdd22be916803b66a4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] mark nettle as n/a in general

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bad06e9d by Moritz Mühlenhoff at 2023-07-18T20:56:50+02:00
mark nettle as n/a in general

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3018,11 +3018,7 @@ CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT 
COCKPIT) 4.6.4 before 4.6.5
 CVE-2023-36662 (The TechTime User Management components for Atlassian products 
allow s ...)
NOT-FOR-US: Atlassian
 CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows 
memory  ...)
-   [experimental] - nettle 3.9.1-1
-   - nettle 
-   [bookworm] - nettle  (Vulnerable code not present)
-   [bullseye] - nettle  (Vulnerable code not present)
-   [buster] - nettle  (Vulnerable code not present)
+   - nettle  (Only affects 3.9.x and experimental is fixed)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1212112
NOTE: Introduced with: 
https://git.lysator.liu.se/nettle/nettle/-/commit/9cf0e2d2675268a403194d85a78a44e8cbdf562b
 (nettle_3.9_release_20230514)
NOTE: Fixed by: 
https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
 (nettle_3.9.1_release_20230601)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad06e9d3444b6e8790631a60bbb96aeb032dcb8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad06e9d3444b6e8790631a60bbb96aeb032dcb8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
897de784 by Moritz Mühlenhoff at 2023-07-18T20:47:05+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -124,7 +124,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was 
discovered to contain a FPE
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)
NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A 
carefull ...)
-   - openrefine 
+   - openrefine  (bug #1041422)
NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the 
avro cod ...)
@@ -318,7 +318,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to 
contain a buffer over
 CVE-2023-37472 (Knowage is an open source suite for business analytics. The 
applicatio ...)
NOT-FOR-US: Knowage
 CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript 
Object Signin ...)
-   - cjose 
+   - cjose  (bug #1041423)
NOTE: 
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
NOTE: 
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e
 (v0.6.2.2)
 CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -885,19 +885,19 @@ CVE-2023-3019 [e1000e: heap use-after-free in 
e1000e_write_packet_to_guest()]
 CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site 
Request  ...)
NOT-FOR-US: ARMember plugin for WordPress
 CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-   - gpac 
+   - gpac  (bug #1041421)
[bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2514
NOTE: 
https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345
 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-   - gpac 
+   - gpac  (bug #1041421)
[bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2516
NOTE: 
https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c
 CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-   - gpac 
+   - gpac  (bug #1041421)
[bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2515
@@ -913,7 +913,7 @@ CVE-2023-37197 (A CWE-89: Improper Neutralization of 
Special Elements vulnerabil
 CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements 
vulnerability us ...)
NOT-FOR-US: Schneider Electric
 CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
-   - gpac 
+   - gpac  (bug #1041421)
[bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2505
@@ -1797,7 +1797,7 @@ CVE-2023-3529 (A vulnerability classified as problematic 
has been found in Rotem
 CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has 
been rated ...)
NOT-FOR-US: ThinuTech ThinuCMS
 CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.2.2.)
-   - gpac 
+   - gpac  (bug #1041421)
[bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
@@ -2305,12 +2305,12 @@ CVE-2023-36812 (OpenTSDB is a open source, distributed, 
scalable Time Series Dat
 CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in 
firmware 1. ...)
NOT-FOR-US: Intelbras
 CVE-2023-35947 (Gradle is a build tool with a focus on build automation and 
support fo ...)
-   - gradle 
+   - gradle  (bug #1041424)
NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842
NOTE: 
https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879
 (v8.2.0-RC3)
NOTE: 
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91
 (v8.2.0-RC3)
 CVE-2023-35946 (Gradle is a build tool with a focus on build automation and 
support fo ...)
-   - gradle 
+   - gradle  (bug #1041424)
NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v
NOTE: 
https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d
 

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3498-1 for bind9

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16c86df1 by Chris Lamb at 2023-07-18T17:21:11+01:00
Reserve DLA-3498-1 for bind9

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[18 Jul 2023] DLA-3498-1 bind9 - security update
+   {CVE-2023-2828}
+   [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u9
 [14 Jul 2023] DLA-3497-1 pypdf2 - security update
{CVE-2023-36810}
[buster] - pypdf2 1.26.0-2+deb10u2


=
data/dla-needed.txt
=
@@ -20,10 +20,6 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-bind9 (Chris Lamb)
-  NOTE: 20230623: Added by Front-Desk (Beuc)
-  NOTE: 20230623: Upcoming DSA prepared by maintainer (Beuc/front-desk)
 --
 cairosvg
   NOTE: 20230323: Added by Front-Desk (gladk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c86df11fc5bf9ceadd2822568cf1faa1974ec7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16c86df11fc5bf9ceadd2822568cf1faa1974ec7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] fix data/dla-needed.txt

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
860b1155 by Tobias Frost at 2023-07-18T16:50:04+02:00
fix data/dla-needed.txt

stray ^S broke lts tool.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -208,4 +208,4 @@ tiff (Adrian Bunk)
 xqilla (tobi)
   NOTE: 20230706: Added by Front-Desk (gladk)
   NOTE: 20230715: not vulnerable, the embedded yajl is ancient (around 0.2.2), 
not having the vulnerable code.
---
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/860b115593876887543ab0a3320e1856ee39ef85

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/860b115593876887543ab0a3320e1856ee39ef85
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c177dccd by Moritz Muehlenhoff at 2023-07-18T13:34:01+02:00
new linux issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -92,7 +92,8 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel 
before 6.3.4. ksmbd
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (v6.4-rc3)
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
-   TODO: check
+   - linux 6.3.7-1
+   NOTE: 
https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (v6.3-rc7)
 CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)
NOT-FOR-US: Creston
 CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations 
Manager (VI ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c177dccd9723b5e3aba918fada074bea25a7693a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c177dccd9723b5e3aba918fada074bea25a7693a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new faust issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c113dae1 by Moritz Muehlenhoff at 2023-07-18T13:33:04+02:00
new faust issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -115,7 +115,9 @@ CVE-2023-37791 (D-Link DIR-619L v2.04(TW) was discovered to 
contain a stack over
 CVE-2023-37781 (An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers 
to exec ...)
NOT-FOR-US: EMQX
 CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack 
overflow via th ...)
-   TODO: check
+   - faust  (unimportant)
+   NOTE: https://github.com/grame-cncm/faust/issues/922
+   NOTE: Negligible security impact
 CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a 
FPE vulne ...)
TODO: check
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c113dae1c576d089647318f71342ed8c8cd4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c113dae1c576d089647318f71342ed8c8cd4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new openrefine issue (and rewrite older NFUs)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bc90306 by Moritz Muehlenhoff at 2023-07-18T13:28:50+02:00
new openrefine issue (and rewrite older NFUs)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -121,7 +121,9 @@ CVE-2023-37769 (stress-test master commit e4c878 was 
discovered to contain a FPE
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)
NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A 
carefull ...)
-   TODO: check
+   - openrefine 
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the 
avro cod ...)
NOT-FOR-US: Hamba avro
 CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded 
to Mete ...)
@@ -316814,7 +316816,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in 
PDFDoc.cc allows attackers t
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because 
Directory T ...)
-   NOT-FOR-US: OpenRefine
+   NOTE: OpenRefine issue not reproducible by upstream
 CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive 
information be ...)
NOT-FOR-US: MyBB
 CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function.)
@@ -318894,7 +318896,7 @@ CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code 
Execution because ZIP arch
 CVE-2018-20158
RESERVED
 CVE-2018-20157 (The data import functionality in OpenRefine through 3.1 allows 
an XML  ...)
-   NOT-FOR-US: OpenRefine
+   - openrefine  (Fixed before initial upload)
 CVE-2018-20156 (The WP Maintenance Mode plugin before 2.0.7 for WordPress 
allows remot ...)
NOT-FOR-US: WordPress plugin wp-maintenance-mode
 CVE-2018-20155 (The WP Maintenance Mode plugin before 2.0.7 for WordPress 
allows remot ...)
@@ -323843,7 +323845,7 @@ CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 
and earlier allows remote att
 CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 
2012-12-11,  ...)
NOT-FOR-US: Broadcom components for Android
 CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a 
relative p ...)
-   NOT-FOR-US: OpenRefine
+   - openrefine  (Fixed before initial upload)
 CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to 
the lack ...)
NOT-FOR-US: PrinceXML
 CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media 
player 3. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93eb48bb by Moritz Muehlenhoff at 2023-07-18T13:25:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -55,7 +55,7 @@ CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 
2.5.7 does not have
 CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 
1.1.7 doe ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c 
via a m ...)
-   TODO: check
+   NOT-FOR-US: xHTTP
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
- linux 6.3.11-1
[bullseye] - linux  (Vulnerable code not present)
@@ -119,29 +119,29 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to 
contain a stack overflow
 CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a 
FPE vulne ...)
TODO: check
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for 
developing ...)
-   TODO: check
+   NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A 
carefull ...)
TODO: check
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the 
avro cod ...)
-   TODO: check
+   NOT-FOR-US: Hamba avro
 CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded 
to Mete ...)
-   TODO: check
+   NOT-FOR-US: Metersphere
 CVE-2023-37266 (CasaOS is an open-source Personal Cloud system. 
Unauthenticated attack ...)
-   TODO: check
+   NOT-FOR-US: CasaOS
 CVE-2023-37265 (CasaOS is an open-source Personal Cloud system. Due to a lack 
of IP ad ...)
-   TODO: check
+   NOT-FOR-US: CasaOS
 CVE-2023-36656 (Cross Site Scripting (XSS) vulnerability in Jaegertracing 
Jaeger UI be ...)
-   TODO: check
+   NOT-FOR-US: Jaegertracing UI
 CVE-2023-36514 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
Shippin ...)
-   TODO: check
+   NOT-FOR-US: WooCommerce plugin
 CVE-2023-36513 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
Automat ...)
-   TODO: check
+   NOT-FOR-US: WooCommerce plugin
 CVE-2023-36511 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
WooComm ...)
-   TODO: check
+   NOT-FOR-US: WooCommerce plugin
 CVE-2023-35880 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
WooComm ...)
-   TODO: check
+   NOT-FOR-US: WooCommerce plugin
 CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 
ROM) devi ...)
-   TODO: check
+   NOT-FOR-US: Expressif
 CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred 
plugin <=2.5 ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really 
Simple Plugi ...)
@@ -187,7 +187,7 @@ CVE-2023-2959 (Authentication Bypass by Primary Weakness 
vulnerability in Oliva
 CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability 
in Orig ...)
NOT-FOR-US: Origin Software ATS Pro
 CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded 
allows Ob ...)
-   TODO: check
+   NOT-FOR-US: Secomea SiteManager Embedded
 CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape 
genera ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not 
properly sani ...)
@@ -88902,7 +88902,7 @@ CVE-2022-30860 (FUDforum 3.1.2 is vulnerable to Remote 
Code Execution through Up
 CVE-2022-30859
RESERVED
 CVE-2022-30858 (An issue was discovered in ngiflib 0.4. There is SEGV in 
SDL_LoadAnima ...)
-   TODO: check
+   NOT-FOR-US: ngiflib
 CVE-2022-30857
RESERVED
 CVE-2022-30856
@@ -128379,7 +128379,7 @@ CVE-2021-43074 (An improper verification of 
cryptographic signature vulnerabilit
 CVE-2021-43073 (A improper neutralization of special elements used in an os 
command (' ...)
NOT-FOR-US: FortiGuard
 CVE-2021-43072 (A buffer copy without checking size of input ('classic buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Fortinet
 CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 
6.4.1 and 6. ...)
NOT-FOR-US: FortiGuard
 CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in 
FortiWLM  ...)
@@ -144379,11 +144379,11 @@ CVE-2021-37388 (A buffer overflow in D-Link DIR-615 
C2 3.03WW. The ping_ipaddr p
 CVE-2021-37387
RESERVED
 CVE-2021-37386 (Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 
were dis ...)
-   TODO: check
+   NOT-FOR-US: Furukawa
 CVE-2021-37385
RESERVED
 CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web 
interface 

[Git][security-tracker-team/security-tracker][master] new wolfssl issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b590b7e by Moritz Muehlenhoff at 2023-07-18T13:20:16+02:00
new wolfssl issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,7 @@
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) 
extension nor  ...)
-   TODO: check
+   - wolfssl 
+   NOTE: https://github.com/wolfSSL/wolfssl/pull/6412
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa
 CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b590b7e813ced00d078746314f9219b62e8445c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b590b7e813ced00d078746314f9219b62e8445c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7bc95fa2 by Moritz Muehlenhoff at 2023-07-18T13:15:08+02:00
new linux issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -85,7 +85,10 @@ CVE-2023-38427 (An issue was discovered in the Linux kernel 
before 6.3.8. fs/smb
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (v6.4-rc6)
 CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. 
ksmbd has an ...)
-   TODO: check
+   - linux 6.3.7-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (v6.4-rc3)
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
TODO: check
 CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc95fa295924089595a4b83f07c1b4052ca0b4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc95fa295924089595a4b83f07c1b4052ca0b4b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
055efa7a by Moritz Muehlenhoff at 2023-07-18T13:12:22+02:00
new linux issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -70,9 +70,15 @@ CVE-2023-38430 (An issue was discovered in the Linux kernel 
before 6.3.9. ksmbd
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (v6.4-rc6)
 CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)
-   TODO: check
+   - linux 6.3.7-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (v6.4-rc3)
 CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/smb ...)
-   TODO: check
+   - linux 6.3.7-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (v6.4-rc3)
 CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
[bullseye] - linux  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/055efa7a14a8d3886797adaef007e9fcb4b984b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/055efa7a14a8d3886797adaef007e9fcb4b984b9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d9001d3 by Moritz Muehlenhoff at 2023-07-18T13:05:23+02:00
new linux issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -56,18 +56,28 @@ CVE-2023-38434 (xHTTP 72f812d has a double free in 
close_connection in xhttp.c v
TODO: check
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
- linux 6.3.11-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (v6.4)
 CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
- linux 6.3.11-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (v6.4-rc6)
 CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. 
ksmbd does n ...)
-   TODO: check
+   - linux 6.3.11-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (v6.4-rc6)
 CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)
TODO: check
 CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/smb ...)
TODO: check
 CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
-   TODO: check
+   - linux 6.3.11-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (v6.4-rc6)
 CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. 
ksmbd has an ...)
TODO: check
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9001d358bd5b6eb19a647dfc8c72c50178c0ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9001d358bd5b6eb19a647dfc8c72c50178c0ff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new chef issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c104660 by Moritz Muehlenhoff at 2023-07-18T12:54:17+02:00
new chef issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15472,7 +15472,7 @@ CVE-2023-28866 (In the Linux kernel through 6.2.8, 
net/bluetooth/hci_sync.c allo
 CVE-2023-28865
RESERVED
 CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker 
to expl ...)
-   TODO: check
+   - chef 
 CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient 
Verification of  ...)
NOT-FOR-US: AMI
 CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak 
session I ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1046604306ba55e629865842e64a915c53801a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1046604306ba55e629865842e64a915c53801a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new linux issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c8c9606 by Moritz Muehlenhoff at 2023-07-18T12:52:51+02:00
new linux issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -55,9 +55,11 @@ CVE-2023-3041 (The Autochat Automatic Conversation WordPress 
plugin through 1.1.
 CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c 
via a m ...)
TODO: check
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
-   TODO: check
+   - linux 6.3.11-1
+   NOTE: 
https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (v6.4)
 CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
-   TODO: check
+   - linux 6.3.11-1
+   NOTE: 
https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (v6.4-rc6)
 CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. 
ksmbd does n ...)
TODO: check
 CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8c9606e93b09c3ec2210c3c7b9436872fc70cc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8c9606e93b09c3ec2210c3c7b9436872fc70cc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] iperf3 CVEfied

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4ded1fe2 by Moritz Muehlenhoff at 2023-07-18T12:43:58+02:00
iperf3 CVEfied

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=
data/CVE/list
=
@@ -75,7 +75,10 @@ CVE-2023-38405 (On Crestron 3-Series Control Systems before 
1.8001.0187, craftin
 CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations 
Manager (VI ...)
NOT-FOR-US: Veritas InfoScale
 CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow 
and heap  ...)
-   TODO: check
+   {DSA-5455-1}
+   - iperf3 3.14-1 (bug #1040830)
+   NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
+   NOTE: 
https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 
(3.14)
 CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in 
FiveStarPlugins Res ...)
NOT-FOR-US: WordPress themes
 CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin 
Klein WP Soc ...)
@@ -1374,12 +1377,6 @@ CVE-2023-36543 (Apache Airflow, versions before 2.6.3, 
has a vulnerability where
- airflow  (bug #819700)
 CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a 
vulnerability  ...)
- airflow  (bug #819700)
-CVE-2023- [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and 
crash]
-   - iperf3 3.14-1 (bug #1040830)
-   [bookworm] - iperf3 3.12-1+deb12u1
-   [bullseye] - iperf3 3.9-1+deb11u1
-   NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
-   NOTE: 
https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 
(3.14)
 CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been 
rated  ...)
NOT-FOR-US: Ruijie
 CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared 
as crit ...)


=
data/DSA/list
=
@@ -1,4 +1,5 @@
 [17 Jul 2023] DSA-5455-1 iperf3 - security update
+   {CVE-2023-38403}
[bullseye] - iperf3 3.9-1+deb11u1
[bookworm] - iperf3 3.12-1+deb12u1
 [16 Jul 2023] DSA-5454-1 kanboard - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ded1fe2bb8f3a736fe638321a675297cde89cfd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ded1fe2bb8f3a736fe638321a675297cde89cfd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
13c724e9 by Moritz Muehlenhoff at 2023-07-18T12:42:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,57 +1,57 @@
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) 
extension nor  ...)
TODO: check
 CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable 
to unaut ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to 
Reflected  ...)
-   TODO: check
+   NOT-FOR-US: WordPress themes
 CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server 
certificate whi ...)
-   TODO: check
+   NOT-FOR-US: Mattermost iOS app
 CVE-2023-3614 (Mattermost fails to properly validate a gif image file, 
allowing an at ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the 
membership statu ...)
-   TODO: check
+   NOT-FOR-US: Mattermost plugin
 CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an 
attacker t ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3591 (Mattermost fails to invalidate previously generated password 
reset tok ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing 
an atta ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3587 (Mattermost fails to properly show information in the UI, 
allowing a sy ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable 
Publicly-Sh ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3585 (Mattermost Boards fail to properly validate a board link, 
allowing an  ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST 
/api/v4/te ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3582 (Mattermost fails to verify channel membership when linking a 
board to  ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket 
connec ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3577 (Mattermost fails to properly restrict requests 
tolocalhost/intranet du ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress 
is vuln ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not 
escape or s ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not 
saniti ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a 
prototype ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise 
and esc ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not 
have prope ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 
1.1.7 doe ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c 
via a m ...)
TODO: check
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
@@ -71,23 +71,23 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel 
before 6.3.4. ksmbd
 CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
TODO: check
 CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)
-   TODO: check
+   NOT-FOR-US: Creston
 CVE-2023-38404 

[Git][security-tracker-team/security-tracker][master] add fixed versions in bookworm/bullseye for temp iperf3 issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
168d6b9e by Moritz Muehlenhoff at 2023-07-18T12:33:17+02:00
add fixed versions in bookworm/bullseye for temp iperf3 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1376,6 +1376,8 @@ CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is 
affected by a vulnerab
- airflow  (bug #819700)
 CVE-2023- [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and 
crash]
- iperf3 3.14-1 (bug #1040830)
+   [bookworm] - iperf3 3.12-1+deb12u1
+   [bullseye] - iperf3 3.9-1+deb11u1
NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
NOTE: 
https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 
(3.14)
 CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been 
rated  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/168d6b9e087c1f969a4813eeb583cbb5216fec2d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/168d6b9e087c1f969a4813eeb583cbb5216fec2d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2d946575 by security tracker role at 2023-07-18T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,181 @@
+CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) 
extension nor  ...)
+   TODO: check
+CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
+   TODO: check
+CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
+   TODO: check
+CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable 
to unaut ...)
+   TODO: check
+CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to 
Reflected  ...)
+   TODO: check
+CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server 
certificate whi ...)
+   TODO: check
+CVE-2023-3614 (Mattermost fails to properly validate a gif image file, 
allowing an at ...)
+   TODO: check
+CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the 
membership statu ...)
+   TODO: check
+CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an 
attacker t ...)
+   TODO: check
+CVE-2023-3591 (Mattermost fails to invalidate previously generated password 
reset tok ...)
+   TODO: check
+CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing 
an atta ...)
+   TODO: check
+CVE-2023-3587 (Mattermost fails to properly show information in the UI, 
allowing a sy ...)
+   TODO: check
+CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable 
Publicly-Sh ...)
+   TODO: check
+CVE-2023-3585 (Mattermost Boards fail to properly validate a board link, 
allowing an  ...)
+   TODO: check
+CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST 
/api/v4/te ...)
+   TODO: check
+CVE-2023-3582 (Mattermost fails to verify channel membership when linking a 
board to  ...)
+   TODO: check
+CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket 
connec ...)
+   TODO: check
+CVE-2023-3577 (Mattermost fails to properly restrict requests 
tolocalhost/intranet du ...)
+   TODO: check
+CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress 
is vuln ...)
+   TODO: check
+CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not 
escape or s ...)
+   TODO: check
+CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to 
unauthorized mod ...)
+   TODO: check
+CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not 
saniti ...)
+   TODO: check
+CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a 
prototype ...)
+   TODO: check
+CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise 
and esc ...)
+   TODO: check
+CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not 
have prope ...)
+   TODO: check
+CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 
1.1.7 doe ...)
+   TODO: check
+CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c 
via a m ...)
+   TODO: check
+CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. 
fs/smb/serv ...)
+   TODO: check
+CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
+   TODO: check
+CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. 
ksmbd does n ...)
+   TODO: check
+CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/con ...)
+   TODO: check
+CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. 
fs/ksmbd/smb ...)
+   TODO: check
+CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. 
fs/smb/serve ...)
+   TODO: check
+CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. 
ksmbd has an ...)
+   TODO: check
+CVE-2023-38409 (An issue was discovered in set_con2fb_map in 
drivers/video/fbdev/core/ ...)
+   TODO: check
+CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, 
crafting and  ...)
+   TODO: check
+CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations 
Manager (VI ...)
+   TODO: check
+CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow 
and heap  ...)
+   TODO: check
+CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in 
FiveStarPlugins Res ...)
+   TODO: check
+CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin 
Klein WP Soc ...)
+   TODO: check

[Git][security-tracker-team/security-tracker][master] 2 commits: xrdp commit references

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e3ce346 by Moritz Muehlenhoff at 2023-07-18T09:54:50+02:00
xrdp commit references

- - - - -
7027f2af by Moritz Muehlenhoff at 2023-07-18T09:54:50+02:00
requests fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6324,7 +6324,7 @@ CVE-2023-32685 (Kanboard is project management software 
that focuses on the Kanb
NOTE: 
https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
 CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has 
been le ...)
{DLA-3456-1}
-   - requests  (bug #1036693)
+   - requests 2.31.0+dfsg-1 (bug #1036693)
[bookworm] - requests  (Minor issue)
[bullseye] - requests  (Minor issue)
NOTE: 
https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
@@ -111303,6 +111303,7 @@ CVE-2022-23493 (xrdp is an open source project which 
provides a graphical login
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/030db5524be7616967ae9e7d26b3d4477cf6082d
 CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go 
programming l ...)
NOT-FOR-US: go-libp2p
 CVE-2022-23491 (Certifi is a curated collection of Root Certificates for 
validating th ...)
@@ -111325,10 +111326,12 @@ CVE-2022-23484 (xrdp is an open source project 
which provides a graphical login
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/c2c6efb1d377be6baaa4acbc9d3700490fe92887
 CVE-2022-23483 (xrdp is an open source project which provides a graphical 
login to rem ...)
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/35cca701c753db65d3c05b7ea4fff9bd09e76661
 CVE-2022-23482 (xrdp is an open source project which provides a graphical 
login to rem ...)
{DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
@@ -111348,14 +111351,17 @@ CVE-2022-23479 (xrdp is an open source project 
which provides a graphical login
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/60864014b733c10881c078048560858067fe5d0f
 CVE-2022-23478 (xrdp is an open source project which provides a graphical 
login to rem ...)
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/6cb54a1c26b53617e1c79a0abc96d03c4add1eb8
 CVE-2022-23477 (xrdp is an open source project which provides a graphical 
login to rem ...)
- xrdp 0.9.21.1-1 (bug #1025879)
[buster] - xrdp  (Code not present)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/96afae1ec559f9befa1c222f92f0d982e410c864
 CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby 
programmi ...)
- ruby-nokogiri 1.13.10+dfsg-1
[bullseye] - ruby-nokogiri  (Introduced in 1.13.8)
@@ -111383,6 +111389,7 @@ CVE-2022-23468 (xrdp is an open source project which 
provides a graphical login
{DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6
+   NOTE: 
https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382
 CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to 
control Ra ...)
- openrazer 3.5.1+dfsg-1
[bullseye] - openrazer  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a0e9dba76e7cf415a884a3d6b46bb661e5b4537...7027f2af78a427925b46b685d8610d2530a1c29b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a0e9dba76e7cf415a884a3d6b46bb661e5b4537...7027f2af78a427925b46b685d8610d2530a1c29b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: claim libapache2-mod-auth-openidc in dla-needed.txt

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4a0e9dba by Guilhem Moulin at 2023-07-18T09:43:40+02:00
LTS: claim libapache2-mod-auth-openidc in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -84,7 +84,7 @@ imagemagick
 --
 iperf3 (Markus Koschany)
 --
-libapache2-mod-auth-openidc
+libapache2-mod-auth-openidc (guilhem)
   NOTE: 20230620: Added by Front-Desk (Beuc)
   NOTE: 20230620: Follow fix from bullseye 11.7 (CVE-2022-23527) + 1 postponed 
CVE-2021-39191 (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a0e9dba76e7cf415a884a3d6b46bb661e5b4537

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a0e9dba76e7cf415a884a3d6b46bb661e5b4537
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] re-claim libreoffice and update notes

[Abhijith PA (@abhijith)]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b6f4ba4b by Abhijith PA at 2023-07-18T12:06:25+05:30
re-claim libreoffice and update notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -88,8 +88,10 @@ libapache2-mod-auth-openidc
   NOTE: 20230620: Added by Front-Desk (Beuc)
   NOTE: 20230620: Follow fix from bullseye 11.7 (CVE-2022-23527) + 1 postponed 
CVE-2021-39191 (Beuc/front-desk)
 --
-libreoffice
+libreoffice (Abhijith PA)
   NOTE: 20230530: Added by Front-Desk (pochu)
+  NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith)
+  NOTE: 20230718: CVE-2023-2255.diff fails to build. (abhijith)
 --
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f4ba4b6fb0c1af310ad698a36340cae734a07c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f4ba4b6fb0c1af310ad698a36340cae734a07c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits