[Git][security-tracker-team/security-tracker][master] Take sendmail
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: c7a6472c by Bastien Roucariès at 2024-03-16T21:23:20+00:00 Take sendmail - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -267,7 +267,7 @@ runc samba NOTE: 20230918: Added by Front-Desk (apo) -- -sendmail +sendmail (rouca) NOTE: 20231224: Added by Front-Desk (ta) NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches (CVE-2023-51765) NOTE: 20240217: Patch extracted and being reviewed (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a6472c0478a3b9d1d0db752bd3a4a7d6de0e4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a6472c0478a3b9d1d0db752bd3a4a7d6de0e4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add more comment on php-composer
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: fd5dce31 by Bastien Roucariès at 2024-03-16T21:15:41+00:00 Add more comment on php-composer d/changelog include some changes that may need backport to buster, even if all CVE are closed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -57,6 +57,7 @@ composer (rouca) NOTE: 20240304: Need to backport bullseye (rouca) NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca) NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk) + NOTE: 20240316: Ask clarification about some fixes on DSA 5632-1 without CVE -- curl (rouca) NOTE: 20231229: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd5dce31ceaefb56cb174033245806e786490d13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd5dce31ceaefb56cb174033245806e786490d13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-24821
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d90a5cd by Bastien Roucariès at 2024-03-16T20:51:51+00:00 CVE-2024-24821 InstalledVersion feature was created in 2.0 so buster is not affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9105,6 +9105,7 @@ CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...) {DSA-5632-1} - composer 2.7.1-1 (bug #1063603) + [buster] - composer (InstalledVersions feature is post version 2.0) NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0) CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d90a5cd98407e46d22b9ec57e18345ab90aafea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d90a5cd98407e46d22b9ec57e18345ab90aafea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c94f8051 by Moritz Muehlenhoff at 2024-03-16T21:17:48+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2527 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2526 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2525 (A vulnerability, which was classified as problematic, was found in MAG ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2524 (A vulnerability, which was classified as critical, has been found in M ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2523 (A vulnerability classified as problematic was found in MAGESH-K21 Onli ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2522 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2521 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2520 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2519 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2518 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2517 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2516 (A vulnerability, which was classified as critical, was found in MAGESH ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2515 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - libcrypt-openssl-rsa-perl (bug #1066969) [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94f8051ebc8fc345b38aff3ca326967f6f6e5d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94f8051ebc8fc345b38aff3ca326967f6f6e5d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e42d6681 by security tracker role at 2024-03-16T20:12:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2527 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2526 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2525 (A vulnerability, which was classified as problematic, was found in MAG ...) + TODO: check +CVE-2024-2524 (A vulnerability, which was classified as critical, has been found in M ...) + TODO: check +CVE-2024-2523 (A vulnerability classified as problematic was found in MAGESH-K21 Onli ...) + TODO: check +CVE-2024-2522 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) + TODO: check +CVE-2024-2521 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2520 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2519 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2518 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2517 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2516 (A vulnerability, which was classified as critical, was found in MAGESH ...) + TODO: check +CVE-2024-2515 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) + TODO: check CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - libcrypt-openssl-rsa-perl (bug #1066969) [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42d6681de4eea3ab6545ae0659cdc470c6e74ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42d6681de4eea3ab6545ae0659cdc470c6e74ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-27043/python*: sync with stable triage
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d1975f9 by Sylvain Beucler at 2024-03-16T19:28:53+01:00 CVE-2023-27043/python*: sync with stable triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65425,10 +65425,10 @@ CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-m - python3.9 [bullseye] - python3.9 (Minor issue, wait until upstream has decided whether to backport to older branches) - python3.7 - [buster] - python3.7 (Minor issue) + [buster] - python3.7 (Minor issue, wait until upstream has decided whether to backport to older branches) - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - [buster] - python2.7 (Minor issue) + [buster] - python2.7 (Minor issue, wait until upstream has decided whether to backport to older branches) NOTE: https://github.com/python/cpython/issues/102988 CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) NOT-FOR-US: Tenda View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1975f9ef78e247f120b618215bce1268b96825 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1975f9ef78e247f120b618215bce1268b96825 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim libvirt in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 3eaaa92d by Guilhem Moulin at 2024-03-16T14:00:08+01:00 LTS: claim libvirt in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -172,7 +172,7 @@ libstb NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto) -- -libvirt +libvirt (guilhem) NOTE: 20240316: Added by Front-Desk (Beuc) NOTE: 20240316: A few years of minor vulnerabilities piled up; NOTE: 20240316: coordinate with stable/oldstable to fix them uniformly (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eaaa92dc5fd97f7417d6e16245b0a8b50942979 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eaaa92dc5fd97f7417d6e16245b0a8b50942979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-26540/cimg: buster postponed, reference patch
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cea774f by Sylvain Beucler at 2024-03-16T13:36:03+01:00 CVE-2024-26540/cimg: buster postponed, reference patch - - - - - 246888dc by Sylvain Beucler at 2024-03-16T13:44:52+01:00 CVE-2024-28849/node-follow-redirects: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -351,7 +351,12 @@ CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via - cimg [bookworm] - cimg (Minor issue) [bullseye] - cimg (Minor issue) + [buster] - cimg (Minor issue; no rdeps) NOTE: https://github.com/GreycLab/CImg/issues/403 + NOTE: https://github.com/GreycLab/CImg/commit/6a97a5209987e60fcce293ea102a068a88085098 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/c214dfee22a3fedcfae48fba7645f7a819cc9385 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/ec6a1f2183620a90b4dcf456813e597ade791dc6 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/cb9c5518905ea370954a59903ff747650c6edd40 (v.3.3.3) CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) @@ -417,6 +422,7 @@ CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node - node-follow-redirects (bug #1066971) [bookworm] - node-follow-redirects (Minor issue) [bullseye] - node-follow-redirects (Minor issue) + [buster] - node-follow-redirects (Follow-up to CVE-2022-0155) NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp NOTE: https://github.com/psf/requests/issues/1885 NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-2496/libvirt: buster postponed
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 15535e20 by Sylvain Beucler at 2024-03-16T13:00:23+01:00 CVE-2024-2496/libvirt: buster postponed - - - - - 5c76fbe6 by Sylvain Beucler at 2024-03-16T13:09:36+01:00 dla: add libvirt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1577,6 +1577,7 @@ CVE-2024-2496 [NULL pointer dereference in udevConnectListAllInterfaces()] - libvirt 9.8.0-1 [bookworm] - libvirt (Minor issue) [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue; DoS / clean crash) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 (v9.8.0-rc1) CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - libvirt (bug #1066058) = data/dla-needed.txt = @@ -172,6 +172,11 @@ libstb NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto) -- +libvirt + NOTE: 20240316: Added by Front-Desk (Beuc) + NOTE: 20240316: A few years of minor vulnerabilities piled up; + NOTE: 20240316: coordinate with stable/oldstable to fix them uniformly (Beuc/front-desk) +-- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72788521a0bcb3f302e27bd45b2f6df9a979c20f...5c76fbe69e1756873c56b82990615c555d15f113 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72788521a0bcb3f302e27bd45b2f6df9a979c20f...5c76fbe69e1756873c56b82990615c555d15f113 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-2467/libcrypt-openssl-rsa-perl: buster postponed
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 72788521 by Sylvain Beucler at 2024-03-16T12:52:06+01:00 CVE-2024-2467/libcrypt-openssl-rsa-perl: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - libcrypt-openssl-rsa-perl (bug #1066969) + [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42 CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) @@ -2148,7 +2149,7 @@ CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA imp - libgcrypt20 (bug #1065683) [bookworm] - libgcrypt20 (Minor issue) [bullseye] - libgcrypt20 (Minor issue) - [buster] - libgcrypt20 (Minor issue) + [buster] - libgcrypt20 (Minor issue; side-channel timing attack) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268 NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html NOTE: https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72788521a0bcb3f302e27bd45b2f6df9a979c20f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72788521a0bcb3f302e27bd45b2f6df9a979c20f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-28318,CVE-2024-28319/gpac: buster end-of-life
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c12 by Sylvain Beucler at 2024-03-16T12:42:12+01:00 CVE-2024-28318,CVE-2024-28319/gpac: buster end-of-life - - - - - de17954c by Sylvain Beucler at 2024-03-16T12:42:14+01:00 intel-microcode: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -205,10 +205,12 @@ CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cr NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2763 NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2764 NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) @@ -1342,30 +1344,35 @@ CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Int - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) + [buster] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) + [buster] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) + [buster] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) + [buster] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-28746 (Information exposure through microarchitectural state after transient ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) + [buster] - intel-microcode (Decide after exposure on unstable for update) - linux 6.7.9-2 - xen [bullseye] - xen (EOLed in Bullseye) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a2277a693b180af1a6d9d9cda1cb8b1b7977ab8c...de17954c678e70c408728d1bc9bcad3361035dd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a2277a693b180af1a6d9d9cda1cb8b1b7977ab8c...de17954c678e70c408728d1bc9bcad3361035dd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22259/libspring-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2277a69 by Salvatore Bonaccorso at 2024-03-16T11:25:15+01:00 Add CVE-2024-22259/libspring-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,7 +41,9 @@ CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulner - python-djangorestframework-simplejwt NOTE: https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513 CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) - TODO: check + - libspring-java (unimportant) + NOTE: https://spring.io/security/cve-2024-22259 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) NOT-FOR-US: WordPress plugin CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2277a693b180af1a6d9d9cda1cb8b1b7977ab8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2277a693b180af1a6d9d9cda1cb8b1b7977ab8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22513/python-djangorestframework-simplejwt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76166ca8 by Salvatore Bonaccorso at 2024-03-16T11:18:59+01:00 Add CVE-2024-22513/python-djangorestframework-simplejwt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38,7 +38,8 @@ CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulne CVE-2024-23298 (A logic issue was addressed with improved state management.) NOT-FOR-US: Apple CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) - TODO: check + - python-djangorestframework-simplejwt + NOTE: https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513 CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) TODO: check CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76166ca8603d0986e0965715c31d3e37a066333d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76166ca8603d0986e0965715c31d3e37a066333d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-28859 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 745fc863 by Salvatore Bonaccorso at 2024-03-16T11:15:30+01:00 Mark CVE-2024-28859 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,7 +14,7 @@ CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source libr - ruby-rotp (Only affects the upstream build, permissions are correct for the deb) NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) - TODO: check + NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) NOT-FOR-US: TOTOLink CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745fc863cd21c43e3712f416dde63e19accf49c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745fc863cd21c43e3712f416dde63e19accf49c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-28849
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c02d9634 by Salvatore Bonaccorso at 2024-03-16T11:09:18+01:00 Add Debian bug reference for CVE-2024-28849 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -408,7 +408,7 @@ CVE-2024-2438 CVE-2024-2437 REJECTED CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node's `ht ...) - - node-follow-redirects + - node-follow-redirects (bug #1066971) [bookworm] - node-follow-redirects (Minor issue) [bullseye] - node-follow-redirects (Minor issue) NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02d96344e791f4a5064321e994642948f8799e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02d96344e791f4a5064321e994642948f8799e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-2467/libcrypt-openssl-rsa-perl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5301ac0 by Salvatore Bonaccorso at 2024-03-16T10:56:16+01:00 Add Debian bug reference for CVE-2024-2467/libcrypt-openssl-rsa-perl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - - libcrypt-openssl-rsa-perl + - libcrypt-openssl-rsa-perl (bug #1066969) NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42 CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5301ac0212e031db86ad9d16af904f6e40110ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5301ac0212e031db86ad9d16af904f6e40110ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2496/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 29fc8f5f by Salvatore Bonaccorso at 2024-03-16T10:18:16+01:00 Add CVE-2024-2496/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1562,6 +1562,11 @@ CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a us NOT-FOR-US: Santesoft Sante FFT Imaging CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...) NOT-FOR-US: WordPress plugin +CVE-2024-2496 [NULL pointer dereference in udevConnectListAllInterfaces()] + - libvirt 9.8.0-1 + [bookworm] - libvirt (Minor issue) + [bullseye] - libvirt (Minor issue) + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 (v9.8.0-rc1) CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - libvirt (bug #1066058) [bookworm] - libvirt (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29fc8f5f40f9f3ec9890179eae0a1c09a28bb942 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29fc8f5f40f9f3ec9890179eae0a1c09a28bb942 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2467/libcrypt-openssl-rsa-perl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbc7270f by Salvatore Bonaccorso at 2024-03-16T10:15:15+01:00 Add CVE-2024-2467/libcrypt-openssl-rsa-perl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] + - libcrypt-openssl-rsa-perl + NOTE: https://people.redhat.com/~hkario/marvin/ + NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42 CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbc7270f79f661c7a5ce64815197b4de7620a16a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbc7270f79f661c7a5ce64815197b4de7620a16a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-7250/iperf3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8b888e7 by Salvatore Bonaccorso at 2024-03-16T10:12:56+01:00 Add CVE-2023-7250/iperf3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43554,6 +43554,10 @@ CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, craftin NOT-FOR-US: Creston CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...) NOT-FOR-US: Veritas InfoScale +CVE-2023-7250 + - iperf3 3.15-1 + NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc + NOTE: https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4 (3.15) CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow and heap ...) {DSA-5455-1 DLA-3506-1} - iperf3 3.14-1 (bug #1040830) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8b888e7251269c074fa261fefdf15ac6c8f27c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8b888e7251269c074fa261fefdf15ac6c8f27c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries for CVE-2023-39513
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff18e35f by Salvatore Bonaccorso at 2024-03-16T09:55:53+01:00 Remove no-dsa tagged entries for CVE-2023-39513 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36683,8 +36683,6 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17) CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 - [bookworm] - cacti (Minor issue) - [bullseye] - cacti (Minor issue) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 NOTE: Initial fix (partially reverted): https://github.com/Cacti/cacti/commit/976f44dd8dfb2410e0dba00de9c4bbca17ee8910 (release/1.2.25) NOTE: General fix: https://github.com/Cacti/cacti/commit/f66ed84ee2dfd22581e831db97afd2bb145312ef (release/1.2.25) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff18e35f8edff2277f6daad9fd62fc9166c0616a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff18e35f8edff2277f6daad9fd62fc9166c0616a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2024-28862/ruby-rotp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8367a3b0 by Salvatore Bonaccorso at 2024-03-16T09:45:31+01:00 Update information for CVE-2024-28862/ruby-rotp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,9 +7,8 @@ CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - - ruby-rotp + - ruby-rotp (Only affects the upstream build, permissions are correct for the deb) NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f - TODO: check details, permissions issue, introduced in 6.2.1 upstream CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) TODO: check CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8367a3b0a415f76f46f7a56b9c9979dac96d304f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8367a3b0a415f76f46f7a56b9c9979dac96d304f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take care of fontforge DSA, acked debdiffs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a58abcd7 by Salvatore Bonaccorso at 2024-03-16T09:30:42+01:00 Take care of fontforge DSA, acked debdiffs - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,7 +25,7 @@ dnsmasq -- expat (carnil) -- -fontforge +fontforge (carnil) Adrian Bunk posted proposal to prepare the update (cf. https://bugs.debian.org/1064967#14) -- frr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a58abcd79a40bf129c51502c384406d0e527da33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a58abcd79a40bf129c51502c384406d0e527da33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ca1e271 by Salvatore Bonaccorso at 2024-03-16T09:23:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - ruby-rotp NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f @@ -13,59 +13,59 @@ CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source libr CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) TODO: check CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) - TODO: check + NOT-FOR-US: Gnuboard CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23298 (A logic issue was addressed with improved state management.) - TODO: check + NOT-FOR-US: Apple CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) TODO: check CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) TODO: check CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28862/ruby-rotp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb16e05d by Salvatore Bonaccorso at 2024-03-16T09:22:53+01:00 Add CVE-2024-28862/ruby-rotp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,9 @@ CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - TODO: check + - ruby-rotp + NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f + TODO: check details, permissions issue, introduced in 6.2.1 upstream CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) TODO: check CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb16e05d379a61ae2788496ea1537f5974944ce3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb16e05d379a61ae2788496ea1537f5974944ce3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d52480e8 by security tracker role at 2024-03-16T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,97 +1,163 @@ -CVE-2021-47135 [mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report] +CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) + TODO: check +CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) + TODO: check +CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) + TODO: check +CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) + TODO: check +CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) + TODO: check +CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) + TODO: check +CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) + TODO: check +CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) + TODO: check +CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) + TODO: check +CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) + TODO: check +CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-23298 (A logic issue was addressed with improved state management.) + TODO: check +CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) + TODO: check +CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) + TODO: check +CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) + TODO: check +CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) + TODO: check +CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) + TODO: check +CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) + TODO: check +CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) + TODO: check +CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) + TODO: check +CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) + TODO: check +CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) + TODO: check +CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) + TODO: check +CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) + TODO: check +CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...) + TODO: check +CVE-2023-36483 (An authorization bypass was discovered in the Carrier MASmobile Classi ...) + TODO: check +CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5) -CVE-2021-47134 [efi/fdt: fix panic when no valid fdt found] +CVE-2021-47134 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5) -CVE-2021-47133 [HID: amd_sfh: Fix memory leak in amd_sfh_work] +CVE-2021-47133 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5ad7
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2024-27297/guix
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1eff25cb by Salvatore Bonaccorso at 2024-03-16T09:09:10+01:00 Add fixed version for CVE-2024-27297/guix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1323,7 +1323,7 @@ CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) NOT-FOR-US: SAP CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) - - guix (bug #1066113) + - guix 1.4.0-6 (bug #1066113) [bookworm] - guix (Minor issue) [bullseye] - guix (Minor issue) - nix (bug #1066812) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eff25cbc97977962531f68365903308415ad0c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eff25cbc97977962531f68365903308415ad0c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits