[Git][security-tracker-team/security-tracker][master] Claim freeimage for buster.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 51ecda99 by Ola Lundqvist at 2024-04-08T00:06:53+02:00 Claim freeimage for buster. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,7 +76,7 @@ emacs (Sean Whitton) NOTE: 20240403: for example, CVE-2024-30202. But I think it is vulnerable NOTE: 20240403: to CVE-2024-30203. (lamby) -- -freeimage +freeimage (Ola Lundqvist) NOTE: 20240320: Added by Front-Desk (ta) NOTE: 20240320: lots of postponed issue could be fixed as well NOTE: 20240325: Lack of upstream activity, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ecda9986c9e0cd7acd2ce491e9039284eed5bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ecda9986c9e0cd7acd2ce491e9039284eed5bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove runc from dla-needed
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c41e578 by Ola Lundqvist at 2024-04-07T23:50:33+02:00 Remove runc from dla-needed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -75305,7 +75305,7 @@ CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...) - runc 1.1.5+ds1-1 [bullseye] - runc (Minor issue) - [buster] - runc (Minor issue) + [buster] - runc (Minor issue) NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5) CVE-2023-25808 = data/dla-needed.txt = @@ -239,11 +239,6 @@ ring ruby-rack (Adrian Bunk) NOTE: 20240306: Added by Front-Desk (opal) -- -runc - NOTE: 20240312: Added by coordinator (roberto) - NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye. - NOTE: 20240314: Uploads to ospu should be coordinated. (roberto) --- samba (Santiago) NOTE: 20230918: Added by Front-Desk (apo) NOTE: 20240406: Update should be ready. Will upload this Monday. (Santiago) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c41e578160845c9f84e1a335d5266011e542869 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c41e578160845c9f84e1a335d5266011e542869 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add patch link for CVE-2021-41089
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: edd60855 by Daniel Leidert at 2024-04-07T23:33:37+02:00 Add patch link for CVE-2021-41089 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -186053,6 +186053,7 @@ CVE-2021-41089 (Moby is an open-source project created by Docker to enable softw [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 + NOTE: https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) - elvish 0.14.0-1 [buster] - elvish (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd608554d95b78b9f493e441096f6276a3e35e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd608554d95b78b9f493e441096f6276a3e35e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update findings for CVE-2023-49288
Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0a41abf by Daniel Leidert at 2024-04-07T22:37:43+02:00
Update findings for CVE-2023-49288
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -320670,7 +320670,8 @@ CVE-2023-49288 (Squid is a caching proxy for the Web
supporting HTTP, HTTPS, FTP
- squid 6.1-1
- squid3
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
- NOTE: https://github.com/squid-cache/squid/pull/1136
+ NOTE: https://megamansec.github.io/Squid-Security-Audit/trace-uaf.html
+ NOTE: https://github.com/squid-cache/squid/pull/1127 possibly removed
the vulnerable code.
CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
{DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0a41abf91541e98514b78d27135c36a24245e86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0a41abf91541e98514b78d27135c36a24245e86
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: release claim on docker.io in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 0aed7153 by Daniel Leidert at 2024-04-07T22:35:32+02:00 LTS: release claim on docker.io in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ dnsmasq (dleidert) NOTE: 20240327: Claimed by lamby, started thread on deblts-team. (lamby) NOTE: 20240403: Re-assigned back to dleidert; see thread. (lamby) -- -docker.io (dleidert) +docker.io NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) NOTE: 20230424: Is in preparation. (gladk) @@ -55,6 +55,7 @@ docker.io (dleidert) NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) NOTE: 20230311: Reverted decision to remove from this file since three CVEs are in bullseye. (ola) + NOTE: 20240407: Version 18.09.1+dfsg1-7.1+deb10u4 in Git has not been uploaded yet. (dleidert) -- dogecoin NOTE: 20230619: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aed71538e62e91e49010c3761c88b447206af8f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aed71538e62e91e49010c3761c88b447206af8f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49c2eef2 by security tracker role at 2024-04-07T20:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,93 @@
+CVE-2024-3428 (A vulnerability has been found in SourceCodester Online
Courseware 1.0 ...)
+ TODO: check
+CVE-2024-3427 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2024-3426 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-3425 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2024-3424 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
+ TODO: check
+CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
+ TODO: check
+CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
+ TODO: check
+CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware
1.0 and ...)
+ TODO: check
+CVE-2024-3419 (A vulnerability has been found in SourceCodester Online
Courseware 1.0 ...)
+ TODO: check
+CVE-2024-3418 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability
in Sukhc ...)
+ TODO: check
+CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech
WP Impor ...)
+ TODO: check
+CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability
in Repu ...)
+ TODO: check
+CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability
in Moove ...)
+ TODO: check
+CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability
in Meta ...)
+ TODO: check
+CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad
RapidLoa ...)
+ TODO: check
+CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability
in J.N. ...)
+ TODO: check
+CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability
in Andy ...)
+ TODO: check
+CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins
Product ...)
+ TODO: check
+CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30418 (Vulnerability of insufficient permission verification in the
app manag ...)
+ TODO: check
+CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing
module. Im ...)
+ TODO: check
+CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver
module. Im ...)
+ TODO: check
+CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic
WooComme ...)
+ TODO: check
+CVE-2023-52717 (Permission verification vulnerability in the lock screen
module. Impac ...)
+ TODO: check
+CVE-2023-52716 (Vulnerability of starting activities in the background in the
Activity ...)
+ TODO: check
+CVE-2023-52715 (The SystemUI module has a vulnerability in permission
management. Impa ...)
+
[Git][security-tracker-team/security-tracker][master] Mark open CVE for lucene-solr as EOL for buster
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c329976 by Markus Koschany at 2024-04-07T21:55:09+02:00 Mark open CVE for lucene-solr as EOL for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15316,21 +15316,25 @@ CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL Comman NOT-FOR-US: Oduyo Financial Technology Online Collection CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, Unrestricted U ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/1 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/2 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50292 (Incorrect Permission Assignment for Critical Resource, Improper Contro ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50292-apache-solr-schema-designer-blindly-trusts-all-configsets-possibly-leading-to-rce-by-unauthenticated-users NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/3 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50291 (Insufficiently Protected Credentials vulnerability in Apache Solr. Th ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/4 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c3299769d1664646df2e4c9a1e9a26604997a0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c3299769d1664646df2e4c9a1e9a26604997a0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove lucene-solr from dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ca0d31eb by Markus Koschany at 2024-04-07T21:39:19+02:00 Remove lucene-solr from dla-needed.txt As discussed with Daniel Leidert via private email, I believe that we should EOL lucene-solr in Buster. This is a truly ancient version which most likely nobody uses in production. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,11 +156,6 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr - NOTE: 20240213: Added by Front-Desk (lamby) - NOTE: 20240407: Should the server components be disabled as in 3.6.2+dfsg-23 instead of trying to patch the CVEs? (dleidert) - NOTE: 20240407: I'm going to contact Markus, the maintainer. (dleidert) --- mediawiki (guilhem) NOTE: 20240406: Added by Front-Desk (lamby) NOTE: 20240406: Added to address "TEMP-000-519C2D" at the time of writing. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0d31ebea43fea42f7979c2256664ce043c0b21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0d31ebea43fea42f7979c2256664ce043c0b21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim docker.io in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c2cea8e by Daniel Leidert at 2024-04-07T21:03:13+02:00 LTS: claim docker.io in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ dnsmasq (dleidert) NOTE: 20240327: Claimed by lamby, started thread on deblts-team. (lamby) NOTE: 20240403: Re-assigned back to dleidert; see thread. (lamby) -- -docker.io +docker.io (dleidert) NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) NOTE: 20230424: Is in preparation. (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2cea8ea7cb3f97bc45aee2f476a0c0f8e914b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2cea8ea7cb3f97bc45aee2f476a0c0f8e914b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Link to PR for CVE-2023-49288
Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ea09c58 by Daniel Leidert at 2024-04-07T20:34:27+02:00
Add Link to PR for CVE-2023-49288
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -320574,6 +320574,7 @@ CVE-2023-49288 (Squid is a caching proxy for the Web
supporting HTTP, HTTPS, FTP
- squid 6.1-1
- squid3
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
+ NOTE: https://github.com/squid-cache/squid/pull/1136
CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
{DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea09c58a537f9e3eedeadad5c42c9668c36e7e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea09c58a537f9e3eedeadad5c42c9668c36e7e9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes regarding "fix" from 3.6.2+dfsg-23
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b4e7834 by Daniel Leidert at 2024-04-07T20:16:49+02:00 Add notes regarding fix from 3.6.2+dfsg-23 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -158,6 +158,8 @@ linux-5.10 -- lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) + NOTE: 20240407: Should the server components be disabled as in 3.6.2+dfsg-23 instead of trying to patch the CVEs? (dleidert) + NOTE: 20240407: I'm going to contact Markus, the maintainer. (dleidert) -- mediawiki (guilhem) NOTE: 20240406: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b4e7834f75e41fca33691f32114d7a4817e8c03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b4e7834f75e41fca33691f32114d7a4817e8c03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: release claim on lucene-solr in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: b738fe72 by Daniel Leidert at 2024-04-07T20:13:21+02:00 LTS: release claim on lucene-solr in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,7 +156,7 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr (dleidert) +lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- mediawiki (guilhem) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b738fe721eac0ff1690b8425cdc93df7547672d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b738fe721eac0ff1690b8425cdc93df7547672d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim lucene-solr in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 79cce308 by Daniel Leidert at 2024-04-07T19:29:03+02:00 LTS: claim lucene-solr in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,7 +156,7 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr +lucene-solr (dleidert) NOTE: 20240213: Added by Front-Desk (lamby) -- mediawiki (guilhem) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79cce30865d152d892d0af86371bab9b2e52a6c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79cce30865d152d892d0af86371bab9b2e52a6c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim libpgjava in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a83b404c by Markus Koschany at 2024-04-07T11:46:24+02:00 Claim libpgjava in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -115,7 +115,7 @@ knot-resolver (Markus Koschany) libdatetime-timezone-perl (Emilio) NOTE: 20240327: Added by pochu -- -libpgjava +libpgjava (Markus Koschany) NOTE: 20240308: Added by Front-Desk (opal) -- libreswan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b404c6afee64b27c51c4936e53e4fc5bd322b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b404c6afee64b27c51c4936e53e4fc5bd322b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3784-1 for libcaca
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55b52a6c by Thorsten Alteholz at 2024-04-07T10:40:39+02:00
Reserve DLA-3784-1 for libcaca
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -213284,14 +213284,12 @@ CVE-2021-30500 (Null pointer dereference was found
in upx PackLinuxElf::canUnpac
CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in
function ...)
- libcaca 0.99.beta19-3 (bug #987278)
[bullseye] - libcaca (Minor issue)
- [buster] - libcaca (Minor issue)
[stretch] - libcaca (Minor issue; can be fixed in next
update)
NOTE: https://github.com/cacalabs/libcaca/issues/54
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6
(v0.99.beta20)
CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in
export.c in fun ...)
- libcaca 0.99.beta19-3 (bug #987278)
[bullseye] - libcaca (Minor issue)
- [buster] - libcaca (Minor issue)
[stretch] - libcaca (Minor issue; can be fixed in next
update)
NOTE: https://github.com/cacalabs/libcaca/issues/53
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6
(v0.99.beta20)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Apr 2024] DLA-3784-1 libcaca - security update
+ {CVE-2021-30498 CVE-2021-30499}
+ [buster] - libcaca 0.99.beta19-2.1+deb10u1
[07 Apr 2024] DLA-3783-1 expat - security update
{CVE-2023-52425}
[buster] - expat 2.2.6-2+deb10u7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b52a6ca2ba0f482ef73a93f5faf9733d393953
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b52a6ca2ba0f482ef73a93f5faf9733d393953
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-30370 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0c92d52 by Salvatore Bonaccorso at 2024-04-07T10:32:05+02:00 Mark CVE-2024-30370 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1389,7 +1389,7 @@ CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management S CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) - TODO: check + NOTE: RARLabs WinRAR CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c92d5203a0c859e5cc21a3de05669d94b894b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c92d5203a0c859e5cc21a3de05669d94b894b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-30166/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10ed804c by Salvatore Bonaccorso at 2024-04-07T10:29:37+02:00 Add CVE-2024-30166/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1453,7 +1453,8 @@ CVE-2024-30337 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution V CVE-2024-30336 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30166 (In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can c ...) - TODO: check + - mbedtls + TODO: check, missing details CVE-2024-2879 (The LayerSlider plugin for WordPress is vulnerable to SQL Injection vi ...) NOT-FOR-US: WordPress plugin CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10ed804c4f18e11d3a77481abfda49564a590924 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10ed804c4f18e11d3a77481abfda49564a590924 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28836/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b024d89 by Salvatore Bonaccorso at 2024-04-07T10:26:45+02:00 Add CVE-2024-28836/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1465,7 +1465,8 @@ CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Alldata CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...) - TODO: check + - mbedtls + TODO: check, missing details CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...) - mbedtls [bookworm] - mbedtls (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b024d89d2077df8276c01f8d0534228b80bbfe1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b024d89d2077df8276c01f8d0534228b80bbfe1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05ff1779 by Salvatore Bonaccorso at 2024-04-07T10:22:44+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,19 @@
+CVE-2024-3417 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-3416 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource
Information ...)
+ TODO: check
+CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource
Information ...)
+ TODO: check
+CVE-2024-30415 (Vulnerability of improper permission control in the window
management ...)
+ TODO: check
+CVE-2024-30414 (Command injection vulnerability in the AccountManager module.
Impact: ...)
+ TODO: check
+CVE-2024-30413 (Vulnerability of improper permission control in the window
management ...)
+ TODO: check
+CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource
Inform ...)
NOT-FOR-US: SourceCodester Human Resource Information System
CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up
to 10.1 ...)
@@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the
HTTP protocol and the
NOTE: https://redmine.openinfosecfoundation.org/issues/6757
CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM
Application G ...)
NOT-FOR-US: IBM
-CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik
GmbH IN ...)
+CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a
remote a ...)
NOT-FOR-US: INOTEC
CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.3 is ...)
NOT-FOR-US: IBM
@@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF)
vulnerability in ThemeFusion F
CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in U ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid
tty permi ...)
- {DSA-5650-1}
+ {DSA-5650-1 DLA-3782-1}
- util-linux 2.39.3-11 (bug #1067849)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
NOTE:
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
(v2.40)
@@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow
vulnerability exists in the GGUF li
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
+ {DLA-3780-1}
- jetty9 9.4.54-1 (bug #1064923)
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
NOTE: https://github.com/jetty/jetty.project/issues/11256
@@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive
XML Entity Expansion if
NOTE: CVE is for fixing billion laughs attacks for users compiling
*without* XML_DTD defined,
NOTE: which is not the case for Debian.
CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource
consumptio ...)
+ {DLA-3783-1}
- expat 2.6.0-1 (bug #1063238)
NOTE: https://github.com/libexpat/libexpat/pull/789
NOTE: Merge commit:
https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
@@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon
before 2.9.4 for PrestaShop is
CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip
content" featur ...)
NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an
out-of-bounds ...)
+ {DLA-3781-1}
- libgd2 2.3.3-1
[bullseye] - libgd2 (Minor issue)
[stretch] - libgd2 (Minor issue)
@@ -193584,6 +193603,7 @@ CVE-2021-38117
CVE-2021-38116
RESERVED
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka
LibGD) thr ...)
+ {DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
[bullseye] - libgd2 (Minor issue)
[stretch] - libgd2 (Minor issue)
@@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in
the Exporter in Nuance Win
CVE-2021-3668
RESERVED
CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can
potentially cause ...)
+ {DLA-3782-1}
- util-linux 2.36.1-8 (low; bug #991619)
[stretch] -
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-28755 and CVE-2023-52353
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 229cc53e by Salvatore Bonaccorso at 2024-04-07T09:51:56+02:00 Update information on CVE-2024-28755 and CVE-2023-52353 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1451,7 +1451,12 @@ CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnera CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...) TODO: check CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...) - TODO: check + - mbedtls + [bookworm] - mbedtls (Minor issue) + [bullseye] - mbedtls (Minor issue) + [buster] - mbedtls (Minor issue) + NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654 + NOTE: Possibly the same as CVE-2023-52353. CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows versions 10. ...) NOT-FOR-US: Axigen Mail Server for Windows CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229cc53efdb24180a357f327bf4d7ad4afad3da9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229cc53efdb24180a357f327bf4d7ad4afad3da9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-50471 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa117f24 by Salvatore Bonaccorso at 2024-04-07T09:17:29+02:00
Mark CVE-2023-50471 as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -26208,6 +26208,8 @@ CVE-2023-50472 (cJSON v1.7.16 was discovered to contain
a segmentation violation
CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
{DLA-3700-1}
- cjson 1.7.17-1 (bug #1059287)
+ [bookworm] - cjson (Minor issue)
+ [bullseye] - cjson (Minor issue)
NOTE: https://github.com/DaveGamble/cJSON/issues/802
NOTE: Fixed by:
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa117f24c9f21f4d381caa8ed701c78e3ed56a51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa117f24c9f21f4d381caa8ed701c78e3ed56a51
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3783-1 for expat
Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
22b0e152 by Tobias Frost at 2024-04-07T09:14:11+02:00
Reserve DLA-3783-1 for expat
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Apr 2024] DLA-3783-1 expat - security update
+ {CVE-2023-52425}
+ [buster] - expat 2.2.6-2+deb10u7
[07 Apr 2024] DLA-3782-1 util-linux - security update
{CVE-2021-37600 CVE-2024-28085}
[buster] - util-linux 2.33.1-0.1+deb10u1
=
data/dla-needed.txt
=
@@ -75,10 +75,6 @@ emacs (Sean Whitton)
NOTE: 20240403: for example, CVE-2024-30202. But I think it is vulnerable
NOTE: 20240403: to CVE-2024-30203. (lamby)
--
-expat (tobi)
- NOTE: 20240306: Added by Front-Desk (opal)
- NOTE: 20230324: slowly making progress, seems that I've just defeated
CVE-2023-52425 :) (tobi)
---
freeimage
NOTE: 20240320: Added by Front-Desk (ta)
NOTE: 20240320: lots of postponed issue could be fixed as well
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b0e152708267c9c1136ca94b0bb6a09662d17c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b0e152708267c9c1136ca94b0bb6a09662d17c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Document relation from CVE-2024-2314, #1028479 and #1068297
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b094ddd2 by Salvatore Bonaccorso at 2024-04-07T09:07:53+02:00 Document relation from CVE-2024-2314, #1028479 and #1068297 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7864,7 +7864,8 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load [buster] - bpfcc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0) NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) - NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2) + NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and + NOTE: resulting in the additional problem in https://bugs.debian.org/1068297 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace [bookworm] - bpftrace (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b094ddd2dbeeb52d8a4581b3dc650137b600666c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b094ddd2dbeeb52d8a4581b3dc650137b600666c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-50967/jose
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3da12db9 by Salvatore Bonaccorso at 2024-04-07T08:51:38+02:00 Reference upstream commit for CVE-2023-50967/jose - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5004,6 +5004,7 @@ CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a den - jose (bug #1067457) NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md NOTE: https://github.com/latchset/jose/issues/151 + NOTE: Fixed by: https://github.com/latchset/jose/commit/4ee7708bf6dbfaa712749f081eec1f0d122fa001 (v13) CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3da12db96d41e63f3e5870ea5d564f7ad5543930 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3da12db96d41e63f3e5870ea5d564f7ad5543930 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
