[Git][security-tracker-team/security-tracker][master] 3 commits: Remove postfix from dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0070eef2 by Markus Koschany at 2024-01-09T08:41:19+01:00
Remove postfix from dla-needed.txt

- - - - -
622e37f6 by Markus Koschany at 2024-01-09T08:41:20+01:00
CVE-2023-51764,postfix: Mark Buster as no-dsa

There exists a configuration setting described in

https://www.postfix.org/smtp-smuggling.html

to mitigate the problem.

- - - - -
998aa899 by Markus Koschany at 2024-01-09T08:41:20+01:00
Claim knot-resolver in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -2144,6 +2144,7 @@ CVE-2023-51764 (Postfix through 3.8.4 allows SMTP 
smuggling unless configured wi
- postfix 3.8.4-1 (bug #1059230)
[bookworm] - postfix  (Minor issue; mitigations exist)
[bullseye] - postfix  (Minor issue; mitigations exist)
+   [buster] - postfix  (Minor issue; mitigations exist)
NOTE: 
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
NOTE: https://www.postfix.org/smtp-smuggling.html


=
data/dla-needed.txt
=
@@ -107,7 +107,7 @@ keystone (rouca)
   NOTE: 20231102: Sync (eg. CVE-2021-38155) with stable etc. (lamby)
   NOTE: 20240105: FTBFS due to 
https://github.com/testing-cabal/subunit/pull/40 (rouca)
 --
-knot-resolver
+knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
 --
 kodi (Abhijith PA)
@@ -164,9 +164,6 @@ nvidia-cuda-toolkit
 paramiko (tobi)
   NOTE: 20231225: Added by Front-Desk (ta)
 --
-postfix (Markus Koschany)
-  NOTE: 20231224: Added by Front-Desk (ta)
---
 putty
   NOTE: 20231224: Added by Front-Desk (ta)
   NOTE: 20230104: massive code change against bullseye. May be better to 
backport bullseye (rouca)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f373d763b04b785f33c37fcd3ff3fbd1c7151c3...998aa899a4882bc9b0d48e98ba615eb71f20576f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f373d763b04b785f33c37fcd3ff3fbd1c7151c3...998aa899a4882bc9b0d48e98ba615eb71f20576f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: change FD assignment due to unavailability of Ola

[@roberto]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f373d76 by Roberto C. Sánchez at 2024-01-08T22:29:54-05:00
LTS: change FD assignment due to unavailability of Ola

- - - - -


1 changed file:

- org/lts-frontdesk.2024.txt


Changes:

=
org/lts-frontdesk.2024.txt
=
@@ -1,6 +1,6 @@
 From 01-01 to 07-01:Emilio Pozuelo Monfort 
 From 08-01 to 14-01:Markus Koschany 
-From 15-01 to 21-01:Ola Lundqvist 
+From 15-01 to 21-01:Markus Koschany 
 From 22-01 to 28-01:Sylvain Beucler 
 From 29-01 to 04-02:Thorsten Alteholz 
 From 05-02 to 11-02:Utkarsh Gupta 
@@ -50,4 +50,4 @@ From 02-12 to 08-12:
 From 09-12 to 15-12:
 From 16-12 to 22-12:
 From 23-12 to 29-12:
-From 30-12 to 05-01:
\ No newline at end of file
+From 30-12 to 05-01:



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f373d763b04b785f33c37fcd3ff3fbd1c7151c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f373d763b04b785f33c37fcd3ff3fbd1c7151c3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Re-add squid to dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5c209dd by Markus Koschany at 2024-01-09T01:15:53+01:00
Re-add squid to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -227,6 +227,11 @@ samba
 sendmail
   NOTE: 20231224: Added by Front-Desk (ta)
 --
+squid
+  NOTE: 20240109: Added by Front-Desk (apo)
+  NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix
+  NOTE: 20240109: appears to be intrusive. I could not locate the fix for 
CVE-2023-49288 yet. (apo)
+--
 sudo (Adrian Bunk)
   NOTE: 20231224: Added by Front-Desk (ta)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5c209dda1e2c84085886d5ed351c61c605e5248

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5c209dda1e2c84085886d5ed351c61c605e5248
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3709-1 for squid

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b5444bf5 by Markus Koschany at 2024-01-09T01:01:18+01:00
Reserve DLA-3709-1 for squid

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[09 Jan 2024] DLA-3709-1 squid - security update
+   {CVE-2023-46846 CVE-2023-46847 CVE-2023-49285 CVE-2023-49286 
CVE-2023-50269}
+   [buster] - squid 4.6-1+deb10u9
 [05 Jan 2024] DLA-3708-1 exim4 - security update
{CVE-2023-51766}
[buster] - exim4 4.92-8+deb10u9


=
data/dla-needed.txt
=
@@ -227,11 +227,6 @@ samba
 sendmail
   NOTE: 20231224: Added by Front-Desk (ta)
 --
-squid
-  NOTE: 20231102: Added by Front-Desk (lamby)
-  NOTE: 20231218: Investigating new CVE. (apo)
-  NOTE: 20231223: The update requires a few more tests. Intend to release 
after the holidays.
---
 sudo (Adrian Bunk)
   NOTE: 20231224: Added by Front-Desk (ta)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5444bf525df42a73e046417729621220c206b80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5444bf525df42a73e046417729621220c206b80
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: reclaim dropbear in dla-needed.txt

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ede02eb by Guilhem Moulin at 2024-01-09T00:36:32+01:00
LTS: reclaim dropbear in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -69,7 +69,7 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the 
initiatives. (Beuc/front-desk)
 --
-dropbear
+dropbear (guilhem)
   NOTE: 20231219: Added by Front-Desk (ta)
 --
 edk2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ede02ebed009ebebece790a7cfcbd973a433eb6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ede02ebed009ebebece790a7cfcbd973a433eb6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] relcaim bind9; second try

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9941f06f by Thorsten Alteholz at 2024-01-08T23:45:31+01:00
relcaim bind9; second try

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -30,7 +30,7 @@ ansible
   NOTE: 20231217: Triaging done a few mail send upstream for claryfication 
purposes (rouca)
   NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee
 --
-bind9
+bind9 (Thorsten Alteholz)
   NOTE: 20230921: Added by Front-Desk (apo)
 --
 cacti (Sylvain Beucler)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9941f06f701a488c08899afe3164e382e02f9769

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9941f06f701a488c08899afe3164e382e02f9769
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-46728,squid: Mark Buster as ignored

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8a58e795 by Markus Koschany at 2024-01-08T21:51:11+01:00
CVE-2023-46728,squid: Mark Buster as ignored

Gopher support has been removed upstream. Since Gopher is ancient and rarely
used, we recommend to reject all gopher URL requests.

- - - - -
9c498ef6 by Markus Koschany at 2024-01-08T23:24:45+01:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -
0dada7df by Markus Koschany at 2024-01-08T23:25:58+01:00
CVE-2023-46728,squid: Mark Bullseye and Bookworm also as ignored

The same reasoning applies to newer releases. Gopher support has just been
removed, no fix is available and the simple workaround is to reject Gopher URLs
which in 2024 shouldn't be a problem.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13502,6 +13502,9 @@ CVE-2021-46897 (views.py in Wagtail CRX CodeRed 
Extensions (formerly CodeRed CMS
NOT-FOR-US: Wagtail CRX CodeRed Extensions
 CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
- squid 6.1-1
+   [bookworm] - squid  (unsupported, Gopher support has been 
removed upstream)
+   [bullseye] - squid  (unsupported, Gopher support has been 
removed upstream)
+   [buster] - squid  (unsupported, Gopher support has been 
removed upstream)
NOTE: No code fix, gopher support was removed:
NOTE: 
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
 (SQUID_6_0_1)
NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one more NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2f31272f by Salvatore Bonaccorso at 2024-01-08T22:29:55+01:00
Process one more NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -369,7 +369,7 @@ CVE-2023-32650 (An integer overflow vulnerability exists in 
the FST_BL_GEOM pars
- gtkwave 
NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1777
 CVE-2018-25095 (The Duplicator WordPress plugin before 1.3.0 does not properly 
escape  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2024-22216 (In default installations of Microchip maxView Storage Manager 
(for Ada ...)
NOT-FOR-US: Microchip
 CVE-2024-0304 (A vulnerability has been found in Youke365 up to 1.5.3 and 
classified  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f31272fab38603e91f0ec86d08b77d8ac71b410

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f31272fab38603e91f0ec86d08b77d8ac71b410
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more gtkwave issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f25bac36 by Salvatore Bonaccorso at 2024-01-08T22:28:28+01:00
Process some more gtkwave issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -204,115 +204,170 @@ CVE-2023-38618 (Multiple integer overflow 
vulnerabilities exist in the VZT facge
- gtkwave 
NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812
 CVE-2023-38583 (A stack-based buffer overflow vulnerability exists in the LXT2 
lxt2_rd ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1827
 CVE-2023-37923 (Multiple arbitrary write vulnerabilities exist in the VCD 
sorted bsear ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807
 CVE-2023-37922 (Multiple arbitrary write vulnerabilities exist in the VCD 
sorted bsear ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807
 CVE-2023-37921 (Multiple arbitrary write vulnerabilities exist in the VCD 
sorted bsear ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807
 CVE-2023-37578 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37577 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37576 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37575 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37574 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37573 (Multiple use-after-free vulnerabilities exist in the VCD 
get_vartoken  ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
 CVE-2023-37447 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37446 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37445 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37444 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37443 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37442 (Multiple out-of-bounds read vulnerabilities exist in the VCD 
var defin ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805
 CVE-2023-37420 (Multiple out-of-bounds write vulnerabilities exist in the VCD 
parse_va ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804
 CVE-2023-37419 (Multiple out-of-bounds write vulnerabilities exist in the VCD 
parse_va ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804
 CVE-2023-37418 (Multiple out-of-bounds write vulnerabilities exist in the VCD 
parse_va ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804
 CVE-2023-37417 (Multiple out-of-bounds write vulnerabilities exist in the VCD 
parse_va ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804
 CVE-2023-37416 (Multiple out-of-bounds write vulnerabilities exist in the VCD 
parse_va ...)
-   TODO: check
+   -

[Git][security-tracker-team/security-tracker][master] Process a first round of gtkwave CVEs adding only references

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c9ecbaa8 by Salvatore Bonaccorso at 2024-01-08T22:10:44+01:00
Process a first round of gtkwave CVEs adding only references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -123,59 +123,86 @@ CVE-2023-47211 (A directory traversal vulnerability 
exists in the uploadMib func
 CVE-2023-41710 (User-defined script code could be stored for a upsell related 
shop URL ...)
NOT-FOR-US: Open-Xchange
 CVE-2023-39444 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 
parsing ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826
 CVE-2023-39443 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 
parsing ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826
 CVE-2023-39414 (Multiple integer underflow vulnerabilities exist in the LXT2 
lxt2_rd_i ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824
 CVE-2023-39413 (Multiple integer underflow vulnerabilities exist in the LXT2 
lxt2_rd_i ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824
 CVE-2023-39317 (Multiple integer overflow vulnerabilities exist in the LXT2 
num_dict_e ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820
 CVE-2023-39316 (Multiple integer overflow vulnerabilities exist in the LXT2 
num_dict_e ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820
 CVE-2023-39275 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39274 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39273 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39272 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39271 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39270 (Multiple integer overflow vulnerabilities exist in the LXT2 
facgeometr ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818
 CVE-2023-39235 (Multiple out-of-bounds write vulnerabilities exist in the VZT 
vzt_rd_p ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817
 CVE-2023-39234 (Multiple out-of-bounds write vulnerabilities exist in the VZT 
vzt_rd_p ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817
 CVE-2023-38657 (An out-of-bounds write vulnerability exists in the LXT2 zlib 
block dec ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1823
 CVE-2023-38653 (Multiple integer overflow vulnerabilities exist in the VZT 
vzt_rd_bloc ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815
 CVE-2023-38652 (Multiple integer overflow vulnerabilities exist in the VZT 
vzt_rd_bloc ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815
 CVE-2023-38651 (Multiple integer overflow vulnerabilities exist in the VZT 
vzt_rd_bloc ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814
 CVE-2023-38650 (Multiple integer overflow vulnerabilities exist in the VZT 
vzt_rd_bloc ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814
 CVE-2023-38649 (Multiple out-of-bounds write vulnerabilities exist in the VZT 
vzt_rd_g ...)
-   TODO: check
+   - gtkwave 
+   NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813
 CVE-2023-38648 (Multiple out-of-bounds write vulnerabilities exist in t

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d72970a0 by Salvatore Bonaccorso at 2024-01-08T22:09:51+01:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -121,7 +121,7 @@ CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted 
File Upload.)
 CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib 
functional ...)
NOT-FOR-US: ManageEngine OpManager
 CVE-2023-41710 (User-defined script code could be stored for a upsell related 
shop URL ...)
-   TODO: check
+   NOT-FOR-US: Open-Xchange
 CVE-2023-39444 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 
parsing ...)
TODO: check
 CVE-2023-39443 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 
parsing ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d72970a08be35a33268a75bd968177934602c35f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d72970a08be35a33268a75bd968177934602c35f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97435a36 by Salvatore Bonaccorso at 2024-01-08T22:05:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -45,7 +45,7 @@ CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) 
WordPress plugin before
 CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 
does not s ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-6552 (Lack of "current" GET parameter validation during the action of 
changi ...)
-   TODO: check
+   NOT-FOR-US: TasmoAdmin
 CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not 
have C ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation 
and CS ...)
@@ -75,7 +75,7 @@ CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin 
before 1.2.9 does n
 CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver allo ...)
TODO: check
 CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud 
allows low-pr ...)
-   TODO: check
+   NOT-FOR-US: Topaz Antifraud
 CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox 
Tagbox \u201 ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-5 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic 
WooComme ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97435a367bf0e503a4ebfd740ccfcb4443a2359d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97435a367bf0e503a4ebfd740ccfcb4443a2359d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add one more pyload CVE

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d784f915 by Salvatore Bonaccorso at 2024-01-08T21:53:18+01:00
Add one more pyload CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -117,7 +117,7 @@ CVE-2023-51246 (A Cross Site Scripting (XSS) vulnerability 
in GetSimple CMS 3.3.
 CVE-2023-50982 (Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of 
executab ...)
TODO: check
 CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.)
-   TODO: check
+   - pyload  (bug #1001980)
 CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib 
functional ...)
NOT-FOR-US: ManageEngine OpManager
 CVE-2023-41710 (User-defined script code could be stored for a upsell related 
shop URL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d784f915717c9d2ea36f644bf9260db9978c58c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d784f915717c9d2ea36f644bf9260db9978c58c8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
758770c3 by Salvatore Bonaccorso at 2024-01-08T21:52:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -23,103 +23,103 @@ CVE-2024-0321 (Stack-based Buffer Overflow in GitHub 
repository gpac/gpac prior
NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
NOTE: 
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
 CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been 
rated as cr ...)
-   TODO: check
+   NOT-FOR-US: Inis
 CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Dynamic Lab Management System
 CVE-2024-0306 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Dynamic Lab Management System
 CVE-2024-0305 (A vulnerability was found in Guangzhou Yingke Electronic 
Technology Nc ...)
-   TODO: check
+   NOT-FOR-US: Guangzhou Yingke Electronic Technology Ncast
 CVE-2023-7224 (OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local 
users  ...)
-   TODO: check
+   NOT-FOR-US: OpenVPN Connect
 CVE-2023-6921 (Blind SQL Injection vulnerability in PrestaShow Google 
Integrator (Pre ...)
-   TODO: check
+   NOT-FOR-US: PrestaShop module
 CVE-2023-6845 (The CommentTweets WordPress plugin through 0.6 does not have 
CSRF chec ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6750 (The Clone WordPress plugin before 2.4.3 uses buffer files to 
store in- ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6631 (PowerSYSTEM Center versions 2020 Update 16 and prior contain a 
vulnera ...)
-   TODO: check
+   NOT-FOR-US: PowerSYSTEM Center
 CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) WordPress plugin 
before 9.0.2 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 
does not s ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6552 (Lack of "current" GET parameter validation during the action of 
changi ...)
TODO: check
 CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not 
have C ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation 
and CS ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6528 (The Slider Revolution WordPress plugin before 6.6.19 does not 
prevent  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6505 (The Migrate WordPress Website & Backups WordPress plugin before 
1.9.3  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6383 (The Debug Log Manager WordPress plugin before 2.3.0 contains a 
Directo ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6161 (The WP Crowdfunding WordPress plugin before 2.1.9 does not 
sanitise an ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6141 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6140 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not preve ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6139 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-6042 (Any unauthenticated user may send e-mail from the site with any 
title  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5957 (The Ni Purchase Order(PO) For WooCommerce WordPress plugin 
through 1.2 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor Plugin WordPress 
plugin throu ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does 
not li ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver allo ...)
TODO: check
 CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud 
allows low-pr ...)
TODO: check
 CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox 
Tagbox \u201 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-5 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic 
WooComme ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2023-52219 (Deserialization of Untrusted Data vulnerability in Gecka Gecka 
Terms

[Git][security-tracker-team/security-tracker][master] Add two new gpac issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15073f66 by Salvatore Bonaccorso at 2024-01-08T21:50:27+01:00
Add two new gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15,9 +15,13 @@ CVE-2024-21645 (pyLoad is the free and open-source Download 
Manager written in p
 CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
- pyload  (bug #1001980)
 CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3-DEV.)
-   TODO: check
+   - gpac 
+   NOTE: https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/
+   NOTE: 
https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70
 CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)
-   TODO: check
+   - gpac 
+   NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
+   NOTE: 
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
 CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been 
rated as cr ...)
TODO: check
 CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15073f66fe44cff2e9fb5d222040f0108504c2d9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15073f66fe44cff2e9fb5d222040f0108504c2d9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add two new issues in pyload, itp'ed

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b31af68 by Salvatore Bonaccorso at 2024-01-08T21:42:11+01:00
Add two new issues in pyload, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,9 +11,9 @@ CVE-2024-21647 (Puma is a web server for Ruby/Rack 
applications built for parall
NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
NOTE: 
https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d 
(v5.6.8)
 CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
-   TODO: check
+   - pyload  (bug #1001980)
 CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
-   TODO: check
+   - pyload  (bug #1001980)
 CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3-DEV.)
TODO: check
 CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b31af684dc131e730dc1b255fb84e956c2eacaa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b31af684dc131e730dc1b255fb84e956c2eacaa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2024-21647/puma

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9fbc26a7 by Salvatore Bonaccorso at 2024-01-08T21:38:34+01:00
Add CVE-2024-21647/puma

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,7 +7,9 @@ CVE-2024-21744 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
NOT-FOR-US: XWiki
 CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for 
parallelism. ...)
-   TODO: check
+   - puma 
+   NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
+   NOTE: 
https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d 
(v5.6.8)
 CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
TODO: check
 CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fbc26a72712fe3bcfd25af5c19fbf258846dd2a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fbc26a72712fe3bcfd25af5c19fbf258846dd2a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54c240d1 by Salvatore Bonaccorso at 2024-01-08T21:32:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,11 +1,11 @@
 CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2024-21744 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-   TODO: check
+   NOT-FOR-US: XWiki
 CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for 
parallelism. ...)
TODO: check
 CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54c240d1a2862dc810354bd25325ce8f3a91dc8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54c240d1a2862dc810354bd25325ce8f3a91dc8d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add notes for zfs-linux

[Utkarsh Gupta (@utkarsh)]

Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31f56196 by Utkarsh Gupta at 2024-01-09T01:54:05+05:30
Add notes for zfs-linux

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -270,6 +270,7 @@ wireshark (Adrian Bunk)
 zabbix (tobi)
   NOTE: 20231015: Added by Front-Desk (ta)
 --
-zfs-linux
+zfs-linux (Utkarsh)
   NOTE: 20231127: Added by Front-Desk (Beuc)
+  NOTE: 20240801: the fix for other CVE wasn't obvious but about to be ready; 
D/ELA to be out soon. (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f561967aab7f2956b6ce7687851f547b5373e1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f561967aab7f2956b6ce7687851f547b5373e1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d203f450 by security tracker role at 2024-01-08T20:22:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,287 @@
+CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-21744 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+   TODO: check
+CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for 
parallelism. ...)
+   TODO: check
+CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
+   TODO: check
+CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
+   TODO: check
+CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3-DEV.)
+   TODO: check
+CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)
+   TODO: check
+CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been 
rated as cr ...)
+   TODO: check
+CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
+   TODO: check
+CVE-2024-0306 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
+   TODO: check
+CVE-2024-0305 (A vulnerability was found in Guangzhou Yingke Electronic 
Technology Nc ...)
+   TODO: check
+CVE-2023-7224 (OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local 
users  ...)
+   TODO: check
+CVE-2023-6921 (Blind SQL Injection vulnerability in PrestaShow Google 
Integrator (Pre ...)
+   TODO: check
+CVE-2023-6845 (The CommentTweets WordPress plugin through 0.6 does not have 
CSRF chec ...)
+   TODO: check
+CVE-2023-6750 (The Clone WordPress plugin before 2.4.3 uses buffer files to 
store in- ...)
+   TODO: check
+CVE-2023-6631 (PowerSYSTEM Center versions 2020 Update 16 and prior contain a 
vulnera ...)
+   TODO: check
+CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) WordPress plugin 
before 9.0.2 ...)
+   TODO: check
+CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 
does not s ...)
+   TODO: check
+CVE-2023-6552 (Lack of "current" GET parameter validation during the action of 
changi ...)
+   TODO: check
+CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not 
have C ...)
+   TODO: check
+CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation 
and CS ...)
+   TODO: check
+CVE-2023-6528 (The Slider Revolution WordPress plugin before 6.6.19 does not 
prevent  ...)
+   TODO: check
+CVE-2023-6505 (The Migrate WordPress Website & Backups WordPress plugin before 
1.9.3  ...)
+   TODO: check
+CVE-2023-6383 (The Debug Log Manager WordPress plugin before 2.3.0 contains a 
Directo ...)
+   TODO: check
+CVE-2023-6161 (The WP Crowdfunding WordPress plugin before 2.1.9 does not 
sanitise an ...)
+   TODO: check
+CVE-2023-6141 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
+   TODO: check
+CVE-2023-6140 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not preve ...)
+   TODO: check
+CVE-2023-6139 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
+   TODO: check
+CVE-2023-6042 (Any unauthenticated user may send e-mail from the site with any 
title  ...)
+   TODO: check
+CVE-2023-5957 (The Ni Purchase Order(PO) For WooCommerce WordPress plugin 
through 1.2 ...)
+   TODO: check
+CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor Plugin WordPress 
plugin throu ...)
+   TODO: check
+CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does 
not li ...)
+   TODO: check
+CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver allo ...)
+   TODO: check
+CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud 
allows low-pr ...)
+   TODO: check
+CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox 
Tagbox \u201 ...)
+   TODO: check
+CVE-2023-5 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic 
WooComme ...)
+   TODO: check
+CVE-2023-52219 (Deserialization of Untrusted Data vulnerability in Gecka Gecka 
Terms T ...)
+   TODO: check
+CVE-2023-52218 (Deserialization of Untrusted Data vulnerability in Anton Bond 
Woocomme ...)
+   TODO: check
+CVE-2023-52216 (Cross-Site Request Forgery (CSRF) vulnerability in Yevhen 
Kotelnytskyi ...)
+   TODO: check
+CVE-2023

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[@roberto]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97a09030 by Roberto C. Sánchez at 2024-01-08T15:10:36-05:00
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Roberto C. Sánchez 

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -69,7 +69,7 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the 
initiatives. (Beuc/front-desk)
 --
-dropbear (guilhem)
+dropbear
   NOTE: 20231219: Added by Front-Desk (ta)
 --
 edk2
@@ -122,7 +122,7 @@ libreswan
   NOTE: 20230909: all due to code refactoring. I intend to package the version
   NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the 
fix. (apo)
 --
-libssh (Sean Whitton)
+libssh
   NOTE: 20231219: Added by Front-Desk (ta)
 --
 libstb
@@ -227,7 +227,7 @@ samba
 sendmail
   NOTE: 20231224: Added by Front-Desk (ta)
 --
-squid (Markus Koschany)
+squid
   NOTE: 20231102: Added by Front-Desk (lamby)
   NOTE: 20231218: Investigating new CVE. (apo)
   NOTE: 20231223: The update requires a few more tests. Intend to release 
after the holidays.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97a090308aed690ec3b3384990c44a1a2bed453e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97a090308aed690ec3b3384990c44a1a2bed453e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1055

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
95a6db0a by Salvatore Bonaccorso at 2024-01-08T21:09:29+01:00
Update information for CVE-2023-1055

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -48811,11 +48811,14 @@ CVE-2023-1057 (A vulnerability was found in 
SourceCodester Doctors Appointment S
 CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment 
System ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
 CVE-2023-1055 (A flaw was found in RHDS 11 and RHDS 12. While browsing entries 
LDAP t ...)
-   - 389-ds-base  (bug #1034891)
+   - 389-ds-base 2.3.4+dfsg1-1 (bug #1034891)
[bookworm] - 389-ds-base  (Minor issue)
[bullseye] - 389-ds-base  (Minor issue)
[buster] - 389-ds-base  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2173517
+   NOTE: 
https://github.com/389ds/389-ds-base/commit/8483d60de374be78ce3dd423ac7ad7a3cdc5eaca
 (389-ds-base-2.3.3)
+   NOTE: 
https://github.com/389ds/389-ds-base/commit/2038989d477d6281463668c91f72649fde880145
 (389-ds-base-2.2.8)
+   NOTE: 
https://github.com/389ds/389-ds-base/commit/92f9d3b9d06c1729e536948c638761c9fa7c962a
 (389-ds-base-1.4.3.35)
 CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 
1.0. It ...)
NOT-FOR-US: SourceCodester Music Gallery Site
 CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 
1.0 and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95a6db0af2ead684d08b93efb5299cba1e0d07a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95a6db0af2ead684d08b93efb5299cba1e0d07a8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b97b1d8b by Moritz Muehlenhoff at 2024-01-08T20:35:53+01:00
bullseye/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -3062,6 +3062,8 @@ CVE-2023-48795 (The SSH transport protocol with certain 
OpenSSH extensions, foun
[bullseye] - filezilla  (Minor issue)
[buster] - filezilla  (Minor issue)
- golang-go.crypto 1:0.17.0-1 (bug #1059003)
+   [bookworm] - golang-go.crypto  (Minor issue)
+   [bullseye] - golang-go.crypto  (Minor issue)
- jsch  (ChaCha20-Poly1305 support introduced in 0.1.61; 
*-EtM support introduced in 0.1.58)
- libssh 0.10.6-1 (bug #1059004)
- libssh2 1.11.0-4 (bug #1059005)
@@ -3091,6 +3093,8 @@ CVE-2023-48795 (The SSH transport protocol with certain 
OpenSSH extensions, foun
- python-asyncssh  (bug #1059007)
- tinyssh 20230101-4 (bug #1059058; unimportant)
- trilead-ssh2  (bug #1059294)
+   [bookworm] - trilead-ssh2  (Minor issue)
+   [bullseye] - trilead-ssh2  (Minor issue)
NOTE: https://terrapin-attack.com/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
NOTE: dropbear: 
https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
@@ -4451,6 +4455,8 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 
- CWE-78: Improper Neu
 CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in 
TinyXML ...)
{DLA-3701-1}
- tinyxml 2.6.2-6.1 (bug #1059315)
+   [bookworm] - tinyxml  (Minor issue)
+   [bullseye] - tinyxml  (Minor issue)
NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
NOTE: Debian (non upstream) patch: 
https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch
 CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 
allowed ...)
@@ -7057,6 +7063,8 @@ CVE-2023-47418 (Remote Code Execution (RCE) vulnerability 
in o2oa version 8.1.2
NOT-FOR-US: p2pa
 CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
- tinyxml  (bug #1059315)
+   [bookworm] - tinyxml  (Minor issue)
+   [bullseye] - tinyxml  (Minor issue)
NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 
and DT900 ...)
NOT-FOR-US: NEC
@@ -15628,6 +15636,8 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of 
service (server resource
- tomcat10 10.1.14-1
- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
- grpc 
+   [bookworm] - grpc  (Minor issue)
+   [bullseye] - grpc  (Minor issue)
- h2o 2.2.5+dfsg2-8 (bug #1054232)
- haproxy 1.8.13-1
- nginx 1.24.0-2 (unimportant; bug #1053770)


=
data/dsa-needed.txt
=
@@ -39,6 +39,8 @@ php*seclib* (seb)
 --
 php-cas/oldstable
 --
+php-dompdf-svg-lib/stable
+--
 php-horde-mime-viewer/oldstable
 --
 php-horde-turba/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97b1d8b86be85dbfe389ffe87b5dbe6f74a27c7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference pull request for CVE-2023-408{89,90}

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3c545e2c by Salvatore Bonaccorso at 2024-01-08T16:47:53+01:00
Reference pull request for CVE-2023-408{89,90}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21868,12 +21868,14 @@ CVE-2023-40890 (A stack-based buffer overflow 
vulnerability exists in the lookup
- zbar  (bug #1051724)
NOTE: https://hackmd.io/@cspl/H1PxPAUnn
NOTE: https://github.com/mchehab/zbar/issues/263
+   NOTE: https://github.com/mchehab/zbar/pull/276
NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no 
upstream fix exists yet.
 CVE-2023-40889 (A heap-based buffer overflow exists in the 
qr_reader_match_centers fun ...)
{DLA-3675-1}
- zbar  (bug #1051724)
NOTE: https://hackmd.io/@cspl/B1ZkFZv23
NOTE: https://github.com/mchehab/zbar/issues/263
+   NOTE: https://github.com/mchehab/zbar/pull/276
NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no 
upstream fix exists yet.
 CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters 
submitt ...)
NOT-FOR-US: SpringBlade



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c545e2cd70c69448f8ca8be181673c384697d35

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c545e2cd70c69448f8ca8be181673c384697d35
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed: add and claim php*seclib*

[Sebastien Delafond (@seb)]

Sebastien Delafond pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4d26f165 by Sébastien Delafond at 2024-01-08T12:29:36+01:00
dsa-needed: add and claim php*seclib*

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -34,6 +34,9 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
+php*seclib* (seb)
+  Maintainer prepared updates
+--
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d26f1653a49c35d2a0db1dcd60065a3bd7df7af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d26f1653a49c35d2a0db1dcd60065a3bd7df7af
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb19d022 by Salvatore Bonaccorso at 2024-01-08T09:26:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,41 +1,41 @@
 CVE-2024-22216 (In default installations of Microchip maxView Storage Manager 
(for Ada ...)
-   TODO: check
+   NOT-FOR-US: Microchip
 CVE-2024-0304 (A vulnerability has been found in Youke365 up to 1.5.3 and 
classified  ...)
-   TODO: check
+   NOT-FOR-US: Youke365
 CVE-2024-0303 (A vulnerability, which was classified as critical, was found in 
Youke3 ...)
-   TODO: check
+   NOT-FOR-US: Youke365
 CVE-2024-0302 (A vulnerability, which was classified as critical, has been 
found in f ...)
-   TODO: check
+   NOT-FOR-US: fhs-opensource
 CVE-2024-0301 (A vulnerability classified as critical was found in 
fhs-opensource ipa ...)
-   TODO: check
+   NOT-FOR-US: fhs-opensource
 CVE-2024-0300 (A vulnerability was found in Beijing Baichuo Smart S150 
Management Pla ...)
-   TODO: check
+   NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform
 CVE-2024-0299 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216. It ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0298 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216. It ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0297 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216 and ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0296 (A vulnerability has been found in Totolink N200RE 
9.3.5u.6139_B2020121 ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0295 (A vulnerability, which was classified as critical, was found in 
Totoli ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0294 (A vulnerability, which was classified as critical, has been 
found in T ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0293 (A vulnerability classified as critical was found in Totolink 
LR1200GB  ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0292 (A vulnerability classified as critical has been found in 
Totolink LR12 ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0291 (A vulnerability was found in Totolink LR1200GB 
9.1.0u.6619_B20230130.  ...)
-   TODO: check
+   NOT-FOR-US: Totolink
 CVE-2024-0290 (A vulnerability, which was classified as critical, has been 
found in K ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Food Management System
 CVE-2024-0289 (A vulnerability classified as critical was found in Kashipara 
Food Man ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Food Management System
 CVE-2024-0288 (A vulnerability classified as critical has been found in 
Kashipara Foo ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Food Management System
 CVE-2024-0287 (A vulnerability was found in Kashipara Food Management System 
1.0. It  ...)
-   TODO: check
+   NOT-FOR-US: Kashipara Food Management System
 CVE-2023-7215 (A vulnerability, which was classified as problematic, has been 
found i ...)
TODO: check
 CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded 
credent ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb19d0221c4bdd5d977cea826dd1b5b760aa712a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb19d0221c4bdd5d977cea826dd1b5b760aa712a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
72932b3d by Salvatore Bonaccorso at 2024-01-08T09:19:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -39,9 +39,9 @@ CVE-2024-0287 (A vulnerability was found in Kashipara Food 
Management System 1.0
 CVE-2023-7215 (A vulnerability, which was classified as problematic, has been 
found i ...)
TODO: check
 CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded 
credent ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2023-47140 (IBM CICS Transaction Gateway 9.3 could allow a user to 
transfer or vie ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2024-0286 (A vulnerability, which was classified as problematic, was found 
in PHP ...)
NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-0284 (A vulnerability was found in Kashipara Food Management System 
up to 1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72932b3da2d65a588a295cf419f88b1d2d37c142

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72932b3da2d65a588a295cf419f88b1d2d37c142
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
131f12d3 by security tracker role at 2024-01-08T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,47 @@
+CVE-2024-22216 (In default installations of Microchip maxView Storage Manager 
(for Ada ...)
+   TODO: check
+CVE-2024-0304 (A vulnerability has been found in Youke365 up to 1.5.3 and 
classified  ...)
+   TODO: check
+CVE-2024-0303 (A vulnerability, which was classified as critical, was found in 
Youke3 ...)
+   TODO: check
+CVE-2024-0302 (A vulnerability, which was classified as critical, has been 
found in f ...)
+   TODO: check
+CVE-2024-0301 (A vulnerability classified as critical was found in 
fhs-opensource ipa ...)
+   TODO: check
+CVE-2024-0300 (A vulnerability was found in Beijing Baichuo Smart S150 
Management Pla ...)
+   TODO: check
+CVE-2024-0299 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216. It ...)
+   TODO: check
+CVE-2024-0298 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216. It ...)
+   TODO: check
+CVE-2024-0297 (A vulnerability was found in Totolink N200RE 
9.3.5u.6139_B20201216 and ...)
+   TODO: check
+CVE-2024-0296 (A vulnerability has been found in Totolink N200RE 
9.3.5u.6139_B2020121 ...)
+   TODO: check
+CVE-2024-0295 (A vulnerability, which was classified as critical, was found in 
Totoli ...)
+   TODO: check
+CVE-2024-0294 (A vulnerability, which was classified as critical, has been 
found in T ...)
+   TODO: check
+CVE-2024-0293 (A vulnerability classified as critical was found in Totolink 
LR1200GB  ...)
+   TODO: check
+CVE-2024-0292 (A vulnerability classified as critical has been found in 
Totolink LR12 ...)
+   TODO: check
+CVE-2024-0291 (A vulnerability was found in Totolink LR1200GB 
9.1.0u.6619_B20230130.  ...)
+   TODO: check
+CVE-2024-0290 (A vulnerability, which was classified as critical, has been 
found in K ...)
+   TODO: check
+CVE-2024-0289 (A vulnerability classified as critical was found in Kashipara 
Food Man ...)
+   TODO: check
+CVE-2024-0288 (A vulnerability classified as critical has been found in 
Kashipara Foo ...)
+   TODO: check
+CVE-2024-0287 (A vulnerability was found in Kashipara Food Management System 
1.0. It  ...)
+   TODO: check
+CVE-2023-7215 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded 
credent ...)
+   TODO: check
+CVE-2023-47140 (IBM CICS Transaction Gateway 9.3 could allow a user to 
transfer or vie ...)
+   TODO: check
 CVE-2024-0286 (A vulnerability, which was classified as problematic, was found 
in PHP ...)
NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-0284 (A vulnerability was found in Kashipara Food Management System 
up to 1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131f12d3511f56648a6166e291cc1cf8548e2a35

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131f12d3511f56648a6166e291cc1cf8548e2a35
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits