Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
>
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity:
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > >
Source: python-git
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-git.
CVE-2022-24439[0]:
| All versions of package gitpython are vulnerable to Remote Code
| Execution (RCE) due to improper user input validation,
Source: ruby-rails-html-sanitizer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rails-html-sanitizer.
CVE-2022-23517[0]:
| rails-html-sanitizer is responsible for sanitizing HTML fragments in
| Rails applications.
Am Wed, Dec 28, 2022 at 05:31:34PM +0100 schrieb Moritz Mühlenhoff:
> Source: openimageio
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for openimageio.
And two more
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43592[0]:
| An information disclosure vulnerability exists in the
| DPXOutput::close() functionality of OpenImageIO Project
Am Wed, Nov 16, 2022 at 03:27:53PM +0100 schrieb Jan Altenberg:
> On Thu, 10 Nov 2022 22:45:57 +0100 Bastian Germann wrote:
> > As a new maintainer has stepped up, this cannot be the reason anymore
> > to dump the package. Actually, with the next version of swupdate (one
> > of those handful) I
Source: redmine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redmine.
CVE-2022-44030[0]:
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any
| Issue or any Wiki page due to insufficient permission
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in
Am Sun, Nov 27, 2022 at 11:45:27AM +0100 schrieb Clément Hermann:
> Hi
>
> Le 25/10/2022 à 13:53, Clément Hermann a écrit :
> > Hi Moritz,
> >
> > Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit :
> >
> > > Given that the primary use case for onionshare will be tails, my
> > > suggestion
Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari:
> Hi,
>
> I adjusted the affected versions in the BTS, but I couldn't find any
> patch for it. The reference to buffer overflows seem related to
> CVE-2020-27818, so I wonder whether it is a duplicate or not.
>
> If it
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file.
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2022-39400[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are
Am Fri, Aug 30, 2019 at 07:26:40AM + schrieb Matthias Klose:
> Package: src:mini-buildd
> Version: 1.0.41
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tiff.
CVE-2022-3627[0]:
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
| libtiff/tif_unix.c:346 when called from extractImageSection,
|
Am Thu, Oct 13, 2022 at 09:36:09PM +0200 schrieb Markus Koschany:
> Hi,
>
> I just had a go at this issue and I discovered that libxalan2-java in Debian
> is
> not affected but rather bcel.
>
> https://tracker.debian.org/pkg/bcel
>
> The fixing commit in OpenJDK addresses the same code which
Source: commons-text
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for commons-text.
CVE-2022-42889[0]:
| Apache Commons Text performs variable interpolation, allowing
| properties to be dynamically evaluated and expanded.
Source: nekohtml
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nekohtml.
CVE-2022-24839[0]:
| org.cyberneko.html is an html parser written in Java. The fork of
| `org.cyberneko.html` used by Nokogiri (Rubygem) raises a
|
Source: lava
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lava.
CVE-2022-42902[0]:
| In Linaro Automated Validation Architecture (LAVA) before 2022.10,
| there is dynamic code execution in lava_server/lavatable.py. Due
Source: pngcheck
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pngcheck.
CVE-2020-35511[0]:
| A global buffer overflow was discovered in pngcheck function in
| pngcheck-2.4.0(5 patches applied) via a crafted png file.
Source: snort
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
These all lack details, but all boil down to the fact Snort needs
to be updated:
CVE-2020-3315[0]:
| Multiple Cisco products are affected by a
Source: strongswan
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for strongswan.
CVE-2022-40617[0]:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
Patch:
Source: python-opcua
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-opcua.
CVE-2022-25304[0]:
| All versions of package opcua; all versions of package asyncua are
| vulnerable to Denial of Service (DoS) due to a
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nomad.
CVE-2021-37218[0]:
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server
| agents with a valid certificate signed by the same CA to
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2022-0367[0]:
| A heap-based buffer overflow flaw was found in libmodbus in function
| modbus_reply() in src/modbus.c.
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for php8.1.
CVE-2022-31628[0]:
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar
| uncompressor code would recursively uncompress "quines" gzip files,
Source: barbican
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for barbican.
CVE-2022-3100[0]:
access policy bypass via query string injection
Only reference so far is Red Hat Bugzilla:
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-39236[0]:
| Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.
| Starting with version 17.1.0-rc.1, improperly formed beacon
Source: wolfssl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for wolfssl.
CVE-2022-38152[0]:
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client
| connects to a wolfSSL server and SSL_clear is called
Source: mplayer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mplayer.
CVE-2022-38600[0]:
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and
| vf_vo.c.
Source: swfmill
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for swfmill.
CVE-2022-36139[0]:
| SWFMill commit 53d7690 was discovered to contain a heap-buffer
| overflow via SWF::Writer::writeByte(unsigned char).
Source: dpdk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
CVE-2022-28199[0]:
| NVIDIA#8217;s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a
severity 995838 normal
reassign 995838 ftp.debian.org
retitle 995838 RM: condor -- RoM; unmaintained, many RC bugs, toolchain issues
(GCC9/Python2)
thanks
Am Mon, Apr 25, 2022 at 11:05:51PM +0200 schrieb Moritz Mühlenhoff:
> Am Fri, Oct 29, 2021 at 01:36:27PM + schrieb Tim Theisen:
&g
severity 1016986 normal
reassign 1016986 ftp.debian.org
retitle 1016986 RM: pd-py -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> - Still depends on Python 2, which is finally being removed in Bookworm
> - Last upload in 2018
>
> If you
severity 1016667 normal
reassign 1016667 ftp.debian.org
retitle 1016667 RM: caldav-tester -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> The plan is to remove Python 2 in Bookworm and there's no
> porting activity towards Python 3.
>
> If you
severity 1015981 normal
reassign 1015981 ftp.debian.org
retitle 1015981 RM: grokmirror -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:20:21PM +0200 schrieb Moritz Muehlenhoff:
> Source: grokmirror
> Version: 1.0.0-1.1
> Severity: serious
>
> Your package came up as a
severity 1015980 normal
reassign 1015980 ftp.debian.org
retitle 1015980 RM: pd-aubio -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:17:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: pd-aubio
> Version: 0.4-1
> Severity: serious
>
> Your package came up as a
severity 1015979 normal
reassign 1015979 ftp.debian.org
retitle 1015979 RM: python-unshare -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:15:51PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-unshare
> Version: 0.2-1
> Severity: serious
>
> Your package came up as a candidate
severity 1015977 normal
reassign 1015977 ftp.debian.org
retitle 1015977 RM: vland -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:12:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: vland
> Version: 0.8-1
> Severity: serious
>
> Your package came up as a candidate for removal from
severity 1015973 normal
reassign 1015973 ftp.debian.org
retitle 1015973 RM: xdeb -- RoM; depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 07:59:33PM +0200 schrieb Moritz Muehlenhoff:
> Source: xdeb
> Version: 0.6.7
> Severity: serious
>
> Your package came up as a candidate for
severity 1015975 normal
reassign 1015975 ftp.debian.org
retitle 1015975 RM: -- RoM; depends on Python 2, unmaintained, dead
upstream
thanks
Am Sun, Jul 24, 2022 at 08:03:54PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-neuroshare
> Version: 0.9.2-1
> Severity: serious
>
> Your package
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-2[0]:
| A XSS Vulnerability in Action View tag helpers = 5.2.0 and
| 5.2.0 which would allow an attacker to inject content if able to
|
Source: connman
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for connman.
CVE-2022-32292[0]:
| In ConnMan through 1.41, remote attackers able to send HTTP requests
| to the gweb component are able to exploit a heap-based
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2022-37035[0]:
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In
| bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c,
|
Source: sofia-sip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sofia-sip.
CVE-2022-31001[0]:
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-
| Agent library. Prior to version 1.13.8, an attacker
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php8.1.
It's specific to 8.1.x
CVE-2022-31627[0]:
| In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as
| finfo_buffer, due to incorrect patch
Am Fri, Aug 05, 2022 at 09:36:00AM +0200 schrieb Andreas Tille:
> Hi Moritz,
>
> Am Fri, Jul 29, 2022 at 04:42:00PM +0200 schrieb Moritz Mühlenhoff:
> > Am Sun, Jul 24, 2022 at 10:06:03PM +0200 schrieb Andreas Tille:
> > > Unfortunately the package does not build[1]
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for undertow.
CVE-2022-1319[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2073890
CVE-2021-3629[1]:
| A flaw was found in Undertow. A potential security
Source: 389-ds-base
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2022-0918[0]:
| A vulnerability was discovered in the 389 Directory Server that allows
| an unauthenticated attacker with network access
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-29339[0]:
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in
| utils/bitstream.c has a failed assertion, which causes a Denial
Am Sun, Jul 31, 2022 at 11:42:01AM +0200 schrieb Salvatore Bonaccorso:
> Hi Jérôme,
>
> On Sat, Jul 16, 2022 at 12:42:05AM +, Debian Bug Tracking System wrote:
> > puppetdb (7.10.1-1) experimental; urgency=medium
> > .
> >* New upstream version 7.10.1 (Closes: #990419, #1012577)
>
>
Am Fri, Jul 29, 2022 at 02:52:32PM -0700 schrieb Noah Meyerhans:
> My inclination is that this won't need a DSA and can wait for a bullseye
> point release,
Agreed! Marking it as such in the Debian Security Tracker.
Cheers,
Moritz
Source: dovecot
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dovecot.
CVE-2022-30550[0]:
| An issue was discovered in the auth component in Dovecot 2.2 and 2.3
| before 2.3.20. When two passdb configuration entries exist
Am Sun, Jul 24, 2022 at 10:06:03PM +0200 schrieb Andreas Tille:
> Unfortunately the package does not build[1] which is probably a gcc
> issue. If someone would volunteer to fix this issue we might be able to
> keep the package. If there is no response in say two weeks we should
> probably remove
Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small:
> I said:
>
> > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> > changelog.
> > I'm trying to find where they've made the changes to see if it is possible
> > to get at least bullseye fixed.
> >
> I've had a look
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-32224[0]:
https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for net-snmp.
5.9.3 fixes the following issues:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow
Source: mistune
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mistune.
CVE-2022-34749[0]:
| In mistune through 2.0.2, support of inline markup is implemented by
| using regular expressions that can involve a high amount
Source: guacamole-client
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for guacamole-client.
CVE-2021-41767[0]:
| Apache Guacamole 1.3.0 and older may incorrectly include a private
| tunnel identifier in the non-private
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2021-3859[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2010378
If you fix the vulnerability please also make sure to include the
CVE (Common
Am Mon, Apr 11, 2022 at 09:21:25AM +0200 schrieb Michael Banck:
> Hi,
>
> On Mon, Apr 11, 2022 at 08:38:21AM +0300, Andrius Merkys wrote:
> > Hi,
> >
> > On 2022-04-11 01:35, Moritz Muehlenhoff wrote:
> > > Source: cinfony
> > > Version: 1.2-4
> > > Severity: serious
> > >
> > > Your package
Source: php-dompdf
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php-dompdf.
CVE-2022-2400[0]:
| External Control of File Name or Path in GitHub repository
| dompdf/dompdf prior to 2.0.0.
Source: libtirpc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libtirpc.
CVE-2021-46828[0]:
| In libtirpc before 1.3.3rc1, remote attackers could exhaust the file
| descriptors of a process that uses libtirpc because idle
Source: libxalan2-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libxalan2-java.
CVE-2022-34169[0]:
| The Apache Xalan Java XSLT library is vulnerable to an integer
| truncation issue when processing malicious XSLT
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in latest CPU:
CVE-2022-21569[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer).
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for consul.
CVE-2021-37219[0]:
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows
| non-server agents with a valid certificate signed by the
Source: ring
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ring.
CVE-2021-32686[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based protocols such
Source: apache-jena
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache-jena.
Unfortunately the Apache security process is quite poor and limited
information gets made available, so it might be needed to reach out
to
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-1253[0]:
| Heap-based Buffer Overflow in GitHub repository strukturag/libde265
| prior to and including 1.0.8. The fix is established in
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-24764[0]:
| PJSIP is a free and open source multimedia communication library
| written in C. Versions 2.12 and prior contain a stack
Source: mruby
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mruby.
CVE-2021-46020[0]:
| An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can
| lead to a segmentation fault or application crash.
Source: onionshare
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for onionshare.
CVE-2021-41867[0]:
| An information disclosure vulnerability in OnionShare 2.3 before 2.4
| allows remote unauthenticated attackers to
Source: dogtag-pki
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dogtag-pki.
CVE-2022-2414[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2104676
https://github.com/dogtagpki/pki/pull/4021
Am Sat, Dec 18, 2021 at 03:46:28PM +0100 schrieb Markus Koschany:
> Renpy still has not been ported to Python 3 yet. The status of renpy and other
> Python 2 games was previously discussed on debian-devel-games.
>
> https://lists.debian.org/debian-devel-games/2020/12/msg00013.html
>
> A removal
Source: openexr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openexr.
CVE-2021-3933[0]:
| An integer overflow could occur when OpenEXR processes a crafted file
| on systems where size_t 64 bits. This could cause an
Source: ruby-jmespath
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-jmespath.
CVE-2022-32511[0]:
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a
| situation where JSON.parse is preferable.
Source: ruby-yajl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-yajl.
CVE-2022-24795[0]:
| yajl-ruby is a C binding to the YAJL JSON parsing and generation
| library. The 1.x branch and the 2.x branch of `yajl`
Source: dojo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dojo.
CVE-2021-23450[0]:
| All versions of package dojo are vulnerable to Prototype Pollution via
| the setObject function.
Source: ruby-kubeclient
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-kubeclient.
CVE-2022-0759[0]:
| A flaw was found in all versions of kubeclient up to (but not
| including) v4.9.3, the Ruby client for Kubernetes
Source: ruby-sinatra
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sinatra.
CVE-2022-29970[0]:
| Sinatra before 2.2.0 does not validate that the expanded path matches
| public_dir when serving static files.
Am Mon, Mar 08, 2021 at 09:05:22AM + schrieb Mike Gabriel:
> Hi Salvatore,
>
> On Sa 06 Mär 2021 20:31:46 CET, Salvatore Bonaccorso wrote:
>
> > Hi,
> >
> > On Wed, Apr 03, 2019 at 12:27:25PM +, Mike Gabriel wrote:
> > > Hi Moritz,
> > >
> > > On Di 02 Apr 2019 22:04:34 CEST, Moritz
Source: squirrel3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squirrel3.
CVE-2022-30292[0]:
| Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to
| lack of a certain sq_reservestack call.
Source: dlt-daemon
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dlt-daemon.
CVE-2022-31291[0]:
| An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows
| attackers to cause a double free via crafted TCP
Source: guzzle
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for guzzle.
CVE-2022-31090[0]:
| Guzzle, an extensible PHP HTTP client. `Authorization` headers on
| requests are sensitive information. In affected versions
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for radare2.
CVE-2022-1714[0]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.7.0. The bug causes the program reads data past
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2021-31876[0]:
| Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the
| replacement policy specified in BIP125, which makes it
Source: nomacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nomacs.
CVE-2020-23884[0]:
| A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial
| of service (DoS) via a crafted MNG file.
Am Thu, Jun 30, 2022 at 02:16:55PM +0200 schrieb Santiago Vila:
> Dear Steven and Mark:
>
> I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529
> and CVE-2022-0530 in Debian unzip, but before doing so I would like to have
> some feedback from upstream (i.e. you) or either
Source: exo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for exo.
CVE-2022-32278[0]:
| XFCE 4.16 allows attackers to execute arbitrary code because xdg-open
| can execute a .desktop file on an attacker-controlled FTP server.
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side
Source: libengine-gost-openssl1.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libengine-gost-openssl1.1.
CVE-2022-29242[0]:
| GOST engine is a reference implementation of the Russian GOST crypto
| algorithms for
severity 1009282 normal
reassign 1009282 ftp.debian.org
retitle 1009282 RM: live-wrapper -- RoQA; Depends on Python 2, depends on
removed package
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1009280 normal
reassign 1009280 ftp.debian.org
retitle 1009280 RM: python-passfd -- RoQA; Depends on Python 2, no reverse deps
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1009276 normal
reassign 1009276 ftp.debian.org
retitle 1009276 RM: fsl -- RoM; Depends on Python 2, FTBFS, unmaintained
thanks
Reassigning for removal.
severity 1008792 normal
reassign 1008792 ftp.debian.org
retitle 1008792 RM: vmtk -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008704 normal
reassign 1008704 ftp.debian.org
retitle 1008704 RM: astk -- RoM; depends on Python 2, unmaintained
thanks
Reassigning for removal.
severity 1008700 normal
reassign 1008700 ftp.debian.org
retitle 1008700 RM: geda-gaf -- RoM; Depends on Python 2, replacement exists
thanks
Reassigning for removal.
severity 1008703 normal
reassign 1008703 ftp.debian.org
retitle 1008703 RM: sortsmill-tools -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008499 normal
reassign 1008499 ftp.debian.org
retitle 1008499 RM: neard -- RoQA; depends on Python 2, unmaintained
thanks
Reassigning for removal
101 - 200 of 1023 matches
Mail list logo