[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-41716/go affects cross compile for Windows binary
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f71d72e by Shengjing Zhu at 2023-04-14T17:46:30+08:00 CVE-2022-41716/go affects cross compile for Windows binary See 29f7d181bd88e363de11541667af407043579f00 as well - - - - - 0886e400 by Shengjing Zhu at 2023-04-14T17:46:31+08:00 CVE-2022-27664 affects golang-golang-x-net as well - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47352,13 +47352,14 @@ CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server acc NOTE: https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) NOTE: https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to maliciously se ...) - - golang-1.19 (Only affects Go on Windows) - - golang-1.18 (Only affects Go on Windows) - - golang-1.15 (Only affects Go on Windows) - - golang-1.11 (Only affects Go on Windows) + - golang-1.19 1.19.3-1 (unimportant) + - golang-1.18 1.18.8-1 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) NOTE: https://go.dev/issue/56284 NOTE: https://go.dev/cl/446916 NOTE: https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ + NOTE: Only affects code cross compiled on Debian for Windows binaries CVE-2022-41715 (Programs which compile regular expressions from untrusted sources may ...) - golang-1.19 1.19.2-1 - golang-1.18 1.18.7-1 @@ -86557,10 +86558,13 @@ CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attack - golang-1.15 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + - golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1 + - golang-golang-x-net-dev NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s NOTE: https://github.com/golang/go/issues/54658 NOTE: https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) NOTE: https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) + NOTE: https://github.com/golang/net/commit/f3363e06e74cdc304618bf31d898b78590103527 CVE-2022-27663 RESERVED CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4368a220988d54b284fe189488479e017b633a52...0886e40041fcfb3242875a417097128e37578bab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4368a220988d54b284fe189488479e017b633a52...0886e40041fcfb3242875a417097128e37578bab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix syntax
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: b1f2e10e by Shengjing Zhu at 2023-04-14T15:34:00+08:00 Fix syntax - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47335,7 +47335,7 @@ CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server acc - golang-1.18 1.18.9-1 - golang-1.15 - golang-1.11 - - golang-golang-x-net <1:0.4.0+dfsg-1> + - golang-golang-x-net 1:0.4.0+dfsg-1 - golang-golang-x-net-dev NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU NOTE: https://go.dev/issue/56350 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f2e10e74a8e4706fb275a09fe205aff2b72604 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f2e10e74a8e4706fb275a09fe205aff2b72604 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-41717 affects golang-golang-x-net as well
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 27e1419b by Shengjing Zhu at 2023-04-14T15:31:49+08:00 CVE-2022-41717 affects golang-golang-x-net as well - - - - - 7a17025f by Shengjing Zhu at 2023-04-14T15:31:50+08:00 CVE-2022-41720/go affects cross compile for Windows binary See 29f7d181bd88e363de11541667af407043579f00 as well - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47319,12 +47319,13 @@ CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandle NOTE: Fixed in https://go.googlesource.com/net/+/702349b0e8628371f0e5ba0c10407448d60a67b1 (v0.2.0) NOTE: Introduced in https://go.googlesource.com/net/+/1d687d428aca0546c0ca84160c8700ee521e9fb9 (v0.1.0) CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...) - - golang-1.19 (Only affects Go on Windows) - - golang-1.18 (Only affects Go on Windows) - - golang-1.15 (Only affects Go on Windows) - - golang-1.11 (Only affects Go on Windows) + - golang-1.19 1.19.4-1 (unimportant) + - golang-1.18 1.18.9-1 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU NOTE: https://go.dev/issue/56694 + NOTE: Only affects code cross compiled on Debian for Windows binaries CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...) NOT-FOR-US: shamaton/msgpack CVE-2022-41718 @@ -47334,10 +47335,13 @@ CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server acc - golang-1.18 1.18.9-1 - golang-1.15 - golang-1.11 + - golang-golang-x-net <1:0.4.0+dfsg-1> + - golang-golang-x-net-dev NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU NOTE: https://go.dev/issue/56350 NOTE: https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) NOTE: https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) + NOTE: https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to maliciously se ...) - golang-1.19 (Only affects Go on Windows) - golang-1.18 (Only affects Go on Windows) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d04a648f5c2c49f0ecf9d049ec9b136058798e06...7a17025f958e6d71fc4ed28d472f026803278de9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d04a648f5c2c49f0ecf9d049ec9b136058798e06...7a17025f958e6d71fc4ed28d472f026803278de9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-go.crypto CVE-2022-27191 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: a6bd5276 by Shengjing Zhu at 2022-03-17T01:37:23+08:00 Track fixed version for golang-go.crypto CVE-2022-27191 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -104,6 +104,9 @@ CVE-2022-27192 RESERVED CVE-2022-27191 RESERVED + - golang-go.crypto 1:0.0~git20220315.3147a52-1 + NOTE: https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ + NOTE: https://github.com/golang/crypto/commit/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d CVE-2022-27190 RESERVED CVE-2022-27175 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bd527668129cac1eff2cc8dfa651464a9f3682 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bd527668129cac1eff2cc8dfa651464a9f3682 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.18 CVE-2022-24921
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: e2b4d5eb by Shengjing Zhu at 2022-03-16T14:50:00+08:00 Track fixed version for golang-1.18 CVE-2022-24921 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6183,7 +6183,7 @@ CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget pr CVE-2022-24922 RESERVED CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...) - - golang-1.18 + - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.8-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) @@ -6194,6 +6194,7 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 all NOTE: https://github.com/golang/go/issues/51112 NOTE: https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8) + NOTE: https://github.com/golang/go/commit/452f24ae94f38afa3704d4361d91d51218405c0a (go1.18rc1) CVE-2022-24920 RESERVED CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b4d5ebec58941e210ceabb064b1e62ac052931 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b4d5ebec58941e210ceabb064b1e62ac052931 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang CVE-2022-24921
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b32441b by Shengjing Zhu at 2022-03-04T11:18:02+08:00 Track fixed version for golang CVE-2022-24921 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3902,6 +3902,15 @@ CVE-2022-24922 RESERVED CVE-2022-24921 RESERVED + - golang-1.18 + - golang-1.17 1.17.8-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/51112 + NOTE: https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk + NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8) CVE-2022-24920 RESERVED CVE-2022-24919 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b32441b0d3f29e0d28c3025bd8ce32e9ea6f126 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b32441b0d3f29e0d28c3025bd8ce32e9ea6f126 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-23648/containerd
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cd36b7c by Shengjing Zhu at 2022-03-03T03:40:54+08:00 Track fixed version via unstable for CVE-2022-23648/containerd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7997,7 +7997,7 @@ CVE-2022-23649 (Cosign provides container signing, verification, and storage in NOT-FOR-US: Cosign CVE-2022-23648 RESERVED - - containerd + - containerd 1.6.1~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd36b7ce61ece5e712fd5063cb997814931f7f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd36b7ce61ece5e712fd5063cb997814931f7f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.18 CVE-2022-23806 CVE-2022-23773 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: f7b850d8 by Shengjing Zhu at 2022-02-18T01:48:47+08:00 Track fixed version for golang-1.18 CVE-2022-23806 CVE-2022-23773 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4819,7 +4819,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) - - golang-1.18 + - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) @@ -4937,7 +4937,7 @@ CVE-2022-23775 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - - golang-1.18 + - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b850d8d62ef388c8d1da4148174d1e1d5106c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b850d8d62ef388c8d1da4148174d1e1d5106c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: f18b018c by Shengjing Zhu at 2022-02-11T23:23:03+08:00 Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3776,7 +3776,15 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) - TODO: check + - golang-1.18 + - golang-1.17 1.17.7-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50974 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-23804 @@ -3884,9 +3892,25 @@ CVE-2022-23775 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - TODO: check + - golang-1.18 + - golang-1.17 1.17.7-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/35671 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) - TODO: check + - golang-1.18 1.18~beta2-1 + - golang-1.17 1.17.7-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50699 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) CVE-2022-23771 RESERVED CVE-2022-23770 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-43816/containerd
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: d75d61ff by Shengjing Zhu at 2022-01-06T02:18:05+08:00 Track fixed version via unstable for CVE-2021-43816/containerd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8283,6 +8283,10 @@ CVE-2021-43817 (Collabora Online is a collaborative online office suite based on NOT-FOR-US: Collabora Online CVE-2021-43816 RESERVED + - containerd 1.5.9~ds1-1 + [bullseye] - containerd (Vulnerable code introduced in 1.5.0) + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c + NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620 CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75d61ff0a8fef8db10cb1e17f7002039af7bc06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75d61ff0a8fef8db10cb1e17f7002039af7bc06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed versions for golang-1.15
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: aeb82e2e by Shengjing Zhu at 2021-12-12T02:55:24+08:00 Track fixed versions for golang-1.15 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -375,7 +375,7 @@ CVE-2021-44718 CVE-2021-44717 RESERVED - golang-1.17 1.17.5-1 - - golang-1.15 + - golang-1.15 1.15.15-5 - golang-1.11 - golang-1.8 - golang-1.7 @@ -386,7 +386,7 @@ CVE-2021-44717 CVE-2021-44716 RESERVED - golang-1.17 1.17.5-1 - - golang-1.15 + - golang-1.15 1.15.15-5 - golang-1.11 - golang-1.8 - golang-1.7 @@ -10988,7 +10988,7 @@ CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...) - golang-1.17 1.17.3-1 - golang-1.16 1.16.10-1 - - golang-1.15 + - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 (Minor issue; will be fixed via point release) - golang-1.11 [buster] - golang-1.11 (Minor issue) @@ -19371,7 +19371,7 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to bl CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...) - golang-1.17 1.17.2-1 - golang-1.16 1.16.9-1 - - golang-1.15 + - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 (Minor issue; will be fixed via point release) - golang-1.11 [buster] - golang-1.11 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb82e2e0e8130bfc4e6c8cc1add42b26b47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb82e2e0e8130bfc4e6c8cc1add42b26b47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang CVE-2021-44716 and CVE-2021-44717 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: fb00294a by Shengjing Zhu at 2021-12-09T23:48:51+08:00 Track fixed version for golang CVE-2021-44716 and CVE-2021-44717 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -108,8 +108,27 @@ CVE-2021-44718 RESERVED CVE-2021-44717 RESERVED + - golang-1.17 1.17.5-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50057 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5) CVE-2021-44716 RESERVED + - golang-1.17 1.17.5-1 + - golang-1.15 + - golang-1.11 + - golang-1.8 + - golang-1.7 + - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1 + - golang-golang-x-net-dev + NOTE: https://github.com/golang/go/issues/50058 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5) + NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70 CVE-2021-44715 RESERVED CVE-2021-44714 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb00294adcd124bd1941e585406367e7a5ec90ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb00294adcd124bd1941e585406367e7a5ec90ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for runc CVE-2021-43784 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: b866412f by Shengjing Zhu at 2021-12-06T16:17:37+08:00 Track fixed version for runc CVE-2021-43784 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2404,6 +2404,8 @@ CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker co NOT-FOR-US: @joeattardi/emoji-button CVE-2021-43784 RESERVED + - runc 1.0.3+ds1-1 + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...) NOT-FOR-US: @backstage/plugin-scaffolder-backend CVE-2021-43782 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b866412f68122ea439fc7da24e29a309cf7055e5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b866412f68122ea439fc7da24e29a309cf7055e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Deleted branch zhsj/golang-1.15
Shengjing Zhu deleted branch zhsj/golang-1.15 at Debian Security Tracker / security-tracker -- You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-go.crypto CVE-2021-43565 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 759e5efc by Shengjing Zhu at 2021-12-04T02:29:51+08:00 Track fixed version for golang-go.crypto CVE-2021-43565 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3459,6 +3459,7 @@ CVE-2021-43566 RESERVED CVE-2021-43565 RESERVED + - golang-go.crypto 1:0.0~git20211202.5770296-1 CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...) NOT-FOR-US: TYPO3 extension CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/759e5efc94dde00b5c50675bf488adff1c67b4b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/759e5efc94dde00b5c50675bf488adff1c67b4b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Pushed new branch zhsj/golang-1.15
Shengjing Zhu pushed new branch zhsj/golang-1.15 at Debian Security Tracker / security-tracker -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/tree/zhsj/golang-1.15 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for docker.io CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 via unstable
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 0af538eb by Shengjing Zhu at 2021-11-07T23:06:12+08:00 Track fixed version for docker.io CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7508,13 +7508,13 @@ CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund m CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...) NOT-FOR-US: Wire iOS CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) - - docker.io (bug #998292) + - docker.io 20.10.10+dfsg1-1 (bug #998292) [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) - - docker.io + - docker.io 20.10.10+dfsg1-1 [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 @@ -7522,7 +7522,7 @@ CVE-2021-41091 (Moby is an open-source project created by Docker to enable softw CVE-2021-41090 RESERVED CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) - - docker.io + - docker.io 20.10.10+dfsg1-1 [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0af538eb681f9fca7831270aff7e9d04f380b859 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0af538eb681f9fca7831270aff7e9d04f380b859 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed versions for golang-1.15
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 6dd03553 by Shengjing Zhu at 2021-06-05T20:11:28+08:00 Track fixed versions for golang-1.15 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1528,7 +1528,7 @@ CVE-2021-33199 CVE-2021-33198 RESERVED - golang-1.16 1.16.5-1 - - golang-1.15 + - golang-1.15 1.15.9-5 - golang-1.11 - golang-1.8 - golang-1.7 @@ -1538,7 +1538,7 @@ CVE-2021-33198 CVE-2021-33197 RESERVED - golang-1.16 1.16.5-1 - - golang-1.15 + - golang-1.15 1.15.9-5 - golang-1.11 - golang-1.8 - golang-1.7 @@ -1559,7 +1559,7 @@ CVE-2021-33196 [archive/zip: malformed archive may cause panic or memory exhaust CVE-2021-33195 RESERVED - golang-1.16 1.16.5-1 - - golang-1.15 + - golang-1.15 1.15.9-5 - golang-1.11 - golang-1.8 - golang-1.7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd035536952d3c4de38adc0521b2683247b6edd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd035536952d3c4de38adc0521b2683247b6edd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-29652 not affected in buster
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: d679f1b4 by Shengjing Zhu at 2021-01-31T02:48:51+08:00 CVE-2020-29652 not affected in buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17504,10 +17504,12 @@ CVE-2020-29653 RESERVED CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...) - golang-go.crypto 1:0.0~git20201221.eec23a3-1 + [buster] - golang-go.crypto (Vulnerable code not present) [stretch] - golang-go.crypto (Vulnerable code not present) - kubernetes NOTE: https://go-review.googlesource.com/c/crypto/+/278852 NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 + NOTE: Introduced in: https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc (2019-05-10) NOTE: k8s vendors a copy CVE-2021-1985 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d679f1b4969e260ada885ade2e4005c6aad70366 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d679f1b4969e260ada885ade2e4005c6aad70366 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update fixed version for CVE-2020-29652
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: e457a2a5 by Shengjing Zhu at 2021-01-31T02:40:28+08:00 Update fixed version for CVE-2020-29652 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17503,7 +17503,7 @@ CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking th CVE-2020-29653 RESERVED CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...) - - golang-go.crypto + - golang-go.crypto 1:0.0~git20201221.eec23a3-1 [stretch] - golang-go.crypto (Vulnerable code not present) - kubernetes NOTE: https://go-review.googlesource.com/c/crypto/+/278852 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e457a2a557de72c32475e365b216e927609b7e8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e457a2a557de72c32475e365b216e927609b7e8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typo in last commit
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 77e7f07e by Shengjing Zhu at 2021-01-25T02:15:08+08:00 Fix typo in last commit Sorry.. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21161,11 +21161,11 @@ CVE-2020-28363 CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. ...) - golang-1.15 1.15.5-1 - golang-1.11 + [buster] - golang-1.11 (Vulnerable code introduced later) - golang-1.8 [stretch] - golang-1.8 (Vulnerable code introduced later) - golang-1.7 [stretch] - golang-1.7 (Vulnerable code introduced later) - [buster] - golang-1.11 (Vulnerable code introduced later) NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ NOTE: https://github.com/golang/go/issues/42552 NOTE: the issue does not impact versions prior to 1.14. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e7f07e3f3b732110b2949d58454bb12a356ae3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e7f07e3f3b732110b2949d58454bb12a356ae3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-28362 not affected golang-1.11
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: aa646005 by Shengjing Zhu at 2021-01-25T02:11:49+08:00 CVE-2020-28362 not affected golang-1.11 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21165,8 +21165,10 @@ CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Serv [stretch] - golang-1.8 (Vulnerable code introduced later) - golang-1.7 [stretch] - golang-1.7 (Vulnerable code introduced later) + [buster] - golang-1.11 (Vulnerable code introduced later) NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ NOTE: https://github.com/golang/go/issues/42552 + NOTE: the issue does not impact versions prior to 1.14. CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.9-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6460056cc2aa9bf65dc8e302605c806329fdfc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6460056cc2aa9bf65dc8e302605c806329fdfc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update fixed docker.io version for CVE-2020-15257
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 871bdfe9 by Shengjing Zhu at 2020-12-17T11:55:49+08:00 Update fixed docker.io version for CVE-2020-15257 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37117,8 +37117,9 @@ CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without che NOT-FOR-US: Wire app CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...) - containerd 1.4.3~ds1-1 - - docker.io + - docker.io 20.10.0~rc1+dfsg2-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 + NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 TODO: check details CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...) - node-object-path 0.11.5-3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/871bdfe95d3615ca45387e91aa72481662450ff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/871bdfe95d3615ca45387e91aa72481662450ff3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix fixed version of CVE-2020-15157 in docker.io
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 92d61f26 by Shengjing Zhu at 2020-12-01T12:24:18+08:00 Fix fixed version of CVE-2020-15157 in docker.io - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33950,11 +33950,12 @@ CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP me NOT-FOR-US: libIEC61850 CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...) - containerd 1.3.2~ds1-2 - - docker.io 19.03.12+dfsg1-1 + - docker.io 19.03.13+dfsg2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14) NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 + NOTE: docker.io/19.03.13+dfsg2-1 uses containerd 1.3.7 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) NOT-FOR-US: nodebb-plugin-blog-comments CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92d61f263fac020054fbd5b7a4d69d0de7aae2b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92d61f263fac020054fbd5b7a4d69d0de7aae2b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2020-15257 and CVE-2020-15157 info
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e994284 by Shengjing Zhu at 2020-12-01T12:14:22+08:00 Update CVE-2020-15257 and CVE-2020-15157 info - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33699,7 +33699,8 @@ CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without che NOT-FOR-US: Wire app CVE-2020-15257 RESERVED - - containerd + - containerd 1.4.3~ds1-1 + - docker.io NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 TODO: check details CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...) @@ -33953,7 +33954,7 @@ CVE-2020-15157 (In containerd (an industry-standard container runtime) before ve NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14) - NOTE: docker.io switched to systemwide containerd packages in 19.03.12+dfsg1-1 + NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) NOT-FOR-US: nodebb-plugin-blog-comments CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9942841968d5d1faa5c2d7549ee15a1addd3d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9942841968d5d1faa5c2d7549ee15a1addd3d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2020-10749
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: d7bdc1be by Shengjing Zhu at 2020-06-23T02:39:31+08:00 Update CVE-2020-10749 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11841,7 +11841,7 @@ CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implement CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) TODO: check CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) - - golang-github-containernetworking-plugins + - golang-github-containernetworking-plugins 0.8.6-1 NOTE: https://github.com/containernetworking/plugins/pull/484 NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 CVE-2020-10748 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7bdc1bede722a1c24de1807872e8d703d8b448b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7bdc1bede722a1c24de1807872e8d703d8b448b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2019-16884
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b9a44a7 by Shengjing Zhu at 2020-01-04T23:11:57+08:00 Update CVE-2019-16884 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19567,7 +19567,7 @@ CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and - runc 1.0.0~rc9+dfsg1-1 (bug #942026) [buster] - runc (Minor issue) [stretch] - runc (Minor issue) - - golang-github-opencontainers-selinux (bug #942027) + - golang-github-opencontainers-selinux 1.3.0-2 (bug #942027) NOTE: https://github.com/opencontainers/runc/issues/2128 CVE-2019-16883 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b9a44a7f1460cbd8f8f3e73437209eea7aac941 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b9a44a7f1460cbd8f8f3e73437209eea7aac941 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update CVE-2018-15869
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker Commits: 6683fa46 by Shengjing Zhu at 2018-10-18T10:54:29Z update CVE-2018-15869 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6354,7 +6354,8 @@ CVE-2018-15870 (An invalid memory address dereference was discovered in ...) - ming NOTE: https://github.com/libming/libming/issues/122 CVE-2018-15869 (An Amazon Web Services (AWS) developer who does not specify the ...) - - packer (low; bug #907298) + - packer 1.3.1+dfsg-1 (low; bug #907298) + [stretch] - packer (Vulnerable code added later) NOTE: https://github.com/hashicorp/packer/issues/6584 NOTE: https://github.com/aws/aws-cli/issues/3629 CVE-2018-15868 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6683fa46e69c81a94f1ad9ecac994ff5ed950b16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6683fa46e69c81a94f1ad9ecac994ff5ed950b16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits