Source: libxml-security-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libxml-security-java.
CVE-2023-44483[0]:
| All versions of Apache Santuario - XML Security for Java prior to
| 2.2.6, 2.3.4, and 3.0.3, when us
Source: tinyxml
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
https://www.forescout.com/resources/sierra21-vulnerabilities
mentions three security issues in Tinyxml:
CVE-2023-34194[0]:
| StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in
| TinyXML throu
Source: epics-base
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for yajl, which is
embedded by epics-base:
CVE-2023-33460[0]:
| There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
| function. which will cause out
Source: r-cran-jsonlite
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for yajl, which is embedded
by r-cran-jsonlite:
CVE-2023-33460[0]:
| There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
| function. which will
Source: libitext-java
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for PdfReader, which
is embedded by libitext-java.
CVE-2021-37819[0]:
| PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
| loop via the compo
Source: libitext1-java
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for PdfReader, which is
embedded in libitext1-java.
CVE-2021-37819[0]:
| PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
| loop via the com
Source: libitext5-java
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for PDfReader, which is
embedded in libitext5-java.
CVE-2021-37819[0]:
| PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite
| loop via the com
Source: zfs-linux
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for zfs-linux.
CVE-2013-20001[0]:
| An issue was discovered in OpenZFS through 2.0.3. When an NFS share
| is exported to IPv6 addresses via the sharenfs featu
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2023-48704[0]:
| ClickHouse is an open-source column-oriented database management
| system that allows generating analytical data reports
[ Also adding Paul Gevers for awareness, for context we're bumping nodejs
in Bookworm to the latest 18.x security/LTS release ]
On Wed, Dec 27, 2023 at 03:03:20PM +0100 Jérémy Lal wrote:
> I don't think so, there are all either node-undici-related, or just test
> suites regressions.
> Here are
Am Wed, Dec 27, 2023 at 05:18:52PM +0100 schrieb Jérémy Lal:
> Le mer. 27 déc. 2023 à 17:16, Moritz Mühlenhoff a écrit :
>
> > [ Also adding Paul Gevers for awareness, for context we're bumping nodejs
> > in Bookworm to the latest 18.x security/LTS release ]
> >
&
Source: black
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for black.
CVE-2024-21503[0]:
| Versions of the package black before 24.3.0 are vulnerable to
| Regular Expression Denial of Service (ReDoS) via the
| lines_with_
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2024-22412[0]:
| ClickHouse is an open-source column-oriented database management
| system. A bug exists in the cloud ClickHouse offering
Source: ldap-account-manager
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ldap-account-manager.
CVE-2024-2[0]:
| LDAP Account Manager (LAM) is a webfrontend for managing entries
| stored in an LDAP directory. LAM'
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2024-26369[0]:
| An issue in the HistoryQosPolicy component of FastDDS v2.12.x,
| v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort
Source: erlang-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for erlang-jose.
CVE-2023-50966[0]:
| erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow
| attackers to cause a denial of service (CPU consum
Source: jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jose.
CVE-2023-50967[0]:
| latchset jose through version 11 allows attackers to cause a denial
| of service (CPU consumption) via a large p2c (aka PBES2 Count)
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: slang2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for slang2. From my perspective
they have no real security impact, but we can still treat/fix them as regular
bugs:
CVE-2023-45927[0]:
| S-Lang 2.3.2 was discove
Source: node-express
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-express.
CVE-2024-29041[0]:
| Express.js minimalist web framework for node. Versions of Express.js
| prior to 4.19.0 and all pre-release alpha and
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
https://nodejs.org/en/blog/vulnerability
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
https://www.o
Source: request-tracker4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker4.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an attacke
Source: request-tracker5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker5.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an attacke
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2024-30161[0]:
| In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may
| access QNetworkReply header data via a dangling pointer.
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-29195[0]:
| The azure-c-shared-utility is a C library for AMQP/MQTT
| communication to Azure Cloud Services. This librar
Source: varnish
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for varnish.
CVE-2024-30156[0]:
| Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13
| LTS), and Varnish Enterprise 6 before 6.0.12r6, allows
Source: murano
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for murano.
CVE-2024-29156[0]:
| In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used,
| the Murano service's MuranoPL extension to the YAQL langua
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-29018[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other distribut
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for freeimage. They are all
only published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
and don't appear to be forwarded upstre
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
| scene
Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
> This is a bit like the limited security support for binutils,
> I suppose. Could/should we document that in the same places?
Sure thing, this sounds similar to what was done for Lilypond,
best to simply ship a similar README.Debia
Source: ruby3.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.2.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML tha
Source: ruby3.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML tha
Source: python-pymysql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-pymysql.
We should also fix this in a DSA, could you prepare debdiffs for
bookworm-security and bullseye-security?
CVE-2024-36039[0]:
| PyMySQL t
Source: maxima
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maxima.
CVE-2024-34490[0]:
| In Maxima through 5.47.0 before 51704c, the plotting facilities make
| use of predictable names under /tmp. Thus, the contents m
Source: node-micromatch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-micromatch.
CVE-2024-4067[0]:
| The NPM package `micromatch` is vulnerable to Regular Expression
| Denial of Service (ReDoS). The vulnerability
Source: node-braces
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-braces.
CVE-2024-4068[0]:
| The NPM package `braces`, versions prior to 3.0.3, fails to limit
| the number of characters it can handle, which could
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2024-34244[0]:
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
| modbus_write_bits function. This issue can be triggered when
Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> Hi Christoph Berg,
>
> On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote:
> >
> > Re: Leandro Cunha
> > > The
> > > next job would be to make it available through backports and I would
> > > choose to remove this package from sta
Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cjson.
CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
| c
Source: lief
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lief.
CVE-2024-31636[0]:
| An issue in LIEF v.0.14.1 allows a local attacker to obtain
| sensitive information via the name parameter of the machd_reader.c
| c
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-24557[0]:
| Moby is an open-source project created by Docker to enable software
| containerization. The classic builder cache system i
Source: clojure
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clojure.
CVE-2024-22871[0]:
| An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an
| attacker to cause a denial of service (DoS) via the
| clojure.c
Source: bpfcc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpfcc.
CVE-2024-2314[0]:
| If kernel headers need to be extracted, bcc will attempt to load
| them from a temporary directory. An unprivileged attacker could
Source: bpftrace
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpftrace.
CVE-2024-2313[0]:
| If kernel headers need to be extracted, bpftrace will attempt to
| load them from a temporary directory. An unprivileged atta
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2024-25581[0]:
| When incoming DNS over HTTPS support is enabled using the nghttp2
| provider, and queries are routed to a tcp-only or DNS over
Source: iperf3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for iperf3.
CVE-2024-26306[0]:
| iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server
| with RSA authentication, allows a timing side channel in R
Source: liboqs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for liboqs.
CVE-2024-31510[0]:
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker
| to escalate privileges via the crypto_sign_signature para
Source: python-aiosmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-aiosmtpd.
CVE-2024-34083[0]:
| aiosmptd is a reimplementation of the Python stdlib smtpd.py based
| on asyncio. Prior to version 1.4.6, servers
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for zabbix.
CVE-2024-22120[0]:
| Zabbix server can perform command execution for configured scripts.
| After command is executed, audit entry is added to "Audit Log"
Source: node-ip
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-ip.
CVE-2024-29415[0]:
| The ip package through 2.0.1 for Node.js might allow SSRF because
| some IP addresses (such as 127.1, 01200034567, 012.1.2.3,
Source: jayway-jsonpath
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jayway-jsonpath.
CVE-2023-51074[0]:
| json-path v2.8.0 was discovered to contain a stack overflow via the
| Criteria.parse() method.
https://github
Source: gnome-shell
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gnome-shell.
CVE-2024-36472[0]:
| In GNOME Shell through 45.7, a portal helper can be launched
| automatically (without user confirmation) based on network
Am Sat, May 04, 2024 at 06:00:24PM +0200 schrieb Moritz Mühlenhoff:
> Source: frr
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for frr.
>
> CVE-2024-34088[0]:
> | In F
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-31949[0]:
| In FRRouting (FRR) through 9.1, an infinite loop can occur when
| receiving a MP/GR capability as a dynamic capability because
| malfo
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-31948[0]:
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix
| SID attribute in a BGP UPDATE packet can cause the bgpd daemon to
|
Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of ser
Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with Synap
Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-flask-cors.
CVE-2024-1681[0]:
| corydolphin/flask-cors is vulnerable to log injection when the log
| level is set to debug. An attacker can
Source: dmitry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause a
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ofono.
It's not clear whether they were actually reported upstream or only
submitted to Red Hat Bugzilla:
CVE-2023-4232[0]:
| A flaw was found in ofono, a
Source: tqdm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tqdm.
CVE-2024-34062[0]:
| tqdm is an open source progress bar for Python and CLI. Any optional
| non-boolean CLI arguments (e.g. `--delim`, `--buf-size`,
| `-
Source: social-auth-app-django
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for social-auth-app-django.
CVE-2024-32879[0]:
| Python Social Auth is a social authentication/registration
| mechanism. Prior to version 5.4.1,
Source: quickjs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for quickjs.
CVE-2024-33263[0]:
| QuickJS commit 3b45d15 was discovered to contain an Assertion
| Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
https:/
Source: python-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-jose.
CVE-2024-33663[0]:
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA
| keys and other key formats. This is similar
Source: uriparser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for uriparser.
CVE-2024-34402[0]:
| An issue was discovered in uriparser through 0.9.7.
| ComposeQueryEngine in UriQuery.c has an integer overflow via long
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-34088[0]:
| In FRRouting (FRR) through 9.1, it is possible for the get_edge()
| function in ospf_te.c in the OSPF daemon to return a NULL pointer.
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-32473[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other distribut
Source: pytorch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for pytorch.
CVE-2024-31580[0]:
| PyTorch before v2.2.0 was discovered to contain a heap buffer
| overflow vulnerability in the component
| /runtime/vararg_f
Source: llvm-toolchain-18
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-18.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved t
Source: llvm-toolchain-17
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-17.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved t
Source: llvm-toolchain-16
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-16.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved t
Source: llvm-toolchain-15
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-15.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved t
Source: llvm-toolchain-14
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-14.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved t
Source: gdcm
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gdcm.
These are fixed in 3.0.24:
CVE-2024-25569[0]:
| An out-of-bounds read vulnerability exists in the
| RAWCodec::DecodeBytes functionality of Mathieu Malate
Source: jupyterhub
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterhub.
CVE-2024-28233[0]:
| JupyterHub is an open source multi-user server for Jupyter
| notebooks. By tricking a user into visiting a malicious subdoma
Source: opendmarc
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for opendmarc. It's unclear
whether this is actually a security issue, it doesn't appear to have
been reported upstream...
CVE-2024-25768[0]:
| OpenDMARC 1.4.2 c
Source: gobgp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gobgp.
CVE-2023-46565[0]:
| Buffer Overflow vulnerability in osrg gobgp commit
| 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to
| cause
Source: exiv2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for exiv2.
The advisories are a little misleading, they mention it as
new in v0.28.0, but that only applies to the "main" branch,
where it was removed and later r
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2023-47212[0]:
| A heap-based buffer overflow vulnerability exists in the comment
| functionality of stb _vorbis.c v1.22. A specially crafted .og
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tinyproxy.
CVE-2023-40533[0]:
| An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1
| while parsing HTTP requests. In certain configuratio
Source: golang-github-opencontainers-go-digest
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
golang-github-opencontainers-go-digest.
CVE-2024-3727[0]:
| A flaw was found in the github.com/containers/image library. Thi
Source: npgsql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for npgsql.
CVE-2024-32655[0]:
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()`
| method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages
Source: musescore3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for musescore3.
CVE-2023-44428[0]:
| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows r
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for hdf5:
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
CVE-2024-33877[0]:
| HDF5 Library through 1.14.3 has a heap-based buffer overflo
Am Tue, Apr 09, 2024 at 02:02:13PM +1200 schrieb Vladimir Petko:
> Hi,
>
> I have realized that I have not submitted the bug report for this
> issue, so the decision to try vendoring dependencies for JTREG is not
> visible anywhere.
>
> Starting from the April OpenJDK release, JTREG 7.3 will be u
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-1973[0]:
The only reference is at Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=2185662
If you fix the vulnerability please al
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted sequ
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1635[0]:
| A vulnerability was found in Undertow. This vulnerability impacts a
| server that supports the wildfly-http-client protocol.
Source: sngrep
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sngrep.
CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for qemu.
CVE-2024-26327[0]:
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in
| hw/pci/pcie_sriov.c mishandles the situation where a guest
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3446[0]:
| A double free vulnerability was found in QEMU virtio devices
| (virtio-gpu, virtio-serial-bus, virtio-crypto), where the
| mem_reentr
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3447[0]:
https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/
https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3567[0]:
| A flaw was found in QEMU. An assertion failure was present in the
| update_sctp_checksum() function in hw/net/net_tx_pkt.c when tryin
Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Bastien Roucariès
> Control: affects -1 + src:json-smart
> Control: block 1039985 with
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21102[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that a
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
| lo
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
801 - 900 of 2628 matches
Mail list logo
