[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim tiff
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: a8522564 by Abhijith PA at 2024-03-18T10:31:40+05:30 data/dla-needed.txt: claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -292,7 +292,7 @@ suricata (Adrian Bunk) thunderbird (Emilio) NOTE: 20240306: Added by Front-Desk (opal) -- -tiff +tiff (Abhijith PA) NOTE: 20240314: Added by coordinator (roberto) NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8522564f49a69150f3fcfb173d4b3bd3d452c89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8522564f49a69150f3fcfb173d4b3bd3d452c89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-2157/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 66f314e8 by Bastien Roucariès at 2024-03-17T22:46:00+00:00 CVE-2023-2157/imagemagick This CVE was in the code supporting exif feature following https://github.com/ImageMagick/ImageMagick/issues/5768 First commit introducing this feature was in https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 This commit does not pin point the exact point where the CVE was introduced but version before 6.9.12.72, does not read the exif and thus did not trigger the CVE - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53546,11 +53546,13 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) - [bookworm] - imagemagick (Minor issue) - [bullseye] - imagemagick (Minor issue) + [bookworm] - imagemagick (Vulnerable code introduced later) + [bullseye] - imagemagick (Vulnerable code introduced later) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) + NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/issues/5768 + NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 (exif feature not present before this commit 6.9.12.72) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) {DSA-5453-1 DSA-5448-1 DLA-3512-1} - linux 6.3.11-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-3195/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 73584b34 by Bastien Roucariès at 2024-03-17T22:42:15+00:00 CVE-2023-3195/imagemagick Add more detail why this CVE is not present in debian. Introduced by https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 Maybe introduced by backporting not carefully CVE-2023-1906 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48319,12 +48319,13 @@ CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanon NOT-FOR-US: WordPress plugin CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick 8:6.9.12.98+dfsg1-2 - [bookworm] - imagemagick (Minor issue) - [bullseye] - imagemagick (Minor issue) + [bookworm] - imagemagick (regression introduced by some backport of CVE-2023-1906, debian patch does not include the regression) + [bullseye] - imagemagick (regression introduced by some backport of CVE-2023-1906, debian patch does not include the regression) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c (7.1.0-11) + NOTE: Introduced by 6.9.12.55 https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.) - froxlor (bug #581792) CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73584b34bd40a080d225c265b25332e7f0456a99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73584b34bd40a080d225c265b25332e7f0456a99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take zfs-linux
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 6059d5b7 by Utkarsh Gupta at 2024-03-18T04:00:09+05:30 Take zfs-linux - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -316,8 +316,10 @@ wordpress zabbix NOTE: 20240212: Added by Front-Desk (utkarsh) -- -zfs-linux +zfs-linux (utkarsh) NOTE: 20231127: Added by Front-Desk (Beuc) NOTE: 20240108: the fix for other CVE wasn't obvious but about to be ready; D/ELA to be out soon. (utkarsh) NOTE: 20240209: I was out last to last week so couldn't process this but it's nearly ready. (utkarsh) + NOTE: 20240318: upload ready at https://people.debian.org/~utkarsh/lts/zfs-linux/. (utkarsh) + NOTE: 20240318: TODO: one last smoke test before upload. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6059d5b700ff540658eb34f9ea36bfe8b7b02bb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6059d5b700ff540658eb34f9ea36bfe8b7b02bb4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6003cffe by Salvatore Bonaccorso at 2024-03-17T21:18:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) - TODO: check + NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and classi ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to 20240310 and c ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2562 (A vulnerability, which was classified as critical, was found in PandaX ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2561 (A vulnerability, which was classified as critical, has been found in 7 ...) - TODO: check + NOT-FOR-US: 74CMS CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda AC18 15.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2559 (A vulnerability classified as problematic has been found in Tenda AC18 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management System 1. ...) - TODO: check + NOT-FOR-US: kishor-23 Food Waste Management System CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability in Pie R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c993eb1f by security tracker role at 2024-03-17T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) + TODO: check +CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) + TODO: check +CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and classi ...) + TODO: check +CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to 20240310 and c ...) + TODO: check +CVE-2024-2562 (A vulnerability, which was classified as critical, was found in PandaX ...) + TODO: check +CVE-2024-2561 (A vulnerability, which was classified as critical, has been found in 7 ...) + TODO: check +CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda AC18 15.0 ...) + TODO: check +CVE-2024-2559 (A vulnerability classified as problematic has been found in Tenda AC18 ...) + TODO: check +CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) + TODO: check +CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management System 1. ...) + TODO: check +CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability in Pie R ...) + TODO: check +CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) @@ -64150,6 +64188,7 @@ CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0) NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0) CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...) + {DLA-3763-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27534.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c993eb1f6201e587bfeba4a4050748fd13d94d07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c993eb1f6201e587bfeba4a4050748fd13d94d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix upstream tag for CVE-2023-2700
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bca72095 by Salvatore Bonaccorso at 2024-03-17T20:56:38+01:00 Fix upstream tag for CVE-2023-2700 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51090,7 +51090,7 @@ CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers [bullseye] - libvirt (Vulnerable code not present) [buster] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 - NOTE: Introduced in: https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088 (v7.7.0) + NOTE: Introduced in: https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088 (v7.7.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Lost and Found Information System View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca72095d3e610c910dca94b88225e3142d90dd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca72095d3e610c910dca94b88225e3142d90dd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2023-2700/libvirt for buster and bullseye.
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 5965db88 by Guilhem Moulin at 2024-03-17T17:41:54+01:00 Triage CVE-2023-2700/libvirt for buster and bullseye. - - - - - 616a53f5 by Guilhem Moulin at 2024-03-17T17:51:29+01:00 Triage CVE-2019-20485/libvirt for buster. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51087,9 +51087,10 @@ CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgre CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...) [experimental] - libvirt 9.3.0-1 - libvirt 9.0.0-4 (bug #1036297) - [bullseye] - libvirt (Minor issue) - [buster] - libvirt (Minor issue) + [bullseye] - libvirt (Vulnerable code not present) + [buster] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 + NOTE: Introduced in: https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088 (v7.7.0) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Lost and Found Information System @@ -291353,10 +291354,11 @@ CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow file NOT-FOR-US: Apache AsterixDB CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - libvirt 6.0.0-2 (low; bug #953078) - [buster] - libvirt (Minor issue) + [buster] - libvirt (Minor issue, intrusive to backport) [stretch] - libvirt (Minor issue) [jessie] - libvirt (Vulnerable code not present) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) + NOTE: Disputed upstream: https://listman.redhat.com/archives/libvir-list/2019-December/msg00313.html CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) NOT-FOR-US: Swann CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0...616a53f5e56c3320cb276f54473a3650c42353cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2023-6725
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8b0087c by Salvatore Bonaccorso at 2024-03-17T16:50:12+01:00 Add initial tracking for CVE-2023-6725 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -343,7 +343,9 @@ CVE-2023-7003 (The AES key utilized in the pairing process between a lock using CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...) NOT-FOR-US: TTLock App CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component ...) - TODO: check + - designate + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249273 + TODO: check, details unclear CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...) NOT-FOR-US: Fluid CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b0087c3ab4d739826d8a2cdca77aa6a3e2e9d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Partially revert some updates for bookworm and bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a1e6568 by Salvatore Bonaccorso at 2024-03-17T16:42:23+01:00 Partially revert some updates for bookworm and bullseye While waiting for clarification from Bastien on them. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48279,8 +48279,8 @@ CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanon NOT-FOR-US: WordPress plugin CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick 8:6.9.12.98+dfsg1-2 - [bookworm] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) - [bullseye] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) @@ -53504,8 +53504,8 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) - [bookworm] - imagemagick (Vulnerable code was introduced later) - [bullseye] - imagemagick (Vulnerable code was introduced later) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) @@ -106273,8 +106273,8 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy man NOT-FOR-US: Delta CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141) - [bookworm] - imagemagick (Vulnerable code was introduced later) - [bullseye] - imagemagick (Vulnerable code was introduced later) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1e6568bc13d7dcf0b5c5effb3e452f93bdd6ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1e6568bc13d7dcf0b5c5effb3e452f93bdd6ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-3195/imagemagick buster
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: cbdef8c4 by Bastien Roucariès at 2024-03-17T15:37:52+00:00 CVE-2023-3195/imagemagick buster Buster is not vulnerable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48281,7 +48281,7 @@ CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's co - imagemagick 8:6.9.12.98+dfsg1-2 [bookworm] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) [bullseye] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) - [buster] - imagemagick (Minor issue) + [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c (7.1.0-11) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdef8c4720f32c6e2191a37984828f779d22d39 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdef8c4720f32c6e2191a37984828f779d22d39 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Retake imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e376add by Bastien Roucariès at 2024-03-17T15:20:32+00:00 Retake imagemagick - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -107,11 +107,12 @@ i2p NOTE: 20230809: Added by Front-Desk (Beuc) NOTE: 20230809: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28 -- -imagemagick +imagemagick (rouca) NOTE: 20230622: Added by Front-Desk (Beuc) NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) NOTE: 20231014: Some work under git branch debian/buster but unease (rouca) NOTE: 20240227: Made a partial release (rouca) + NOTE: 20240317: bookworm/bullseye CVE free in git -- jenkins-htmlunit-core-js NOTE: 20231231: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e376addf6d8e871f6bef22455e345b39b422ad0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e376addf6d8e871f6bef22455e345b39b422ad0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-3195/imagemagick bullseye not affected
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: c46857a1 by Bastien Roucariès at 2024-03-17T15:18:27+00:00 CVE-2023-3195/imagemagick bullseye not affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48280,7 +48280,7 @@ CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanon CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick 8:6.9.12.98+dfsg1-2 [bookworm] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) - [bullseye] - imagemagick (Minor issue) + [bullseye] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) [buster] - imagemagick (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c46857a10333e7a74c273946ae74ea0f7586efb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c46857a10333e7a74c273946ae74ea0f7586efb9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-32547/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b5ebfaf by Bastien Roucariès at 2024-03-17T15:13:51+00:00 CVE-2022-32547/imagemagick Fixed in bullseye by 8:6.9.11.60+dfsg-1.3+deb11u2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -128310,7 +128310,7 @@ CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...) {DLA-3429-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) - [bullseye] - imagemagick (Minor issue) + [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813 NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b5ebfaf3819d98f944a374028f16bd0f9cfe619 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b5ebfaf3819d98f944a374028f16bd0f9cfe619 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-3195/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: b3cc8d3e by Bastien Roucariès at 2024-03-17T14:35:41+00:00 CVE-2023-3195/imagemagick This CVE does not affects bookworm. This a regression due to another fix. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48279,7 +48279,7 @@ CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanon NOT-FOR-US: WordPress plugin CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick 8:6.9.12.98+dfsg1-2 - [bookworm] - imagemagick (Minor issue) + [bookworm] - imagemagick (Vulnerable code was introduced later and security patches does not introduce this bug) [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3cc8d3e2f028f909ace0f8e9927b85de7dfdcf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3cc8d3e2f028f909ace0f8e9927b85de7dfdcf1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-2157/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: fcd73685 by Bastien Roucariès at 2024-03-17T13:34:38+00:00 CVE-2023-2157/imagemagick Code was introduce post trixie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53504,9 +53504,9 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) - [bookworm] - imagemagick (Minor issue) - [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) + [bookworm] - imagemagick (Vulnerable code was introduced later) + [bullseye] - imagemagick (Vulnerable code was introduced later) + [buster] - imagemagick (Vulnerable code was introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcd73685be2e57f6802681cec476ae6c68807bb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcd73685be2e57f6802681cec476ae6c68807bb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] imagemagick/CVE-2022-3213
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 5977a1c8 by Bastien Roucariès at 2024-03-17T11:31:39+00:00 imagemagick/CVE-2022-3213 Vulnerable code (stripped TIFF) was introduced later. Same diagnostic by ubuntu. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -106273,9 +106273,9 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy man NOT-FOR-US: Delta CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141) - [bookworm] - imagemagick (Minor issue) - [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) + [bookworm] - imagemagick (Vulnerable code was introduced later) + [bullseye] - imagemagick (Vulnerable code was introduced later) + [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 (6.9.12-62) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5977a1c8144cd0dc847b38fcd2fa610b9607e67f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5977a1c8144cd0dc847b38fcd2fa610b9607e67f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add myself to sendmail
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e695b37 by Bastien Roucariès at 2024-03-17T11:15:28+00:00 Add myself to sendmail Sendmail status of SMTP smurgling is complicated. Add myself as in charge of this - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -97,6 +97,8 @@ ruby-tzinfo/oldstable -- salt/oldstable -- +sendmail (rouca) +-- samba/oldstable santiago started to backport patches to bullseye -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e695b3704813c84c439ff829cbacb0f5f4c81ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e695b3704813c84c439ff829cbacb0f5f4c81ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3763-1 for curl
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f003d9d by Bastien Roucariès at 2024-03-17T09:22:54+00:00 Reserve DLA-3763-1 for curl - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -64149,7 +64149,6 @@ CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...) - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 - [buster] - curl (Minor issue) NOTE: https://curl.se/docs/CVE-2023-27534.html NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0) NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0) = data/DLA/list = @@ -1,3 +1,6 @@ +[17 Mar 2024] DLA-3763-1 curl - security update + {CVE-2023-27534} + [buster] - curl 7.64.0-4+deb10u9 [15 Mar 2024] DLA-3762-1 unadf - security update {CVE-2016-1243 CVE-2016-1244} [buster] - unadf 0.7.11a-4+deb11u1~deb10u1 = data/dla-needed.txt = @@ -59,12 +59,6 @@ composer (rouca) NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk) NOTE: 20240316: Ask clarification about some fixes on DSA 5632-1 without CVE -- -curl (rouca) - NOTE: 20231229: Added by Front-Desk (lamby) - NOTE: 20231229: CVE-2023-27534 fixed in bullseye via DSA or point release. (lamby) - NOTE: 20240129: https://salsa.debian.org/debian/curl/-/merge_requests/21 (rouca) - NOTE: 20240312: test fix (rouca) --- dnsmasq (dleidert) NOTE: 20240303: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f003d9d3fbf160ffc6753ddaa616a492a6e8445 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f003d9d3fbf160ffc6753ddaa616a492a6e8445 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5dc6b16 by Salvatore Bonaccorso at 2024-03-17T09:18:52+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Product Review Rating System CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc306969 by security tracker role at 2024-03-17T08:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) + TODO: check +CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) + TODO: check +CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) + TODO: check +CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) + TODO: check +CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) + TODO: check +CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) + TODO: check +CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30696983bcac8039b51df8fd546260194a4794 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30696983bcac8039b51df8fd546260194a4794 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits