[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5344/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eda238e5 by Salvatore Bonaccorso at 2023-10-08T22:56:35+02:00 Add Debian bug reference for CVE-2023-5344/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -734,7 +734,7 @@ CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/clien NOTE: https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705 NOTE: https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705 CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - - vim + - vim (bug #1053694) [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue, 1-byte overflow) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eda238e52649ab49bf993337da9b2ff0f15c5233 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eda238e52649ab49bf993337da9b2ff0f15c5233 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5115/ansible-core
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00bc8908 by Salvatore Bonaccorso at 2023-10-08T22:49:42+02:00 Add Debian bug reference for CVE-2023-5115/ansible-core - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1966,7 +1966,7 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por - galera-3 (bug #1053476) NOTE: https://jira.mariadb.org/browse/MDEV-25068 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files] - - ansible-core + - ansible-core (bug #1053693) - ansible 5.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810 NOTE: https://github.com/ansible/ansible/pull/81780 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00bc89080038e400c676c711f52a09e3899c7c8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00bc89080038e400c676c711f52a09e3899c7c8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5115/ansible
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 28c99c27 by Salvatore Bonaccorso at 2023-10-08T22:41:11+02:00 Update information for CVE-2023-5115/ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1966,8 +1966,12 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por - galera-3 (bug #1053476) NOTE: https://jira.mariadb.org/browse/MDEV-25068 CVE-2023-5115 [malicious role archive can cause ansible-galaxy to overwrite arbitrary files] - - ansible + - ansible-core + - ansible 5.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810 + NOTE: https://github.com/ansible/ansible/pull/81780 + NOTE: https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28 + NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsy ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts are dis ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c99c277b7d93165f7a33f88c1e2ca5bc453bab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c99c277b7d93165f7a33f88c1e2ca5bc453bab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-45199/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2acebf3 by Salvatore Bonaccorso at 2023-10-08T22:19:04+02:00 Update information on CVE-2023-45199/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,9 +58,8 @@ CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5 CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...) - - mbedtls + - mbedtls (Vulnerable code introduced later) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ - TODO: check details CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...) NOT-FOR-US: NETIS SYSTEMS CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2acebf344ac3d7e08172d176e34d597399bfe5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2acebf344ac3d7e08172d176e34d597399bfe5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43040/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e1a4c2f by Salvatore Bonaccorso at 2023-10-08T22:17:06+02:00 Add Debian bug reference for CVE-2023-43040/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1948,7 +1948,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versio CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-43040 [Improperly verified POST keys] - - ceph + - ceph (bug #1053690) NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10 NOTE: https://tracker.ceph.com/issues/63004 NOTE: https://github.com/ceph/ceph/pull/53714 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1a4c2f30981bd8585094e7f066fd78280402e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1a4c2f30981bd8585094e7f066fd78280402e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-43615/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa42e6a2 by Salvatore Bonaccorso at 2023-10-08T22:13:31+02:00 Update information for CVE-2023-43615/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66,8 +66,11 @@ CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote atta CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) NOT-FOR-US: File Upload vulnerability in Simple and Nice Shopping Cart Script CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.) - - mbedtls + - mbedtls (unimportant) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ + NOTE: Vulnerability not present in default build and only present if compile-time + NOTE: configuration enables vulnerable cipher suites. Debian does not enable + NOTE: MBEDTLS_CIPHER_NULL_CIPHER and MBEDTLS_ARC4_C. CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...) NOT-FOR-US: Hex-Dragon Plain Craft Launcher 2 CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa42e6a296d6d301d58b7c27c6d1d21cfe652c7f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa42e6a296d6d301d58b7c27c6d1d21cfe652c7f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4383f8cc by security tracker role at 2023-10-08T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -388,6 +388,7 @@ CVE-2023-44075 (Cross Site Scripting vulnerability in Small
CRM in PHP v.3.0 all
CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management
System v ...)
NOT-FOR-US: Personal Management System
CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 doe ...)
+ {DLA-3610-1}
- python-urllib3 (bug #1053626)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
NOTE:
https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
(1.26.17)
@@ -1203,6 +1204,7 @@ CVE-2023-4532 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of
servic ...)
NOT-FOR-US: Zod
CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect
Issuer in Le ...)
+ {DLA-3612-1}
- lemonldap-ng 2.17.1+ds-1
[bookworm] - lemonldap-ng 2.16.1+ds-deb12u2
[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5
@@ -6191,6 +6193,7 @@ CVE-2023-40580 (Freighter is a Stellar chrome extension.
It may be possible for
CVE-2023-40579 (OpenFGA is an authorization/permission engine built for
developers and ...)
NOT-FOR-US: OpenFGA
CVE-2023-40577 (Alertmanager handles alerts sent by client applications such
as the Pr ...)
+ {DLA-3609-1}
- prometheus-alertmanager 0.26.0+ds-1 (bug #1050558)
NOTE:
https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j
NOTE:
https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72
(v0.25.1)
@@ -7629,6 +7632,7 @@ CVE-2023-40305 (GNU indent 2.2.13 has a heap-based buffer
overflow in search_bra
[buster] - indent (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?64503
CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation
because of un ...)
+ {DLA-3611-1}
- inetutils 2:2.4-3 (bug #1049365)
[bookworm] - inetutils 2:2.4-2+deb12u1
[bullseye] - inetutils 2:2.0-1+deb11u2
@@ -217068,7 +217072,7 @@ CVE-2020-26139 (An issue was discovered in the kernel
in NetBSD 7.1. An Access P
CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square
brackets in ...)
NOT-FOR-US: SilverStripe
CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker
controls t ...)
- {DLA-2686-1}
+ {DLA-3610-1 DLA-2686-1}
- python-urllib3 1.25.9-1
NOTE: https://bugs.python.org/issue39603
NOTE:
https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
(1.25.9)
@@ -308013,7 +308017,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a
reload with rotated keys, whic
NOTE: Introduced in:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
NOTE: Fixed by:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles
certain cases ...)
- {DLA-2686-1}
+ {DLA-3610-1 DLA-2686-1}
- python-urllib3 1.25.6-4 (bug #927412)
[jessie] - python-urllib3 (Vulnerable code introduced
later)
NOTE:
https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
@@ -308241,7 +308245,7 @@ CVE-2019-11238
CVE-2019-11237
RESERVED
CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF
injection is po ...)
- {DLA-2686-1 DLA-1828-1}
+ {DLA-3610-1 DLA-2686-1 DLA-1828-1}
[experimental] - python-urllib3 1.25.6-1
- python-urllib3 1.25.6-4 (bug #927172)
NOTE: https://github.com/urllib3/urllib3/issues/1553
@@ -343716,7 +343720,7 @@ CVE-2019-0055 (A vulnerability in the SIP ALG packet
processing service of Junip
CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series
Applicat ...)
NOT-FOR-US: Juniper
CVE-2019-0053 (Insufficient validation of environment variables in the telnet
client ...)
- {DLA-3205-1}
+ {DLA-3611-1}
- socks4-server (low)
[buster] - socks4-server (Minor issue)
[stretch] - socks4-server (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4383f8ccdc02e8afc895c8d5e666cf7ced3b6e1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4383f8ccdc02e8afc895c8d5e666cf7ced3b6e1f
You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-43040/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70ef6f93 by Salvatore Bonaccorso at 2023-10-08T21:54:38+02:00 Update information for CVE-2023-43040/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1945,6 +1945,9 @@ CVE-2023-29497 (A privacy issue was addressed with improved handling of temporar CVE-2023-43040 [Improperly verified POST keys] - ceph NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10 + NOTE: https://tracker.ceph.com/issues/63004 + NOTE: https://github.com/ceph/ceph/pull/53714 + NOTE: Fixed by: https://github.com/ceph/ceph/commit/100d81aa060f061271499f1fa28dbdc06de443fd (main) CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.5.6-1 [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70ef6f93e58567e4aa57af62d5072affd84fb2b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70ef6f93e58567e4aa57af62d5072affd84fb2b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-40175/puma
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c5397b4 by Salvatore Bonaccorso at 2023-10-08T21:20:50+02:00 Add fixed version for CVE-2023-40175/puma - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6926,7 +6926,7 @@ CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0 - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...) - - puma (bug #1050079) + - puma 5.6.7-1 (bug #1050079) NOTE: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8 NOTE: https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a (master) NOTE: https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1 (v6.3.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5397b46aa5f3064f6384171b25e733fd5516f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5397b46aa5f3064f6384171b25e733fd5516f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 64d8c820 by Thorsten Alteholz at 2023-10-08T19:51:12+02:00 update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ rather than remove/replace existing ones. -- amanda (Thorsten Alteholz) NOTE: 20230730: Added by Front-Desk (apo) - NOTE: 20230924: still testing package (ta) + NOTE: 20231008: still testing package (ta) -- audiofile NOTE: 20230918: Added by Front-Desk (apo) @@ -38,6 +38,7 @@ batik (rouca) -- bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) + NOTE: 20231008: backporting patches -- cacti NOTE: 20230906: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d8c820333be8e1c0506529c8446dcaa2bce266 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64d8c820333be8e1c0506529c8446dcaa2bce266 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix lemonldap-ng version
Yadd pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cab272a6 by Yadd at 2023-10-08T19:11:00+04:00
Fix lemonldap-ng version
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,6 +1,6 @@
[08 Oct 2023] DLA-3612-1 lemonldap-ng - security update
{CVE-2023-44469}
- [buster] - lemonldap-ng 2.0.2+ds-7+deb10u9
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u10
[08 Oct 2023] DLA-3611-1 inetutils - security update
{CVE-2019-0053 CVE-2023-40303}
[buster] - inetutils 2:1.9.4-7+deb10u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab272a6d3b80e70022db5c5d468813a21a129b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab272a6d3b80e70022db5c5d468813a21a129b8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take batik
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: c11c5660 by Bastien Roucariès at 2023-10-08T14:19:22+00:00 Take batik - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ audiofile axis (Adrian Bunk) NOTE: 20230924: Added by Front-Desk (apo) -- -batik +batik (rouca) NOTE: 20231007: Added by Front-Desk (Beuc) NOTE: 20231007: Follow fixes from bullseye 11.8 (2 CVEs) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c11c56604fba5c6b40434960ce18b3c5f90485a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c11c56604fba5c6b40434960ce18b3c5f90485a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information for CVE-2021-33503
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61d013ae by Salvatore Bonaccorso at 2023-10-08T16:15:17+02:00 Add information for CVE-2021-33503 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -165913,7 +165913,8 @@ CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg - NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec + NOTE: Introduced around: https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f (1.25.4) + NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec (1.26.5) CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) - node-got 11.8.1+~cs53.13.17-3 (bug #989258) [buster] - node-got (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61d013ae08f74f7a013c0e23e478b56d3ca33eaf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61d013ae08f74f7a013c0e23e478b56d3ca33eaf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark xbindkeys-config as removed from unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0d72b2d by Salvatore Bonaccorso at 2023-10-08T16:09:52+02:00 Mark xbindkeys-config as removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -501231,7 +501231,7 @@ CVE-2014-9529 (Race condition in the key_gc_unused_keys function in security/key NOTE: http://marc.info/?l=linux-kernel=141986398232547=2 NOTE: http://marc.info/?l=linux-kernel=142047362307894=2 CVE-2014-9513 (Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ...) - - xbindkeys-config (unimportant; bug #772473) + - xbindkeys-config (unimportant; bug #772473) [jessie] - xbindkeys-config (Minor issue) [wheezy] - xbindkeys-config (Minor issue) [squeeze] - xbindkeys-config (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0d72b2dae61a5eb64c3d4968a6a145038b13617 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0d72b2dae61a5eb64c3d4968a6a145038b13617 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3612-1 for lemonldap-ng
Yadd pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4afa9583 by Yadd at 2023-10-08T17:53:07+04:00
Reserve DLA-3612-1 for lemonldap-ng
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -1206,7 +1206,6 @@ CVE-2023-44469 (A Server-Side Request Forgery issue in
the OpenID Connect Issuer
- lemonldap-ng 2.17.1+ds-1
[bookworm] - lemonldap-ng 2.16.1+ds-deb12u2
[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5
- [buster] - lemonldap-ng (Minor issue)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998
NOTE: https://security.lauritz-holtmann.de/post/sso-security-ssrf/
CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the
Linux kernel ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[08 Oct 2023] DLA-3612-1 lemonldap-ng - security update
+ {CVE-2023-44469}
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u9
[08 Oct 2023] DLA-3611-1 inetutils - security update
{CVE-2019-0053 CVE-2023-40303}
[buster] - inetutils 2:1.9.4-7+deb10u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afa9583c6291967c27b336f036a42bfdb6fc79b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afa9583c6291967c27b336f036a42bfdb6fc79b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-3610-1 for python-urllib3
Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1774c9e by Guilhem Moulin at 2023-10-08T12:46:22+02:00
Reserve DLA-3610-1 for python-urllib3
- - - - -
c5f22ae0 by Guilhem Moulin at 2023-10-08T12:49:00+02:00
Reserve DLA-3611-1 for inetutils
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -7630,7 +7630,6 @@ CVE-2023-40303 (GNU inetutils through 2.4 may allow
privilege escalation because
- inetutils 2:2.4-3 (bug #1049365)
[bookworm] - inetutils 2:2.4-2+deb12u1
[bullseye] - inetutils 2:2.0-1+deb11u2
- [buster] - inetutils (Minor issue)
NOTE:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg0.html
CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer
overflow in R ...)
@@ -217068,7 +217067,6 @@ CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a
FormField with square brack
CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker
controls t ...)
{DLA-2686-1}
- python-urllib3 1.25.9-1
- [buster] - python-urllib3 (Minor issue)
NOTE: https://bugs.python.org/issue39603
NOTE:
https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
(1.25.9)
NOTE: https://github.com/urllib3/urllib3/pull/1800
@@ -308014,7 +308012,6 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a
reload with rotated keys, whic
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles
certain cases ...)
{DLA-2686-1}
- python-urllib3 1.25.6-4 (bug #927412)
- [buster] - python-urllib3 (Minor issue)
[jessie] - python-urllib3 (Vulnerable code introduced
later)
NOTE:
https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3
@@ -308244,7 +308241,6 @@ CVE-2019-11236 (In the urllib3 library through 1.24.1
for Python, CRLF injection
{DLA-2686-1 DLA-1828-1}
[experimental] - python-urllib3 1.25.6-1
- python-urllib3 1.25.6-4 (bug #927172)
- [buster] - python-urllib3 (Minor issue)
NOTE: https://github.com/urllib3/urllib3/issues/1553
NOTE:
https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
NOTE:
https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
=
data/DLA/list
=
@@ -1,3 +1,9 @@
+[08 Oct 2023] DLA-3611-1 inetutils - security update
+ {CVE-2019-0053 CVE-2023-40303}
+ [buster] - inetutils 2:1.9.4-7+deb10u3
+[08 Oct 2023] DLA-3610-1 python-urllib3 - security update
+ {CVE-2019-11236 CVE-2019-11324 CVE-2020-26137 CVE-2023-43804}
+ [buster] - python-urllib3 1.24.1-1+deb10u1
[08 Oct 2023] DLA-3609-1 prometheus-alertmanager - security update
{CVE-2023-40577}
[buster] - prometheus-alertmanager 0.15.3+ds-3+deb10u1
@@ -1225,7 +1231,7 @@
{CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437
CVE-2022-41916 CVE-2022-42898 CVE-2022-44640}
[buster] - heimdal 7.5.0+dfsg-3+deb10u1
[25 Nov 2022] DLA-3205-1 inetutils - security update
- {CVE-2019-0053 CVE-2021-40491 CVE-2022-39028}
+ {CVE-2021-40491 CVE-2022-39028}
[buster] - inetutils 2:1.9.4-7+deb10u2
[24 Nov 2022] DLA-3204-1 vim - security update
{CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619
CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000
CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352}
=
data/dla-needed.txt
=
@@ -99,10 +99,6 @@ imagemagick
NOTE: 20230622: Added by Front-Desk (Beuc)
NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
--
-inetutils (guilhem)
- NOTE: 20231007: Added by Front-Desk (Beuc)
- NOTE: 20231007: Follow fixes from bullseye 11.8 (1 CVE) (Beuc/front-desk)
---
krb5 (Adrian Bunk)
NOTE: 20231007: Added by Front-Desk (Beuc)
NOTE: 20231007: Follow fixes from bullseye 11.8 (1 CVE) (Beuc/front-desk)
@@ -185,10 +181,6 @@ python-os-brick
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder.
--
-python-urllib3 (guilhem)
- NOTE: 20231006: Added by Front-Desk (Beuc)
- NOTE: 20231006: Fix the 4 no-dsa issues (Beuc/front-desk)
---
python3.7 (Sean Whitton)
NOTE: 20231003: Added by Front-Desk (Beuc)
--
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3609-1 for prometheus-alertmanager
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4bf1e1b by Bastien Roucariès at 2023-10-08T10:02:03+00:00
Reserve DLA-3609-1 for prometheus-alertmanager
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[08 Oct 2023] DLA-3609-1 prometheus-alertmanager - security update
+ {CVE-2023-40577}
+ [buster] - prometheus-alertmanager 0.15.3+ds-3+deb10u1
[07 Oct 2023] DLA-3608-1 vinagre - security update
[buster] - vinagre 3.22.0-6+deb10u1
[07 Oct 2023] DLA-3607-1 gnome-boxes - security update
=
data/dla-needed.txt
=
@@ -168,10 +168,6 @@ poppler (Adrian Bunk)
NOTE: 20230908: as I suspect this is a duplicate of CVE-2020-27778 (which
has already
NOTE: 20230908: been fixed). (lamby)
--
-prometheus-alertmanager (rouca)
- NOTE: 20230925: Added by Front-Desk (apo)
- NOTE: 20230925: Vulnerable code is in
ui/app/src/Views/AlertList/AlertView.elm
---
puma (Abhijith PA)
NOTE: 20230925: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4bf1e1b5b7959ae7df77ce2d6f011cc32e84699
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4bf1e1b5b7959ae7df77ce2d6f011cc32e84699
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add CVE-2023-43615/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44a946b3 by Salvatore Bonaccorso at 2023-10-08T10:34:08+02:00 add CVE-2023-43615/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66,7 +66,8 @@ CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote atta CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) NOT-FOR-US: File Upload vulnerability in Simple and Nice Shopping Cart Script CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.) - TODO: check + - mbedtls + NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...) NOT-FOR-US: Hex-Dragon Plain Craft Launcher 2 CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44a946b39673ce5f2ab47440031f4362129b4c0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44a946b39673ce5f2ab47440031f4362129b4c0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-45199/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2071d847 by Salvatore Bonaccorso at 2023-10-08T10:33:44+02:00 Add CVE-2023-45199/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,7 +58,9 @@ CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5 CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...) - TODO: check + - mbedtls + NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ + TODO: check details CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...) NOT-FOR-US: NETIS SYSTEMS CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2071d84757df2c3030d75378233eec5cc563ad9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2071d84757df2c3030d75378233eec5cc563ad9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3abea8a4 by Salvatore Bonaccorso at 2023-10-08T10:33:13+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2023-40654 (In FW-PackageManager, there is a possible missing permission check. Th ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40653 (In FW-PackageManager, there is a possible missing permission check. Th ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40652 (In jpg driver, there is a possible out of bounds write due to improper ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40651 (In urild service, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40650 (In Telecom service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40649 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40648 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40647 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40646 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40645 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40644 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40643 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40642 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40641 (In Messaging, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40640 (In SoundRecorder service, there is a possible missing permission check ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40639 (In SoundRecorder service, there is a possible missing permission check ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40638 (In Telecom service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40637 (In telecom service, there is a possible missing permission check. This ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40636 (In telecom service, there is a possible way to write permission usage ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40635 (In linkturbo, there is a possible missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40634 (In phasechecksercer, there is a possible missing permission check. Thi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40633 (In phasecheckserver, there is a possible missing permission check. Thi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40632 (In jpg driver, there is a possible use after free due to a logic error ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-40631 (In Dialer, there is a possible missing permission check. This could le ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...) TODO: check CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) @@ -60,13 +60,13 @@ CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...) TODO: check CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...) - TODO: check + NOT-FOR-US: NETIS SYSTEMS CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) - TODO: check + NOT-FOR-US: File Upload vulnerability in Simple and Nice Shopping Cart Script CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.) TODO: check CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...) - TODO: check + NOT-FOR-US: Hex-Dragon Plain Craft Launcher 2 CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) - snipe-it (bug #1005172) CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f96eaefd by security tracker role at 2023-10-08T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2023-40654 (In FW-PackageManager, there is a possible missing permission check. Th ...) + TODO: check +CVE-2023-40653 (In FW-PackageManager, there is a possible missing permission check. Th ...) + TODO: check +CVE-2023-40652 (In jpg driver, there is a possible out of bounds write due to improper ...) + TODO: check +CVE-2023-40651 (In urild service, there is a possible out of bounds write due to a mis ...) + TODO: check +CVE-2023-40650 (In Telecom service, there is a possible missing permission check. This ...) + TODO: check +CVE-2023-40649 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40648 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40647 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40646 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40645 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40644 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40643 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40642 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40641 (In Messaging, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40640 (In SoundRecorder service, there is a possible missing permission check ...) + TODO: check +CVE-2023-40639 (In SoundRecorder service, there is a possible missing permission check ...) + TODO: check +CVE-2023-40638 (In Telecom service, there is a possible missing permission check. This ...) + TODO: check +CVE-2023-40637 (In telecom service, there is a possible missing permission check. This ...) + TODO: check +CVE-2023-40636 (In telecom service, there is a possible way to write permission usage ...) + TODO: check +CVE-2023-40635 (In linkturbo, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-40634 (In phasechecksercer, there is a possible missing permission check. Thi ...) + TODO: check +CVE-2023-40633 (In phasecheckserver, there is a possible missing permission check. Thi ...) + TODO: check +CVE-2023-40632 (In jpg driver, there is a possible use after free due to a logic error ...) + TODO: check +CVE-2023-40631 (In Dialer, there is a possible missing permission check. This could le ...) + TODO: check CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...) TODO: check CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96eaefde18ff0779e85f9247dfd944eef616e00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96eaefde18ff0779e85f9247dfd944eef616e00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
