[Git][security-tracker-team/security-tracker][master] Reserve DLA-3662-1 for freeimage
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
22ea11b5 by Anton Gladky at 2023-11-24T06:51:27+01:00
Reserve DLA-3662-1 for freeimage
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[24 Nov 2023] DLA-3662-1 freeimage - security update
+ {CVE-2020-21427 CVE-2020-21428 CVE-2020-22524}
+ [buster] - freeimage 3.18.0+ds2-1+deb10u2
[23 Nov 2023] DLA-3661-1 firefox-esr - security update
{CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208
CVE-2023-6209 CVE-2023-6212}
[buster] - firefox-esr 115.5.0esr-1~deb10u1
=
data/dla-needed.txt
=
@@ -65,13 +65,6 @@ flatpak
NOTE: 20231006: Added by Front-Desk (Beuc)
NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)
--
-freeimage (gladk)
- NOTE: 20230826: Added by Front-Desk (utkarsh)
- NOTE: 20230826: Anton Gladky is the maintainer. Please sync with him about
the
- NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should
roll
- NOTE: 20230826: out the DLA/ELA now. (utkarsh)
- NOTE: 20231120: many CVEs, check with ASAN is needed. (gladk)
---
frr
NOTE: 20231119: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22ea11b5c0e68482bfcb0169a846d12f3eff2ee2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22ea11b5c0e68482bfcb0169a846d12f3eff2ee2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for outstanding freeimage issues
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e1308ad by Anton Gladky at 2023-11-24T06:15:04+01:00 Update notes for outstanding freeimage issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -157555,26 +157555,31 @@ CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp - freeimage (bug #1055305) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/334/ CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...) - freeimage (bug #1055304) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/337/ CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...) - freeimage (bug #1055303) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/335/ CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...) - freeimage (bug #1055302) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/336/ CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...) - freeimage (bug #1055301) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/338/ CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) NOT-FOR-US: SourceCodester @@ -236524,6 +236529,7 @@ CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in P CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...) - freeimage (bug #1051736) NOTE: https://sourceforge.net/p/freeimage/bugs/300/ + NOTE: it looks like the issue is in openexr. No relevant patches in freeimage are detected CVE-2020-21425 RESERVED CVE-2020-21424 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e1308ad75a56bf0dd66cb4d1ec18df92aff30ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e1308ad75a56bf0dd66cb4d1ec18df92aff30ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-48570/libcrypto++
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a8b9c09 by Salvatore Bonaccorso at 2023-11-23T23:43:02+01:00
Update status for CVE-2022-48570/libcrypto++
>From a comment from upstream: To fix the underlying issue a rewrite of
the Integer class is required.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15042,12 +15042,14 @@ CVE-2022-48571 (memcached 1.6.7 allows a Denial of
Service via multi-packet uplo
- memcached 1.6.8+dfsg-1
NOTE: Fixed by:
https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966
(1.6.8)
CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA
signature ...)
- - libcrypto++ 8.4.0-1
+ - libcrypto++
+ [bookworm] - libcrypto++ (Minor issue)
+ [bullseye] - libcrypto++ (Minor issue)
[buster] - libcrypto++ (Minor issue)
- NOTE: https://github.com/weidai11/cryptopp/issues/992
+ NOTE: Related issue: https://github.com/weidai11/cryptopp/issues/992
NOTE: This issue exists because the CVE-2019-14318 fix was
intentionally removed for
- NOTE: functionality reasons.
- NOTE:
https://github.com/weidai11/cryptopp/commit/4bc7408ae2aefac9357c16809541ecbe225b7f3a
(CRYPTOPP_8_4_0)
+ NOTE: functionality reasons. To fix the issue a rewrite of the rewrite
the Integer class
+ NOTE: is required.
CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in
Python thr ...)
{DLA-3614-1 DLA-3575-1}
- python3.9 3.9.1~rc1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a8b9c09772d7503c653d7f9a3570915782ac9c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a8b9c09772d7503c653d7f9a3570915782ac9c3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3661-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b473de5 by Emilio Pozuelo Monfort at 2023-11-23T23:35:26+01:00
Reserve DLA-3661-1 for firefox-esr
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Nov 2023] DLA-3661-1 firefox-esr - security update
+ {CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208
CVE-2023-6209 CVE-2023-6212}
+ [buster] - firefox-esr 115.5.0esr-1~deb10u1
[22 Nov 2023] DLA-3660-1 gnutls28 - security update
{CVE-2023-5981}
[buster] - gnutls28 3.6.7-4+deb10u11
=
data/dla-needed.txt
=
@@ -61,9 +61,6 @@ dogecoin
NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the
initiatives. (Beuc/front-desk)
--
-firefox-esr (Emilio)
- NOTE: 20231122: Added by Front-Desk (ola)
---
flatpak
NOTE: 20231006: Added by Front-Desk (Beuc)
NOTE: 20231006: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b473de53704c7757d45a03db485bd9acce40ea2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b473de53704c7757d45a03db485bd9acce40ea2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-48230
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3937d25f by Salvatore Bonaccorso at 2023-11-23T23:03:25+01:00 Add Debian bug reference for CVE-2023-48230 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -356,7 +356,7 @@ CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in p CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based RPC syst ...) - - capnproto + - capnproto (bug #1056615) [bookworm] - capnproto (Vulnerable code not present) [bullseye] - capnproto (Vulnerable code not present) [buster] - capnproto (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3937d25fe929b4b8081feeac8ddf489c1bcc99bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3937d25fe929b4b8081feeac8ddf489c1bcc99bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Marked CVE-2023-49208 as not affected for buster.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: f4a918a4 by Ola Lundqvist at 2023-11-23T21:50:05+00:00 Marked CVE-2023-49208 as not affected for buster. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,6 +21,7 @@ CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was cha NOT-FOR-US: malicious node module CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible b ...) - glewlwyd 2.7.6+ds-1 + [buster] - glewlwyd (Vulnerable code not present) NOTE: https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812 (v2.7.6) CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) NOT-FOR-US: Pandora FMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a918a491b7b3da3375d1708cb0c4ffcb71a1b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a918a491b7b3da3375d1708cb0c4ffcb71a1b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added tinymce to dla-needed.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 8905071c by Ola Lundqvist at 2023-11-23T21:44:06+00:00 Added tinymce to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -264,6 +264,9 @@ symfony (Markus Koschany) thunderbird (Emilio) NOTE: 20231122: Added by Front-Desk (ola) -- +tinymce + NOTE: 20231123: Added by Front-Desk (ola) +-- tor NOTE: 20231119: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8905071c2ab66288080a9a2655cdf7799a08cd1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8905071c2ab66288080a9a2655cdf7799a08cd1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Marked CVE-2023-40030 as no-dsa for buster following bullseye.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ffc07270 by Ola Lundqvist at 2023-11-23T21:41:14+00:00 Marked CVE-2023-40030 as no-dsa for buster following bullseye. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14583,9 +14583,11 @@ CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles - cargo [bookworm] - cargo (Minor issue) [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue) - rust-cargo [bookworm] - rust-cargo (Minor issue) [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p NOTE: https://github.com/rust-lang/cargo/pull/12291 NOTE: https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 (0.75.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc07270565352d6ed9d3bd0ef57e3e0bcaa3558 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc07270565352d6ed9d3bd0ef57e3e0bcaa3558 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Marked CVE-2023-20246 as not affected for buster.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e7dc086 by Ola Lundqvist at 2023-11-23T21:29:24+00:00 Marked CVE-2023-20246 as not affected for buster. It should be marked as not affected for all versions since the vulnerability is only in snort 3.x, but Ill leave that to the regular security team to do. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72399,6 +72399,7 @@ CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Ad NOT-FOR-US: Cisco CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...) - snort (bug #1056281) + [buster] - snort (only affects 3.x) NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) NOT-FOR-US: Cisco View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e7dc086640f001045f40767ab048f35c21f9ba6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e7dc086640f001045f40767ab048f35c21f9ba6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-6212/thunderbird via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5484dc1 by Salvatore Bonaccorso at 2023-11-23T22:09:11+01:00
Track fixed version for CVE-2023-6212/thunderbird via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -412,7 +412,7 @@ CVE-2023-6212 (Memory safety bugs present in Firefox 119,
Firefox ESR 115.4, and
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6212
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5484dc171e3e3b6ec0aaa506b74bc65ed88454f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5484dc171e3e3b6ec0aaa506b74bc65ed88454f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typo in source package name for thunderbird
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0da0f8a4 by Salvatore Bonaccorso at 2023-11-23T22:07:21+01:00
Fix typo in source package name for thunderbird
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -412,7 +412,7 @@ CVE-2023-6212 (Memory safety bugs present in Firefox 119,
Firefox ESR 115.4, and
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - tunderbird
+ - thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6212
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0da0f8a406fa513265a853c450d0bc6ff1682966
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0da0f8a406fa513265a853c450d0bc6ff1682966
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70356eb7 by Salvatore Bonaccorso at 2023-11-23T22:02:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10,11 +10,11 @@ CVE-2023-5972 (A null pointer dereference flaw was found in
the nft_inner.c func
CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is
trivial ...)
NOT-FOR-US: Pandora FMS Console
CVE-2023-4595 (An information exposure vulnerability has been found, the
exploitation ...)
- TODO: check
+ NOT-FOR-US: SLmail
CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an
attacker t ...)
- TODO: check
+ NOT-FOR-US: SLmail
CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an
authent ...)
- TODO: check
+ NOT-FOR-US: SLmail
CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: KC Group E-Commerce Software
CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was
character ...)
@@ -35610,9 +35610,9 @@ CVE-2023-28815
CVE-2023-28814
RESERVED
CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted
messages ...)
- TODO: check
+ NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents
CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser
plug-in coul ...)
- TODO: check
+ NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents
CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
NOT-FOR-US: hikvison
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70356eb76dcfd710d49997f58b2683c50f0b9e04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70356eb76dcfd710d49997f58b2683c50f0b9e04
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-49208/glewlwyd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62ec7603 by Salvatore Bonaccorso at 2023-11-23T21:46:27+01:00
Add CVE-2023-49208/glewlwyd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -20,7 +20,8 @@ CVE-2023-4406 (Improper Neutralization of Input During Web
Page Generation ('Cro
CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was
character ...)
NOT-FOR-US: malicious node module
CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a
possible b ...)
- TODO: check
+ - glewlwyd 2.7.6+ds-1
+ NOTE:
https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812
(v2.7.6)
CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
NOT-FOR-US: Pandora FMS
CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ec7603aa1045eaec5e69667d6f5ec6f17a43b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ec7603aa1045eaec5e69667d6f5ec6f17a43b1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-33202/bouncycastle
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abe352cd by Salvatore Bonaccorso at 2023-11-23T21:44:58+01:00
Add CVE-2023-33202/bouncycastle
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -52,7 +52,8 @@ CVE-2023-3631 (Improper Neutralization of Special Elements
used in an SQL Comman
CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Veribilim Software Computer Veribase
CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial
of Serv ...)
- TODO: check
+ - bouncycastle
+ NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33202
CVE-2023-43123 (On unix-like systems, the temporary directory is shared
between all us ...)
NOT-FOR-US: Apache Storm
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe352cd8f1d51278aaae372beff7a20a9bfa528
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe352cd8f1d51278aaae372beff7a20a9bfa528
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5972/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b01852e8 by Salvatore Bonaccorso at 2023-11-23T21:34:02+01:00 Add CVE-2023-5972/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,12 @@ CVE-2023-6118 (: Path Traversal: '/../filedir' vulnerability in Neutron IP Camera all ...) NOT-FOR-US: Neutron IP Camera CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c functiona ...) - TODO: check + - linux 6.5.10-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/505ce0630ad5d31185695f8a29dde8d29f28faa7 (6.6-rc7) + NOTE: https://git.kernel.org/linus/52177bbf19e6e9398375a148d2e13ed492b40b80 (6.6-rc7) CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is trivial ...) NOT-FOR-US: Pandora FMS Console CVE-2023-4595 (An information exposure vulnerability has been found, the exploitation ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01852e87e7b8923ffb1fda70226818d19d09f1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01852e87e7b8923ffb1fda70226818d19d09f1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0ac1c94 by Salvatore Bonaccorso at 2023-11-23T21:28:24+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,9 +1,9 @@
CVE-2023-6118 (: Path Traversal: '/../filedir' vulnerability in Neutron IP
Camera all ...)
- TODO: check
+ NOT-FOR-US: Neutron IP Camera
CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c
functiona ...)
TODO: check
CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is
trivial ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS Console
CVE-2023-4595 (An information exposure vulnerability has been found, the
exploitation ...)
TODO: check
CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an
attacker t ...)
@@ -11,41 +11,41 @@ CVE-2023-4594 (Stored XSS vulnerability. This vulnerability
could allow an attac
CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an
authent ...)
TODO: check
CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: KC Group E-Commerce Software
CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was
character ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a
possible b ...)
TODO: check
CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS
on all ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Medart Health Services Medart Notification Panel
CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Veribilim Software Computer Veribase
CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial
of Serv ...)
TODO: check
CVE-2023-43123 (On unix-like systems, the temporary directory is shared
between all us ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0ac1c9481e131d92dcee58b06ad42afe51312ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0ac1c9481e131d92dcee58b06ad42afe51312ce
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8213b5fe by security tracker role at 2023-11-23T20:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,54 @@
-CVE-2023-43123
+CVE-2023-6118 (: Path Traversal: '/../filedir' vulnerability in Neutron IP
Camera all ...)
+ TODO: check
+CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c
functiona ...)
+ TODO: check
+CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is
trivial ...)
+ TODO: check
+CVE-2023-4595 (An information exposure vulnerability has been found, the
exploitation ...)
+ TODO: check
+CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an
attacker t ...)
+ TODO: check
+CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an
authent ...)
+ TODO: check
+CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was
character ...)
+ TODO: check
+CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a
possible b ...)
+ TODO: check
+CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
+ TODO: check
+CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS
on all ...)
+ TODO: check
+CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
+ TODO: check
+CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
+ TODO: check
+CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
+ TODO: check
+CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial
of Serv ...)
+ TODO: check
+CVE-2023-43123 (On unix-like systems, the temporary directory is shared
between all us ...)
NOT-FOR-US: Apache Storm
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
NOT-FOR-US: dom-sanitizer
@@ -1748,6 +1798,7 @@ CVE-2023-22327 (Out-of-bounds write in firmware for some
Intel(R) FPGA products
CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that
can cr ...)
- kubernetes (Windows-specific)
CVE-2023-23583 (Sequence of processor instructions leads to unexpected
behavior for so ...)
+ {DSA-5563-1}
- intel-microcode 3.20231114.1 (bug #1055962)
[buster] - intel-microcode (Wait for exposure in unstable)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
@@ -35551,10 +35602,10 @@ CVE-2023-28815
RESERVED
CVE-2023-28814
RESERVED
-CVE-2023-28813
- RESERVED
-CVE-2023-28812
- RESERVED
+CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted
messages ...)
+ TODO: check
+CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser
plug-in coul ...)
+ TODO: check
CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
NOT-FOR-US: hikvison
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
@@ -70909,10 +70960,10 @@ CVE-2022-44013 (An issue was discovered in Simmeth
Lieferantenmanager before 5.6
NOT-FOR-US: Simmeth Lieferantenmanager
CVE-2022-44012 (An issue was discovered in
/DS/LM_API/api/SelectionService/InsertQuery ...)
NOT-FOR-US: Simmeth Lieferantenmanager
-CVE-2022-44011
- RESERVED
-CVE-2022-44010
-
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for intel-microcode update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab0e66e6 by Salvatore Bonaccorso at 2023-11-23T16:36:01+01:00
Reserve DSA number for intel-microcode update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[23 Nov 2023] DSA-5563-1 intel-microcode - security update
+ {CVE-2023-23583}
+ [bullseye] - intel-microcode 3.20231114.1~deb11u1
+ [bookworm] - intel-microcode 3.20231114.1~deb12u1
[22 Nov 2023] DSA-5562-1 tor - security update
[bookworm] - tor 0.4.7.16-1
[22 Nov 2023] DSA-5561-1 firefox-esr - security update
=
data/dsa-needed.txt
=
@@ -29,9 +29,6 @@ gst-plugins-bad1.0 (carnil)
--
h2o (jmm)
--
-intel-microcode (carnil)
- wait for exposure of update in unstable
---
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on
bullseye-security backports
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0e66e697d9ef7779fa0490f2ddb69971b37b71
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0e66e697d9ef7779fa0490f2ddb69971b37b71
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd527a01 by Moritz Muehlenhoff at 2023-11-23T15:35:14+01:00
thunderbird fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -369,7 +369,7 @@ CVE-2023-6209 (Relative URLs starting with three slashes
were incorrectly parsed
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6209
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209
@@ -377,7 +377,7 @@ CVE-2023-6208 (When using X11, text selected by the page
using the Selection API
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208
@@ -385,7 +385,7 @@ CVE-2023-6207 (Ownership mismanagement led to a
use-after-free in ReadableByteSt
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207
@@ -393,7 +393,7 @@ CVE-2023-6206 (The black fade animation when exiting
fullscreen is roughly the l
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206
@@ -401,7 +401,7 @@ CVE-2023-6205 (It was possible to cause the use of a
MessagePort after it had al
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6205
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
@@ -409,7 +409,7 @@ CVE-2023-6204 (On some systems\u2014depending on the
graphics settings and drive
{DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- - thunderbird
+ - thunderbird 1:115.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6204
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd527a012b13014ce3a1a0e32e368d582b99eca9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd527a012b13014ce3a1a0e32e368d582b99eca9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 46935e67 by Moritz Muehlenhoff at 2023-11-23T13:58:01+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-43123 + NOT-FOR-US: Apache Storm CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...) NOT-FOR-US: dom-sanitizer CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because the una ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] record upstream fix for libcrypto++
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98c8f5dc by Moritz Muehlenhoff at 2023-11-23T12:53:00+01:00
record upstream fix for libcrypto++
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -14979,14 +14979,12 @@ CVE-2022-48571 (memcached 1.6.7 allows a Denial of
Service via multi-packet uplo
- memcached 1.6.8+dfsg-1
NOTE: Fixed by:
https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966
(1.6.8)
CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA
signature ...)
- - libcrypto++
- [bookworm] - libcrypto++ (Minor issue)
- [bullseye] - libcrypto++ (Minor issue)
+ - libcrypto++ 8.4.0-1
[buster] - libcrypto++ (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/992
NOTE: This issue exists because the CVE-2019-14318 fix was
intentionally removed for
NOTE: functionality reasons.
- TODO: check details on upstream fix (in 8.4?)
+ NOTE:
https://github.com/weidai11/cryptopp/commit/4bc7408ae2aefac9357c16809541ecbe225b7f3a
(CRYPTOPP_8_4_0)
CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in
Python thr ...)
{DLA-3614-1 DLA-3575-1}
- python3.9 3.9.1~rc1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98c8f5dc6bae0401a57d5334f5dd14d55c82a2d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98c8f5dc6bae0401a57d5334f5dd14d55c82a2d0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new cargo issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 384a7bb4 by Moritz Muehlenhoff at 2023-11-23T12:04:37+01:00 new cargo issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14520,7 +14520,15 @@ CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) NOT-FOR-US: Notepad++ CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...) - TODO: check + - cargo + [bookworm] - cargo (Minor issue) + [bullseye] - cargo (Minor issue) + - rust-cargo + [bookworm] - rust-cargo (Minor issue) + [bullseye] - rust-cargo (Minor issue) + NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p + NOTE: https://github.com/rust-lang/cargo/pull/12291 + NOTE: https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 (0.75.0) CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384a7bb46c32fbd70efe50cfcb108f551595c697 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384a7bb46c32fbd70efe50cfcb108f551595c697 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ckeditor non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d718f171 by Moritz Muehlenhoff at 2023-11-23T12:00:17+01:00 ckeditor non issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -907,7 +907,8 @@ CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.) CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...) - TODO: check + - ckeditor (unimportant) + NOTE: Seems bogus, only affects an example CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...) NOT-FOR-US: nagayama_copabowl CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chai ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d718f171815fcce90284fb3dba9591b24461a302 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d718f171815fcce90284fb3dba9591b24461a302 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a13f24c by Moritz Muehlenhoff at 2023-11-23T11:14:34+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,11 +1,11 @@
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
- TODO: check
+ NOT-FOR-US: dom-sanitizer
CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
NOT-FOR-US: NZBGet
CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
- zlib-ng (bug #1002056)
CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -65,7 +65,7 @@ CVE-2023-41140 (A maliciously crafted PRT file when parsed
through Autodesk Auto
CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk
AutoCAD 20 ...)
NOT-FOR-US: Autodesk
CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and
2.3.7515.0 c ...)
NOT-FOR-US: Dell
CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a
heap-use-a ...)
@@ -222,9 +222,9 @@ CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable
to Directory Travers
CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, a ...)
- TODO: check
+ NOT-FOR-US: TightGate-Pro Server
CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, b ...)
- TODO: check
+ NOT-FOR-US: TightGate-Pro Server
CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in
Sourcecodester St ...)
NOT-FOR-US: Sourcecodester Sticky Notes App
CVE-2023-46673 (It was identified that malformed scripts used in the script
processor ...)
@@ -238,9 +238,9 @@ CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in
the middle' vulnerabi
CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior,
contains a ...)
NOT-FOR-US: Dell
CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local
user is ...)
- TODO: check
+ NOT-FOR-US: Unitree Robotics A1
CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which
could a ...)
- TODO: check
+ NOT-FOR-US: Unitree Robotics A1
CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Download Com ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -34522,13 +34522,13 @@ CVE-2023-29078
CVE-2023-29077
RESERVED
CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when
parsed t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29074 (A maliciously crafted CATPART file when parsed through
Autodesk AutoCA ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk
AutoCAD ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29072
RESERVED
CVE-2023-29071
@@ -35547,7 +35547,7 @@ CVE-2023-28813
CVE-2023-28812
RESERVED
CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
- TODO: check
+ NOT-FOR-US: hikvison
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
NOT-FOR-US: hikvison
CVE-2023-28809 (Some access control products are vulnerable to a session
hijacking att ...)
@@ -50287,7 +50287,7 @@ CVE-2023-23980 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Fullworks Q ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23976
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 97415239 by Emilio Pozuelo Monfort at 2023-11-23T10:36:59+01:00 lts: take firefox-esr and thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,7 +61,7 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- -firefox-esr +firefox-esr (Emilio) NOTE: 20231122: Added by Front-Desk (ola) -- flatpak @@ -261,7 +261,7 @@ suricata (Adrian Bunk) symfony (Markus Koschany) NOTE: 20231118: Added by Front-Desk (apo) -- -thunderbird +thunderbird (Emilio) NOTE: 20231122: Added by Front-Desk (ola) -- tor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97415239a90462de31fc4d637dfd8b2d8fa6c5f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97415239a90462de31fc4d637dfd8b2d8fa6c5f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6803feda by Salvatore Bonaccorso at 2023-11-23T09:37:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,73 +1,73 @@
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
TODO: check
CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
- TODO: check
+ NOT-FOR-US: NZBGet
CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
- zlib-ng (bug #1002056)
CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
TODO: check
CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47829 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47821 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47817 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47816 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47814 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47809 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47808 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47790 (Cross-Site Request Forgery (CSRF) leading to Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47773 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47668 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44290 (Dell Command | Monitor versions prior to 10.10.0, contain an
improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44289 (Dell Command | Configure versions prior to 4.11.0, contain an
improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43086 (Dell Command | Configure, versions prior to 4.11.0, contains
an improp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
- TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-48107/zlib-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
197e5223 by Salvatore Bonaccorso at 2023-11-23T09:35:54+01:00
Add CVE-2023-48107/zlib-ng
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3,7 +3,7 @@ CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7
allows XSS via an
CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
TODO: check
CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
- TODO: check
+ - zlib-ng (bug #1002056)
CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
TODO: check
CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197e5223270c4dc72f7fc8cfd76a5a8a9447aef0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197e5223270c4dc72f7fc8cfd76a5a8a9447aef0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7338ce99 by security tracker role at 2023-11-23T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,74 @@
-CVE-2023-48706 [heap-use-after-free in ex_substitute]
+CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
+ TODO: check
+CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
+ TODO: check
+CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
+ TODO: check
+CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
+ TODO: check
+CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47829 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47821 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47817 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47816 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47814 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47809 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47808 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47790 (Cross-Site Request Forgery (CSRF) leading to Cross-Site
Scripting (XSS ...)
+ TODO: check
+CVE-2023-47786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47773 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47668 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-44290 (Dell Command | Monitor versions prior to 10.10.0, contain an
improper ...)
+ TODO: check
+CVE-2023-44289 (Dell Command | Configure versions prior to 4.11.0, contain an
improper ...)
+ TODO: check
+CVE-2023-43086 (Dell Command | Configure, versions prior to 4.11.0, contains
an improp ...)
+ TODO: check
+CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
+ TODO: check
+CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk
AutoCAD 20 ...)
+ TODO: check
+CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and
2.3.7515.0 c ...)
+ TODO: check
+CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a
heap-use-a ...)
- vim (unimportant)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
NOTE: Fixed by:
https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121)
@@ -1310,9 +1380,9 @@ CVE-2023-39199 (Cryptographic issues with In-Meeting Chat
for some Zoom clients
NOT-FOR-US: Zoom
CVE-2023-38544 (A logged in user can modify specific files that may lead to
unauthoriz ...)
NOT-FOR-US: Ivanti
-CVE-2023-38543 (When a specific component is
