Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ccb24134 by Salvatore Bonaccorso at 2023-07-19T22:03:00+02:00
Merge linux changes for bookworm 12.1
- - - - -
3cc8effa by Salvatore Bonaccorso at 2023-07-19T22:04:43+02:00
Merge changes for updates with CVEs via bookworm 12.1
- - - - -
0351c279 by Salvatore Bonaccorso at 2023-07-19T22:05:36+02:00
Merge changes for spip (with no CVEs) via bookworm 12.1
- - - - -
e8bbbe6f by Salvatore Bonaccorso at 2023-07-22T06:47:53+00:00
Merge branch 'bookworm-12.1' into 'master'
Merge changes accepted for bookworm 12.1 release
See merge request security-tracker-team/security-tracker!142
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2077,7 +2077,7 @@ CVE-2015-10119 (A vulnerability, which was classified as
problematic, has been f
NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [spip: Use a dedicated function to clean author data when
preparing a session]
- spip 4.1.11+dfsg-1
- [bookworm] - spip <no-dsa> (Minor issue)
+ [bookworm] - spip 4.1.9+dfsg-1+deb12u2
[bullseye] - spip <no-dsa> (Minor issue)
[buster] - spip <no-dsa> (Minor issue)
NOTE:
https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-4-SPIP-4-1-11.html
@@ -2558,10 +2558,12 @@ CVE-2021-46890 (Vulnerability of incomplete read and
write permission verificati
CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability;
nft_byte ...)
{DSA-5453-1}
- linux <unfixed>
+ [bookworm] - linux 6.1.38-1
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege
Escalation Vulner ...)
{DSA-5453-1}
- linux <unfixed>
+ [bookworm] - linux 6.1.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -3295,7 +3297,7 @@ CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1
does not validate uplo
NOT-FOR-US: WordPress plugin
CVE-2023-2861 [9pfs: prevent opening special files]
- qemu 1:8.0.3+dfsg-1
- [bookworm] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
@@ -4478,7 +4480,7 @@ CVE-2023-34242 (Cilium is a networking, observability,
and security solution wit
CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing
system fo ...)
{DLA-3476-1}
- cups 2.4.2-5 (bug #1038885)
- [bookworm] - cups <no-dsa> (Minor issue; exploitable under specific
conditions; can be fixed via point release)
+ [bookworm] - cups 2.4.2-3+deb12u1
[bullseye] - cups <no-dsa> (Minor issue; exploitable under specific
conditions; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/4
NOTE:
https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2
@@ -5220,7 +5222,7 @@ CVE-2023-34096 (Thruk is a multibackend monitoring
webinterface which currently
NOT-FOR-US: Thruk
CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the
Common Print ...)
- cpdb-libs 1.2.0-3 (bug #1038253)
- [bookworm] - cpdb-libs <no-dsa> (Minor issue)
+ [bookworm] - cpdb-libs 1.2.0-2+deb12u1
NOTE:
https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
NOTE: Fixed by:
https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
NOTE: 1.2.x version predate the upstream commit 3f66d47252d5
("print_frontend: Use
@@ -5241,7 +5243,7 @@ CVE-2023-32749 (Pydio Cells allows users by default to
create so-called external
CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to
crash dbus- ...)
[experimental] - dbus 1.15.6-1
- dbus 1.14.8-1 (bug #1037151)
- [bookworm] - dbus <no-dsa> (Minor issue)
+ [bookworm] - dbus 1.14.8-1~deb12u1
[bullseye] - dbus <no-dsa> (Minor issue)
[buster] - dbus <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457
@@ -5638,7 +5640,7 @@ CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an
authenticated remote user ca
CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of
yajl_tree_parse functi ...)
{DLA-3492-1 DLA-3478-1}
- yajl 2.1.0-5 (bug #1039984)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
NOTE: https://github.com/lloyd/yajl/issues/250
NOTE: Introduced with:
https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb
(2.0.0)
@@ -6102,7 +6104,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0039]
CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In
versions 2.4.2 ...)
{DLA-3440-1}
- cups 2.4.2-4
- [bookworm] - cups <no-dsa> (Can be fixed via point release; exploitable
when setting loglevel to DEBUG)
+ [bookworm] - cups 2.4.2-3+deb12u1
[bullseye] - cups <no-dsa> (Can be fixed via point release; exploitable
when setting loglevel to DEBUG)
NOTE:
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
NOTE: Fixed by:
https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e
@@ -6992,7 +6994,7 @@ CVE-2023-33246 (For RocketMQ versions 5.1.0 and below,
under certain conditions,
NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite
database fi ...)
- xerial-sqlite-jdbc 3.42.0.0+dfsg-1 (bug #1036706)
- [bookworm] - xerial-sqlite-jdbc <no-dsa> (Minor issue)
+ [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1
NOTE:
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
NOTE: Fixed by:
https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242
(3.41.2.2)
CVE-2023-32685 (Kanboard is project management software that focuses on the
Kanban met ...)
@@ -8071,7 +8073,7 @@ CVE-2023-2454 (schema_element defeats protective
search_path changes; It was fou
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=766e061404c2159dccebad4d19e496d8ced8b2c4
(REL_11_20)
CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the
default sett ...)
- texlive-bin 2022.20220321.62855-6 (bug #1036470)
- [bookworm] - texlive-bin <no-dsa> (Minor issue)
+ [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1
[bullseye] - texlive-bin <no-dsa> (Minor issue)
[buster] - texlive-bin <no-dsa> (Minor issue)
NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html
@@ -11148,7 +11150,7 @@ CVE-2022-48438 (In cp_dump driver, there is a possible
out of bounds write due t
NOT-FOR-US: Unisoc
CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service
(responder S ...)
- libreswan 4.11-1 (bug #1035542)
- [bookworm] - libreswan <no-dsa> (Minor issue; can be fixed via point
release)
+ [bookworm] - libreswan 4.10-2+deb12u1
[bullseye] - libreswan <no-dsa> (Minor issue; can be fixed via point
release)
[buster] - libreswan <no-dsa> (Minor issue)
NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt
@@ -15715,7 +15717,7 @@ CVE-2023-28744 (A use-after-free vulnerability exists
in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2023-1672 (A race condition exists in the Tang server functionality for
key gener ...)
- tang 14-1 (bug #1038119)
- [bookworm] - tang <no-dsa> (Minor issue)
+ [bookworm] - tang 11-2+deb12u1
[bullseye] - tang <no-dsa> (Minor issue)
[buster] - tang <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
@@ -17537,7 +17539,7 @@ CVE-2023-28447 (Smarty is a template engine for PHP. In
affected versions smarty
[bullseye] - smarty3 <no-dsa> (Minor issue)
[buster] - smarty3 <no-dsa> (Minor issue)
- smarty4 4.3.1-1 (bug #1033965)
- [bookworm] - smarty4 <no-dsa> (Minor issue)
+ [bookworm] - smarty4 4.3.0-1+deb12u1
NOTE:
https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj
NOTE:
https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72
(v4.3.1)
NOTE:
https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad
(v3.1.48)
@@ -18551,7 +18553,7 @@ CVE-2023-28155 (The Request package through 2.88.1 for
Node.js allows a bypass o
NOTE: https://github.com/request/request/issues/3442
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object
access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
- [bookworm] - node-webpack <no-dsa> (Minor issue)
+ [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1
[bullseye] - node-webpack 4.43.0-6+deb11u1
[buster] - node-webpack <no-dsa> (Minor issue)
NOTE: https://github.com/webpack/webpack/pull/16500
@@ -24249,7 +24251,7 @@ CVE-2023-26137 (All versions of the package
drogonframework/drogon are vulnerabl
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are
vulnerable to Pr ...)
{DLA-3488-1}
- node-tough-cookie 4.1.3+~4.0.2-1
- [bookworm] - node-tough-cookie <no-dsa> (Minor issue)
+ [bookworm] - node-tough-cookie 4.0.0-2+deb12u1
[bullseye] - node-tough-cookie <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
NOTE: https://github.com/salesforce/tough-cookie/issues/282
@@ -24270,7 +24272,7 @@ CVE-2023-26131 (All versions of the package
github.com/xyproto/algernon/engine;
NOT-FOR-US: github.com/xyproto/algernon/engine
CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are
vulnerab ...)
- cpp-httplib 0.11.4+ds-2 (bug #1037100)
- [bookworm] - cpp-httplib <no-dsa> (Minor issue)
+ [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1
NOTE:
https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
NOTE:
https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280
NOTE:
https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08
(v0.12.4)
@@ -26410,11 +26412,11 @@ CVE-2023-25517 (NVIDIA vGPU software contains a
vulnerability in the Virtual GPU
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in the ke ...)
- nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not
supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685)
- [bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not
supported)
+ [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
- [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
+ [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not
supported)
@@ -26428,17 +26430,17 @@ CVE-2023-25516 (NVIDIA GPU Display Driver for Linux
contains a vulnerability in
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers 525.125.06-1 (bug #1039678)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit
when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not
supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685)
- [bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not
supported)
+ [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
- [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
+ [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not
supported)
@@ -26452,7 +26454,7 @@ CVE-2023-25515 (NVIDIA GPU Display Driver for Windows
and Linux contains a vulne
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers 525.125.06-1 (bug #1039678)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit
when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
@@ -28384,7 +28386,7 @@ CVE-2023-24808 (PDFio is a C library for reading and
writing PDF files. In versi
NOTE: Crash in CLI tool, no security impact
CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version
5.19.1, the ...)
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
- [bookworm] - node-undici <no-dsa> (Minor issue)
+ [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
NOTE:
https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
(v5.19.1)
CVE-2023-24806
@@ -30933,7 +30935,7 @@ CVE-2023-23937 (Pimcore is an Open Source Data &
Experience Management Platform:
NOT-FOR-US: Pimcore
CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with
version 2.0.0 ...)
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
- [bookworm] - node-undici <no-dsa> (Minor issue)
+ [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
NOTE:
https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
(v5.19.1)
CVE-2023-23935 (Discourse is an open-source messaging platform. In versions
3.0.1 and ...)
@@ -31829,7 +31831,7 @@ CVE-2023-0331 (The Correos Oficial WordPress plugin
through 1.2.0.2 does not hav
NOT-FOR-US: WordPress plugin
CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest
version of ...)
- qemu 1:8.0.2+dfsg-1 (bug #1029155)
- [bookworm] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151
@@ -76961,7 +76963,7 @@ CVE-2022-2309 (NULL Pointer Dereference allows
attackers to cause a denial of se
[bullseye] - lxml <no-dsa> (Minor issue)
[buster] - lxml <no-dsa> (Minor issue)
- libxml2 2.9.14+dfsg-1.3 (bug #1039991)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
+ [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
@@ -107210,7 +107212,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL
JSON parsing and generation
[buster] - ruby-yajl <no-dsa> (Minor issue)
[stretch] - ruby-yajl <no-dsa> (Minor issue)
- yajl 2.1.0-4 (bug #1040036)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
- burp <unfixed> (bug #1040146)
[bookworm] - burp <no-dsa> (Minor issue)
@@ -384987,7 +384989,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby,
when a crafted JSON file is
[stretch] - ruby-yajl <no-dsa> (Minor issue)
[jessie] - ruby-yajl <no-dsa> (Minor issue)
- yajl 2.1.0-4 (bug #1040036)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
- burp <unfixed> (bug #1040146)
[bookworm] - burp <no-dsa> (Minor issue)
=====================================
data/next-point-update.txt
=====================================
@@ -1,59 +1,3 @@
-CVE-2023-28154
- [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1
-CVE-2023-23936
- [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
-CVE-2023-24807
- [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
-CVE-2023-30570
- [bookworm] - libreswan 4.10-2+deb12u1
-CVE-2023-34969
- [bookworm] - dbus 1.14.8-1~deb12u1
-CVE-2023-32697
- [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1
-CVE-2023-32668
- [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1
-CVE-2023-32324
- [bookworm] - cups 2.4.2-3+deb12u1
-CVE-2023-34241
- [bookworm] - cups 2.4.2-3+deb12u1
-CVE-2023-34095
- [bookworm] - cpdb-libs 1.2.0-2+deb12u1
-CVE-2023-33460
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2017-16516
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2022-24795
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2023-28447
- [bookworm] - smarty4 4.3.0-1+deb12u1
-CVE-2023-26136
- [bookworm] - node-tough-cookie 4.0.0-2+deb12u1
-CVE-2023-1672
- [bookworm] - tang 11-2+deb12u1
-CVE-2023-25516
- [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
- [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
- [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
-CVE-2023-25515
- [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
- [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
- [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
-CVE-2022-2309
- [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1
-CVE-2023-XXXX [spip: Use a dedicated function to clean author data when
preparing a session]
- [bookworm] - spip 4.1.9+dfsg-1+deb12u2
-CVE-2023-0330
- [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
-CVE-2023-2861
- [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
-CVE-2023-31248
- [bookworm] - linux 6.1.38-1
-CVE-2023-35001
- [bookworm] - linux 6.1.38-1
-CVE-2023-26130
- [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1
CVE-2023-37365
[bookworm] - hnswlib 0.6.2-2+deb12u1
CVE-2023-26132
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1988b460f31623b75838f73caa9c7da3da5b0a51...e8bbbe6f8c77cd2a947fa1d4c30cf746d10a5e92
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1988b460f31623b75838f73caa9c7da3da5b0a51...e8bbbe6f8c77cd2a947fa1d4c30cf746d10a5e92
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
