[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a7ecfcc by Salvatore Bonaccorso at 2024-06-17T08:51:11+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,25 +1,25 @@ CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) - TODO: check + NOT-FOR-US: Shenzhen Guoxin Synthesis image system CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) - TODO: check + NOT-FOR-US: Shenzhen Guoxin Synthesis image system CVE-2024-38466 (Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw def ...) - TODO: check + NOT-FOR-US: Shenzhen Guoxin Synthesis image system CVE-2024-38465 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows username en ...) - TODO: check + NOT-FOR-US: Shenzhen Guoxin Synthesis image system CVE-2024-38462 (iRODS before 4.3.2 provides an msiSendMail function with a problematic ...) TODO: check CVE-2024-38461 (irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use ...) TODO: check CVE-2024-38460 (In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated usi ...) - TODO: check + NOT-FOR-US: SonarQube CVE-2024-38459 (langchain_experimental (aka LangChain Experimental) before 0.0.61 for ...) TODO: check CVE-2024-38458 (Xenforo before 2.2.16 allows code injection.) - TODO: check + NOT-FOR-US: Xenforo CVE-2024-38457 (Xenforo before 2.2.16 allows CSRF.) - TODO: check + NOT-FOR-US: Xenforo CVE-2024-38454 (ExpressionEngine before 7.4.11 allows XSS.) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situations ...) TODO: check CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...) @@ -39,9 +39,9 @@ CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the us NOTE: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg5.html NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...) - TODO: check + NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...) - TODO: check + NOT-FOR-US: iTerm2 CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...) - gnome-settings-daemon NOTE: https://pulsesecurity.co.nz/advisories/usbguard-bypass View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a7ecfcce3a69db55f065673bf865fa55b74cab2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a7ecfcce3a69db55f065673bf865fa55b74cab2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take pymongo
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 3282db30 by Bastien Roucariès at 2024-06-16T21:02:36+00:00 Take pymongo - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -253,7 +253,7 @@ putty (rouca) NOTE: 20240412: Wait for comments by maintainer NOTE: 20240430: Backport fixes for CVE-2024-31497 wait review -- -pymongo +pymongo (rouca) NOTE: 20240609: Added by Front-Desk (apo) -- pypy3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3282db30637a94c995792b8c3f10884a36930f54 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3282db30637a94c995792b8c3f10884a36930f54 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3830-1 for libvpx
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 1516c345 by Adrian Bunk at 2024-06-16T23:17:22+03:00 Reserve DLA-3830-1 for libvpx - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[16 Jun 2024] DLA-3830-1 libvpx - security update + {CVE-2024-5197} + [buster] - libvpx 1.7.0-3+deb10u3 [15 Jun 2024] DLA-3829-1 sendmail - security update {CVE-2023-51765} [buster] - sendmail 8.15.2-14~deb10u2 = data/dla-needed.txt = @@ -181,9 +181,6 @@ libstb NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto) -- -libvpx (Adrian Bunk) - NOTE: 20240609: Added by Front-Desk (apo) --- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1516c3456ed926d3678082b85f69166ac130c5a0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1516c3456ed926d3678082b85f69166ac130c5a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a3ed1a6a by security tracker role at 2024-06-16T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) + TODO: check +CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) + TODO: check +CVE-2024-38466 (Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw def ...) + TODO: check +CVE-2024-38465 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows username en ...) + TODO: check +CVE-2024-38462 (iRODS before 4.3.2 provides an msiSendMail function with a problematic ...) + TODO: check +CVE-2024-38461 (irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use ...) + TODO: check +CVE-2024-38460 (In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated usi ...) + TODO: check +CVE-2024-38459 (langchain_experimental (aka LangChain Experimental) before 0.0.61 for ...) + TODO: check +CVE-2024-38458 (Xenforo before 2.2.16 allows code injection.) + TODO: check +CVE-2024-38457 (Xenforo before 2.2.16 allows CSRF.) + TODO: check +CVE-2024-38454 (ExpressionEngine before 7.4.11 allows XSS.) + TODO: check +CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situations ...) + TODO: check +CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...) + TODO: check +CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper Neutralization of ...) + TODO: check CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) - wget (bug #1073523) [bookworm] - wget (Minor issue) @@ -3999,6 +4033,7 @@ CVE-2023-6382 (The Master Slider \u2013 Responsive Touch Slider plugin for WordP CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...) NOT-FOR-US: Vanna CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...) + {DSA-5713-1} - libndp 1.8-2 (bug #1072366) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2284122 NOTE: https://github.com/jpirko/libndp/issues/26 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-52890/ntfs-3g via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f62a9cd7 by Salvatore Bonaccorso at 2024-06-16T21:09:12+02:00 Track fixed version for CVE-2023-52890/ntfs-3g via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1038,7 +1038,7 @@ CVE-2024-1736 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2024-1495 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-52890 (NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...) - - ntfs-3g (bug #1073248) + - ntfs-3g 1:2022.10.3-3 (bug #1073248) [bookworm] - ntfs-3g (Minor issue) [bullseye] - ntfs-3g (Minor issue) [buster] - ntfs-3g (Minor issue; can be fixed in next update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f62a9cd73fd87ee4d151e30b2673b0187e011794 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f62a9cd73fd87ee4d151e30b2673b0187e011794 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-38394/gnome-settings-daemon (though disputed)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cbe9acb6 by Salvatore Bonaccorso at 2024-06-16T21:17:40+02:00 Add CVE-2024-38394/gnome-settings-daemon (though disputed) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,13 @@ CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a l CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...) TODO: check CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...) - TODO: check + - gnome-settings-daemon + NOTE: https://pulsesecurity.co.nz/advisories/usbguard-bypass + NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780 + NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914 + NOTE: As per Gnome upstream, consideration of a mitigation for the issue within + NOTE: gnome-settings-daemon would rather be a new feature but not a vulnerbility + NOTE: fixing. The CVE assignment is disputed upstream with this context. CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: itsourcecode Online Laundry Management System CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-38428/wget
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 809b6c05 by Salvatore Bonaccorso at 2024-06-16T21:11:02+02:00 Add Debian bug reference for CVE-2024-38428/wget - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) - - wget + - wget (bug #1073523) [bookworm] - wget (Minor issue) [bullseye] - wget (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg5.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/809b6c05fa75b2c39f4bc91f3e3bf21da6857470 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/809b6c05fa75b2c39f4bc91f3e3bf21da6857470 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-5629/pymongo via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d9e4de7 by Salvatore Bonaccorso at 2024-06-16T21:07:44+02:00 Track fixed version for CVE-2024-5629/pymongo via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3149,7 +3149,7 @@ CVE-2023-6966 (The The Moneytizer plugin for WordPress is vulnerable to unauthor CVE-2023-6956 (The EasyAzon \u2013 Amazon Associates Affiliate Plugin plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier ...) - - pymongo + - pymongo 4.7.3-1 NOTE: https://jira.mongodb.org/browse/PYTHON-4305 NOTE: https://github.com/mongodb/mongo-python-driver/pull/1564 CVE-2024-5571 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9e4de7de4fecd227f03b575e8a177062b56b82 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9e4de7de4fecd227f03b575e8a177062b56b82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-38428 as no-dsa for bookworm and bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d95dfabc by Salvatore Bonaccorso at 2024-06-16T21:04:51+02:00 Mark CVE-2024-38428 as no-dsa for bookworm and bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) - wget + [bookworm] - wget (Minor issue) + [bullseye] - wget (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg5.html NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d95dfabc69a25b0189ba926804c10578a8aa2260 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d95dfabc69a25b0189ba926804c10578a8aa2260 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage atril for buster LTS (CVE-2023-51698)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d7365d45 by Chris Lamb at 2024-06-16T19:58:39+01:00 data/dla-needed.txt: Triage atril for buster LTS (CVE-2023-51698) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -31,6 +31,9 @@ ansible NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee NOTE: 20240501: Update for bookworm-proposed-update: #1070193 (lee) -- +atril + NOTE: 20240616: Added by Front-Desk (lamby) +-- bind9 NOTE: 20240518: Added by Front-Desk (utkarsh) NOTE: 20240531: Lengthy discussion here <https://lists.debian.org/debian-lts/2024/03/msg00064.html> (dleidert) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7365d4582f6e02101937dc94f66f0eafe625c4c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7365d4582f6e02101937dc94f66f0eafe625c4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libndp DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e7d85d9 by Moritz Mühlenhoff at 2024-06-16T19:49:06+02:00 libndp DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[16 Jun 2024] DSA-5713-1 libndp - security update + {CVE-2024-5564} + [bullseye] - libndp 1.6-1+deb11u1 + [bookworm] - libndp 1.8-1+deb12u1 [15 Jun 2024] DSA-5712-1 ffmpeg - security update {CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51795 CVE-2023-51798 CVE-2024-31585} [bookworm] - ffmpeg 7:5.1.5-0+deb12u1 = data/dsa-needed.txt = @@ -31,9 +31,6 @@ gpac/oldstable -- h2o (jmm) -- -libndp (jmm) - Maintainer proposed to prepare updates himself --- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e7d85d9fc315a44815bc8c26e85e0f310b11d05 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e7d85d9fc315a44815bc8c26e85e0f310b11d05 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for python-aiohttp upload via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 840a7a63 by Salvatore Bonaccorso at 2024-06-16T17:18:57+02:00 Track fixed version for python-aiohttp upload via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16609,7 +16609,7 @@ CVE-2024-4140 (An excessive memory use issue (CWE-770) exists in Email-MIME, bef CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. Due ...) - wildfly (bug #752018) CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - - python-aiohttp (bug #1070364) + - python-aiohttp 3.9.5-1 (bug #1070364) [buster] - python-aiohttp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4 NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84 @@ -20161,7 +20161,7 @@ CVE-2024-28185 (Judge0 is an open-source online code execution system. The appli CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open Redirectio ...) NOT-FOR-US: SolarWinds CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - - python-aiohttp (bug #1070665) + - python-aiohttp 3.9.5-1 (bug #1070665) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) @@ -42770,7 +42770,7 @@ CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003 CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - - python-aiohttp (bug #1062708) + - python-aiohttp 3.9.5-1 (bug #1062708) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) @@ -42779,7 +42779,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master) NOTE: https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82 (v3.9.2) CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - - python-aiohttp (bug #1062709) + - python-aiohttp 3.9.5-1 (bug #1062709) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/840a7a6332a697b8ff4c9e531cdc1781998255b4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/840a7a6332a697b8ff4c9e531cdc1781998255b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-38428/wget
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35f60f65 by Salvatore Bonaccorso at 2024-06-16T12:48:36+02:00 Add CVE-2024-38428/wget - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) - TODO: check + - wget + NOTE: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg5.html + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...) TODO: check CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f60f65ecd195d97743c0983fd12e7806edd1ac -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f60f65ecd195d97743c0983fd12e7806edd1ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af84318a by security tracker role at 2024-06-16T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) + TODO: check +CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...) + TODO: check +CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...) + TODO: check +CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...) + TODO: check CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: itsourcecode Online Laundry Management System CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...) @@ -18577,6 +18585,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection v CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...) NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19862,6 +19871,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19885,6 +19895,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al NOTE: https://trac.ffmpeg.org/ticket/10753 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19 (n7.0) CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Vulnerable code not present) @@ -19893,6 +19904,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0) NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1) CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19917,6 +19929,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -20430,6 +20443,7 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.) CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits