[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fee5bb2d by Salvatore Bonaccorso at 2024-04-25T08:42:32+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,18 @@ +CVE-2024-26926 [binder: check offset alignment in binder_get_object()] + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/aaef73821a3b0194a01bd23ca4f704a04d40 (6.9-rc5) +CVE-2024-26925 [netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path] + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0d459e2ffb541841714839e8228b845458ed3b27 (6.9-rc3) +CVE-2024-26924 [netfilter: nft_set_pipapo: do not free live element] + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (6.9-rc5) +CVE-2024-26923 [af_unix: Fix garbage collector racing against connect()] + - linux + NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 - chromium [bullseye] - chromium (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee5bb2d1db671dc986dd7b6e3bb2ed8dd88c447 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee5bb2d1db671dc986dd7b6e3bb2ed8dd88c447 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52575 (rejected by kernel CNA)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 804e15b0 by Salvatore Bonaccorso at 2024-04-25T08:33:39+02:00 Remove notes from CVE-2023-52575 (rejected by kernel CNA) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15332,12 +15332,8 @@ CVE-2023-52576 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/34cf99c250d5cd2530b93a57b0de31d3aaf8685b (6.6-rc3) -CVE-2023-52575 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 6.5.6-1 - [bookworm] - linux 6.1.64-1 - [bullseye] - linux 5.10.205-1 - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/01b057b2f4cc2d905a0bd92195657dbd9a7005ab (6.6-rc3) +CVE-2023-52575 + REJECTED CVE-2023-52574 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804e15b0f1001ea96d233c650a169380e7dda0a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804e15b0f1001ea96d233c650a169380e7dda0a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-2957 (rejected, duplicate of CVE-2024-1983)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f457ce5 by Salvatore Bonaccorso at 2024-04-25T08:32:05+02:00 Remove notes from CVE-2024-2957 (rejected, duplicate of CVE-2024-1983) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4498,7 +4498,6 @@ CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor Template NOT-FOR-US: WordPress plugin CVE-2024-2957 REJECTED - NOT-FOR-US: WordPress plugin CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2024-2918 (Improper input validation in PAM JIT elevation feature in Devolutions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f457ce57f33c16616566f1c21a81461b48a67c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f457ce57f33c16616566f1c21a81461b48a67c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-3514 (duplicate of CVE-2024-1846)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7c200db by Salvatore Bonaccorso at 2024-04-25T08:30:39+02:00 Remove notes from CVE-2024-3514 (duplicate of CVE-2024-1846) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4399,7 +4399,6 @@ CVE-2024-3545 (Improper permission handling in the vault offline cache feature i NOT-FOR-US: Devolutions CVE-2024-3514 REJECTED - NOT-FOR-US: WordPress plugin CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c200dba07dbeaeada981768fb4d2be57fd2338 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c200dba07dbeaeada981768fb4d2be57fd2338 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag information on two openexr issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a45a48fd by Salvatore Bonaccorso at 2024-04-25T08:29:31+02:00 Add upstream tag information on two openexr issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -216388,7 +216388,7 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930 - NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 (v3.0.0-beta) NOTE: Only affects exrcheck, which isn't built into the binary packages CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DSA-5299-1 DLA-3236-1 DLA-2701-1} @@ -216396,7 +216396,7 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 - NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 (v3.0.0-beta) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5) CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DSA-5299-1 DLA-3236-1 DLA-2701-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45a48fd3133512067b3464467374d14f9164833 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45a48fd3133512067b3464467374d14f9164833 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71a0e1a0 by Salvatore Bonaccorso at 2024-04-25T08:26:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,57 +13,57 @@ CVE-2024-4058 CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) TODO: check CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) TODO: check CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc You're receiving this email because of your accoun
[Git][security-tracker-team/security-tracker][master] CVE-2021-26945/openexr is fixed since 3.1.5-2
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abe4a0e8 by Adrian Bunk at 2024-04-25T02:34:23+03:00 CVE-2021-26945/openexr is fixed since 3.1.5-2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -216383,7 +216383,7 @@ CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows re NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1) NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...) - - openexr (unimportant) + - openexr 3.1.5-2 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe4a0e857ac27b5c908b14462b75074c5ed4252 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe4a0e857ac27b5c908b14462b75074c5ed4252 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take trafficserver
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab520918 by Adrian Bunk at 2024-04-25T02:32:52+03:00 dla: take trafficserver - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -319,7 +319,7 @@ tinymce NOTE: 20231216: upstream's patch is backportable, as the code has changed a NOTE: 20231216: lot. (spwhitton) -- -trafficserver +trafficserver (Adrian Bunk) NOTE: 20240421: Added by Front-Desk (apo) -- tryton-server (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5209189ad297780d889328827da5d58550fc74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5209189ad297780d889328827da5d58550fc74 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-31047/openexr: The vulnerable exrmultipart is not installed in buster
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab7bf1be by Adrian Bunk at 2024-04-25T00:45:44+03:00 CVE-2024-31047/openexr: The vulnerable exrmultipart is not installed in buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5174,7 +5174,7 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo - openexr (bug #1068939) [bookworm] - openexr (Minor issue) [bullseye] - openexr (Minor issue) - [buster] - openexr (Minor issue) + [buster] - openexr (exrmultipart not installed in the Debian package before 2.5.0-1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7bf1be7037e750932b790edae986b44c04d23f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7bf1be7037e750932b790edae986b44c04d23f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2023-3758 as postponed for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 81d2b97f by Thorsten Alteholz at 2024-04-24T23:21:44+02:00 mark CVE-2023-3758 as postponed for Buster - - - - - b4103553 by Thorsten Alteholz at 2024-04-24T23:27:02+02:00 mark CVE-2024-3019 as not-affected for Buster - - - - - d4e5c70a by Thorsten Alteholz at 2024-04-24T23:34:30+02:00 mark CVE-2024-31031 as not-affected for Buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1148,6 +1148,7 @@ CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is n - sssd [bookworm] - sssd (Minor issue) [bullseye] - sssd (Minor issue) + [buster] - sssd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762 NOTE: https://github.com/SSSD/sssd/pull/7302 NOTE: https://github.com/SSSD/sssd/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a (master) @@ -1429,6 +1430,7 @@ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to ca - libcoap - libcoap2 [bullseye] - libcoap2 (Minor issue) + [buster] - libcoap2 (Vulnerable code not present) - libcoap3 [bookworm] - libcoap3 (Minor issue) NOTE: https://github.com/obgm/libcoap/issues/1351 @@ -8407,6 +8409,7 @@ CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration expose - pcp (bug #1068112) [bookworm] - pcp (Minor issue) [bullseye] - pcp (Minor issue) + [buster] - pcp (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2271898 NOTE: Fixed by: https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89dea12856acad42ac395f682dff06d416afb1fd...d4e5c70a07e0da92059f960aca1dd7a864238167 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89dea12856acad42ac395f682dff06d416afb1fd...d4e5c70a07e0da92059f960aca1dd7a864238167 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 89dea128 by Moritz Muehlenhoff at 2024-04-24T22:30:40+02:00 new chromium issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-4060 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-4059 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-4058 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) TODO: check CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- atril -- +chromium (dilinger) +-- dav1d -- dnsdist (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89dea12856acad42ac395f682dff06d416afb1fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89dea12856acad42ac395f682dff06d416afb1fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,269 @@ +CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) + TODO: check +CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) + TODO: check +CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) + TODO: check +CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) + TODO: check +CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) + TODO: check +CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) + TODO: check +CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) + TODO: check +CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) + TODO: check +CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) + TODO: check +CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) + TODO: check +CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) + TODO: check +CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) + TODO: check +CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) + TODO: check +CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) + TODO: check +CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...) + TODO: check +CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...) + TODO: check +CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...) + TODO: check +CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...) + TODO: check +CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...) + TODO: check +CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...) + TODO: check +CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) + TODO: check +CV
[Git][security-tracker-team/security-tracker][master] CVE-2024-24795/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 103025ef by Bastien Roucariès at 2024-04-24T15:39:14+00:00 CVE-2024-24795/apache2 Document fix and possible regression - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6011,6 +6011,9 @@ CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Serve - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 + NOTE: https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8 + NOTE: Fix will trigger a regression at least in fossil see https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 + NOTE: Fossil fix here: https://fossil-scm.org/home/info/f4ffefe708793b03 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...) {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103025ef4cc4cccb705da7580a6c513b84533326 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103025ef4cc4cccb705da7580a6c513b84533326 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-38709/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: ad578b47 by Bastien Roucariès at 2024-04-24T15:30:17+00:00 CVE-2023-38709/apache2 Fixed by: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44 Backport of: https://svn.apache.org/viewvc?view=revision&revision=1916770 header validation after content-* are eval'ed Submitted By: ylavic - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6016,6 +6016,7 @@ CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious o - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 + NOTE: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44 CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...) {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad578b475241e3e5448fd89413749f13a7453a93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad578b475241e3e5448fd89413749f13a7453a93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-27316/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 59151ea3 by Bastien Roucariès at 2024-04-24T15:15:42+00:00 CVE-2024-27316/apache2 Fixed by: https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9 from SVN (https://svn.apache.org/viewvc?view=revision&revision=1916779) SECURITY: CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Credits: Bartek Nowotarski (https://nowotarski.info/) Submitted By: icing - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6022,6 +6022,7 @@ CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buff NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-27316 + NOTE: https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9 CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl package, w ...) - rust-openssl (bug #1068418) [bookworm] - rust-openssl (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59151ea3a3ae40d2105d7d0f485b32df16052ae7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59151ea3a3ae40d2105d7d0f485b32df16052ae7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mysql-connector-python issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4ecb2787 by Moritz Muehlenhoff at 2024-04-24T16:07:13+02:00 new mysql-connector-python issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1980,7 +1980,7 @@ CVE-2024-21092 (Vulnerability in the Oracle Agile Product Lifecycle Management f CVE-2024-21091 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) NOT-FOR-US: Oracle CVE-2024-21090 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - TODO: check + - mysql-connector-python CVE-2024-21089 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...) NOT-FOR-US: Oracle CVE-2024-21088 (Vulnerability in the Oracle Production Scheduling product of Oracle E- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ecb2787e891dbbd0a1887b5ca17b06c5329dc28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ecb2787e891dbbd0a1887b5ca17b06c5329dc28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] one mor vbox issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: aa8a89da by Moritz Muehlenhoff at 2024-04-24T16:02:43+02:00 one mor vbox issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1949,7 +1949,7 @@ CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems (c CVE-2024-21104 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - TODO: check + - virtualbox 7.0.16-dfsg-1 CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (bug #1069189) CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa8a89da557299d7c42b9dc98d1c0f69e4c019a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa8a89da557299d7c42b9dc98d1c0f69e4c019a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dcmtk
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f03043c9 by Moritz Muehlenhoff at 2024-04-24T15:55:22+02:00 dcmtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -78,7 +78,10 @@ CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-S CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) NOT-FOR-US: Flipsnack CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) - TODO: check + - dcmtk + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 + NOTE: https://github.com/DCMTK/dcmtk/commit/601b227eecaab33a3a3a11dc256d84b1a62f63af + NOTE: https://github.com/DCMTK/dcmtk/commit/7d54f8efec995e5601d089fa17b0625c2b41af23 CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) NOT-FOR-US: AMD Radeon Windows driver CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f03043c950fc05c959ca78fb8defa17cd30c508a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f03043c950fc05c959ca78fb8defa17cd30c508a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pdns-rec fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: dffc98bd by Moritz Muehlenhoff at 2024-04-24T15:40:29+02:00 pdns-rec fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-25583 - - pdns-recursor (bug #1069762) + - pdns-recursor 4.9.5-1 (bug #1069762) NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1 CVE-2024-3154 - cri-o (bug #979702) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffc98bd40243b5bb5cdf469b3ad11c7cfb79200 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffc98bd40243b5bb5cdf469b3ad11c7cfb79200 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ac1e8043 by Moritz Muehlenhoff at 2024-04-24T15:06:19+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68,7 +68,7 @@ CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerabi CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) - - matrix-synapse + - matrix-synapse (bug #1069763) NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v NOTE: https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) @@ -550,7 +550,7 @@ CVE-2024-21872 (The device allows an unauthenticated attacker to bypass authenti CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmitter ...) NOT-FOR-US: Electrolink CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...) - - python-flask-cors + - python-flask-cors (bug #1069764) NOTE: https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644 NOTE: https://github.com/corydolphin/flask-cors/issues/349 CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac1e8043aa4c5c51116bfda1be3737947b1b550c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac1e8043aa4c5c51116bfda1be3737947b1b550c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new pdns-rec issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 02c8b5e8 by Moritz Muehlenhoff at 2024-04-24T14:02:03+02:00 new pdns-rec issue - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-25583 + - pdns-recursor (bug #1069762) + NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1 CVE-2024-3154 - cri-o (bug #979702) CVE-2024-30171 = data/dsa-needed.txt = @@ -48,6 +48,8 @@ opennds/stable -- org-mode -- +pdns-recursor +-- php-cas/oldstable -- php-horde-mime-viewer/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c8b5e835dd1c9f7672f01364c0cf5b64592dd7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c8b5e835dd1c9f7672f01364c0cf5b64592dd7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new matrix-synapse issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 149b237f by Moritz Muehlenhoff at 2024-04-24T10:14:52+02:00 new matrix-synapse issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,9 @@ CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerabi CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) - TODO: check + - matrix-synapse + NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v + NOTE: https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) NOT-FOR-US: PX4 Autopilot CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149b237f08488a6468c09e0fc736da89b59057b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149b237f08488a6468c09e0fc736da89b59057b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fceux n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d224cdf by Moritz Muehlenhoff at 2024-04-24T10:13:25+02:00 fceux n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,7 +58,10 @@ CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) NOT-FOR-US: Tillitis TKey CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) - TODO: check + - fceux (Vulnerable code never uploaded to the archive) + NOTE: https://github.com/TASEmulators/fceux/issues/727 + NOTE: Introduced in https://github.com/TASEmulators/fceux/commit/798c5a1d9c73b899cdbe3d613c0022588281979f + NOTE: Fixed in https://github.com/TASEmulators/fceux/commit/48b48e7c13be1b949074f42660a33c7ef57135e1 CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d224cdf51c23ef3fd4192a22365cbc0c5cc4ac6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d224cdf51c23ef3fd4192a22365cbc0c5cc4ac6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fad303 by Moritz Muehlenhoff at 2024-04-24T10:00:08+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,7 +20,7 @@ CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulne CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) - TODO: check + NOT-FOR-US: Rapid7 CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) @@ -56,11 +56,11 @@ CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1) CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) - TODO: check + NOT-FOR-US: Tillitis TKey CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) TODO: check CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) - TODO: check + NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) TODO: check CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) @@ -72,9 +72,9 @@ CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to ob CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) TODO: check CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) - TODO: check + NOT-FOR-US: AMD Radeon Windows driver CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) - TODO: check + NOT-FOR-US: AMD Radeon Windows driver CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) NOT-FOR-US: WordPress plugin CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fad30314e892f1bb374ad9c1e8441185c47208 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fad30314e892f1bb374ad9c1e8441185c47208 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for linux upload with 6.7.12 basis to unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 729001a9 by Salvatore Bonaccorso at 2024-04-24T09:54:29+02:00 Track fixes for linux upload with 6.7.12 basis to unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1305,283 +1305,283 @@ CVE-2024-26910 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/97f7cf1cd80eeed3b7c808b7c12463295c751001 (6.8-rc3) CVE-2024-26909 (In the Linux kernel, the following vulnerability has been resolved: s ...) - - linux + - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b979f2d50a099f3402418d7ff5f26c3952fb08bb (6.8-rc7) CVE-2024-26908 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/3693bb4465e6e32a204a5b86d3ec7e6b9f7e67c2 (6.8-rc5) CVE-2024-26907 (In the Linux kernel, the following vulnerability has been resolved: R ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/4d5e86a56615cc387d21c629f9af8fb0e958d350 (6.8-rc6) CVE-2024-26906 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 (6.8-rc6) CVE-2024-26905 (In the Linux kernel, the following vulnerability has been resolved: b ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/e06cc89475eddc1f3a7a4d471524256152c68166 (6.8-rc7) CVE-2024-26904 (In the Linux kernel, the following vulnerability has been resolved: b ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/c7bb26b847e5b97814f522686068c5628e2b3646 (6.8-rc7) CVE-2024-26903 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/2535b848fa0f42ddff3e5255cf5e742c9b77bb26 (6.8-rc7) CVE-2024-26902 (In the Linux kernel, the following vulnerability has been resolved: p ...) - - linux + - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/34b567868777e9fd39ec5333969728a7f0cf179c (6.8-rc7) CVE-2024-26901 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/3948abaa4e2be938ccdfc289385a27342fb13d43 (6.9-rc1) CVE-2024-26900 (In the Linux kernel, the following vulnerability has been resolved: m ...) - - linux + - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (6.9-rc1) CVE-2024-26899 (In the Linux kernel, the following vulnerability has been resolved: b ...) - - linux + - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/03f12122b20b6e6028e9ed69030a49f9cffcbb75 (6.9-rc1) CVE-2024-26898 (In the Linux kernel, the following vulnerability has been resolved: a ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/f98364e926626c678fb4b9004b75cacf92ff0662 (6.9-rc1) CVE-2024-26897 (In the Linux kernel, the following vulnerability has been resolved: w ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/24355fcb0d4cbcb6ddda262596558e8cfba70f11 (6.9-rc1) CVE-2024-26896 (In the Linux kernel, the following vulnerability has been resolved: w ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b8cfb7c819dd39965136a66fe3a7fde688d976fc (6.9-rc1) CVE-2024-26895 (In the Linux kernel, the following vulnerability has been resolved: w ...) - - linux + - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cb5942b7
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for new freerdp3 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0aab47b7 by Salvatore Bonaccorso at 2024-04-24T09:34:59+02:00 Add Debian bug reference for new freerdp3 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,22 +36,22 @@ CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - - freerdp3 + - freerdp3 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1) CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - - freerdp3 + - freerdp3 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1) CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - - freerdp3 + - freerdp3 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1) CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - - freerdp3 + - freerdp3 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aab47b7902e9a77205fa5d56fc45d1132d1e293 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aab47b7902e9a77205fa5d56fc45d1132d1e293 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-32661/FreeRDP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65530d61 by Salvatore Bonaccorso at 2024-04-24T09:16:03+02:00 Add CVE-2024-32661/FreeRDP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,7 +36,10 @@ CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - TODO: check + - freerdp3 + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1) CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - freerdp3 - freerdp2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65530d618a04547f0ce8921f02b7fe62f192d004 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65530d618a04547f0ce8921f02b7fe62f192d004 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-32660/FreeRDP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 064ed4fb by Salvatore Bonaccorso at 2024-04-24T09:14:25+02:00 Add CVE-2024-32660/FreeRDP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38,7 +38,10 @@ CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared F CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) TODO: check CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - TODO: check + - freerdp3 + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1) CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 - freerdp2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/064ed4fb21377a10868c0c88a8ac8e88f70acd6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/064ed4fb21377a10868c0c88a8ac8e88f70acd6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-32659/FreeRDP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40727a55 by Salvatore Bonaccorso at 2024-04-24T09:12:51+02:00 Add CVE-2024-32659/FreeRDP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,10 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) TODO: check CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - TODO: check + - freerdp3 + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1) CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 - freerdp2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40727a5590f2b70bbae3860dd20a2c3e4b802018 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40727a5590f2b70bbae3860dd20a2c3e4b802018 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-32658/FreeRDP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b942d14 by Salvatore Bonaccorso at 2024-04-24T09:09:33+02:00 Add CVE-2024-32658/FreeRDP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42,7 +42,10 @@ CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) TODO: check CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - TODO: check + - freerdp3 + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1) CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) TODO: check CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b942d144ed627db2a38bcbebb7a8210eb9023d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b942d144ed627db2a38bcbebb7a8210eb9023d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits