[Git][security-tracker-team/security-tracker][master] Claim freeimage for buster.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 51ecda99 by Ola Lundqvist at 2024-04-08T00:06:53+02:00 Claim freeimage for buster. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,7 +76,7 @@ emacs (Sean Whitton) NOTE: 20240403: for example, CVE-2024-30202. But I think it is vulnerable NOTE: 20240403: to CVE-2024-30203. (lamby) -- -freeimage +freeimage (Ola Lundqvist) NOTE: 20240320: Added by Front-Desk (ta) NOTE: 20240320: lots of postponed issue could be fixed as well NOTE: 20240325: Lack of upstream activity, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ecda9986c9e0cd7acd2ce491e9039284eed5bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ecda9986c9e0cd7acd2ce491e9039284eed5bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove runc from dla-needed
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c41e578 by Ola Lundqvist at 2024-04-07T23:50:33+02:00 Remove runc from dla-needed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -75305,7 +75305,7 @@ CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...) - runc 1.1.5+ds1-1 [bullseye] - runc (Minor issue) - [buster] - runc (Minor issue) + [buster] - runc (Minor issue) NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5) CVE-2023-25808 = data/dla-needed.txt = @@ -239,11 +239,6 @@ ring ruby-rack (Adrian Bunk) NOTE: 20240306: Added by Front-Desk (opal) -- -runc - NOTE: 20240312: Added by coordinator (roberto) - NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye. - NOTE: 20240314: Uploads to ospu should be coordinated. (roberto) --- samba (Santiago) NOTE: 20230918: Added by Front-Desk (apo) NOTE: 20240406: Update should be ready. Will upload this Monday. (Santiago) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c41e578160845c9f84e1a335d5266011e542869 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c41e578160845c9f84e1a335d5266011e542869 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add patch link for CVE-2021-41089
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: edd60855 by Daniel Leidert at 2024-04-07T23:33:37+02:00 Add patch link for CVE-2021-41089 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -186053,6 +186053,7 @@ CVE-2021-41089 (Moby is an open-source project created by Docker to enable softw [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 + NOTE: https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) - elvish 0.14.0-1 [buster] - elvish (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd608554d95b78b9f493e441096f6276a3e35e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd608554d95b78b9f493e441096f6276a3e35e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update findings for CVE-2023-49288
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: d0a41abf by Daniel Leidert at 2024-04-07T22:37:43+02:00 Update findings for CVE-2023-49288 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -320670,7 +320670,8 @@ CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP - squid 6.1-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 - NOTE: https://github.com/squid-cache/squid/pull/1136 + NOTE: https://megamansec.github.io/Squid-Security-Audit/trace-uaf.html + NOTE: https://github.com/squid-cache/squid/pull/1127 possibly removed the vulnerable code. CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...) {DSA-5637-1 DLA-3709-1} - squid 6.5-1 (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0a41abf91541e98514b78d27135c36a24245e86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0a41abf91541e98514b78d27135c36a24245e86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: release claim on docker.io in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 0aed7153 by Daniel Leidert at 2024-04-07T22:35:32+02:00 LTS: release claim on docker.io in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ dnsmasq (dleidert) NOTE: 20240327: Claimed by lamby, started thread on deblts-team. (lamby) NOTE: 20240403: Re-assigned back to dleidert; see thread. (lamby) -- -docker.io (dleidert) +docker.io NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) NOTE: 20230424: Is in preparation. (gladk) @@ -55,6 +55,7 @@ docker.io (dleidert) NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) NOTE: 20230311: Reverted decision to remove from this file since three CVEs are in bullseye. (ola) + NOTE: 20240407: Version 18.09.1+dfsg1-7.1+deb10u4 in Git has not been uploaded yet. (dleidert) -- dogecoin NOTE: 20230619: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aed71538e62e91e49010c3761c88b447206af8f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aed71538e62e91e49010c3761c88b447206af8f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49c2eef2 by security tracker role at 2024-04-07T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2024-3428 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3427 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3426 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3425 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3424 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware 1.0 and ...) + TODO: check +CVE-2024-3419 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3418 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability in Sukhc ...) + TODO: check +CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech WP Impor ...) + TODO: check +CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability in Repu ...) + TODO: check +CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability in Moove ...) + TODO: check +CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) + TODO: check +CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoa ...) + TODO: check +CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) + TODO: check +CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...) + TODO: check +CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins Product ...) + TODO: check +CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) + TODO: check +CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) + TODO: check +CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver module. Im ...) + TODO: check +CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) + TODO: check +CVE-2023-52717 (Permission verification vulnerability in the lock screen module. Impac ...) + TODO: check +CVE-2023-52716 (Vulnerability of starting activities in the background in the Activity ...) + TODO: check +CVE-2023-52715 (The SystemUI module has a vulnerability in permission management. Impa ...) +
[Git][security-tracker-team/security-tracker][master] Mark open CVE for lucene-solr as EOL for buster
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c329976 by Markus Koschany at 2024-04-07T21:55:09+02:00 Mark open CVE for lucene-solr as EOL for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15316,21 +15316,25 @@ CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL Comman NOT-FOR-US: Oduyo Financial Technology Online Collection CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, Unrestricted U ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/1 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/2 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50292 (Incorrect Permission Assignment for Critical Resource, Improper Contro ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50292-apache-solr-schema-designer-blindly-trusts-all-configsets-possibly-leading-to-rce-by-unauthenticated-users NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/3 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50291 (Insufficiently Protected Credentials vulnerability in Apache Solr. Th ...) - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/4 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c3299769d1664646df2e4c9a1e9a26604997a0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c3299769d1664646df2e4c9a1e9a26604997a0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove lucene-solr from dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ca0d31eb by Markus Koschany at 2024-04-07T21:39:19+02:00 Remove lucene-solr from dla-needed.txt As discussed with Daniel Leidert via private email, I believe that we should EOL lucene-solr in Buster. This is a truly ancient version which most likely nobody uses in production. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,11 +156,6 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr - NOTE: 20240213: Added by Front-Desk (lamby) - NOTE: 20240407: Should the server components be disabled as in 3.6.2+dfsg-23 instead of trying to patch the CVEs? (dleidert) - NOTE: 20240407: I'm going to contact Markus, the maintainer. (dleidert) --- mediawiki (guilhem) NOTE: 20240406: Added by Front-Desk (lamby) NOTE: 20240406: Added to address "TEMP-000-519C2D" at the time of writing. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0d31ebea43fea42f7979c2256664ce043c0b21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0d31ebea43fea42f7979c2256664ce043c0b21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim docker.io in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c2cea8e by Daniel Leidert at 2024-04-07T21:03:13+02:00 LTS: claim docker.io in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ dnsmasq (dleidert) NOTE: 20240327: Claimed by lamby, started thread on deblts-team. (lamby) NOTE: 20240403: Re-assigned back to dleidert; see thread. (lamby) -- -docker.io +docker.io (dleidert) NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) NOTE: 20230424: Is in preparation. (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2cea8ea7cb3f97bc45aee2f476a0c0f8e914b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2cea8ea7cb3f97bc45aee2f476a0c0f8e914b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Link to PR for CVE-2023-49288
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ea09c58 by Daniel Leidert at 2024-04-07T20:34:27+02:00 Add Link to PR for CVE-2023-49288 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -320574,6 +320574,7 @@ CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP - squid 6.1-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 + NOTE: https://github.com/squid-cache/squid/pull/1136 CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...) {DSA-5637-1 DLA-3709-1} - squid 6.5-1 (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea09c58a537f9e3eedeadad5c42c9668c36e7e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea09c58a537f9e3eedeadad5c42c9668c36e7e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes regarding "fix" from 3.6.2+dfsg-23
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b4e7834 by Daniel Leidert at 2024-04-07T20:16:49+02:00 Add notes regarding fix from 3.6.2+dfsg-23 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -158,6 +158,8 @@ linux-5.10 -- lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) + NOTE: 20240407: Should the server components be disabled as in 3.6.2+dfsg-23 instead of trying to patch the CVEs? (dleidert) + NOTE: 20240407: I'm going to contact Markus, the maintainer. (dleidert) -- mediawiki (guilhem) NOTE: 20240406: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b4e7834f75e41fca33691f32114d7a4817e8c03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b4e7834f75e41fca33691f32114d7a4817e8c03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: release claim on lucene-solr in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: b738fe72 by Daniel Leidert at 2024-04-07T20:13:21+02:00 LTS: release claim on lucene-solr in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,7 +156,7 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr (dleidert) +lucene-solr NOTE: 20240213: Added by Front-Desk (lamby) -- mediawiki (guilhem) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b738fe721eac0ff1690b8425cdc93df7547672d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b738fe721eac0ff1690b8425cdc93df7547672d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim lucene-solr in dla-needed.txt
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker Commits: 79cce308 by Daniel Leidert at 2024-04-07T19:29:03+02:00 LTS: claim lucene-solr in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -156,7 +156,7 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -lucene-solr +lucene-solr (dleidert) NOTE: 20240213: Added by Front-Desk (lamby) -- mediawiki (guilhem) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79cce30865d152d892d0af86371bab9b2e52a6c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79cce30865d152d892d0af86371bab9b2e52a6c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim libpgjava in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a83b404c by Markus Koschany at 2024-04-07T11:46:24+02:00 Claim libpgjava in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -115,7 +115,7 @@ knot-resolver (Markus Koschany) libdatetime-timezone-perl (Emilio) NOTE: 20240327: Added by pochu -- -libpgjava +libpgjava (Markus Koschany) NOTE: 20240308: Added by Front-Desk (opal) -- libreswan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b404c6afee64b27c51c4936e53e4fc5bd322b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b404c6afee64b27c51c4936e53e4fc5bd322b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3784-1 for libcaca
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 55b52a6c by Thorsten Alteholz at 2024-04-07T10:40:39+02:00 Reserve DLA-3784-1 for libcaca - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -213284,14 +213284,12 @@ CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpac CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) - libcaca 0.99.beta19-3 (bug #987278) [bullseye] - libcaca (Minor issue) - [buster] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/54 NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) - libcaca 0.99.beta19-3 (bug #987278) [bullseye] - libcaca (Minor issue) - [buster] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/53 NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Apr 2024] DLA-3784-1 libcaca - security update + {CVE-2021-30498 CVE-2021-30499} + [buster] - libcaca 0.99.beta19-2.1+deb10u1 [07 Apr 2024] DLA-3783-1 expat - security update {CVE-2023-52425} [buster] - expat 2.2.6-2+deb10u7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b52a6ca2ba0f482ef73a93f5faf9733d393953 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b52a6ca2ba0f482ef73a93f5faf9733d393953 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-30370 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0c92d52 by Salvatore Bonaccorso at 2024-04-07T10:32:05+02:00 Mark CVE-2024-30370 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1389,7 +1389,7 @@ CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management S CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) - TODO: check + NOTE: RARLabs WinRAR CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c92d5203a0c859e5cc21a3de05669d94b894b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c92d5203a0c859e5cc21a3de05669d94b894b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-30166/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10ed804c by Salvatore Bonaccorso at 2024-04-07T10:29:37+02:00 Add CVE-2024-30166/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1453,7 +1453,8 @@ CVE-2024-30337 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution V CVE-2024-30336 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30166 (In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can c ...) - TODO: check + - mbedtls + TODO: check, missing details CVE-2024-2879 (The LayerSlider plugin for WordPress is vulnerable to SQL Injection vi ...) NOT-FOR-US: WordPress plugin CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10ed804c4f18e11d3a77481abfda49564a590924 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10ed804c4f18e11d3a77481abfda49564a590924 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28836/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b024d89 by Salvatore Bonaccorso at 2024-04-07T10:26:45+02:00 Add CVE-2024-28836/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1465,7 +1465,8 @@ CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Alldata CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...) - TODO: check + - mbedtls + TODO: check, missing details CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...) - mbedtls [bookworm] - mbedtls (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b024d89d2077df8276c01f8d0534228b80bbfe1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b024d89d2077df8276c01f8d0534228b80bbfe1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05ff1779 by Salvatore Bonaccorso at 2024-04-07T10:22:44+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) + TODO: check +CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) + TODO: check CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) @@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the NOTE: https://redmine.openinfosecfoundation.org/issues/6757 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) NOT-FOR-US: IBM -CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) +CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote a ...) NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM @@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion F CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...) NOT-FOR-US: WordPress plugin CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...) - {DSA-5650-1} + {DSA-5650-1 DLA-3782-1} - util-linux 2.39.3-11 (bug #1067849) NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5 NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40) @@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) + {DLA-3780-1} - jetty9 9.4.54-1 (bug #1064923) NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 @@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined, NOTE: which is not the case for Debian. CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...) + {DLA-3783-1} - expat 2.6.0-1 (bug #1063238) NOTE: https://github.com/libexpat/libexpat/pull/789 NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1 @@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) NOT-FOR-US: Element-IT HTTP Commander CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) + {DLA-3781-1} - libgd2 2.3.3-1 [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -193584,6 +193603,7 @@ CVE-2021-38117 CVE-2021-38116 RESERVED CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) + {DLA-3781-1} - libgd2 2.3.3-1 (bug #991912) [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Win CVE-2021-3668 RESERVED CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...) + {DLA-3782-1} - util-linux 2.36.1-8 (low; bug #991619) [stretch] -
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-28755 and CVE-2023-52353
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 229cc53e by Salvatore Bonaccorso at 2024-04-07T09:51:56+02:00 Update information on CVE-2024-28755 and CVE-2023-52353 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1451,7 +1451,12 @@ CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnera CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...) TODO: check CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...) - TODO: check + - mbedtls + [bookworm] - mbedtls (Minor issue) + [bullseye] - mbedtls (Minor issue) + [buster] - mbedtls (Minor issue) + NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654 + NOTE: Possibly the same as CVE-2023-52353. CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows versions 10. ...) NOT-FOR-US: Axigen Mail Server for Windows CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229cc53efdb24180a357f327bf4d7ad4afad3da9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229cc53efdb24180a357f327bf4d7ad4afad3da9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-50471 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa117f24 by Salvatore Bonaccorso at 2024-04-07T09:17:29+02:00 Mark CVE-2023-50471 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26208,6 +26208,8 @@ CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) {DLA-3700-1} - cjson 1.7.17-1 (bug #1059287) + [bookworm] - cjson (Minor issue) + [bullseye] - cjson (Minor issue) NOTE: https://github.com/DaveGamble/cJSON/issues/802 NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa117f24c9f21f4d381caa8ed701c78e3ed56a51 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa117f24c9f21f4d381caa8ed701c78e3ed56a51 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3783-1 for expat
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 22b0e152 by Tobias Frost at 2024-04-07T09:14:11+02:00 Reserve DLA-3783-1 for expat - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Apr 2024] DLA-3783-1 expat - security update + {CVE-2023-52425} + [buster] - expat 2.2.6-2+deb10u7 [07 Apr 2024] DLA-3782-1 util-linux - security update {CVE-2021-37600 CVE-2024-28085} [buster] - util-linux 2.33.1-0.1+deb10u1 = data/dla-needed.txt = @@ -75,10 +75,6 @@ emacs (Sean Whitton) NOTE: 20240403: for example, CVE-2024-30202. But I think it is vulnerable NOTE: 20240403: to CVE-2024-30203. (lamby) -- -expat (tobi) - NOTE: 20240306: Added by Front-Desk (opal) - NOTE: 20230324: slowly making progress, seems that I've just defeated CVE-2023-52425 :) (tobi) --- freeimage NOTE: 20240320: Added by Front-Desk (ta) NOTE: 20240320: lots of postponed issue could be fixed as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b0e152708267c9c1136ca94b0bb6a09662d17c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b0e152708267c9c1136ca94b0bb6a09662d17c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Document relation from CVE-2024-2314, #1028479 and #1068297
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b094ddd2 by Salvatore Bonaccorso at 2024-04-07T09:07:53+02:00 Document relation from CVE-2024-2314, #1028479 and #1068297 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7864,7 +7864,8 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load [buster] - bpfcc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0) NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) - NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2) + NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and + NOTE: resulting in the additional problem in https://bugs.debian.org/1068297 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace [bookworm] - bpftrace (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b094ddd2dbeeb52d8a4581b3dc650137b600666c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b094ddd2dbeeb52d8a4581b3dc650137b600666c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-50967/jose
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3da12db9 by Salvatore Bonaccorso at 2024-04-07T08:51:38+02:00 Reference upstream commit for CVE-2023-50967/jose - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5004,6 +5004,7 @@ CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a den - jose (bug #1067457) NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md NOTE: https://github.com/latchset/jose/issues/151 + NOTE: Fixed by: https://github.com/latchset/jose/commit/4ee7708bf6dbfaa712749f081eec1f0d122fa001 (v13) CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3da12db96d41e63f3e5870ea5d564f7ad5543930 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3da12db96d41e63f3e5870ea5d564f7ad5543930 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits