[Git][security-tracker-team/security-tracker][master] Add CVE-2023-40533/tinyproxy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b72f4df7 by Salvatore Bonaccorso at 2024-05-02T07:55:54+02:00 Add CVE-2023-40533/tinyproxy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -131,7 +131,8 @@ CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthent CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...) NOT-FOR-US: Teledyne FLIR M300 CVE-2023-40533 (An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 w ...) - TODO: check + - tinyproxy + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902 CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b72f4df778ca3c560b7ad1155b1be3be266b8faa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b72f4df778ca3c560b7ad1155b1be3be266b8faa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for wpa via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 675f09a0 by Salvatore Bonaccorso at 2024-05-02T07:20:30+02:00 Track proposed update for wpa via bullseye-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -118,3 +118,5 @@ CVE-2023-34410 [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 CVE-2023-33285 [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-52160 + [bullseye] - wpa 2:2.9.0-21+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675f09a006ecdfd7731d0f46eae1ccb89b934fe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675f09a006ecdfd7731d0f46eae1ccb89b934fe4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for qtbase-opensource-src via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a59f609f by Salvatore Bonaccorso at 2024-05-02T07:18:17+02:00 Track proposed update for qtbase-opensource-src via bullseye-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -98,3 +98,23 @@ CVE-2024-30205 [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2 CVE-2023-52723 [bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1 +CVE-2024-25580 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-32763 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2022-25255 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-24607 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-32762 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-51714 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-38197 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-37369 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-34410 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 +CVE-2023-33285 + [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59f609f4ae3dad2244323c55eae5e13f6e1d137 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59f609f4ae3dad2244323c55eae5e13f6e1d137 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed org-mode update via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c4ae82a by Salvatore Bonaccorso at 2024-05-02T07:09:49+02:00 Track proposed org-mode update via bullseye-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -89,9 +89,12 @@ CVE-2024-24814 [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4 CVE-2024-30203 [bullseye] - emacs 1:27.1+1-3.1+deb11u3 + [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2 CVE-2024-30204 [bullseye] - emacs 1:27.1+1-3.1+deb11u3 + [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2 CVE-2024-30205 [bullseye] - emacs 1:27.1+1-3.1+deb11u3 + [bullseye] - org-mode 9.4.0+dfsg-1+deb11u2 CVE-2023-52723 [bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ae82a353b95accebc15da27382368c7498bec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ae82a353b95accebc15da27382368c7498bec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for pypy3 via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17aa8eef by Salvatore Bonaccorso at 2024-05-02T06:55:54+02:00 Track proposed update for pypy3 via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -136,3 +136,11 @@ CVE-2024-25580 [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2 CVE-2023-51714 [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2 +CVE-2023-24329 + [bookworm] - pypy3 7.3.11+dfsg-2+deb12u2 +CVE-2023-40217 + [bookworm] - pypy3 7.3.11+dfsg-2+deb12u2 +CVE-2023-6597 + [bookworm] - pypy3 7.3.11+dfsg-2+deb12u2 +CVE-2024-0450 + [bookworm] - pypy3 7.3.11+dfsg-2+deb12u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17aa8eef30df6e53f0a4b1d1404713fd2e5913a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17aa8eef30df6e53f0a4b1d1404713fd2e5913a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed qtbase-opensource-src update via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52aa799f by Salvatore Bonaccorso at 2024-05-02T06:54:17+02:00 Track proposed qtbase-opensource-src update via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -132,3 +132,7 @@ CVE-2023-5115 [bookworm] - ansible-core 2.14.16-0+deb12u1 CVE-2023-52160 [bookworm] - wpa 2:2.10-12+deb12u1 +CVE-2024-25580 + [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2 +CVE-2023-51714 + [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52aa799f79f47ceb355e629d885540a05433440b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52aa799f79f47ceb355e629d885540a05433440b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove wpa from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: deae7588 by Salvatore Bonaccorso at 2024-05-02T06:53:06+02:00 Remove wpa from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -88,7 +88,5 @@ squid -- webkit2gtk (berto) -- -wpa --- zabbix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deae7588ba162f5a310d1d3a094ca7cd0d5689e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deae7588ba162f5a310d1d3a094ca7cd0d5689e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed wpa update via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 746a8894 by Salvatore Bonaccorso at 2024-05-02T06:52:31+02:00 Track proposed wpa update via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -130,3 +130,5 @@ CVE-2023-5764 [bookworm] - ansible-core 2.14.16-0+deb12u1 CVE-2023-5115 [bookworm] - ansible-core 2.14.16-0+deb12u1 +CVE-2023-52160 + [bookworm] - wpa 2:2.10-12+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746a8894d9ea7ab7410c036becf2e1a288612f94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746a8894d9ea7ab7410c036becf2e1a288612f94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-52160 as no-dsa as update got proposed via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4e91307 by Salvatore Bonaccorso at 2024-05-02T06:51:47+02:00 Mark CVE-2023-52160 as no-dsa as update got proposed via bookworm-pu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21883,6 +21883,8 @@ CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possi CVE-2023-52160 (The implementation of PEAP in wpa_supplicant through 2.10 allows authe ...) {DLA-3743-1} - wpa 2:2.10-21.1 (bug #1064061) + [bookworm] - wpa (Minor issue; Will be fixed via point release) + [bullseye] - wpa (Minor issue; can be fixed via point release) NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/ NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042362.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4e913070d285fbf0afced3ebea6312a1c3f46b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4e913070d285fbf0afced3ebea6312a1c3f46b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-26793/libmodbus
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b1231d87 by Salvatore Bonaccorso at 2024-05-02T06:41:18+02:00 Add CVE-2023-26793/libmodbus - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80645,7 +80645,8 @@ CVE-2023-26795 CVE-2023-26794 RESERVED CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in re ...) - TODO: check + - libmodbus + NOTE: https://github.com/stephane/libmodbus/issues/683 CVE-2023-26792 RESERVED CVE-2023-26791 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1231d87898ec6757d9cf47a196b8ef7ecdb529f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1231d87898ec6757d9cf47a196b8ef7ecdb529f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88197b2c by Salvatore Bonaccorso at 2024-05-01T23:11:19+02:00 Process some NFUs - - - - - 23a51ae2 by Salvatore Bonaccorso at 2024-05-01T23:11:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) - TODO: check + NOT-FOR-US: Totolink CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...) - TODO: check + NOT-FOR-US: HPE Aruba Networking CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...) - TODO: check + NOT-FOR-US: phiola CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...) - TODO: check + NOT-FOR-US: phiola CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...) - TODO: check + NOT-FOR-US: phiola CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...) - TODO: check + NOT-FOR-US: phiola CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) TODO: check CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) - TODO: check + NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) - TODO: check + NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) - TODO: check + NOT-FOR-US: SourceCodester Product Show Room CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...) - TODO: check + NOT-FOR-US: Typora CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) - TODO: check + NOT-FOR-US: Realisation MGSD CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) TODO: check CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) @@ -55,13 +55,13 @@ CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Pla CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) TODO: check CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) - TODO: check + NOT-FOR-US: LoMag WareHouse Management application CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) - TODO: check + NOT-FOR-US: LOGINT LoMag Inventory Management CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...) - TODO: check + NOT-FOR-US: LOGINT LoMag Inventory Management CVE-2024-32210 (The LoMag
[Git][security-tracker-team/security-tracker][master] pypy3: Missed that CVE-2021-28861 is fixed
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: cd52008d by Stefano Rivera at 2024-05-01T16:48:36-04:00 pypy3: Missed that CVE-2021-28861 is fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -225792,7 +225792,7 @@ CVE-2021-28861 (Python 3.x through 3.10 has an open redirection vulnerability in - python3.9 (unimportant) - python3.7 (unimportant) - python2.7 (unimportant) - - pypy3 (unimportant) + - pypy3 7.3.10+dfsg-1 (unimportant) NOTE: https://bugs.python.org/issue43223 NOTE: https://github.com/python/cpython/pull/93879 NOTE: https://github.com/python/cpython/commit/e2e8847bf52f4a81490653c6d13b7e3821b2c2be (v3.11.0b4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd52008d24efac55475b987c00d7e4680aecd366 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd52008d24efac55475b987c00d7e4680aecd366 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pypy3: Missed thta CVE-2023-24329 is fixed
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: eefb9ee9 by Stefano Rivera at 2024-05-01T16:18:46-04:00 pypy3: Missed thta CVE-2023-24329 is fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -88295,7 +88295,7 @@ CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 a [buster] - python3.7 (Cf. related CVE-2022-0391) - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - - pypy3 + - pypy3 7.3.12+dfsg-1 [bookworm] - pypy3 (Minor issue) [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eefb9ee9bd222e62364dba45a3ee953d63b20292 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eefb9ee9bd222e62364dba45a3ee953d63b20292 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2023-46566
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ef02d59 by Salvatore Bonaccorso at 2024-05-01T22:16:01+02:00 Reference upstream issue for CVE-2023-46566 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1137,6 +1137,7 @@ CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote a NOT-FOR-US: PyPXE CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) - tftpy + NOTE: https://github.com/msoulier/tftpy/issues/140 CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) NOT-FOR-US: ASUS CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ef02d593542c82cd329647a4678cd9a15aa5f19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ef02d593542c82cd329647a4678cd9a15aa5f19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cb76107 by security tracker role at 2024-05-01T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,342 +1,476 @@ -CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()] +CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) + TODO: check +CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) + TODO: check +CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...) + TODO: check +CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...) + TODO: check +CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...) + TODO: check +CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...) + TODO: check +CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...) + TODO: check +CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) + TODO: check +CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) + TODO: check +CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) + TODO: check +CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...) + TODO: check +CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) + TODO: check +CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) + TODO: check +CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) + TODO: check +CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + TODO: check +CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) + TODO: check +CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) + TODO: check +CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...) + TODO: check +CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...) + TODO: check +CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...) + TODO: check +CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...) + TODO: check +CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...) + TODO: check +CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...) + TODO: check +CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...) + TODO: check +CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...) + TODO: check +CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...) + TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28130/dcmtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57e5656a by Salvatore Bonaccorso at 2024-05-01T22:07:24+02:00 Add CVE-2024-28130/dcmtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2400,7 +2400,7 @@ CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-S CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) NOT-FOR-US: Flipsnack CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) - - dcmtk + - dcmtk (bug #1070207) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 NOTE: https://support.dcmtk.org/redmine/issues/1120 NOTE: https://github.com/DCMTK/dcmtk/commit/601b227eecaab33a3a3a11dc256d84b1a62f63af View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57e5656a361194bbd4378b52184ce20bb2060397 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57e5656a361194bbd4378b52184ce20bb2060397 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2020-14931/dmitry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d8f5903 by Salvatore Bonaccorso at 2024-05-01T22:06:27+02:00 Reference upstream commit for CVE-2020-14931/dmitry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -289817,6 +289817,7 @@ CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information G [bullseye] - dmitry (Minor issue) NOTE: https://github.com/jaygreig86/dmitry/issues/4 NOTE: https://github.com/jaygreig86/dmitry/pull/6 + NOTE: Fixed by: https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192 CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464 CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8f590345ba138d3349fcf061ba11fa78aaf7c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8f590345ba138d3349fcf061ba11fa78aaf7c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-31031
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c0c1d0f by Salvatore Bonaccorso at 2024-05-01T21:40:38+02:00 Update status for CVE-2024-31031 Up to the version first at least v4.3.0-rc1 upstream the issue is not present. Update status for src:libcoap and src:libcoap2 as up to the version removed in unstable in the end the version was not affected. Thanks: Sylvain Beucler for the triage. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3476,11 +3476,8 @@ CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern function CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in mqtt_ ...) NOT-FOR-US: NanoMQ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...) - - libcoap - [buster] - libcoap (Vulnerable code not present) - - libcoap2 - [bullseye] - libcoap2 (Minor issue) - [buster] - libcoap2 (Vulnerable code not present) + - libcoap (Vulnerable code not present) + - libcoap2 (Vulnerable code not present) - libcoap3 [bookworm] - libcoap3 (Minor issue) NOTE: https://github.com/obgm/libcoap/issues/1351 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0c1d0f734b8c155147f71abfc6ec87d4199666 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0c1d0f734b8c155147f71abfc6ec87d4199666 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pypy3: Use versions published in unstable, not experimental
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: 90abd11f by Stefano Rivera at 2024-05-01T15:29:42-04:00 pypy3: Use versions published in unstable, not experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53505,7 +53505,7 @@ CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Pyth - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - - pypy3 7.3.4~rc1+dfsg-1 + - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue40791 NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2) NOTE: https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1) @@ -53518,7 +53518,7 @@ CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python thro - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - - pypy3 7.3.4~rc1+dfsg-1 + - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue42051 NOTE: https://github.com/python/cpython/issues/86217 NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2) @@ -53531,7 +53531,7 @@ CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable t - python3.9 3.9.1~rc1-1 - python3.7 - python2.7 (In 2.7, the plistlib parser only supports XML and not the affected binary format) - - pypy3 7.3.4~rc1+dfsg-1 + - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue42103 NOTE: https://github.com/python/cpython/issues/86269 NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2) @@ -168597,7 +168597,7 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse - python3.4 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - - pypy3 7.3.6~rc2+dfsg-1 + - pypy3 7.3.6+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43882 @@ -175924,7 +175924,7 @@ CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfe [experimental] - python2.7 2.7.18-13.1~exp1 - python2.7 2.7.18-13.1 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) - - pypy3 7.3.8~rc1+dfsg-1 + - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43285 @@ -196621,7 +196621,7 @@ CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response i - python3.4 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - - pypy3 7.3.8~rc1+dfsg-1 + - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue44022 @@ -197832,7 +197832,7 @@ CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An att - python3.5 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - - pypy3 7.3.8~rc1+dfsg-1 + - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43075 @@ -223044,7 +223044,7 @@ CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading - python3.9 3.9.7-1 (bug #989195) [bullseye] - python3.9 (Minor issue) - python2.7 (Vulnerable code introduced later) - - pypy3 7.3.8~rc1+dfsg-1 + - pypy3 7.3.8+dfsg-1 [buster] - pypy3 (Minor issue) [bullseye] - pypy3 (Vulnerable code introduced later) NOTE: https://bugs.python.org/issue36384#msg392423 @@ -260808,7 +260808,7 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p - python3.8 (unimportant) - python3.7 (unimportant) - python2.7 (unimportant) - - pypy3 7.3.4~rc1+dfsg-1 + - pypy3 7.3.5+dfsg-2 NOTE: https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html NOTE: https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (master) NOTE: https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (master) @@ -264380,7 +264380,7 @@ CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3. - python3.5 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - - pypy3
[Git][security-tracker-team/security-tracker][master] Sync status of some linux CVEs with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df1aa63a by Salvatore Bonaccorso at 2024-05-01T21:22:21+02:00 Sync status of some linux CVEs with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,5 @@ CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()] - - linux - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) + - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1) CVE-2024-27391 [wifi: wilc1000: do not realloc workqueue everytime an interface is added] - linux 6.7.12-1 @@ -65,22 +62,13 @@ CVE-2024-27072 [media: usbtv: Remove useless locks in usbtv_video_free()] - linux NOTE: https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1) CVE-2024-27071 [backlight: hx8357: Fix potential NULL pointer dereference] - - linux - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) + - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 (6.9-rc1) CVE-2024-27070 [f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault] - - linux - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) + - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 (6.9-rc1) CVE-2024-27069 [ovl: relax WARN_ON in ovl_verify_area()] - - linux - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) + - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/77a28aa476873048024ad56daf8f4f17d58ee48e (6.9-rc1) CVE-2024-27068 [thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path] - linux 6.7.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1aa63aea5ff25dcbbda48939d1ed17910a85c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1aa63aea5ff25dcbbda48939d1ed17910a85c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update cPython versions that pypy3 embeds
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: 801a211f by Stefano Rivera at 2024-05-01T15:13:55-04:00 Update cPython versions that pypy3 embeds - - - - - 1 changed file: - data/embedded-code-copies Changes: = data/embedded-code-copies = @@ -1677,6 +1677,14 @@ python3.7 - pypy3 (fork) NOTE: embeds stdlib +python3.8 + - pypy3 (fork) + NOTE: embeds stdlib + +python3.9 + - pypy3 (fork) + NOTE: embeds stdlib + argparse - twill (embed; bug #555347) - ipython (embed; bug #555348) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/801a211fff0f34f615ac5dde6433f00ff42a8032 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/801a211fff0f34f615ac5dde6433f00ff42a8032 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage of Python bugs that affect pypy3
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: 9efceb85 by Stefano Rivera at 2024-05-01T14:55:54-04:00 Triage of Python bugs that affect pypy3 Applied the same triage as was already applied to the relevant cPythons - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13409,6 +13409,7 @@ CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that NOT-FOR-US: Devklan's Alma Blog CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...) {DLA-3772-1 DLA-3771-1} + - pypy3 7.3.16+dfsg-1 - python3.12 3.12.2-1 - python3.11 3.11.8-1 (bug #1070133) - python3.10 @@ -13433,6 +13434,10 @@ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` c [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 (tempfile.TemporaryDirectory added in 3.2) + - pypy3 7.3.13+dfsg-1 + [bookworm] - pypy3 (Minor issue) + [bullseye] - pypy3 (Minor issue) + [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/pull/99930 NOTE: https://github.com/python/cpython/issues/91133 NOTE: https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 (v3.12.1) @@ -53512,6 +53517,7 @@ CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Pyth - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 + - pypy3 7.3.4~rc1+dfsg-1 NOTE: https://bugs.python.org/issue40791 NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2) NOTE: https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1) @@ -53524,6 +53530,7 @@ CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python thro - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 + - pypy3 7.3.4~rc1+dfsg-1 NOTE: https://bugs.python.org/issue42051 NOTE: https://github.com/python/cpython/issues/86217 NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2) @@ -53536,6 +53543,7 @@ CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable t - python3.9 3.9.1~rc1-1 - python3.7 - python2.7 (In 2.7, the plistlib parser only supports XML and not the affected binary format) + - pypy3 7.3.4~rc1+dfsg-1 NOTE: https://bugs.python.org/issue42103 NOTE: https://github.com/python/cpython/issues/86269 NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2) @@ -79980,6 +79988,10 @@ CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-m - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) [buster] - python2.7 (Minor issue, wait until upstream has decided whether to backport to older branches) + - pypy3 + [bookworm] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) + [bullseye] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) + [buster] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) NOTE: https://github.com/python/cpython/issues/102988 CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) NOT-FOR-US: Tenda @@ -88163,6 +88175,10 @@ CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 a [buster] - python3.7 (Cf. related CVE-2022-0391) - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 + - pypy3 + [bookworm] - pypy3 (Minor issue) + [bullseye] - pypy3 (Minor issue) + [buster] - pypy3 (Minor issue) NOTE: https://pointernull.com/security/python-url-parse-problem.html NOTE: https://github.com/python/cpython/pull/99421 NOTE: https://github.com/python/cpython/pull/99446 (backport for 3.11 branch) @@ -105870,6 +105886,9 @@ CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary - python3.7 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + - pypy3 7.3.11+dfsg-1 + [bullseye] - pypy3 (Minor issue) + [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/issues/98433 NOTE: https://github.com/python/cpython/pull/99092 NOTE: https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15 (v3.11.1) @@ -114676,6 +114695,9 @@
[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ca6d65a by Salvatore Bonaccorso at 2024-05-01T20:52:40+02:00 Track fixed version for chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -345,11 +345,11 @@ CVE-2022-48669 [powerpc/pseries: Fix potential memleak in papr_get_attr()] [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1) CVE-2024-4331 - - chromium + - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4368 - - chromium + - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca6d65aed97cea872f484664a603e1898932b4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca6d65aed97cea872f484664a603e1898932b4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83c72f90 by Salvatore Bonaccorso at 2024-05-01T20:48:30+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,349 @@ +CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1) +CVE-2024-27391 [wifi: wilc1000: do not realloc workqueue everytime an interface is added] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/328efda22af81130c2ad981c110518cb29ff2f1d (6.9-rc1) +CVE-2024-27390 [ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/17ef8efc00b34918b966388b2af0993811895a8c (6.9-rc1) +CVE-2024-27389 [pstore: inode: Only d_invalidate() is needed] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1) +CVE-2024-27388 [SUNRPC: fix some memleaks in gssx_dec_option_array] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/3cfcfc102a5e57b021b786a755a38935e357797d (6.9-rc1) +CVE-2024-27080 [btrfs: fix race when detecting delalloc ranges during fiemap] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/978b63f7464abcfd364a6c95f734282c50f3decf (6.9-rc1) +CVE-2024-27079 [iommu/vt-d: Fix NULL domain on device release] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/81e921fd321614c2ad8ac333b041aae1da7a1c6d (6.9-rc1) +CVE-2024-27078 [media: v4l2-tpg: fix some memleaks in tpg_alloc] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c (6.9-rc1) +CVE-2024-27077 [media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/8f94b49a5b5d386c038e355bef6347298aabd211 (6.9-rc1) +CVE-2024-27076 [media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4797a3dd46f220e6d83daf54d70c5b33db6deb01 (6.9-rc1) +CVE-2024-27075 [media: dvb-frontends: avoid stack overflow warnings with clang] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/7a4cf27d1f0538f779bf31b8c99eda394e277119 (6.9-rc1) +CVE-2024-27074 [media: go7007: fix a memleak in go7007_load_encoder] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/b9b683844b01d171a72b9c0419a2d760d946ee12 (6.9-rc1) +CVE-2024-27073 [media: ttpci: fix two memleaks in budget_av_attach] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + NOTE: https://git.kernel.org/linus/d0b07f712bf61e1a3cf23c87c663791c42e50837 (6.9-rc1) +CVE-2024-27072 [media: usbtv: Remove useless locks in usbtv_video_free()] + - linux + NOTE: https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1) +CVE-2024-27071 [backlight: hx8357: Fix potential NULL pointer dereference] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 (6.9-rc1) +CVE-2024-27070 [f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 (6.9-rc1) +CVE-2024-27069 [ovl: relax WARN_ON in
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nvidia-cuda-toolkit issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c407747 by Salvatore Bonaccorso at 2024-05-01T20:17:02+02:00 Add Debian bug reference for nvidia-cuda-toolkit issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7609,12 +7609,12 @@ CVE-2024-0081 (NVIDIA NeMo framework for Ubuntu contains a vulnerability in tool CVE-2024-0080 (NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability w ...) NOT-FOR-US: NVIDIA nvTIFF Library CVE-2024-0076 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - - nvidia-cuda-toolkit + - nvidia-cuda-toolkit (bug #1070177) [bookworm] - nvidia-cuda-toolkit (Non-free not supported) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 CVE-2024-0072 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - - nvidia-cuda-toolkit + - nvidia-cuda-toolkit (bug #1070177) [bookworm] - nvidia-cuda-toolkit (Non-free not supported) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c407747a4cbf719319632e808576fd5577ff0af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c407747a4cbf719319632e808576fd5577ff0af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed changes for ansible-core via bookworm-pu (but not yet acked)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57a4ad55 by Salvatore Bonaccorso at 2024-05-01T20:12:56+02:00 Track proposed changes for ansible-core via bookworm-pu (but not yet acked) - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -124,3 +124,9 @@ CVE-2024-30205 [bookworm] - emacs 1:28.2+1-15+deb12u1 CVE-2023-52723 [bookworm] - libkf5ksieve 4:22.12.3-1+deb12u1 +CVE-2024-0690 + [bookworm] - ansible-core 2.14.16-0+deb12u1 +CVE-2023-5764 + [bookworm] - ansible-core 2.14.16-0+deb12u1 +CVE-2023-5115 + [bookworm] - ansible-core 2.14.16-0+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57a4ad552f52fe6259223dce0fbf61f1b52474ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57a4ad552f52fe6259223dce0fbf61f1b52474ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add note about bookworm-proposed-update for ansible(-core)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 59be7188 by Lee Garrett at 2024-05-01T17:51:12+02:00 add note about bookworm-proposed-update for ansible(-core) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,7 @@ ansible (Lee Garrett) NOTE: 20231217: Begin to triage CVEs (rouca) NOTE: 20231217: Triaging done a few mail send upstream for claryfication purposes (rouca) NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee + NOTE: 20240501: Update for bookworm-proposed-update: #1070193 (lee) -- apache2 (debian) NOTE: 20240418: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new gobgp issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b46df9c3 by Moritz Muehlenhoff at 2024-05-01T16:26:57+02:00 new gobgp issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -800,7 +800,8 @@ CVE-2023-48684 (Sensitive information disclosure and manipulation due to missing CVE-2023-48683 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis Cyber Protect Cloud Agent CVE-2023-46565 (Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d1 ...) - TODO: check + - gobgp + NOTE: https://github.com/osrg/gobgp/issues/2725 CVE-2023-46270 (MacPaw The Unarchiver before 4.3.6 contains vulnerability related to m ...) NOT-FOR-US: MacPaw The Unarchiver CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the login f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46df9c369e94212b17c8dbf9d1998995803cb3c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46df9c369e94212b17c8dbf9d1998995803cb3c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new tftpy issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f4f3f752 by Moritz Muehlenhoff at 2024-05-01T16:25:42+02:00 new tftpy issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -668,7 +668,7 @@ CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to ca CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) NOT-FOR-US: PyPXE CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) - TODO: check + - tftpy CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) NOT-FOR-US: ASUS CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f3f752facfb3c5a701db3999a0c7f97f0cde64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f3f752facfb3c5a701db3999a0c7f97f0cde64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 57086a86 by Moritz Muehlenhoff at 2024-05-01T16:23:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,9 +35,9 @@ CVE-2024-32967 (Zitadel is an open source identity management system. In case ZI CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) NOT-FOR-US: Static Web Server CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) - TODO: check + NOT-FOR-US: Navidrome CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) - TODO: check + NOT-FOR-US: Navidrome CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) @@ -45,7 +45,7 @@ CVE-2024-32017 (RIOT is a real-time multi-threading operating system that suppor CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) - TODO: check + NOT-FOR-US: lsgwr spring boot online exam CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) NOT-FOR-US: Dell CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) @@ -495,7 +495,7 @@ CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPr CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) NOT-FOR-US: Measuresoft CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) - TODO: check + NOT-FOR-US: IPMI implementations CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WordPress plugin CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) @@ -505,7 +505,7 @@ CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge( CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) NOT-FOR-US: OneNav CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) - TODO: check + NOT-FOR-US: yapi CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) NOT-FOR-US: MajorDoMo (aka Major Domestic Module) CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) @@ -554,9 +554,9 @@ CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) NOT-FOR-US: CSS Exfil Protection CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) - TODO: check + NOT-FOR-US: Wallos CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) NOT-FOR-US: ReCrystallize Server CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) @@ -578,7 +578,7 @@ CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...) NOT-FOR-US: TRENDnet TEW-815DAP CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...) - TODO: check + NOT-FOR-US: XADMaster CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...) NOT-FOR-US: WordPress plugin CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...) @@ -594,7 +594,7 @@ CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform fi CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...) NOT-FOR-US: Vtiger CRM CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...) - TODO: check + NOT-FOR-US: ProQuality pqprintshippinglabels CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...) @@ -666,7 +666,7 @@ CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 CVE-2023-50432 (simple-dhcp-server through ec976d2 allows
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3806-1 for distro-info-data
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: fb03d35c by Stefano Rivera at 2024-05-01T10:16:22-04:00 Reserve DLA-3806-1 for distro-info-data - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[01 May 2024] DLA-3806-1 distro-info-data - database update + [buster] - distro-info-data 0.41+deb10u9 [01 May 2024] DLA-3805-1 qtbase-opensource-src - security update {CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-37369 CVE-2023-38197 CVE-2023-51714} [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb03d35caa2f8984793fc91e0f9cd3e67d8a615a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb03d35caa2f8984793fc91e0f9cd3e67d8a615a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 44dd9776 by Moritz Muehlenhoff at 2024-05-01T13:56:53+02:00 new chromium issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-4331 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-4368 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) NOT-FOR-US: OpenShift CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) = data/dsa-needed.txt = @@ -16,6 +16,8 @@ atril (jmm) -- dav1d (jmm) -- +chromium (dilinger) +-- dnsdist (jmm) -- dnsmasq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44dd97762c4c362bba0a6d5f06ac5e115f98cf61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44dd97762c4c362bba0a6d5f06ac5e115f98cf61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: eab15f76 by Moritz Muehlenhoff at 2024-05-01T13:42:52+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -22378,7 +22378,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4 [bullseye] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) [buster] - knot-resolver (Too intrusive to backport) - pdns-recursor 4.9.3-1 (bug #1063852) - [bullseye] - pdns-recursor (Too intrusive to backport, if DNSSEC is used Bookworm can be used) + [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) - unbound 1.19.1-1 (bug #1063845) - systemd 255.4-1 [bookworm] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) @@ -22420,7 +22420,7 @@ CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 51 [bullseye] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) [buster] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) - pdns-recursor 4.9.3-1 (bug #1063852) - [bullseye] - pdns-recursor (Too intrusive to backport, if DNSSEC is used Bookworm can be used) + [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) - unbound 1.19.1-1 (bug #1063845) - systemd 255.4-1 [bookworm] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) @@ -41844,6 +41844,7 @@ CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack NOT-FOR-US: JHipster generator-jhipster CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] - salt (bug #1055179) + [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) @@ -64221,6 +64222,7 @@ CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlie [bullseye] - python-tornado (Minor issue) [buster] - python-tornado (Minor issue) - salt (bug #1059297) + [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2) CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) @@ -81150,7 +81152,7 @@ CVE-2023-26438 (External service lookups for a number of protocols were vulnerab NOT-FOR-US: OX App Suite CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...) - pdns-recursor 4.8.4-1 (bug #1033941) - [bullseye] - pdns-recursor (Minor issue) + [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) [buster] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html NOTE: https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989 (rec-4.6.6) @@ -107817,10 +107819,12 @@ CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerabil NOT-FOR-US: VMware CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...) - salt (bug #1051504) + [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...) - salt (bug #1051504) + [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ NOTE: https://github.com/saltstack/salt/issues/64061 @@ -129284,7 +129288,7 @@ CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS (iss NOT-FOR-US: SilverStripe CMS CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...) - pdns-recursor 4.7.2-1 - [bullseye] - pdns-recursor (Minor issue) + [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) [buster] - pdns-recursor (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1 NOTE: https://downloads.powerdns.com/patches/2022-02/ @@ -158499,7 +158503,7 @@ CVE-2022-27228 (In the
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cc8f9c9c by Moritz Muehlenhoff at 2024-05-01T13:16:08+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) - TODO: check + NOT-FOR-US: OpenShift CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) - TODO: check + - bitcoin CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) - TODO: check + NOT-FOR-US: Phlex CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) - TODO: check + NOT-FOR-US: Static Web Server CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) TODO: check CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) TODO: check CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) TODO: check CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) - TODO: check + NOT-FOR-US: MyBB CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) - TODO: check + NOT-FOR-US: MyBB CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8f9c9c1911feb00ab85d93b709c9cb7dcb777d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8f9c9c1911feb00ab85d93b709c9cb7dcb777d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim python-idna in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 716af3b4 by Guilhem Moulin at 2024-05-01T11:52:45+02:00 LTS: claim python-idna in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -219,7 +219,7 @@ python-asyncssh NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert) -- -python-idna +python-idna (guilhem) NOTE: 20240421: Added by Front-Desk (apo) -- rails View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/716af3b426e26ea86508d04d1f067473cffb3177 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/716af3b426e26ea86508d04d1f067473cffb3177 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73ae8f0d by security tracker role at 2024-05-01T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,426 +1,474 @@ -CVE-2024-27022 [fork: defer linking file vma until vma is fully initialized] +CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) + TODO: check +CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) + TODO: check +CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) + TODO: check +CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) + TODO: check +CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) + TODO: check +CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) + TODO: check +CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) + TODO: check +CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) + TODO: check +CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) + TODO: check +CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) + TODO: check +CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) + TODO: check +CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) + TODO: check +CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) + TODO: check +CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) + TODO: check +CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) + TODO: check +CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) + TODO: check +CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) + TODO: check +CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) + TODO: check +CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 (6.9-rc5) -CVE-2024-27021 [r8169: fix LED-related deadlock on module removal] +CVE-2024-27021 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/19fa4f2a85d777a8052e869c1b892a2f7556569d (6.9-rc4) -CVE-2024-27020 [netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()] +CVE-2024-27020 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf (6.9-rc5) -CVE-2024-27019 [netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()] +CVE-2024-27019 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/d78d867dcea69c328db30df665be5be7d0148484 (6.9-rc5) -CVE-2024-27018 [netfilter: br_netfilter: skip conntrack input hook for promisc packets] +CVE-2024-27018 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5) -CVE-2024-27017 [netfilter: nft_set_pipapo: walk over current view on
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-27022/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 824fe124 by Salvatore Bonaccorso at 2024-05-01T08:32:51+02:00 Add CVE-2024-27022/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2024-27022 [fork: defer linking file vma until vma is fully initialized] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 (6.9-rc5) CVE-2024-27021 [r8169: fix LED-related deadlock on module removal] - linux [bookworm] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824fe1242f16d60b9905ac0568ff510eead8019d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824fe1242f16d60b9905ac0568ff510eead8019d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge CVEs for Linux from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9254f047 by Salvatore Bonaccorso at 2024-05-01T08:00:42+02:00 Merge CVEs for Linux from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,426 @@ +CVE-2024-27021 [r8169: fix LED-related deadlock on module removal] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/19fa4f2a85d777a8052e869c1b892a2f7556569d (6.9-rc4) +CVE-2024-27020 [netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()] + - linux + NOTE: https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf (6.9-rc5) +CVE-2024-27019 [netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()] + - linux + NOTE: https://git.kernel.org/linus/d78d867dcea69c328db30df665be5be7d0148484 (6.9-rc5) +CVE-2024-27018 [netfilter: br_netfilter: skip conntrack input hook for promisc packets] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5) +CVE-2024-27017 [netfilter: nft_set_pipapo: walk over current view on netlink dump] + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/29b359cf6d95fd60730533f7f10464e95bd17c73 (6.9-rc5) +CVE-2024-27016 [netfilter: flowtable: validate pppoe header] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf (6.9-rc5) +CVE-2024-27015 [netfilter: flowtable: incorrect pppoe tuple] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6db5dc7b351b9569940cd1cf445e237c42cd6d27 (6.9-rc5) +CVE-2024-27014 [net/mlx5e: Prevent deadlock while disabling aRFS] + - linux + NOTE: https://git.kernel.org/linus/fef965764cf562f28afb997b626fc7c3cec99693 (6.9-rc5) +CVE-2024-27013 [tun: limit printing rate when illegal packet received by tun dev] + - linux + NOTE: https://git.kernel.org/linus/f8bbc07ac535593139c875ffa19af924b1084540 (6.9-rc5) +CVE-2024-27012 [netfilter: nf_tables: restore set elements when delete set fails] + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e79b47a8615d42c68aaeb6897159667382ed (6.9-rc5) +CVE-2024-27011 [netfilter: nf_tables: fix memleak in map from abort path] + - linux + NOTE: https://git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5) +CVE-2024-27010 [net/sched: Fix mirred deadlock on device recursion] + - linux + NOTE: https://git.kernel.org/linus/0f022d32c3eca477fbf79a205243a6123ed0fe11 (6.9-rc5) +CVE-2024-27009 [s390/cio: fix race condition during online processing] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2d8527f2f911fab84aec04df4788c0c23af3df48 (6.9-rc5) +CVE-2024-27008 [drm: nv04: Fix out of bounds access] + - linux + NOTE: https://git.kernel.org/linus/cf92bb778eda7830e79452c6917efa8474a30c1e (6.9-rc5) +CVE-2024-27007 [userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50 (6.9-rc5) +CVE-2024-27006 [thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd (6.9-rc5) +CVE-2024-27005 [interconnect: Don't access req_list while it's being manipulated] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5) +CVE-2024-27004 [clk: Get runtime PM before walking tree during disable_unused] + - linux + NOTE: https://git.kernel.org/linus/e581cf5d216289ef292d1a4036d53ce90e122469 (6.9-rc5)