[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d66d6f by Moritz Muehlenhoff at 2024-04-18T10:22:30+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-3177 + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) TODO: check CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d66d6f173401115c7f00844a101c9c642e6258 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d66d6f173401115c7f00844a101c9c642e6258 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: df26cd71 by Moritz Muehlenhoff at 2023-06-16T13:54:12+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,15 +29,23 @@ CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulne CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass ...) - TODO: check + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 + NOTE: https://github.com/kubernetes/kubernetes/issues/118690 CVE-2023-2728 - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-2727 - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Dromara HuTool CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df26cd718f117cc42cee2904f73a2d6915323563 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df26cd718f117cc42cee2904f73a2d6915323563 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b80fb107 by Moritz Mühlenhoff at 2022-09-20T10:46:26+02:00 new k8s issue NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1858,6 +1858,8 @@ CVE-2022-37346 RESERVED CVE-2022-3172 RESERVED + - kubernetes + [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) CVE-2022-3171 RESERVED CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) @@ -15696,6 +15698,7 @@ CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all version - gitlab CVE-2022-34917 RESERVED + - kafka (bug #786460) CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...) NOT-FOR-US: Apache Flume CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80fb107ae38cc169e00290ebd0e8861be81dff2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80fb107ae38cc169e00290ebd0e8861be81dff2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: eb916828 by Moritz Muehlenhoff at 2021-07-15T09:36:51+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26458,6 +26458,9 @@ CVE-2021-25741 RESERVED CVE-2021-25740 RESERVED + - kubernetes + [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1 CVE-2021-25739 RESERVED CVE-2021-25738 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9168282996518a5e17c75cf4c79175a506b98d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9168282996518a5e17c75cf4c79175a506b98d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7913078e by Moritz Muehlenhoff at 2020-07-15T17:09:37+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19232,6 +19232,9 @@ CVE-2020-8558 NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 CVE-2020-8557 RESERVED + - kubernetes + NOTE: https://github.com/kubernetes/kubernetes/issues/93032 + NOTE: https://github.com/kubernetes/kubernetes/pull/92916 CVE-2020-8556 RESERVED CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7913078eeabb9ddbc7fe4f86f7c84840f8d17fa7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7913078eeabb9ddbc7fe4f86f7c84840f8d17fa7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b87e6d01 by Moritz Muehlenhoff at 2018-12-20T12:30:01Z
new k8s issue
two freerdp issues specific to freerdp2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -184,6 +184,7 @@ CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the
two-factor-authenticati
NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based
buffer ...)
- pspp (bug #916902)
+ [stretch] - pspp (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
CVE-2018-20229
RESERVED
@@ -28703,7 +28704,8 @@ CVE-2018-11709 (wpforo_get_request_uri in
wpf-includes/functions.php in the wpFo
CVE-2018-11708
RESERVED
CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and
1.11.0-1.11.1, ...)
- TODO: check
+ - kubernetes
+ NOTE: https://github.com/kubernetes/kubernetes/issues/65750
CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier
the DSA key ...)
{DLA-1418-1}
- bouncycastle 1.56-1
@@ -36488,10 +36490,12 @@ CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4
contains an Integer Truncation
CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer
...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp
+ [stretch] - freerdp (Vulnerable code not present, zgfx
not yet supported)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer
...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp
+ [stretch] - freerdp (Vulnerable code not present, zgfx
not yet supported)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
CVE-2018-8783
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fd8745e by Moritz Muehlenhoff at 2018-12-03T17:31:14Z new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018-1002105 [Kubernetes API server issue] + - kubernetes + NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 CVE-2018-19808 RESERVED CVE-2018-19807 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd8745e25a22e46e2fc53975373f4d95f294ea0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd8745e25a22e46e2fc53975373f4d95f294ea0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
