Source: pngcheck
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pngcheck.
CVE-2020-35511[0]:
| A global buffer overflow was discovered in pngcheck function in
| pngcheck-2.4.0(5 patches applied) via a crafted png file.
Onl
Source: flask-security
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for flask-security.
CVE-2021-23385[0]:
| This affects all versions of package Flask-Security. When using the
| get_post_logout_redirect and get_post_logi
Source: xen
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for xen.
CVE-2022-33749[0]:
| XAPI open file limit DoS It is possible for an unauthenticated client
| on the network to cause XAPI to hit its file-descriptor lim
Source: poppler
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for poppler.
CVE-2022-24106[0]:
| In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing
| the 'interleaved' flag to be changed after the first
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nomad.
CVE-2022-41606[0]:
| HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5
| jobs submitted with an artifact stanza using invalid S3 or GC
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2022-40664[0]:
| Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in
| Shiro when forwarding or including via RequestDispatcher.
ht
Source: lava
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lava.
CVE-2022-42902[0]:
| In Linaro Automated Validation Architecture (LAVA) before 2022.10,
| there is dynamic code execution in lava_server/lavatable.py. Due to
Source: man2html
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for man2html.
CVE-2021-40647[0]:
| In man2html 1.6g, a specific string being read in from a file will
| overwrite the size parameter in the top chunk of the
Source: nekohtml
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nekohtml.
CVE-2022-24839[0]:
| org.cyberneko.html is an html parser written in Java. The fork of
| `org.cyberneko.html` used by Nokogiri (Rubygem) raises a
| `
Source: openvswitch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for openvswitch.
CVE-2019-25076[0]:
| The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through
| 2.17.2 and 3.0.0 allows remote attackers to cause
Source: golang-golang-x-text
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-golang-x-text.
CVE-2022-32149[0]:
| An attacker may cause a denial of service by crafting an Accept-
| Language header which ParseAccept
Source: nss
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nss.
CVE-2022-3479[0]:
| A vulnerability found in nss. By this security vulnerability, nss
| client auth crash without a user certificate in the database and th
Source: commons-text
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for commons-text.
CVE-2022-42889[0]:
| Apache Commons Text performs variable interpolation, allowing
| properties to be dynamically evaluated and expanded. The
Am Thu, Oct 13, 2022 at 09:36:09PM +0200 schrieb Markus Koschany:
> Hi,
>
> I just had a go at this issue and I discovered that libxalan2-java in Debian
> is
> not affected but rather bcel.
>
> https://tracker.debian.org/pkg/bcel
>
> The fixing commit in OpenJDK addresses the same code which is
Hi Antoine,
> At your convenience, please review the changes I've done on the package,
> and let me know when I can upload it.
Thanks so much for moving this forward! It looks great to me, please
upload at your convenience.
> PS: and I think you should get rid of the debian/ branches on your end
Am Wed, Dec 07, 2022 at 08:31:06PM + schrieb Adam D. Barratt:
> Control: tags -1 + confirmed
>
> On Wed, 2022-11-30 at 22:42 +0100, Moritz Muehlenhoff wrote:
> > This updates fixes various minor crashes in mplayer, which
> > don't warrant a DSA by itself. I've run the PoCs against
> > the upda
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in s
Am Wed, Dec 07, 2022 at 08:27:05PM + schrieb Adam D. Barratt:
> Control: tags -1 + confirmed
>
> On Mon, 2022-11-28 at 20:35 +0100, Moritz Muehlenhoff wrote:
> > openjdk bumped the requirements for the test suite within
> > their 11.x branch (which is what we ship in Bullseye), it
> > now need
Source: redmine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redmine.
CVE-2022-44030[0]:
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any
| Issue or any Wiki page due to insufficient permission
Source: jquery-minicolors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jquery-minicolors.
CVE-2021-4243[0]:
| A vulnerability was found in claviska jquery-minicolors up to 2.3.5.
| It has been rated as problematic. Af
Source: python-pyrdfa
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-pyrdfa.
CVE-2022-4396[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib
| pyrdfa3 and classified as problematic. This i
Hi Martina,
> Control: affects -1 + src:golang-github-prometheus-exporter-toolkit
>
> [ Reason ]
> This package is currently FTBFS on stable due to flaky tests.
If we're doing a stable update anyway, could we also piggyback the
fix https://security-tracker.debian.org/tracker/CVE-2022-46146 ?
Ch
Source: bookkeeper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bookkeeper.
CVE-2022-32531[0]:
| The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does
| not close the connection to the bookkeeper serv
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43603[0]:
| A denial of service vulnerability exists in the ZfileOutput::close()
| functionality of OpenImageIO Project OpenIma
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > > thoug
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity: seri
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2022-39400[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are aff
Source: pymatgen
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2022-42964[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the pymatgen PyPI package, when an attacke
Source: python-cleo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-cleo.
CVE-2022-42966[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the cleo PyPI package, when an attac
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for net-snmp.
CVE-2022-44792[0]:
| handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
| 5.8 through 5.9.3 has a NULL Pointer Exception bu
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2022-3872[0]:
| An off-by-one read/write issue was found in the SDHCI device of QEMU.
| It occurs when reading/writing the Buffer Data Port Register
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file. Th
Hi Antoine,
> > NEW was thawed, and I just reinstalled cumin in a virtualenv, and
> > thought of this bug. :) Need help with the packaging? I'd be happy to
> > just throw it in the python packaging team...
>
> Ping! did you receive that message?
Sorry for the late reply, this got backlogged in my
Source: znuny
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
There is https://otrs.com/release-notes/otrs-security-advisory-2022-13-2/
which they claim to also affect OTRS 6.0, from which Znuny forked. Is
there any available information about whether this affects Zn
Antoine wrote:
Thanks! I would put that in the Python team, is that okay? Probably next
> week too.
>
Sure, Python team sounds good to me as well.
Cheers,
Moritz
Hi,
> On 2022-11-18 14:49:28, Moritz Mühlenhoff wrote:
> > There is https://apt.wikimedia.org/wikimedia/pool/main/c/cumin/ which
> > would be a good starting point.
>
> ... if you don't mind, I'll start here instead:
>
> https://github.com/wikimedia/cum
Hi Antoine,
[Adding Riccardo Coccilo, my colleague at Wikimedia and the primary
author of Cumin to CC]
> which makes me wonder: should we drop the debian branch on github and
> gerrit? or should we (say, debian sponsors) pull changes from you and
> sync them to salsa?
>
> how should we play this
Hi,
> Heck, you shouldn't even need to build your own debs if we do this
> right; this will trickle down to bookworm and, from there, backports,
> ubuntu, etc.
Agreed, from my perspective an upstream-included debian/ dir is only
useful until it gets packaged. From that point onwards fetching a
De
Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari:
> Hi,
>
> I adjusted the affected versions in the BTS, but I couldn't find any
> patch for it. The reference to buffer overflows seem related to
> CVE-2020-27818, so I wonder whether it is a duplicate or not.
>
> If it is,
Am Sun, Nov 27, 2022 at 11:45:27AM +0100 schrieb Clément Hermann:
> Hi
>
> Le 25/10/2022 à 13:53, Clément Hermann a écrit :
> > Hi Moritz,
> >
> > Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit :
> >
> > > Given that the primary use case for onionshare will be tails, my
> > > suggestion would
Am Tue, Mar 28, 2023 at 09:29:57PM +0200 schrieb Salvatore Bonaccorso:
> Hi László,
>
> On Sun, Mar 26, 2023 at 04:13:01PM +0200, László Böszörményi wrote:
> > Hi,
> >
> > On Fri, Mar 17, 2023 at 7:54 PM László Böszörményi (GCS)
> > wrote:
> > &g
Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: apac...@packages.debian.org
> Control: affects -1 + src:apache2
>
> [ Reason ]
> apache2 silently r
Am Tue, Apr 04, 2023 at 08:58:37AM +0200 schrieb Ondřej Surý:
> Hi Paul, Salvatore,
>
> In all honesty, I thought that the pre-negotiated exception for PHP
> does apply to all future Debian releases, so it did come as surprise
> that I have to explain this again.
Question to the release team:
If
Am Tue, Apr 04, 2023 at 09:14:36PM +0200 schrieb Paul Gevers:
> On 04-04-2023 20:07, Moritz Mühlenhoff wrote:
> > If we would add the list of source packages which are following micro
> releases
> > in stable-security to a machine-parseable list (e.g. somewhere in the
> &g
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cmark-gfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A polynomial time c
Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for r-cran-commonmark.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A p
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A p
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-cmarkgfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A polyn
Source: bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for bzip2.
CVE-2023-29415[0]:
| An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial
| of service (process hang) can occur with a crafted archive
Source: opensmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opensmtpd.
CVE-2023-29323[0]:
| ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2
| before errata 020, and OpenSMTPD Portable before 7
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-1544[0]:
| A flaw was found in the QEMU implementation of VMWare's paravirtual
| RDMA device. This flaw allows a crafted guest driver to allocat
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-1605[0]:
| Denial of Service in GitHub repository radareorg/radare2 prior to
| 5.8.6.
https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nomad.
CVE-2023-0821[0]:
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3
| jobs using a maliciously compressed artifact stanza source can
Source: owslib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for owslib.
CVE-2023-27476[0]:
| OWSLib is a Python package for client programming with Open Geospatial
| Consortium (OGC) web service interface standards, and their
Source: stellarium
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for stellarium.
CVE-2023-28371[0]:
| In Stellarium through 1.2, attackers can write to files that are
| typically unintended, such as ones with absolute path
Source: nextcloud-desktop
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2023-28999[0]:
| Nextcloud is an open-source productivity platform. In Nextcloud
| Desktop client 3.0.0 until 3.8.0, Nextcl
Source: heat
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for heat.
CVE-2023-1625[0]:
information leak in API
https://bugzilla.redhat.com/show_bug.cgi?id=2181621
https://review.opendev.org/c/openstack/heat/+/868166
https
Source: opendoas
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opendoas.
CVE-2023-28339[0]:
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege
| escalation because of sharing a terminal with the orig
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-1448[1]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the functi
Source: ncurses
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ncurses.
CVE-2023-29491 was assigned to
https://invisible-island.net/ncurses/NEWS.html#index-t20230408
If you fix the vulnerability please also make sure
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2023-1906[0]:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
https://github.com/ImageMagick/ImageMa
Source: zip4j
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for zip4j.
CVE-2023-22899[0]:
| Zip4j through 2.11.2, as used in Threema and other products, does not
| always check the MAC when decrypting a ZIP archive.
https
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-0302[0]:
| Failure to Sanitize Special Elements into a Different Plane (Special
| Element Injection) in GitHub repository radareorg/radare
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2023-22602[0]:
| When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+,
| a specially crafted HTTP request may cause an authentication
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
> I
Am Thu, Jan 12, 2023 at 09:17:18PM +0100 schrieb Paul Gevers:
> On 12-01-2023 16:50, Shengjing Zhu wrote:
> > > But this bug report triggered me: did the golang security situation
> > > already improved during this release cycle. I may be misremembering, but
> > > I recall the problems on the secur
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in 8.0.32.
CVE-2023-21863[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
Fixed in 7.0.6
CVE-2023-21884[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported
Source: swift
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for swift.
CVE-2022-47950:
OSSA-2023-001: Arbitrary file access through custom S3 XML entities
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML
pars
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-0330[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2160151
Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.
Source: rust-tokio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-tokio.
I haven't checked this is a Windows-specific issue or whether rust-tokio
as packaged in Debian would also be affected if e.g. operating on a
Source: rust-bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-bzip2.
CVE-2023-22895[0]:
| The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
| denial of service via a large file that triggers an i
severity 1027788 important
thanks
Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.12.0-1
> Severity: grave
>
> Dear Moritz,
>
> after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my
> local leafnode instance anymore and Gnus refuses
severity 877016 serious
thanks
Am Thu, Sep 28, 2017 at 06:51:30AM -0700 schrieb Mattia Dongili:
> On Wed, Sep 27, 2017 at 03:16:52PM -0400, Phil Susi wrote:
> > Package: cpufrequtils
> > Version: 008-1
> ...
> > is the case, should cpufrequtils not be removed now?
>
> Yes, indeed it should. Thank
Source: zbar
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for zbar.
CVE-2023-40889[0]:
| A heap-based buffer overflow exists in the qr_reader_match_centers
| function of ZBar 0.23.90. Specially crafted QR codes may lea
Source: ansible
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ansible.
CVE-2023-4567[0]: So far the only reference is
https://bugzilla.redhat.com/show_bug.cgi?id=2235369
If you fix the vulnerability please also make s
Source: viagee
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gnome-gmail, but I'd
expect it also affects viagee?
CVE-2020-24904[0]:
| An issue was discovered in attach parameter in GNOME Gmail version
| 2.5.4, allows r
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21426[0]:
| Buffer Overflow vulnerability in function C_IStream::read in
| PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers t
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21427[0]:
| Buffer Overflow vulnerability in function LoadPixelDataRLE8 in
| PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21428[0]:
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp
| in FreeImage 3.18.0 allows remote attackers to run arbitr
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.
https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb0207
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-22524[0]:
| Buffer Overflow vulnerability in FreeImage_Load function in
| FreeImage Library 3.19.0(r1828) allows attackers to cuase a deni
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2022-33064[0]:
| An off-by-one error in function wav_read_header in src/wav.c in
| Libsndfile 1.1.0, results in a write out of bound, whi
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2022-33065[0]:
| Multiple signed integers overflow in function au_read_header in
| src/au.c and in functions mat4_open and mat4_read_head
Source: firmware-nonfree
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for firmware-nonfree, all
fixed in linux-firmware/20230804 :
CVE-2022-27635[0]:
| Improper access control for some Intel(R) PROSet/Wireless WiFi and
Source: libsass
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsass.
CVE-2022-43357[0]:
| Stack overflow vulnerability in ast_selectors.cpp in function
| Sass::CompoundSelector::has_real_parent_ref in
| libsass:3.6.5
Source: libsass
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsass.
CVE-2022-26592[0]:
| Stack Overflow vulnerability in libsass 3.6.5 via the
| CompoundSelector::has_real_parent_ref function.
https://github.com/sa
Source: libsass
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsass.
CVE-2022-43358[0]:
| Stack overflow vulnerability in ast_selectors.cpp: in function
| Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g21
Source: rkhunter
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rkhunter.
CVE-2023-4413[0]:
| A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It
| has been classified as problematic. Affected is an unk
Source: ansible
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ansible.
CVE-2023-4380[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2232324 is the only
reference so far
If you fix the vulnerability please also make s
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-4322[0]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.9.0.
https://github.com/radareorg/radare2/commi
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-42467[0]:
| QEMU through 8.0.0 could trigger a division by zero in
| scsi_disk_reset in hw/scsi/scsi-disk.c because
| scsi_disk_emulate_mode_sel
Am Sun, Sep 17, 2023 at 06:22:00PM +0100 schrieb Simon McVittie:
> On Sun, 17 Sep 2023 at 18:17:56 +0100, Simon McVittie wrote:
> > I can upload this to security-master if wanted, or the security
> > team or other GNOME team members are welcome to sponsor it
> > or upload their own version if they
Source: node-http-server
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-http-server.
CVE-2021-23797[0]:
| All versions of package http-server-node are vulnerable to Directory
| Traversal via use of --path-as-is.
h
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
https:/
Source: epiphany-browser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for epiphany-browser.
CVE-2023-26081[0]:
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can
| trick users into exfiltrating password
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hdf5. The reports
mentioned a vendor disclosure, but not sure when/how.
CVE-2022-26061[0]:
| A heap-based buffer overflow vulnerability exists in the gif2h5
| f
Source: resteasy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy.
CVE-2023-0482[0]:
| In RESTEasy the insecure File.createTempFile() is used in the
| DataSourceProvider, FileProvider and Mime4JWorkaround classes
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for emacs.
CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the hfy-istext-comman
1001 - 1100 of 2628 matches
Mail list logo
