[Git][security-tracker-team/security-tracker][master] LTS: claim spip in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 41ffec06 by Guilhem Moulin at 2024-03-14T00:52:04+01:00 LTS: claim spip in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -266,7 +266,7 @@ sendmail shim NOTE: 20240306: Added by Front-Desk (opal) -- -spip +spip (guilhem) NOTE: 20240313: Added by Front-Desk (Beuc) NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-52322) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ffec0696299400ebeadf5fe4d899e3a70007f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ffec0696299400ebeadf5fe4d899e3a70007f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take node-xml2js
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: aba66277 by Adrian Bunk at 2024-03-13T23:43:32+02:00 dla: take node-xml2js - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -170,7 +170,7 @@ linux-5.10 lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- -node-xml2js +node-xml2js (Adrian Bunk) NOTE: 20240313: Added by Front-Desk (Beuc) NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-0842) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba66277c60de01158e2aa5f4caaf227e85ba3a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba66277c60de01158e2aa5f4caaf227e85ba3a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-27305
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8749c22 by Salvatore Bonaccorso at 2024-03-13T22:35:53+01:00 Add Debian bug reference for CVE-2024-27305 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -422,7 +422,7 @@ CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux c CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) - - python-aiosmtpd + - python-aiosmtpd (bug #1066820) NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8749c22f30a5aa1c033cb038c5d8e482937e6c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8749c22f30a5aa1c033cb038c5d8e482937e6c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two new tomcat issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6376bd9c by Salvatore Bonaccorso at 2024-03-13T22:16:53+01:00 Add two new tomcat issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -132,9 +132,19 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) - TODO: check + - tomcat10 + - tomcat9 9.0.70-2 + NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg + NOTE: https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843 (10.1.19) + NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) - TODO: check + - tomcat10 + - tomcat9 9.0.70-2 + NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f + NOTE: https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501 (10.1.19) + NOTE: https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068 (9.0.86) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-20327 (A vulnerability in the PPP over Ethernet (PPPoE) termination feature o ...) NOT-FOR-US: Cisco CVE-2024-20322 (A vulnerability in the access control list (ACL) processing on Pseudow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6376bd9cf7c0be78317e7be3049808079830aeac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6376bd9cf7c0be78317e7be3049808079830aeac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8587b959 by Salvatore Bonaccorso at 2024-03-13T22:00:44+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) @@ -95,15 +95,15 @@ CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forg CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28194 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-32282 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9754f80 by Salvatore Bonaccorso at 2024-03-13T21:42:42+01:00 Add CVE-2023-32282 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7434,6 +7434,8 @@ CVE-2023-32642 (Insufficient adherence to expected conventions for some Intel(R) NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel +CVE-2023-32282 + NOT-FOR-US: Intel CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server Product O ...) NOT-FOR-US: Intel CVE-2023-31271 (Improper access control in some Intel(R) VROC software before version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9754f8094185006f4f73d3fd543c93be9e132ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9754f8094185006f4f73d3fd543c93be9e132ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-28180 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d25ee3c1 by Salvatore Bonaccorso at 2024-03-13T21:40:14+01:00 Track fixed version for CVE-2024-28180 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1085,7 +1085,7 @@ CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...) NOT-FOR-US: WeasyPrint CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...) - - golang-github-go-jose-go-jose (bug #1065814) + - golang-github-go-jose-go-jose 4.0.1-1 (bug #1065814) NOTE: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g NOTE: https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 (v2.6.3) NOTE: https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a (v3.0.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d25ee3c1b77ec22bb7ff10373500d11e868afbc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d25ee3c1b77ec22bb7ff10373500d11e868afbc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-32666
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b54e7382 by Salvatore Bonaccorso at 2024-03-13T21:38:16+01:00 Add CVE-2023-32666 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24853,6 +24853,8 @@ CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet FortiC NOT-FOR-US: FortiGuard CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP version(s ...) NOT-FOR-US: QNX SDP +CVE-2023-32666 + NOT-FOR-US: Intel CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic Tool inst ...) NOT-FOR-US: Intel CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJY ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b54e738252a5a32ce2eaf304b9185bbadcf41030 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b54e738252a5a32ce2eaf304b9185bbadcf41030 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b753d1cd by Salvatore Bonaccorso at 2024-03-13T21:28:47+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,51 +49,51 @@ CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) TODO: check CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28667 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28666 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28665 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28432 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28431 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) TODO: check CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa5b794 by Salvatore Bonaccorso at 2024-03-13T21:19:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -377,11 +377,11 @@ CVE-2023-52608 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/437a310b22244d4e0b78665c3042e5d1c0f45306 (6.8-rc2) CVE-2023-43043 (IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 cou ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38723 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-sit ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-32335 (IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Managemen ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-25090 (An unauthenticated remote attacker can use an XSS attack due to improp ...) TODO: check CVE-2015-10123 (An unautheticated remote attacker could send specifically crafted pack ...) @@ -60021,7 +60021,7 @@ CVE-2023-28519 CVE-2023-28518 RESERVED CVE-2023-28517 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-28516 RESERVED CVE-2023-28515 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 212d13a9 by Salvatore Bonaccorso at 2024-03-13T21:16:32+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107,9 +107,14 @@ CVE-2024-27952 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-27441 REJECTED CVE-2024-26630 (In the Linux kernel, the following vulnerability has been resolved: m ...) - TODO: check + - linux 6.7.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3a75cb05d53f4a6823a32deb078de1366954a804 (6.8-rc7) CVE-2024-26629 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check + - linux 6.6.15-1 + NOTE: https://git.kernel.org/linus/edcf9725150e42beeca42d085149f4c88fa97afd (6.8-rc2) CVE-2024-25155 (In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server ...) TODO: check CVE-2024-25154 (Improper URL validation leads to path traversal in FileCatalyst Direct ...) @@ -367,7 +372,10 @@ CVE-2023-6785 (The Download Manager plugin for WordPress is vulnerable to unauth CVE-2023-5663 (The News Announcement Scroll plugin for WordPress is vulnerable to SQL ...) TODO: check CVE-2023-52608 (In the Linux kernel, the following vulnerability has been resolved: f ...) - TODO: check + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/437a310b22244d4e0b78665c3042e5d1c0f45306 (6.8-rc2) CVE-2023-43043 (IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 cou ...) TODO: check CVE-2023-38723 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-sit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/212d13a99bd6a20810a479c12588c07f24c82666 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/212d13a99bd6a20810a479c12588c07f24c82666 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a18b60e5 by security tracker role at 2024-03-13T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,383 @@ +CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) + TODO: check +CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) + TODO: check +CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) + TODO: check +CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) + TODO: check +CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) + TODO: check +CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) + TODO: check +CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) + TODO: check +CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) + TODO: check +CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) + TODO: check +CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) + TODO: check +CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) + TODO: check +CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) + TODO: check +CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) + TODO: check +CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) + TODO: check +CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) + TODO: check +CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) + TODO: check +CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO:
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-26609
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 85de3d1b by Salvatore Bonaccorso at 2024-03-13T21:00:33+01:00 Remove notes from CVE-2024-26609 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2967,9 +2967,6 @@ CVE-2024-26610 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d (6.8-rc2) CVE-2024-26609 REJECTED - - linux 6.6.15-1 - [bookworm] - linux 6.1.76-1 - NOTE: https://git.kernel.org/linus/f342de4e2f33e0e39165d8639387aa6c19dff660 (6.8-rc2) CVE-2024-26608 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85de3d1b1e955de7f9ea184c5b0da2f7fa62e54d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85de3d1b1e955de7f9ea184c5b0da2f7fa62e54d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-27297/nix
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0bb3de9 by Salvatore Bonaccorso at 2024-03-13T20:49:04+01:00 Add Debian bug reference for CVE-2024-27297/nix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -420,7 +420,7 @@ CVE-2024-27900 (Due to missing authorization check, attacker with business user NOT-FOR-US: SAP CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) - guix (bug #1066113) - - nix + - nix (bug #1066812) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143 NOTE: https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/ NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bb3de91d9b8428a96aef4c45f51292acbded49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bb3de91d9b8428a96aef4c45f51292acbded49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-46586/weborf: buster no-dsa -> not-affected
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b670457 by Sylvain Beucler at 2024-03-13T19:31:37+01:00 CVE-2023-46586/weborf: buster no-dsa - not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28064,9 +28064,10 @@ CVE-2023-46586 - weborf 1.0-1 (bug #1054417) [bookworm] - weborf 0.19-2.1+deb12u1 [bullseye] - weborf 0.17-3+deb11u1 - [buster] - weborf (Minor issue) + [buster] - weborf (Vulnerable code introduced later) NOTE: https://github.com/ltworf/weborf/pull/88 NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0) + NOTE: Introduced by: https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991 (0.16) CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and ...) NOT-FOR-US: Viessmann Vitogate 300 CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b67045720715f1a7021086c9204de61bcf6c52f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b67045720715f1a7021086c9204de61bcf6c52f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add node-xml2js
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 20855786 by Sylvain Beucler at 2024-03-13T19:26:21+01:00 dla: add node-xml2js - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -170,6 +170,10 @@ linux-5.10 lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- +node-xml2js + NOTE: 20240313: Added by Front-Desk (Beuc) + NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-0842) (Beuc/front-desk) +-- nodejs (guilhem) NOTE: 20240218: Added by Front-Desk (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208557865ef18ac02e72e0fe16930c37ffae8e92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208557865ef18ac02e72e0fe16930c37ffae8e92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Andres Salomon pushed to branch master at Debian Security Tracker / security-tracker Commits: a2e8d57a by Andres Salomon at 2024-03-13T14:09:10-04:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[13 Mar 2024] DSA-5639-1 chromium - security update + {CVE-2024-2400} + [bookworm] - chromium 122.0.6261.128-1~deb12u1 [10 Mar 2024] DSA-5638-1 libuv1 - security update {CVE-2024-24806} [bullseye] - libuv1 1.40.0-2+deb11u1 = data/dsa-needed.txt = @@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- cacti -- -chromium (dilinger) --- cryptojs -- dav1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2e8d57af44b79d69938a1a8a055922314a50bc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2e8d57af44b79d69938a1a8a055922314a50bc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add spip
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e4597ae by Sylvain Beucler at 2024-03-13T19:05:38+01:00 dla: add spip - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -262,6 +262,10 @@ sendmail shim NOTE: 20240306: Added by Front-Desk (opal) -- +spip + NOTE: 20240313: Added by Front-Desk (Beuc) + NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-52322) (Beuc/front-desk) +-- squid NOTE: 20240109: Added by Front-Desk (apo) NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4597ae423d44aa7cc8c48406e7c66a170c1baf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4597ae423d44aa7cc8c48406e7c66a170c1baf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-2314/bpfcc: buster not-affected
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c29b571 by Sylvain Beucler at 2024-03-13T18:43:37+01:00 CVE-2024-2314/bpfcc: buster not-affected - - - - - e2f4acec by Sylvain Beucler at 2024-03-13T18:50:56+01:00 CVE-2024-2313/bpftrace: buster not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -643,12 +643,16 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load - bpfcc [bookworm] - bpfcc (Minor issue) [bullseye] - bpfcc (Minor issue) + [buster] - bpfcc (Vulnerable code introduced later) NOTE: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 + NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace [bookworm] - bpftrace (Minor issue) [bullseye] - bpftrace (Minor issue) + [buster] - bpftrace (Vulnerable code introduced later) NOTE: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 + NOTE: Introduced by: https://github.com/bpftrace/bpftrace/commit/896fafbe925385500c6626b19348739142944b88 (v0.9.3) CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) NOT-FOR-US: Small Office Multifunction Printers and Laser Printers (Canon) CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a80cc6f01ee022017c37086b6a7560f157824556...e2f4acec090ac5abdce821e7f81b95f05996c267 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a80cc6f01ee022017c37086b6a7560f157824556...e2f4acec090ac5abdce821e7f81b95f05996c267 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-42343/dask.distributed: precise buster triage
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: a80cc6f0 by Sylvain Beucler at 2024-03-13T18:26:26+01:00 CVE-2021-42343/dask.distributed: precise buster triage ignored since guilhem reviewed and explicitly dropped the entry in 72180b0eadf7b78f7b8a78087c4578ea2c589730 Now out of lts-cve-triage.py radar. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -175017,10 +175017,10 @@ CVE-2021-42344 CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...) - dask.distributed 2021.09.1+ds.1-2 [bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1 - [buster] - dask.distributed (Minor issue; unreproducible with <2.0) + [buster] - dask.distributed (Minor issue; unreproducible with <2.0) NOTE: https://github.com/dask/distributed/pull/5427 NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr - NOTE: Likely introduced in https://github.com/quasiben/distributed/commit/fd31ecca8017bae845a73d468de0376c02363fab + NOTE: Likely introduced in https://github.com/quasiben/distributed/commit/fd31ecca8017bae845a73d468de0376c02363fab (2.0.0) CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) NOT-FOR-US: Embedthis GoAhead CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80cc6f01ee022017c37086b6a7560f157824556 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80cc6f01ee022017c37086b6a7560f157824556 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-1441/libvirt: buster postponed
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 70d498bd by Sylvain Beucler at 2024-03-13T17:54:27+01:00 CVE-2024-1441/libvirt: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -587,6 +587,7 @@ CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesBySta - libvirt (bug #1066058) [bookworm] - libvirt (Minor issue) [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue; very rare crash before v5.10) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70d498bd33956182bf4c08c80eda2c0f52e702cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70d498bd33956182bf4c08c80eda2c0f52e702cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for CVE-2023-51767
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3e20589 by Salvatore Bonaccorso at 2024-03-13T16:49:31+01:00 Add note for CVE-2023-51767 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16681,11 +16681,12 @@ CVE-2023-31455 (Pexip Infinity before 31.2 has Improper Input Validation for RTC CVE-2023-31297 (An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transpo ...) NOT-FOR-US: SESAMI planfocus CPTO (Cash Point & Transport Optimizer) CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might allow r ...) - - openssh (bug #1059393) - [bookworm] - openssh (Revisit once hardening/mitigation for Rowhammer type of attack exists) - [bullseye] - openssh (Revisit once hardening/mitigation for Rowhammer type of attack exists) - [buster] - openssh (Revisit once hardening/mitigation for Rowhammer type of attack exists) + - openssh (bug #1059393; unimportant) NOTE: https://arxiv.org/abs/2309.02545 + NOTE: Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and + NOTE: does not intent to address it in OpenSSH. To todays knowledge (2024-03-13) + NOTE: it has not been demostrated that the issue is exploitable in any real + NOTE: software configuration. CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...) {DSA-5597-1 DLA-3708-1} - exim4 4.97-3 (bug #1059387) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e2058999ae1ff1464ef7c7559eb546509c8e56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e2058999ae1ff1464ef7c7559eb546509c8e56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: fix syntax
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: fa253efd by Sylvain Beucler at 2024-03-13T16:11:06+01:00 dla: fix syntax - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -225,7 +225,7 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. NOTE: 20240311: Reverted decision to remove from this file since CVE-2020-10755 is fixed in bullseye. +-- rails NOTE: 20220909: Re-added due to regression (abhijith) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa253efd7ec824d84b982570e5697765be10c54e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa253efd7ec824d84b982570e5697765be10c54e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28746/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b986741 by Salvatore Bonaccorso at 2024-03-13T12:25:06+01:00 Track fixed version for CVE-2023-28746/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -389,7 +389,7 @@ CVE-2023-28746 [RFDS: Register File Data Sampling] - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) - - linux + - linux 6.7.9-2 - xen [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b986741d9a0a428812b89e1fc28f1a07a42fefa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b986741d9a0a428812b89e1fc28f1a07a42fefa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct tracking for CVE-2023-52447
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a48b84b by Salvatore Bonaccorso at 2024-03-13T11:59:57+01:00 Correct tracking for CVE-2023-52447 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5146,7 +5146,6 @@ CVE-2023-52449 (In the Linux kernel, the following vulnerability has been resolv CVE-2023-52447 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 - [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/876673364161da50eed6b472d746ef88242b2368 (6.8-rc1) CVE-2023-52445 (In the Linux kernel, the following vulnerability has been resolved: m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a48b84b6e150b126b1ff0efcc255d5e845d1c32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a48b84b6e150b126b1ff0efcc255d5e845d1c32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67f37536 by Salvatore Bonaccorso at 2024-03-13T10:52:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 1 CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) @@ -27,7 +27,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) @@ -37,47 +37,47 @@ CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking S CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: GarageBand CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) - TODO: check + NOT-FOR-US: My Food Recipe Using PHP with Source Code CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) TODO: check CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) -
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-27305/python-aiosmtpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 025787ca by Salvatore Bonaccorso at 2024-03-13T10:23:38+01:00 Add CVE-2024-27305/python-aiosmtpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,7 +23,9 @@ CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux c CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) - TODO: check + - python-aiosmtpd + NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 + NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) TODO: check CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025787ca3d993f1a829a402401eba3d85a48345c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025787ca3d993f1a829a402401eba3d85a48345c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on fontforge
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dd93eea2 by Salvatore Bonaccorso at 2024-03-13T10:15:47+01:00 Update information on fontforge - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -27,6 +27,7 @@ dnsmasq expat (carnil) -- fontforge + Adrian Bunk posted proposal to prepare the update (cf. https://bugs.debian.org/1064967#14) -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd93eea275691b24ba5d89ed7b7429e4e0c8d5af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd93eea275691b24ba5d89ed7b7429e4e0c8d5af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a8f25ba by Moritz Mühlenhoff at 2024-03-13T09:58:16+01:00 bookworm/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -583,6 +583,8 @@ CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3 NOT-FOR-US: WordPress plugin CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - libvirt (bug #1066058) + [bookworm] - libvirt (Minor issue) + [bullseye] - libvirt (Minor issue) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) @@ -636,9 +638,13 @@ CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) - bpfcc + [bookworm] - bpfcc (Minor issue) + [bullseye] - bpfcc (Minor issue) NOTE: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace + [bookworm] - bpftrace (Minor issue) + [bullseye] - bpftrace (Minor issue) NOTE: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) NOT-FOR-US: Small Office Multifunction Printers and Laser Printers (Canon) @@ -1478,7 +1484,9 @@ CVE-2024-24785 (If errors returned from MarshalJSON methods contain user control - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65697 @@ -1488,7 +1496,9 @@ CVE-2024-24784 (The ParseAddressList function incorrectly handles comments (text - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65083 @@ -1498,7 +1508,9 @@ CVE-2024-24783 (Verifying a certificate chain which contains a certificate with - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65390 @@ -1516,7 +1528,9 @@ CVE-2023-45290 (When parsing a multipart form (either explicitly with Request.Pa - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65383 @@ -1526,7 +1540,9 @@ CVE-2023-45289 (When following an HTTP redirect to a domain which is not a subdo - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65065 @@ -7405,6 +7421,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4 [bullseye] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) [buster] - knot-resolver (Too intrusive to backport) - pdns-recursor 4.9.3-1 (bug #1063852) + [bullseye] - pdns-recursor (Too intrusive to backport, if DNSSEC is used Bookworm can be used) - unbound 1.19.1-1 (bug #1063845) - systemd 255.4-1 [bookworm] - systemd (DNSSEC is disabled by default in
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84074748 by Salvatore Bonaccorso at 2024-03-13T09:30:45+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,39 +1,39 @@ CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) - TODO: check + NOT-FOR-US: Intumit SmartRobot CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) - TODO: check + NOT-FOR-US: Heimavista Rpage and Epage CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) - TODO: check + NOT-FOR-US: Gacjie Server CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) - chromium 122.0.6261.128-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) TODO: check CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) TODO: check CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) - TODO: check + NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) TODO: check CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) TODO: check CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) TODO: check CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-2400/chromium via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 562a8d1c by Salvatore Bonaccorso at 2024-03-13T09:27:46+01:00 Track fixed version for CVE-2024-2400/chromium via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2024-2412 (The disabling function of the user registration page for Heimavis CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) TODO: check CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) - - chromium + - chromium 122.0.6261.128-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/562a8d1ced08f63034f937b63f2ef448fa8a9684 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/562a8d1ced08f63034f937b63f2ef448fa8a9684 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7501469 by Salvatore Bonaccorso at 2024-03-13T09:26:07+01:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- cacti -- +chromium (dilinger) +-- cryptojs -- dav1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7501469dcf47bdb9b3ab9acd8f7a68b2085b5fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7501469dcf47bdb9b3ab9acd8f7a68b2085b5fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2400/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 037206a3 by Salvatore Bonaccorso at 2024-03-13T09:25:15+01:00 Add CVE-2024-2400/chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,9 @@ CVE-2024-2412 (The disabling function of the user registration page for Heimavis CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) TODO: check CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) TODO: check CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/037206a35d4bed83eb92f9c0cabccd7ed9de527a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/037206a35d4bed83eb92f9c0cabccd7ed9de527a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f607e06c by security tracker role at 2024-03-13T08:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) + TODO: check +CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) + TODO: check +CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) + TODO: check +CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) + TODO: check +CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) + TODO: check +CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) + TODO: check +CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) + TODO: check +CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) + TODO: check +CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) + TODO: check +CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) + TODO: check +CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) + TODO: check +CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) + TODO: check +CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) + TODO: check +CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) + TODO: check +CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) + TODO: check +CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) + TODO: check +CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) + TODO: check +CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) + TODO: check +CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) + TODO: check CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) @@ -5140,11 +5216,11 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed