[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-2357/libreswan via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d74fb2c3 by Salvatore Bonaccorso at 2024-03-12T06:45:28+01:00 Track fixed version for CVE-2024-2357/libreswan via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - - libreswan (bug #1066059) + - libreswan 4.14-1 (bug #1066059) [bookworm] - libreswan (Minor issue) [bullseye] - libreswan (Minor issue) NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d74fb2c3aca2a5e098409b49fb9a976b68bc4142 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d74fb2c3aca2a5e098409b49fb9a976b68bc4142 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-46841/xen via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa94c719 by Salvatore Bonaccorso at 2024-03-12T06:42:52+01:00 Track fixed version for CVE-2023-46841/xen via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11176,7 +11176,7 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts fil CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...) NOT-FOR-US: CloudLinux CageFS CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs] - - xen + - xen 4.17.3+36-g54dacb5c02-1 [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa94c719528aa6786bcb8fdbd1ddc6d57dfec8c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa94c719528aa6786bcb8fdbd1ddc6d57dfec8c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reclaim
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abb52544 by Adrian Bunk at 2024-03-12T05:22:47+02:00 dla: reclaim - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -233,7 +233,7 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -suricata +suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb52544d7be895e00031601e8603ba7ad9b8749 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb52544d7be895e00031601e8603ba7ad9b8749 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: reclaim nodejs in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 54649b34 by Guilhem Moulin at 2024-03-12T01:04:28+01:00 LTS: reclaim nodejs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -149,7 +149,7 @@ linux-5.10 lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- -nodejs +nodejs (guilhem) NOTE: 20240218: Added by Front-Desk (lamby) -- nova View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54649b3420a49c64704ac418249035149833bbe8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54649b3420a49c64704ac418249035149833bbe8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-2357/libreswan
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0db76c4 by Salvatore Bonaccorso at 2024-03-11T22:25:58+01:00 Add Debian bug reference for CVE-2024-2357/libreswan - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - - libreswan + - libreswan (bug #1066059) [bookworm] - libreswan (Minor issue) [bullseye] - libreswan (Minor issue) NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0db76c45d298ed11b24562afd87dddc56dbf1f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0db76c45d298ed11b24562afd87dddc56dbf1f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-0670/check-mk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cef8df19 by Salvatore Bonaccorso at 2024-03-11T22:24:44+01:00 Add CVE-2024-0670/check-mk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -136,7 +136,7 @@ CVE-2024-1273 (The Starbox WordPress plugin before 3.5.0 does not sanitise and e CVE-2024-1068 (The 404 Solution WordPress plugin before 2.35.8 does not properly sani ...) NOT-FOR-US: WordPress plugin CVE-2024-0670 (Privilege escalation in windows agent plugin in Checkmk before 2.2.0p2 ...) - TODO: check + - check-mk CVE-2024-0561 (The Ultimate Posts Widget WordPress plugin before 2.3.1 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2024-0559 (The Enhanced Text Widget WordPress plugin before 1.6.6 does not valida ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cef8df19d7e1536d937b9ff8b6c5c446c095a4d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cef8df19d7e1536d937b9ff8b6c5c446c095a4d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-1441/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d19b4bc9 by Salvatore Bonaccorso at 2024-03-11T22:23:18+01:00 Add Debian bug reference for CVE-2024-1441/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -121,7 +121,7 @@ CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a us CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...) NOT-FOR-US: WordPress plugin CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - - libvirt + - libvirt (bug #1066058) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d19b4bc90dd06be2b18388e54bf70140071abb3e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d19b4bc90dd06be2b18388e54bf70140071abb3e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-2357 as no-dsa for bookworm and bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b32e220e by Salvatore Bonaccorso at 2024-03-11T22:22:18+01:00 Mark CVE-2024-2357 as no-dsa for bookworm and bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,6 +2,8 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Ce NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan + [bookworm] - libreswan (Minor issue) + [bullseye] - libreswan (Minor issue) NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.patch NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt NOTE: https://github.com/libreswan/libreswan/issues/1609 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32e220e67258cdeea0d556949d4f88fa04cf21a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32e220e67258cdeea0d556949d4f88fa04cf21a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2357/libreswan
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 24199082 by Salvatore Bonaccorso at 2024-03-11T21:57:25+01:00 Add CVE-2024-2357/libreswan - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,11 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - TODO: check + - libreswan + NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.patch + NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt + NOTE: https://github.com/libreswan/libreswan/issues/1609 + NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/cb9e1047d33fde695d63a95854c2bc2470a476c8 CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) NOT-FOR-US: OpenOlat CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24199082b642d8d984a1268e98dd5039376cec86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24199082b642d8d984a1268e98dd5039376cec86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 920ce66f by Roberto C. Sánchez at 2024-03-11T16:43:30-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Roberto C. Sánchez robe...@connexer.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,7 +34,7 @@ atril NOTE: 20240121: Added by Front-Desk (apo) NOTE: 20240121: Decide whether it makes sense to disable comic feature or use libarchive instead. -- -bind9 (santiago) +bind9 NOTE: 20240218: Added by Front-Desk (lamby) NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby) -- @@ -149,7 +149,7 @@ linux-5.10 lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- -nodejs (guilhem) +nodejs NOTE: 20240218: Added by Front-Desk (lamby) -- nova @@ -233,7 +233,7 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -suricata (Adrian Bunk) +suricata NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920ce66f91c279b56d225b357dc8a52d7a265d41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920ce66f91c279b56d225b357dc8a52d7a265d41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-1441/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f34f04c by Salvatore Bonaccorso at 2024-03-11T21:39:45+01:00 Add CVE-2024-1441/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -115,7 +115,10 @@ CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a us CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...) NOT-FOR-US: WordPress plugin CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - TODO: check + - libvirt + NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) + NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) CVE-2024-1373 REJECTED CVE-2024-1290 (The User Registration WordPress plugin before 2.12 does not prevent us ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f34f04cd64e9cac6070e4b3fd43466e8ab7c10e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f34f04cd64e9cac6070e4b3fd43466e8ab7c10e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a497a2a by Salvatore Bonaccorso at 2024-03-11T21:25:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,163 +1,163 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) - TODO: check + NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) TODO: check CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) - TODO: check + NOT-FOR-US: OpenOlat CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) - TODO: check + NOT-FOR-US: SOY CMS CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27227 (Android kernel allows Remote code execution.) - TODO: check + NOT-FOR-US: Android CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27207 (Android kernel allows Elevation of privilege.) - TODO: check + NOT-FOR-US: Android CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) - TODO: check + NOT-FOR-US: Android CVE-2024-25993 (In
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a62e084f by security tracker role at 2024-03-11T20:11:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,163 @@ +CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) + TODO: check +CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) + TODO: check +CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) + TODO: check +CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) + TODO: check +CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) + TODO: check +CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) + TODO: check +CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) + TODO: check +CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...) + TODO: check +CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) + TODO: check +CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) + TODO: check +CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) + TODO: check +CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) + TODO: check +CVE-2024-27227 (Android kernel allows Remote code execution.) + TODO: check +CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...) + TODO: check +CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) + TODO: check +CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) + TODO: check +CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) + TODO: check +CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) + TODO: check +CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...) + TODO: check +CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...) + TODO: check +CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) + TODO: check +CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) + TODO: check +CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...) + TODO: check +CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) + TODO: check +CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) + TODO: check +CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) + TODO: check +CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) + TODO: check +CVE-2024-27207 (Android kernel allows Elevation of privilege.) + TODO: check +CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...) + TODO: check +CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) + TODO: check +CVE-2024-25993 (In tmu_reset_tmu_trip_counter of TBD, there is a possible out of bound ...) + TODO: check +CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-25991 (In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bo ...) + TODO: check +CVE-2024-25990 (In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, th ...) + TODO: check +CVE-2024-25989 (In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out ...) + TODO: check +CVE-2024-25988 (In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possibl ...) + TODO: check +CVE-2024-25987 (In pt_sysctl_command of pt.c, there is a possible out of bounds write ...) + TODO: check +CVE-2024-25986 (In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of p ...) + TODO: check +CVE-2024-25985 (In
[Git][security-tracker-team/security-tracker][master] Add information on CVE-2023-24535/golang-google-protobuf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f045d2d3 by Salvatore Bonaccorso at 2024-03-11T20:41:51+01:00 Add information on CVE-2023-24535/golang-google-protobuf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71227,7 +71227,11 @@ CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memo NOTE: https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3) NOTE: https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go1.19.8) CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format message whic ...) - TODO: check + - golang-google-protobuf (Vulnerable code not in a Debian released version) + NOTE: https://go-review.googlesource.com/c/protobuf/+/475995 + NOTE: https://github.com/golang/protobuf/issues/1530 + NOTE: https://github.com/protocolbuffers/protobuf-go/commit/edaf511a7a37a90db2727b600d699e1e8d2840b4 (v1.29.1) + NOTE: https://github.com/advisories/GHSA-hw7c-3rfg-p46j CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f045d2d34bc3336caf79c17677d94ebc3364f623 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f045d2d34bc3336caf79c17677d94ebc3364f623 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for fontforge issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68d6a21c by Salvatore Bonaccorso at 2024-03-11T20:28:49+01:00
Track fixed version for fontforge issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3816,12 +3816,12 @@ CVE-2024-25344 (Cross Site Scripting vulnerability in
ITFlow.org before commit v
NOT-FOR-US: ITFlow.org
CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command
injection via ...)
{DLA-3754-1}
- - fontforge (bug #1064967)
+ - fontforge 1:20230101~dfsg-1.1 (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE:
https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command
injection via ...)
{DLA-3754-1}
- - fontforge (bug #1064967)
+ - fontforge 1:20230101~dfsg-1.1 (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE:
https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability
in bPlug ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68d6a21c5cbe25bb83239044ba304cb4f42e266d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68d6a21c5cbe25bb83239044ba304cb4f42e266d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52514
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91c6ce96 by Salvatore Bonaccorso at 2024-03-11T19:34:56+01:00 Remove notes from CVE-2023-52514 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1726,10 +1726,8 @@ CVE-2023-52515 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/e193b7955dfad68035b983a0011f4ef3590c85eb (6.6-rc5) -CVE-2023-52514 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 6.5.6-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/b23c83ad2c638420ec0608a9de354507c41bec29 (6.6-rc1) +CVE-2023-52514 + REJECTED CVE-2023-52513 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91c6ce961a94b8872e3ffb6a8512150c5c4c1f17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91c6ce961a94b8872e3ffb6a8512150c5c4c1f17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-52429
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
546e5c3e by Salvatore Bonaccorso at 2024-03-11T19:30:30+01:00
Track fixed version for CVE-2023-52429
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7130,7 +7130,7 @@ CVE-2024-1433 (A vulnerability, which was classified as
problematic, was found i
[buster] - plasma-workspace (Minor issue)
NOTE:
https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel
through 6 ...)
- - linux
+ - linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/bd504bcfec41a503b32054da5472904b404341a4 (6.8-rc3)
CVE-2023-51403 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/546e5c3e438a272502c051c8687d648a8553f4d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/546e5c3e438a272502c051c8687d648a8553f4d1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3759-1 for qemu
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5101f27 by Adrian Bunk at 2024-03-11T19:24:58+02:00
Reserve DLA-3759-1 for qemu
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -25234,7 +25234,6 @@ CVE-2023-5088 (A bug in QEMU could cause a guest I/O
operation otherwise address
- qemu 1:8.1.1+ds-2
[bookworm] - qemu (Minor issue)
[bullseye] - qemu (Minor issue)
- [buster] - qemu (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247283
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
(v8.2.0-rc0)
CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop
Central af ...)
@@ -44697,7 +44696,6 @@ CVE-2023-3354 (A flaw was found in the QEMU built-in
VNC server. When a client c
- qemu 1:8.0.4+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u2
[bullseye] - qemu 1:5.2+dfsg-11+deb11u3
- [buster] - qemu (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62
(v8.0.4)
@@ -44759,7 +44757,6 @@ CVE-2023-2861 (A flaw was found in the 9p passthrough
filesystem (9pfs) implemen
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu (Minor issue)
- [buster] - qemu (Minor issue)
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6
implement ...)
- linux 5.19.11-1
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[11 Mar 2024] DLA-3759-1 qemu - security update
+ {CVE-2023-2861 CVE-2023-3354 CVE-2023-5088}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u12
[11 Mar 2024] DLA-3758-1 tiff - security update
{CVE-2023-3576 CVE-2023-52356}
[buster] - tiff 4.1.0+git191117-2~deb10u9
=
data/dla-needed.txt
=
@@ -192,10 +192,6 @@ python-asyncssh
NOTE: 20240116: Added by Front-Desk (lamby)
NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and
in Git, but one test is failing. Waiting for feedback before release. (dleidert)
--
-qemu (Adrian Bunk)
- NOTE: 20240119: Added by Front-Desk (lamby)
- NOTE: 20240119: CVE-2023-1544 and CVE-2023-3354 already fixed in bullseye
via DSA or point releases; to be fixed or . (lamby)
---
rails
NOTE: 20220909: Re-added due to regression (abhijith)
NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5101f27748259296b9cc0077f40d74821330c82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5101f27748259296b9cc0077f40d74821330c82
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Set CVE-2023-24535 back to todo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 438d1eff by Salvatore Bonaccorso at 2024-03-11T14:44:52+01:00 Set CVE-2023-24535 back to todo I checked the initial import of the data in b8f8ae5b368ca382a20e75bbb93a02c1dde3eb1a which referred to python. But cross-checking with metadata from the CVE list at MITRE it seems to have been a human error adding the entry. As such go for now back to TODO: check and fill in the golang related details following this commit. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71232,14 +71232,7 @@ CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memo NOTE: https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3) NOTE: https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go1.19.8) CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format message whic ...) - - python3.12 (unimportant) - - python3.11 (unimportant) - - python3.10 (unimportant) - - python3.9 (unimportant) - - python3.7 (unimportant) - - python2.7 (unimportant) - NOTE: https://github.com/python/cpython/issues/103800 - NOTE: Disputed upstream and not considered a security issue, negligible security impact + TODO: check CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d1eff74b74dc67ec87d65acfdb3346b690e0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438d1eff74b74dc67ec87d65acfdb3346b690e0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3758-1 for tiff
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7199e99c by Abhijith PA at 2024-03-11T16:48:11+05:30
Reserve DLA-3758-1 for tiff
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -10267,7 +10267,6 @@ CVE-2023-52356 (A segment fault (SEGV) flaw was found
in libtiff that could be t
- tiff 4.5.1+git230720-4 (bug #1061524)
[bookworm] - tiff (Minor issue)
[bullseye] - tiff (Minor issue)
- [buster] - tiff (Minor issue, DoS)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
@@ -30802,7 +30801,6 @@ CVE-2023-3665 (A code injection vulnerability in
Trellix ENS 10.7.0 April 2023 r
CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility.
This issue ...)
{DSA-5567-1}
- tiff 4.5.1~rc3-1
- [buster] - tiff (Minor issue, memory leak in CLI tool)
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a
(v4.5.1rc1)
CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's
ConacWin C ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[11 Mar 2024] DLA-3758-1 tiff - security update
+ {CVE-2023-3576 CVE-2023-52356}
+ [buster] - tiff 4.1.0+git191117-2~deb10u9
[10 Mar 2024] DLA-3757-1 nss - security update
{CVE-2023-5388 CVE-2024-0743}
[buster] - nss 2:3.42.1-1+deb10u8
=
data/dla-needed.txt
=
@@ -250,10 +250,6 @@ suricata (Adrian Bunk)
thunderbird (Emilio)
NOTE: 20240306: Added by Front-Desk (opal)
--
-tiff (Abhijith PA)
- NOTE: 20231231: Added by Front-Desk (lamby)
- NOTE: 20231231: CVE-2023-3576 already fixed in bullseye via DSA or point
release(s). (lamby)
---
tinymce
NOTE: 20231123: Added by Front-Desk (ola)
NOTE: 20231216: Someone with more XSS experience needed to assess the
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7199e99c42f32f3a2b5eafa4053b4b4d5109e711
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7199e99c42f32f3a2b5eafa4053b4b4d5109e711
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Removed sendmail from dla-needed since there is no CVE marked as need...
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a2a182d by Sylvain Beucler at 2024-03-11T12:07:53+01:00 Revert Removed sendmail from dla-needed since there is no CVE marked as need for a fix for buster. This reverts commit f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb. Rationale: - SMTP Smuggling (CVE-2023-51765) had significant impact - SMTP Smuggling was fixed in e.g. Postfix and Exim - Sendmail is sponsored for LTS - Preliminary LTS work was done - CVE-2023-51765 is still not triaged for sendmail/buster Consequently its hard to explain why we would not attempt to fix it. In this case, I believe LTS should make an effort to fix sendmail for all dists, rather than follow secteams initial triage. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -220,6 +220,15 @@ ruby-rack (Adrian Bunk) samba NOTE: 20230918: Added by Front-Desk (apo) -- +sendmail + NOTE: 20231224: Added by Front-Desk (ta) + NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches (CVE-2023-51765) + NOTE: 20240217: Patch extracted and being reviewed (rouca) + NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) + NOTE: 20240311: Re-added to dla-needed.txt; while secteam tagged it no-dsa in later dists, + NOTE: 20240311: I believe we should fix this sponsored package, like postfix and exim, in all dists, + NOTE: 20240311: please coordinate with the package maintainer to help make this happen. (Beuc/front-desk) +-- shim NOTE: 20240306: Added by Front-Desk (opal) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2a182dc53f0632ecd32108c91c071bdad76289 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a2a182dc53f0632ecd32108c91c071bdad76289 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2313/bpftrace
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e04c1394 by Salvatore Bonaccorso at 2024-03-11T09:48:19+01:00 Add CVE-2024-2313/bpftrace - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,7 +8,8 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load - bpfcc NOTE: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - TODO: check + - bpftrace + NOTE: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) TODO: check CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e04c1394c5929c19ba6d932b026618f67cd7f212 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e04c1394c5929c19ba6d932b026618f67cd7f212 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2314/bpfcc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1412335 by Salvatore Bonaccorso at 2024-03-11T09:47:00+01:00 Add CVE-2024-2314/bpfcc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,8 @@ CVE-2024-2364 (A vulnerability classified as problematic has been found in Music CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) - TODO: check + - bpfcc + NOTE: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) TODO: check CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e141233522f35d7d70a7a5b64835ff5ed25518ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e141233522f35d7d70a7a5b64835ff5ed25518ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b506e44e by Salvatore Bonaccorso at 2024-03-11T09:46:22+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) - TODO: check + NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) TODO: check CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) @@ -13,7 +13,7 @@ CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) TODO: check CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) - TODO: check + NOT-FOR-US: Student Information Chatbot CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fce54319 by security tracker role at 2024-03-11T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) + TODO: check +CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) + TODO: check +CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) + TODO: check +CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) + TODO: check +CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) + TODO: check +CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) + TODO: check +CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) + TODO: check +CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) + TODO: check CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce54319cc02f346557fa79dcb163c8d2a704600 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce54319cc02f346557fa79dcb163c8d2a704600 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync some Linux CVEs with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 391771c4 by Salvatore Bonaccorso at 2024-03-11T07:33:44+01:00 Sync some Linux CVEs with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -750,9 +750,11 @@ CVE-2024-26623 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/7e82a8745b951b1e794cc780d46f3fbee5e93447 (6.8-rc3) CVE-2023-52607 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 + [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/f46c8a75263f97bda13c739ba1c90aced0d3b071 (6.8-rc1) CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 + [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1) CVE-2023-52605 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.7-1 @@ -777,9 +779,11 @@ CVE-2023-52599 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/49f9637aafa6e63ba686c13cb8549bf5e6920402 (6.8-rc1) CVE-2023-52598 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 + [buster] - linux (s390 not supported in LTS) NOTE: https://git.kernel.org/linus/8b13601d19c541158a6e18b278c00ba69ae37829 (6.8-rc1) CVE-2023-52597 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 6.7.7-1 + [buster] - linux (s390 not supported in LTS) NOTE: https://git.kernel.org/linus/b988b1bb0053c0dcd26187d29ef07566a565cf55 (6.8-rc1) CVE-2023-52596 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 @@ -1748,6 +1752,8 @@ CVE-2023-52507 (In the Linux kernel, the following vulnerability has been resolv CVE-2023-52506 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b795fb9f5861ee256070d59e33130980a01fadd7 (6.6-rc3) CVE-2023-52505 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 @@ -4450,6 +4456,7 @@ CVE-2023-52451 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 + [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5 (6.8-rc1) CVE-2023-52452 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 @@ -9727,7 +9734,7 @@ CVE-2023-52340 [ipv6: remove max_size check inline with ipv4] [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/af6d10345ca76670c1b7c37799f0d5576ccef277 (6.3-rc1) CVE-2024-0841 (A null pointer dereference flaw was found in the hugetlbfs_fill_super ...) - - linux + - linux 6.6.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256490 NOTE: https://lore.kernel.org/all/20240130210418.3771-1-osalva...@suse.de/T/#u @@ -10621,10 +10628,10 @@ CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google Chro CVE-2024-23854 REJECTED CVE-2024-23851 (copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 ...) - - linux + - linux 6.6.7-1 NOTE: https://www.spinics.net/lists/dm-devel/msg56574.html CVE-2024-23850 (In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel throug ...) - - linux + - linux 6.6.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/ CVE-2024-23849 (In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel thro ...) @@ -19263,13 +19270,17 @@ CVE-2023- [RCE vulnerability in WP_HTML_Token class] NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/ CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...) - - linux + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 NOTE:
