Source: opendoas
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opendoas.
CVE-2023-28339[0]:
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege
| escalation because of sharing a terminal with the orig
Source: heat
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for heat.
CVE-2023-1625[0]:
information leak in API
https://bugzilla.redhat.com/show_bug.cgi?id=2181621
https://review.opendev.org/c/openstack/heat/+/868166
https
Source: nextcloud-desktop
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2023-28999[0]:
| Nextcloud is an open-source productivity platform. In Nextcloud
| Desktop client 3.0.0 until 3.8.0, Nextcl
Source: stellarium
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for stellarium.
CVE-2023-28371[0]:
| In Stellarium through 1.2, attackers can write to files that are
| typically unintended, such as ones with absolute path
Source: owslib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for owslib.
CVE-2023-27476[0]:
| OWSLib is a Python package for client programming with Open Geospatial
| Consortium (OGC) web service interface standards, and their
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nomad.
CVE-2023-0821[0]:
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3
| jobs using a maliciously compressed artifact stanza source can
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-1544[0]:
| A flaw was found in the QEMU implementation of VMWare's paravirtual
| RDMA device. This flaw allows a crafted guest driver to allocat
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-1605[0]:
| Denial of Service in GitHub repository radareorg/radare2 prior to
| 5.8.6.
https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-
Source: opensmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opensmtpd.
CVE-2023-29323[0]:
| ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2
| before errata 020, and OpenSMTPD Portable before 7
Source: bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for bzip2.
CVE-2023-29415[0]:
| An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial
| of service (process hang) can occur with a crafted archive
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-cmarkgfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A polyn
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A p
Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for r-cran-commonmark.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A p
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cmark-gfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A polynomial time c
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Am Tue, Apr 04, 2023 at 09:14:36PM +0200 schrieb Paul Gevers:
> On 04-04-2023 20:07, Moritz Mühlenhoff wrote:
> > If we would add the list of source packages which are following micro
> releases
> > in stable-security to a machine-parseable list (e.g. somewhere in the
> &g
Am Tue, Apr 04, 2023 at 08:58:37AM +0200 schrieb Ondřej Surý:
> Hi Paul, Salvatore,
>
> In all honesty, I thought that the pre-negotiated exception for PHP
> does apply to all future Debian releases, so it did come as surprise
> that I have to explain this again.
Question to the release team:
If
Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: apac...@packages.debian.org
> Control: affects -1 + src:apache2
>
> [ Reason ]
> apache2 silently r
Am Tue, Mar 28, 2023 at 09:29:57PM +0200 schrieb Salvatore Bonaccorso:
> Hi László,
>
> On Sun, Mar 26, 2023 at 04:13:01PM +0200, László Böszörményi wrote:
> > Hi,
> >
> > On Fri, Mar 17, 2023 at 7:54 PM László Böszörményi (GCS)
> > wrote:
> > &g
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23456[0]:
| A heap-based buffer overflow issue was discovered in UPX in
| PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
|
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2023-27102[0]:
| Libde265 v1.0.11 was discovered to contain a segmentation violation
| via the function decoder_context::process_slice_seg
Source: aflplusplus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for aflplusplus.
CVE-2023-26266[0]:
| In AFL++ 4.05c, the CmpLog component uses the current working
| directory to resolve and execute unprefixed fuzzing ta
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2023-1289[0]:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
https://github.com/ImageMagick/ImageMa
Source: maradns
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maradns.
CVE-2022-30256[0]:
| An issue was discovered in MaraDNS Deadwood through 3.5.0021 that
| allows variant V1 of unintended domain name resolution. A
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-1108[0]:
https://issues.redhat.com/browse/UNDERTOW-2239
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: wordpress
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wordpress.
CVE-2022-3590[0]:
| WordPress is affected by an unauthenticated blind SSRF in the pingback
| feature. Because of a TOCTOU race condition betwee
Source: node-request
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for node-request.
CVE-2023-28155[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for
| Node.js allows a bypass of SSRF mitigations vi
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861ab
Source: golang-github-go-macaron-csrf
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-go-macaron-csrf.
CVE-2018-25060[0]:
| A vulnerability was found in Macaron csrf and classified as
| problematic. Affecte
Source: python-oslo.privsep
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-oslo.privsep.
CVE-2022-38065[0]:
| A privilege escalation vulnerability exists in the oslo.privsep
| functionality of OpenStack git maste
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Ver
Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for r-cran-commonmark.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Ver
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-cmarkgfm.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Version
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cmark-gfm.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Versions prior to 0
Source: libcpan-checksums-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcpan-checksums-perl.
CVE-2020-16155[0]:
| The CPAN::Checksums package 2.12 for Perl does not uniquely define
| signed data.
https://blog.
Am Mon, Jun 20, 2022 at 04:59:39PM +0200 schrieb Moritz Mühlenhoff:
> Source: cookiecutter
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for cookiecutter.
>
> CVE-2022-24065[0]
Am Mon, Mar 13, 2023 at 03:07:34PM + schrieb Holger Levsen:
> On Mon, Mar 13, 2023 at 03:58:45PM +0100, Moritz Mühlenhoff wrote:
> > Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> > > * security-support-limited:
> > > - for golang and openjd
Am Fri, May 21, 2021 at 09:46:31PM +0200 schrieb Moritz Muehlenhoff:
> Source: thrift
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2019-11939:
> https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
Hi,
is this fixed in Bookwo
Am Mon, Jun 13, 2022 at 06:12:36PM +0200 schrieb Moritz Mühlenhoff:
> Source: golang-github-emicklei-go-restful
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for
> golang-github-em
Am Fri, Jul 08, 2022 at 04:31:10PM +0200 schrieb Moritz Mühlenhoff:
> Source: svgpp
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> The following vulnerability was published for svgpp.
>
> CVE-2021-44960[0]:
> |
Am Sun, Feb 19, 2023 at 06:03:09PM + schrieb Debian Bug Tracking System:
> This is an automatic notification regarding your Bug report
> which was filed against the src:deluge package:
>
> #1019594: deluge: CVE-2021-3427
>
> It has been closed by Daniel Baumann .
>
> Their explanation is att
Am Fri, Feb 26, 2021 at 05:29:07PM +0100 schrieb Moritz Muehlenhoff:
> Source: open-build-service
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2020-8020:
> https://bugzilla.suse.com/show_bug.cgi?id=1171439
> https://github.com/openSUSE/open-build-service/com
Am Tue, Nov 08, 2022 at 08:42:05PM +0100 schrieb Moritz Mühlenhoff:
> Source: libstb
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for libstb.
>
> CVE-2021-37789[0]:
> |
Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler:
> On 2021-08-14 Salvatore Bonaccorso wrote:
> > Source: exim4
> > Version: 4.94.2-7
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> >
>
> > Hi,
>
> > The following
Am Sun, Jul 10, 2022 at 07:31:30PM +0200 schrieb Moritz Mühlenhoff:
> Source: nim
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> The following vulnerability was published for nim.
>
> CVE-2021-41259[0]:
> | Nim is a sy
Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> * security-support-limited:
> - for golang and openjdk-17, point to the bookworm manual instead the one
> for bullseye.
That's wrong, though. (And the release notes need updating to, I'll file
a bug soonish): In Bookworm
Source: allegro4.4
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for allegro4.4.
CVE-2021-36489[0]:
| Buffer Overflow vulnerability in Allegro through 5.2.6 allows
| attackers to cause a denial of service via crafted PCX/T
Source: wabt
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for wabt.
CVE-2023-27115[0]:
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via
| the component wabt::cat_compute_size.
https://github.com/W
Source: nvidia-cuda-toolkit
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for nvidia-cuda-toolkit.
CVE-2023-0193[0]:
No description was found (try on a search engine)
CVE-2023-0196[1]:
| NVIDIA CUDA Toolkit SDK contains a
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-27114[0]:
| radare2 v5.8.3 was discovered to contain a segmentation fault via the
| component wasm_dis at p/wasm/wasm.c.
https://github.c
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2021-33367[0]:
| Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to
| cause a denial of service via a crafted JXR file.
Source: tidy-html5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tidy-html5.
CVE-2021-33391[0]:
| An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute
| arbitrary code via the -g option of the CleanNode() fun
Source: mootools
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for mootools.
CVE-2021-32821[0]:
| MooTools is a collection of JavaScript utilities for JavaScript
| developers. All known versions include a CSS selector pars
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2023-0996[0]:
| There is a vulnerability in the strided image data parsing code in the
| emscripten wrapper for libheif. An attacker could exploit
Source: golang-github-hashicorp-go-getter
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-hashicorp-go-getter.
CVE-2023-0475[0]:
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to
| decompression
Source: libpod
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libpod.
CVE-2023-0778[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2168256
https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-23537[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based protocol
Source: py7zr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for py7zr.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD support is enabled. If the parser
Source: grave
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grave.
CVE-2022-44900[0]:
| A directory traversal vulnerability in the SevenZipFile.extractall()
| function of the python library py7zr v0.20.0 and earlier al
Source: libwoodstox-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libwoodstox-java.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD support
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2022-4492[0]:
| The undertow client is not checking the server identity presented by
| the server certificate in https connections. This is a
Source: vtk9
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vtk9.
CVE-2021-42521[0]:
| There is a NULL pointer dereference vulnerability in VTK, and it lies
| in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vim.
CVE-2023-0054[0]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
ht
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23457[0]:
| A Segmentation fault was found in UPX in
| PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with
| a crafted input
Source: qtbase-opensource-src-gles
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src-gles.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a spe
Source: qtbase-opensource-src
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a specifically
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a specifically crafted string
https://ww
Source: nethack
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nethack.
CVE-2023-24809[0]:
| NetHack is a single player dungeon exploration game. Starting with
| version 3.6.2 and prior to version 3.6.7, illegal input t
Am Sun, Feb 19, 2023 at 05:23:55PM +0100 schrieb Markus Koschany:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: a...@debian.org
>
> Hi,
>
> I would like to update snakeyaml in Bullseye. The package i
Source: libcommons-fileupload-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcommons-fileupload-java.
CVE-2023-24998[0]:
| Apache Commons FileUpload before 1.5 does not limit the number of
| request parts to be
Source: iortcw
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rtcwcoop, which seems
to be a fork of iortcw, but the patches don't seem to have flown back?
CVE-2019-25104[0]:
| A vulnerability has been found in rtcwcoop
Source: glusterfs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for glusterfs.
CVE-2023-26253[0]:
| In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-
| bridge.c notify stack-based buffer over-read.
https
Source: resteasy3.0
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy3.0.
CVE-2023-0482[0]:
| In RESTEasy the insecure File.createTempFile() is used in the
| DataSourceProvider, FileProvider and Mime4JWorkaround c
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for emacs.
CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the hfy-istext-comman
Source: resteasy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy.
CVE-2023-0482[0]:
| In RESTEasy the insecure File.createTempFile() is used in the
| DataSourceProvider, FileProvider and Mime4JWorkaround classes
Source: epiphany-browser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for epiphany-browser.
CVE-2023-26081[0]:
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can
| trick users into exfiltrating password
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hdf5. The reports
mentioned a vendor disclosure, but not sure when/how.
CVE-2022-26061[0]:
| A heap-based buffer overflow vulnerability exists in the gif2h5
| f
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
https:/
Source: node-http-server
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-http-server.
CVE-2021-23797[0]:
| All versions of package http-server-node are vulnerable to Directory
| Traversal via use of --path-as-is.
h
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rails.
CVE-2023-22796[0]:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
https://g
Source: pgpool2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2023-22332[0]:
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to
| 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.
Source: opusfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opusfile.
CVE-2022-47021[0]:
| A null pointer dereference issue was discovered in functions
| op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 t
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-23627[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0
| and later, prior to 6.0.1, are vulnerable
severity 1027788 important
thanks
Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.12.0-1
> Severity: grave
>
> Dear Moritz,
>
> after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my
> local leafnode instance anymore and Gnus refuses
Source: rust-bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-bzip2.
CVE-2023-22895[0]:
| The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
| denial of service via a large file that triggers an i
Source: rust-tokio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-tokio.
I haven't checked this is a Windows-specific issue or whether rust-tokio
as packaged in Debian would also be affected if e.g. operating on a
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-0330[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2160151
Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.
Source: swift
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for swift.
CVE-2022-47950:
OSSA-2023-001: Arbitrary file access through custom S3 XML entities
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML
pars
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
Fixed in 7.0.6
CVE-2023-21884[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in 8.0.32.
CVE-2023-21863[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported
Am Thu, Jan 12, 2023 at 09:17:18PM +0100 schrieb Paul Gevers:
> On 12-01-2023 16:50, Shengjing Zhu wrote:
> > > But this bug report triggered me: did the golang security situation
> > > already improved during this release cycle. I may be misremembering, but
> > > I recall the problems on the secur
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
> I
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2023-22602[0]:
| When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+,
| a specially crafted HTTP request may cause an authentication
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-0302[0]:
| Failure to Sanitize Special Elements into a Different Plane (Special
| Element Injection) in GitHub repository radareorg/radare
Source: zip4j
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for zip4j.
CVE-2023-22899[0]:
| Zip4j through 2.11.2, as used in Threema and other products, does not
| always check the MAC when decrypting a ZIP archive.
https
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity: seri
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > > thoug
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43603[0]:
| A denial of service vulnerability exists in the ZfileOutput::close()
| functionality of OpenImageIO Project OpenIma
Am Tue, Nov 29, 2022 at 10:04:34PM +0100 schrieb Salvatore Bonaccorso:
> Source: libetpan
> Version: 1.9.4-3
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/dinhvh/libetpan/issues/420
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The follo
Source: netty
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for netty.
CVE-2022-41915[0]:
| Netty project is an event-driven asynchronous network application
| framework. In versions prior to 4.1.86.Final, when calling
501 - 600 of 1420 matches
Mail list logo