> by
> replying to this email.
>
>
> --
> 1063554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063554
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
> From: Helmut Grohne
> Date: Fri, 9 Feb 2024 22:48:44 +0100
> To: Salvatore Bonaccorso
Control: tags -1 + moreinfo
Hi Helmut,
On Fri, Feb 09, 2024 at 04:02:42PM +0100, Helmut Grohne wrote:
> Package: firmware-linux-free
> Version: 20200122-2
> Tags: patch
> User: helm...@debian.org
> Usertags: dep17m2
>
> Hi,
>
> we want to finalize the /usr-merge transition by moving all
Source: sogo
Source-Version: 5.9.1-1
Fixes CVE-2023-48104, #1060925, so closing it with this version.
On Fri, Feb 09, 2024 at 07:59:18PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 07 Feb 2024 16:39:36 +0100
> Source: sogo
>
Source: composer
Version: 2.6.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2024-24821[0]:
| Composer is a dependency Manager for the PHP
Source: engrampa
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for engrampa.
CVE-2023-52138[0]:
| Engrampa is an archive manager for the MATE
Source: openvswitch
Version: 3.3.0~git20240118.e802fe7-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.0-2
Hi,
The following vulnerability was published for openvswitch.
CVE-2023-3966[0]:
| Invalid memory access in
Hi Jaegeuk Kim, Chao Yu,
In Debian the following regression was reported after a Dhya updated
to 6.1.76:
On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> After
Source: libuv1
Version: 1.46.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libuv1.
CVE-2024-24806[0]:
| libuv is a multi-platform support library with a focus on
| asynchronous I/O. The
Source: clamav
Version: 1.0.4+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0.3+dfsg-1~deb12u1
Hi,
The following vulnerabilities were published for clamav.
CVE-2024-20290[0]:
| A vulnerability in the OLE2 file
Control: tags -1 + upstream
Control: severity -1 important
Hi
On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> After upgrade to linux-image-6.1.0-18-amd64
Hi Alexander,
On Wed, Feb 07, 2024 at 04:27:48PM -0500, Alexander Aring wrote:
> Hi,
>
> On Wed, Feb 7, 2024 at 1:33 PM Jordan Rife wrote:
> >
> > On Wed, Feb 7, 2024 at 2:39 AM Salvatore Bonaccorso
> > wrote:
> > >
> > > Hi Valentin, hi all
>
Source: libgit2
Version: 1.7.1+ds-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.1+ds-1
Control: found -1 1.1.0+dfsg.1-4+deb11u1
Control: found -1 1.1.0+dfsg.1-4
Hi,
The following vulnerability was published for libgit2.
Source: libgit2
Version: 1.7.1+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.1+ds-1
Hi,
The following vulnerability was published for libgit2.
CVE-2024-24575[0]:
| libgit2 is a portable C implementation of the Git
Source: openexr
Version: 3.1.5-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/AcademySoftwareFoundation/openexr/issues/1625
https://github.com/AcademySoftwareFoundation/openexr/pull/1627
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following
Hi Valentin, hi all
[This is about a regression reported in Debian for 6.1.67]
On Tue, Feb 06, 2024 at 01:00:11PM +0100, Valentin Kleibel wrote:
> Package: linux-image-amd64
> Version: 6.1.76+1
> Source: linux
> Source-Version: 6.1.76+1
> Severity: important
> Control: notfound -1 6.6.15-2
>
>
Hi Nicolas,
On Tue, Feb 06, 2024 at 01:46:04PM -0500, Nicolas Mora wrote:
> Control: tag - moreinfo
>
> Thanks,
>
> Sorry, it seems that I'm not very well aware of the BTS process, according
> to [1] this is how I should untag the bug.
>
> [1] https://www.debian.org/Bugs/server-control
If you
Source: puma
Source-Version: 6.4.2-1
On Tue, Jan 09, 2024 at 10:15:07PM +0100, Salvatore Bonaccorso wrote:
> Source: puma
> Version: 5.6.7-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
&g
Source: expat
Version: 2.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/777
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2023-52426[0]:
| libexpat through 2.5.0 allows
Source: expat
Version: 2.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/789
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2023-52425[0]:
| libexpat through 2.5.0 allows
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.9.14+dfsg-1.3~deb12u1
Control: found -1 2.9.10+dfsg-6.7+deb11u4
Hi,
The
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
* Package name: pwru
Version : 1.0.5
Upstream Contact: Tobias Klauser
* URL : https://github.com/cilium/pwru
* License : Apache-2.0
Programming Lang: Go
Description : eBPF-based Linux
Intreestingly and unfortunately my local test now fails in a different
way. So first sorting that out. The xmldocs build hangs instead now.
Regards,
Salvatore
Source: linux
Version: 6.6.15-1
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
The build for arch:all package FTBFS due to a problem in the
documentation build:
[2Kreading sources... [ 98%] userspace-api/media/v4l/vidioc-g-frequency ..
virt/kvm/devices/vfio
Source: linux
Source-Version: 6.6.13-1
Hi,
On Sun, Feb 04, 2024 at 08:51:13AM +0100, kjell.myksv...@gmail.com wrote:
> lør. 27. jan. 2024 kl. 14:00 skrev Salvatore Bonaccorso :
>
> > Control: tags -1 + moreinfo
> >
> > On Sun, Jan 21, 2024 at 06:43:11PM +0100,
Source: libowasp-antisamy-java
Version: 1.7.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
CVE-2024-23635[0]:
| AntiSamy is a library for performing fast,
Source: ledgersmb
Version: 1.6.33+ds-2.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.6.9+ds-2+deb11u3
Hi,
The following vulnerability was published for ledgersmb.
CVE-2024-23831[0]:
| LedgerSMB is a free web-based
Hi,
On Sat, Feb 03, 2024 at 04:29:17PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Jan 31, 2024 at 10:05:04AM +0100, Robert Luberda wrote:
> > clone 1021738 -1
> > retitle 1021738 man2html: CVE-2021-40647
> > tags 1021738 +pending
> > retitle -1 man
Hi,
On Wed, Jan 31, 2024 at 10:05:04AM +0100, Robert Luberda wrote:
> clone 1021738 -1
> retitle 1021738 man2html: CVE-2021-40647
> tags 1021738 +pending
> retitle -1 man2html: CVE-2021-40648
> tags -1 +moreinfo
> thanks
>
> Moritz Mühlenhoff pisze:
>
> Hi
>
> First of all I'm sorry for not
Ciao Gennaro,
On Sat, Feb 03, 2024 at 12:28:24PM +0100, Gennaro Oliva wrote:
> Ciao Salvatore,
>
> On Sun, Jan 28, 2024 at 11:37:34AM +0100, Salvatore Bonaccorso wrote:
> > Reviewing your uploaded changes, the changelog mentions
> > CVE-2023-49935, but believe his was
Source: kanboard
Version: 1.2.31+ds2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/kanboard/kanboard/issues/5411
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kanboard.
CVE-2024-22720[0]:
| Kanboard 1.2.34
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-23334[0]:
| aiohttp is an asynchronous HTTP client/server framework for asyncio
|
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-23829[0]:
| aiohttp is an asynchronous HTTP client/server framework for asyncio
|
Source: runc
Source-Version: 1.1.12+ds1-1
Control: fixed 1062532 1.0.0~rc93+ds1-5+deb11u3
Control: fixed 1062532 1.1.5+ds1-1+deb12u1
This fixes #1062532. Adding as well the fixed version for the pending
runc update via bullseye-security and bookworm-security.
- Forwarded message from Debian
Source: runc
Version: 1.1.10+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for runc.
CVE-2024-21626[0]:
| runc is a CLI tool for spawning and running containers
Control: tags -1 + moreinfo
Hi,
On Sun, Jan 28, 2024 at 06:02:44PM +, Breno Leitao wrote:
> Package: src:linux
> Version: 6.6.13-1
> Severity: critical
> X-Debbugs-Cc: lei...@debian.org
>
>
> System is crashing from time to time with the most recent kernel
> (6.6.13).
>
> I was able to
Source: libcoap3
Version: 4.3.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/obgm/libcoap/issues/1310
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcoap3.
CVE-2024-0962[0]:
| A vulnerability was found
Hi Gennaro,
On Sat, Dec 30, 2023 at 10:55:32PM +0100, Gennaro Oliva wrote:
> Dear Salvatore,
> I prepared an updated version of the slurm-wlm package for bookworm in
> response to CVE-2023-49933/49935/49936/49937/49938
>
> The package can be found here:
>
>
Hi John,
On Sun, Jan 28, 2024 at 12:43:33AM -0800, John Johansen wrote:
> On 12/30/23 20:24, Mathias Gibbens wrote:
> > On Sat, 2023-12-30 at 16:44 +0100, Salvatore Bonaccorso wrote:
> > > John, did you had a chance to work on this backport for 6.1.y stable
> > >
Hi,
On Sun, Jan 28, 2024 at 12:51:58AM +, Mathias Gibbens wrote:
> Control: tags -1 + wontfix
>
> lxc-templates is essentially deprecated upstream in favor of
> distrobuilder. From the launchpad discussion:
Thanks for the update. Do you know of any plans of making
distrobuilder available?
Hi
In Debian (https://bugs.debian.org/1061449) we got the following
quotred report:
On Wed, Jan 24, 2024 at 07:38:16PM +0100, Patrice Duroux wrote:
> Package: src:linux
> Version: 6.7.1-1~exp1
> Severity: normal
>
> Dear Maintainer,
>
> Giving a try to 6.7, here is a message extracted from
Control: tags -1 + moreinfo
On Sun, Jan 21, 2024 at 06:43:11PM +0100, Kjell M. Myksvoll wrote:
> Package: ecdh-nist-p256
> Severity: normal
> X-Debbugs-Cc: kjell.myksv...@gmail.com
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>*
Hi,
On Thu, Jan 25, 2024 at 02:55:52AM +, Dennis Haney wrote:
> Can we please get a new release of a stable kernel?
> This keeps crashing our machines, and it is a pain manually updating
> to the 6.5 kernel on all of them.
A fix for this issue will be released with the upcoming point
Hi John,
On Sun, Dec 31, 2023 at 04:24:47AM +, Mathias Gibbens wrote:
> On Sat, 2023-12-30 at 16:44 +0100, Salvatore Bonaccorso wrote:
> > John, did you had a chance to work on this backport for 6.1.y stable
> > upstream so we could pick it downstream in Debian in one of the
Hi Antoine,
On Fri, Jan 26, 2024 at 06:26:48PM +0100, Antoine wrote:
> On 1/25/24 22:08, Salvatore Bonaccorso wrote:
> > can you please try to bisect the changes in upstreams 6.6.11 to 6.6.13
> Hi, Before considering bisecting,
>
> > do you get anything logged in the kerne
Source: openssl
Version: 3.1.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openssl.
CVE-2024-0727[0]:
| Issue summary: Processing a maliciously formatted PKCS12 file may
| lead OpenSSL to
Source: tiff
Version: 4.5.1+git230720-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/libtiff/libtiff/-/issues/622
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tiff.
CVE-2023-52356[0]:
| A segment fault
Source: atril
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for atril.
CVE-2023-52076[0]:
| Atril Document Viewer is the default document reader of
Control: tags -1 + moreinfo
On Thu, Jan 25, 2024 at 10:01:04PM +0100, r2rien wrote:
> Package: linux-image-6.6.13-amd64
> Version: 6.6.13-1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: deb...@r2rien.net
>
> Resuming from suspend keyboard totally unresponsive, thus
Source: mathtex
Version: 1.03-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mathtex.
CVE-2023-51885[0]:
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a
| remote
Source: shim
Version: 15.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 15.7-1~deb11u1
Hi,
The following vulnerabilities were published for shim.
According to [6]:
* Various CVE fixes:
CVE-2023-40546 mok: fix LogError()
Source: firmware-nonfree
Version: 20230625-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for firmware-nonfree.
CVE-2023-4969[0]:
| A GPU kernel can read sensitive data from another GPU kernel
Control: forcemerge 1058887 -1
Hi Thomas,
On Tue, Jan 23, 2024 at 04:19:18PM +0100, Thomas Goirand wrote:
> Source: linux
> Version: 6.1.69-1
> Severity: important
>
> Hi,
>
> In some cases, when I disable wifi with the network manager GUI
> (ie: right click, "Enable Wifi" to disable it), my
Hi,
On Sun, Jan 14, 2024 at 05:48:54PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Jan 14, 2024 at 04:41:00PM +, Bastien Roucari?s wrote:
> > On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso
> > wrote:
> > Hi Guilhem, hi Moritz,
Hi,
On Thu, Jan 18, 2024 at 02:30:08PM +0100, Salvatore Bonaccorso wrote:
> Source: xorg-server
> Version: 2:21.1.11-1
> Severity: important
> Tags: upstream
> X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org,
> t...@security.debian.org
>
> Wh
Source: edk2
Version: 2023.11-5
Severity: important
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for edk2.
CVE-2023-45229[0]:
| EDK2's Network Package is susceptible to an out-of-bounds read
| vulnerability when processing the IA_NA or
Source: jupyterlab
Version: 4.0.10+ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for jupyterlab.
CVE-2024-22420[0]:
| JupyterLab is an extensible environment for interactive and
|
Hi,
On Sat, Jan 20, 2024 at 03:53:45PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org
> Control: affects -1 +
Hi,
On Sat, Jan 20, 2024 at 01:28:33PM +0100, Andreas Metzler wrote:
> Hello,
>
> do you plan/would you rather fix these two issues (CVE-2024-0567 and
> CVE-2024-0553) by DSA or should I go for a (old)stable update?
IMHO they can go as well via the point releases (which should be,
though yet
; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix boundary checking in base-256 decoder (CVE-2022-48303)
+ * Fix handling of extended header prefixes (CVE-2023-39804)
+(Closes: #1058079)
+
+ -- Salvatore Bonaccorso Sat, 20 Jan 2024 10:59:10 +0100
+
tar (1.34+dfsg-1) unstable; urgency
) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix boundary checking in base-256 decoder (CVE-2022-48303)
+ * Fix handling of extended header prefixes (CVE-2023-39804)
+(Closes: #1058079)
+
+ -- Salvatore Bonaccorso Sat, 20 Jan 2024 10:27:07 +0100
+
tar (1.34+dfsg-1.2) unstable
Source: freerdp2
Version: 2.11.2+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freerdp2.
CVE-2024-22211[0]:
| FreeRDP is a set of free and open source remote desktop protocol
| library
Source: pillow
Version: 10.1.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pillow.
CVE-2023-50447[0]:
| Pillow through 10.1.0 allows PIL.ImageMath.eval
Source: ansible-core
Version: 2.14.13-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ansible/ansible/pull/82565
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ansible-core.
CVE-2024-0690[0]:
| possible
Hi Sam,
On Thu, Jan 18, 2024 at 08:41:29AM +0100, Salvatore Bonaccorso wrote:
> Source: pam
> Version: 1.5.2-9.1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
> Control: found -1 1.5.2-6+deb12u1
> Control: fo
Source: coreutils
Version: 9.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for coreutils.
CVE-2024-0684[0]:
| heap overflow in split --line-bytes with very long
Hi,
On Sat, Jan 13, 2024 at 04:39:51PM +0100, Arno Lehmann wrote:
> Hi Salvatore,
>
> Am 13.01.2024 um 13:47 schrieb Salvatore Bonaccorso:
>
> > Just to be clear, can you confirm this is or is not a regression from
> > a previous running 6.1.y kernel?
>
> On thi
Source: mysql-8.0
Version: 8.0.35-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
See
https://www.oracle.com/security-alerts/cpujan2024.html#AppendixMSQL
for a list of CVEs affecting src:mysql-8.0.
Regards,
Source: xorg-server
Version: 2:21.1.11-1
Severity: important
Tags: upstream
X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org,
t...@security.debian.org
While preparing the update for xorg-server for bookworm an autopkgtest
regression in uqm was seen. The same is shown with
Source: libspreadsheet-parsexlsx-perl
Version: 0.29-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
Source: pam
Version: 1.5.2-9.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.2-6+deb12u1
Control: found -1 1.5.2-6
Control: found -1 1.4.0-9+deb11u1
Control: found -1 1.4.0-9
Hi,
The following vulnerability was published
Source: gnutls28
Version: 3.8.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1522
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.7.9-2+deb12u1
Control: found -1 3.7.1-5+deb11u4
Hi,
The following vulnerability was
Source: gnutls28
Version: 3.8.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1521
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-0567[0]:
| A vulnerability was
Source: sogo
Version: 5.8.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sogo.
CVE-2023-48104[0]:
| Alinto SOGo 5.8.0 is vulnerable to HTML Injection.
If you fix the vulnerability please
On Sun, Jul 10, 2022 at 10:27:06PM +0200, Moritz Mühlenhoff wrote:
> Source: ansible
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> The following vulnerability was published for ansible.
>
> CVE-2021-3532[0]:
> | A flaw was found in Ansible where the
Hi Moritz,
On Mon, Jan 15, 2024 at 08:49:04PM +0100, Moritz Muehlenhoff wrote:
> Source: rust-tracing
> Version: 0.1.37-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> https://rustsec.org/advisories/RUSTSEC-2023-0078.html
>
Source: ocsinventory-server
Version: 2.8.1+dfsg1+~2.11.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/OCSInventory-NG/OCSInventory-ocsreports/pull/1545
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
Source: freeimage
Version: 3.18.0+ds2-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freeimage.
CVE-2023-47995[0]:
| Buffer Overflow vulnerability in
|
Source: openssl
Version: 3.1.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.0.11-1~deb12u2
Hi,
The following vulnerability was published for openssl.
CVE-2023-6237[0]:
| Checking excessively long invalid RSA public keys
Hi,
On Sun, Jan 14, 2024 at 04:41:00PM +, Bastien Roucariès wrote:
> On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso
> wrote:
> Hi Guilhem, hi Moritz,
> > Hi Guilhem, hi Moritz,
> >
> > On Sat, Dec 30, 2023 at 11:26:02PM +0100, Guilhem Moulin wrote:
>
Hi,
On Sun, Jan 14, 2024 at 03:54:59PM +0100, László Böszörményi wrote:
> Hi Salvatore,
>
> On Sat, Jan 13, 2024 at 5:51 PM Salvatore Bonaccorso
> wrote:
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exp
Source: qt6-base
Source-Version: 6.4.2+dfsg-21
On Sat, Jan 13, 2024 at 02:37:52PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 13 Jan 2024 14:53:25 +0100
> Source: qt6-base
> Architecture: source
> Version: 6.4.2+dfsg-21
>
Source: exiftags
Version: 1.01-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Laszlo,
The following vulnerability was published for exiftags.
CVE-2023-50671[0]:
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer
| overflow
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-46749[0]:
| path traversal attack
If you fix the vulnerability please also make sure to include
Source: atril
Version: 1.26.1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for atril.
CVE-2023-51698[0]:
| Atril is a simple multi-page document viewer. Atril is
Source: qemu
Version: 1:8.2.0+ds-4
Severity: important
Tags: security upstream
Forwarded:
https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg02382.html
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu.
CVE-2023-6683[0]:
| A
Source: jinja2
Version: 3.1.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jinja2.
CVE-2024-22195[0]:
| Jinja is an extensible templating engine. Special placeholders in
| the template
Source: rear
Version: 2.7+dfsg-1.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/rear/rear/issues/3122
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.7+dfsg-1
Hi,
The following vulnerability was published for rear.
CVE-2024-23301[0]:
|
Control: tags -1 + moreinfo
On Sat, Jan 13, 2024 at 11:45:29AM +0100, Arno Lehmann wrote:
> Package: src:linux
> Version: 6.1.69-1
> Severity: normal
> Tags: upstream
>
> Dear Maintainer,
>
>
> just having the computer run for a while, the network loses connection because
> the NIC detached
Hi
A fix for this issue has been queued for the 6.1.y series:
https://lore.kernel.org/stable/zajygki9o5j1u...@eldamar.lan/T/#m934ca5a14db8bcef8f24329c7edee8a3592465b2
If someone additionally might or want to test testbuilds please have a
look at:
Source: golang-github-go-git-go-git
Version: 5.4.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for go-git.
CVE-2023-49568[0]:
| A denial of service (DoS)
Hi,
On Thu, Jan 11, 2024 at 10:02:45AM +0200, Timo Aaltonen wrote:
> Salvatore Bonaccorso kirjoitti 10.1.2024 klo 23.14:
> > Source: freeipa
> > Version: 4.10.2-2
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Secur
Hi,
On Wed, Jan 10, 2024 at 09:42:17PM -0800, Alison Chaiken wrote:
> On 2024-01-09 00:15, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > which was filed against the linux-image-6.6.8-amd64-dbg package:
> >
> > #1059713:
Source: freeipa
Version: 4.10.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.9.11-1
Hi,
The following vulnerability was published for freeipa.
CVE-2023-5455[0]:
| A Cross-site request forgery vulnerability exists in
|
Source: openssl
Version: 3.1.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.0.11-1~deb12u2
Hi,
The following vulnerability was published for openssl.
CVE-2023-6129[0]:
| Issue summary: The POLY1305 MAC (message
Source: puma
Version: 5.6.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puma.
CVE-2024-21647[0]:
| Puma is a web server for Ruby/Rack applications built for
| parallelism. Prior to version
Hi,
On Mon, Jan 08, 2024 at 12:31:52PM +0200, Faidon Liambotis wrote:
[...]
> On a related note, 1.3.4 is behind now; upstream has released v1.4.0 a
> couple of weeks ago. bcachefs is now in Linux 6.7 (released yesterday),
> so it'd be nice to have up-to-date userspace as well.
FWIW, it will be
Source: bcache-tools
Version: 1.0.8-4
Severity: minor
X-Debbugs-Cc: car...@debian.org
Hi
The package description mentions:
Documentation for the run-time interface is included in the kernel tree; in
Documentation/bcache.txt.
This should/can be adjusted to the new location in upstream
Hi,
On Mon, Jan 08, 2024 at 07:06:10PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, Jan 08, 2024 at 06:56:40PM +0100, Salvatore Bonaccorso wrote:
> > > Source: 389-ds-base
> > > Version: 2.3.4+dfsg1-1
> > >
> > > Moritz Mühlenhoff kirjoitt
Hi,
On Mon, Jan 08, 2024 at 06:56:40PM +0100, Salvatore Bonaccorso wrote:
> > Source: 389-ds-base
> > Version: 2.3.4+dfsg1-1
> >
> > Moritz Mühlenhoff kirjoitti 26.4.2023 klo 20.43:
> > > Source: 389-ds-base
> > > X-Debbugs-CC: t...@security.debia
> Source: 389-ds-base
> Version: 2.3.4+dfsg1-1
>
> Moritz Mühlenhoff kirjoitti 26.4.2023 klo 20.43:
> > Source: 389-ds-base
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was published for 389-ds-base.
> >
>
201 - 300 of 11161 matches
Mail list logo
