[Git][security-tracker-team/security-tracker][master] Add pypdf fixed version for CVE-2023-36464
Scott Kitterman pushed to branch master at Debian Security Tracker / security-tracker Commits: bfc0e1c1 by Scott Kitterman at 2024-01-14T19:10:27-05:00 Add pypdf fixed version for CVE-2023-36464 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32018,7 +32018,7 @@ CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulne CVE-2023-3327 REJECTED CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...) - - pypdf (bug #1040338) + - pypdf 3.17.4-1 (bug #1040338) [bookworm] - pypdf (Minor issue) - pypdf2 (bug #1040339) [bookworm] - pypdf2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc0e1c1775b0b97a44ce7387f4a11b2807436db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc0e1c1775b0b97a44ce7387f4a11b2807436db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove todo entry for exiftags CVE (maintainer in contact with upstream)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: faf1c504 by Salvatore Bonaccorso at 2024-01-14T21:30:27+01:00 Remove todo entry for exiftags CVE (maintainer in contact with upstream) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -582,7 +582,6 @@ CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge app CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...) - exiftags (bug #1060753) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/ - TODO: check details CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode applica ...) NOT-FOR-US: ScaleFusion CVE-2023-4962 (The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Sit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf1c504c2c217561c2ddb4866ee53567a731ddb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf1c504c2c217561c2ddb4866ee53567a731ddb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-4001/grub2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8634f6aa by Salvatore Bonaccorso at 2024-01-14T21:29:33+01:00 Update status for CVE-2023-4001/grub2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -785,10 +785,9 @@ CVE-2022-47965 (The issue was addressed with improved memory handling. This issu CVE-2022-47915 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-4001 [bypass the GRUB password protection feature] - - grub2 + - grub2 (Specific to a downstream patch in Red Hat) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224951 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223437 - TODO: this might be (and given context refers to "/boot/efi/EFI/fedora/grub.cfg") Fedora specific, but the referenced RHBZ#2223437 is inaccessible so far CVE-2024-20715 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20714 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8634f6aac324133e689afc23956a8584f8ee8f4c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8634f6aac324133e689afc23956a8584f8ee8f4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Adjust indentation for one entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa18d3b4 by Salvatore Bonaccorso at 2024-01-14T20:51:42+01:00 Adjust indentation for one entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4829,7 +4829,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun - paramiko (bug #1059006) [bookworm] - paramiko (Minor issue) [bullseye] - paramiko (Minor issue) -[buster] - paramiko (ChaCha20-Poly1305 and CBC-EtM support not present) + [buster] - paramiko (ChaCha20-Poly1305 and CBC-EtM support not present) - phpseclib 1.0.22-1 - php-phpseclib 2.0.46-1 - php-phpseclib3 3.0.35-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa18d3b48ff478280920c4a375addcc45c9c61a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa18d3b48ff478280920c4a375addcc45c9c61a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update kodi status
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: b0e9b892 by Abhijith PA at 2024-01-14T23:43:57+05:30 update kodi status - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -114,6 +114,7 @@ knot-resolver (Markus Koschany) kodi (Abhijith PA) NOTE: 20231228: Added by Front-Desk (lamby) NOTE: 20231228: CVE-2021-42917 was postponed in 2021; fixed in bullseye via DSA or point release. (lamby) + NOTE: 20240414: Fixed issues. https://people.debian.org/~abhijith/upload/kport/update/. Testing (abhijith) -- libreswan NOTE: 20230817: Added by Front-Desk (ta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0e9b892270eee92ee29f131ebbff224e9558ae4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0e9b892270eee92ee29f131ebbff224e9558ae4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-48795/paramiko buster is not vulnerable.
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: ff3a5576 by Tobias Frost at 2024-01-14T17:29:22+01:00 CVE-2023-48795/paramiko buster is not vulnerable. Confirmed by upstream: https://github.com/paramiko/paramiko/issues/2337#issuecomment-1880185735 paramiko 2.4.2 does neither implement ETM-Mac modes nor ChaCha20. It also has no EXT_INFO support, which might be a factor for exploitability. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4829,6 +4829,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun - paramiko (bug #1059006) [bookworm] - paramiko (Minor issue) [bullseye] - paramiko (Minor issue) +[buster] - paramiko (ChaCha20-Poly1305 and CBC-EtM support not present) - phpseclib 1.0.22-1 - php-phpseclib 2.0.46-1 - php-phpseclib3 3.0.35-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3a5576ad64f41ba1a5fd2d07492c582ef5aa80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3a5576ad64f41ba1a5fd2d07492c582ef5aa80 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information about upstream contact for mariadb bug
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 76aa2bce by Bastien Roucariès at 2024-01-14T15:13:09+00:00 Add information about upstream contact for mariadb bug - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,7 @@ linux-5.10 -- mariadb-10.3 NOTE: 20231129: Added by Front-Desk (Beuc) + NOTE: 20240114: Contacted upstream about this particular CVE and that commit fix it (rouca) -- nova NOTE: 20230302: Re-add, request by maintainer (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76aa2bce75b180cf4bc3e022719a52959b8561c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76aa2bce75b180cf4bc3e022719a52959b8561c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc37fa0b by Salvatore Bonaccorso at 2024-01-14T12:34:14+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-0510 (A vulnerability, which was classified as critical, has been found in H ...) - TODO: check + NOT-FOR-US: HaoKeKeJi YiQiNiu CVE-2024-0505 (A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified ...) - TODO: check + NOT-FOR-US: ZhongFuCheng3y Austin CVE-2024-0504 (A vulnerability has been found in code-projects Simple Online Hotel Re ...) - TODO: check + NOT-FOR-US: code-projects Simple Online Hotel Reservation System CVE-2024-0503 (A vulnerability was found in code-projects Online FIR System 1.0. It h ...) - TODO: check + NOT-FOR-US: code-projects Online FIR System CVE-2024-0502 (A vulnerability was found in SourceCodester House Rental Management Sy ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0501 (A vulnerability has been found in SourceCodester House Rental Manageme ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc37fa0b4c1a14689ef5943109834f7d2c1d84fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc37fa0b4c1a14689ef5943109834f7d2c1d84fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-0193/linux via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c3e4951 by Salvatore Bonaccorso at 2024-01-14T09:12:34+01:00 Track fixed version for CVE-2024-0193/linux via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2390,7 +2390,7 @@ CVE-2023-41779 (There is an illegal memory access vulnerability of ZTE's ZXCLOUD CVE-2023-41776 (There is a local privilege escalation vulnerability of ZTE's ZXCLOUD i ...) NOT-FOR-US: ZTE CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of the Linu ...) - - linux + - linux 6.6.11-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3e4951d75516e40192a055209f30c13a050431 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3e4951d75516e40192a055209f30c13a050431 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a31fd6a6 by security tracker role at 2024-01-14T08:11:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-0510 (A vulnerability, which was classified as critical, has been found in H ...) + TODO: check +CVE-2024-0505 (A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified ...) + TODO: check +CVE-2024-0504 (A vulnerability has been found in code-projects Simple Online Hotel Re ...) + TODO: check +CVE-2024-0503 (A vulnerability was found in code-projects Online FIR System 1.0. It h ...) + TODO: check CVE-2024-0502 (A vulnerability was found in SourceCodester House Rental Management Sy ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0501 (A vulnerability has been found in SourceCodester House Rental Manageme ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31fd6a6e94990dce8141a7864a224e726cece96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31fd6a6e94990dce8141a7864a224e726cece96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits