[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-5678/openssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42c02605 by Salvatore Bonaccorso at 2023-11-08T22:30:23+01:00 Track fixed version via unstable for CVE-2023-5678/openssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2109,7 +2109,7 @@ CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Li - linux 6.5.10-1 NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7) CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or checking e ...) - - openssl (bug #1055473) + - openssl 3.0.12-2 (bug #1055473) [bookworm] - openssl (Minor issue; can be fixed along with future update) [bullseye] - openssl (Minor issue; can be fixed along with future update) [buster] - openssl (Minor issue; can be fixed along with future update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42c02605843936f298741de93a98ac89b4b96ac5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42c02605843936f298741de93a98ac89b4b96ac5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65abcec5 by Salvatore Bonaccorso at 2023-11-08T22:22:23+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) NOT-FOR-US: Norton CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) - TODO: check + NOT-FOR-US: Helix Core CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) NOT-FOR-US: opoGrafix DataPlugin for GPX CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) @@ -81,9 +81,9 @@ CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in En CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...) - TODO: check + NOT-FOR-US: Helix Core CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) - TODO: check + NOT-FOR-US: Helix Core CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...) NOT-FOR-US: Bastion CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...) @@ -93,7 +93,7 @@ CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...) NOT-FOR-US: Apache UIMA CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) - TODO: check + NOT-FOR-US: Helix Core CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...) NOT-FOR-US: WordPress plugin CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...) @@ -40893,7 +40893,7 @@ CVE-2023-26223 CVE-2023-26222 RESERVED CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...) - TODO: check + NOT-FOR-US: Spotfire Connectors component of TIBCO CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...) NOT-FOR-US: TIBCO CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65abcec50db72ced7435de05df80705ff0b324d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65abcec50db72ced7435de05df80705ff0b324d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46998
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ab229da by Salvatore Bonaccorso at 2023-11-08T22:14:42+01:00 Add Debian bug reference for CVE-2023-46998 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -366,7 +366,7 @@ CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user ac CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...) NOT-FOR-US: RedisGraph CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...) - - libjs-bootbox + - libjs-bootbox (bug #1055612) NOTE: https://github.com/bootboxjs/bootbox/issues/661 CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...) NOT-FOR-US: EC-CUBE View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab229daa38ff0378610d466afc312f19f2ffa49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab229daa38ff0378610d466afc312f19f2ffa49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54ca0415 by Salvatore Bonaccorso at 2023-11-08T21:23:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,103 +1,103 @@ CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...) - TODO: check + NOT-FOR-US: Lanaccess ONSAFE MonitorHM CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...) - TODO: check + NOT-FOR-US: FreeBSD (cap_net libcasper service) CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...) - TODO: check + NOT-FOR-US: Microfocus opentext CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) - TODO: check + NOT-FOR-US: Norton CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) TODO: check CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) - TODO: check + NOT-FOR-US: opoGrafix DataPlugin for GPX CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) - TODO: check + NOT-FOR-US: WeBid CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...) - TODO: check + NOT-FOR-US: PILOS CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46763 (Vulnerability of background app permission management in the framework ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...) - TODO: check + NOT-FOR-US: Huawei
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-23767
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7395cbf by Salvatore Bonaccorso at 2023-11-08T21:13:18+01:00 Remove notes from CVE-2023-23767 The CVE was rejected as it was issued in error by the CNA. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48467,7 +48467,6 @@ CVE-2023-23768 RESERVED CVE-2023-23767 REJECTED - NOT-FOR-US: Github Enterprise Server CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7395cbfe83bad19ace385b4401ba8bdd13175ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7395cbfe83bad19ace385b4401ba8bdd13175ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a0b3a4b by security tracker role at 2023-11-08T20:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...) + TODO: check +CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...) + TODO: check +CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...) + TODO: check +CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...) + TODO: check +CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) + TODO: check +CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + TODO: check +CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) + TODO: check +CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) + TODO: check +CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...) + TODO: check +CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) + TODO: check +CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) + TODO: check +CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) + TODO: check +CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...) + TODO: check +CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) + TODO: check +CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...) + TODO: check +CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + TODO: check +CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...) + TODO: check +CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...) + TODO: check +CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + TODO: check +CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...) + TODO: check +CVE-2023-46763 (Vulnerability of background app permission management in the framework ...) + TODO: check +CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...) + TODO: check +CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission ...) + TODO: check +CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...) + TODO: check +CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...) + TODO: check +CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...) + TODO: check +CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...) + TODO: check +CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...) + TODO: check +CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...) + TODO: check +CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...) + TODO: check +CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...) + TODO: check +CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
[Git][security-tracker-team/security-tracker][master] cacti DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ab54fc6 by Moritz Mühlenhoff at 2023-11-08T20:55:12+01:00 cacti DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -10147,26 +10147,31 @@ CVE-2023-39515 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39512 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 = data/DSA/list = @@ -1,3 +1,7 @@ +[08 Nov 2023] DSA-5550-1 cacti - security update + {CVE-2023-39357 CVE-2023-39359 CVE-2023-39361 CVE-2023-39362 CVE-2023-39364 CVE-2023-39365 CVE-2023-39513 CVE-2023-39515 CVE-2023-39516} + [bullseye] - cacti 1.2.16+ds1-2+deb11u2 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [05 Nov 2023] DSA-5549-1 trafficserver - security update {CVE-2022-47185 CVE-2023-33934 CVE-2023-41752 CVE-2023-44487} [bullseye] - trafficserver 8.1.9+ds-1~deb11u1 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -cacti -- chromium (dilinger) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab54fc656a51fb7facba5d30549376cc2adc2d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab54fc656a51fb7facba5d30549376cc2adc2d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] opensc spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f0570882 by Moritz Mühlenhoff at 2023-11-08T20:49:45+01:00 opensc spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -50,3 +50,9 @@ CVE-2023-4039 [bookworm] - gcc-12 12.2.0-14+deb12u1 CVE-2023-45897 [bookworm] - exfatprogs 1.2.0-1+deb12u1 +CVE-2023-4535 + [bookworm] - opensc 0.23.0-0.3+deb12u1 +CVE-2023-40660 + [bookworm] - opensc 0.23.0-0.3+deb12u1 +CVE-2023-40661 + [bookworm] - opensc 0.23.0-0.3+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05708828f382f11422637fbac38a956b8f2e39b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05708828f382f11422637fbac38a956b8f2e39b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Move two older NFUs to the itp'ed entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b23dc524 by Salvatore Bonaccorso at 2023-11-08T20:49:02+01:00 Move two older NFUs to the itped entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -310644,12 +310644,12 @@ CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query databa CVE-2019-12411 REJECTED CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...) - NOT-FOR-US: Apache Arrow + - apache-arrow (bug #970021) CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...) - lucene-solr (Vulnerable code was introduced later) NOTE: https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E CVE-2019-12408 (It was discovered that the C++ implementation (which underlies the R, ...) - NOT-FOR-US: Apache Arrow + - apache-arrow (bug #970021) CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of mes ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23dc5248dc191acfdcdaae4b99e888be145f4dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23dc5248dc191acfdcdaae4b99e888be145f4dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-47248/apache-arrow, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73cd8621 by Salvatore Bonaccorso at 2023-11-08T20:47:12+01:00 Add CVE-2023-47248/apache-arrow, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-47248 + - apache-arrow (bug #970021) CVE-2023-40114 NOT-FOR-US: Android CVE-2023-40111 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cd862196955af96a02f9bc043c0980f2922694 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cd862196955af96a02f9bc043c0980f2922694 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-48340
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fbe31838 by Salvatore Bonaccorso at 2023-11-08T20:39:24+01:00 Reference upstream commit for CVE-2022-48340 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40827,6 +40827,7 @@ CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/d [bullseye] - glusterfs (Minor issue) [buster] - glusterfs (Minor issue) NOTE: https://github.com/gluster/glusterfs/issues/3732 + NOTE: https://github.com/gluster/glusterfs/commit/d2e159d337e17844bf483a7f2aca4c52e37c7c60 (v11.1) CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagPars ...) NOT-FOR-US: Widevine CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVeri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbe318383370c6f4e0b2693d8f0eb24bd4683313 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbe318383370c6f4e0b2693d8f0eb24bd4683313 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add postgresql-multicorn, python-requestbuilder and reportbug to...
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 239bf244 by Santiago Ruano Rincón at 2023-11-08T16:18:54-03:00 Add postgresql-multicorn, python-requestbuilder and reportbug to dla-needed.txt, due to incompatibilities with PEP 440 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -176,6 +176,10 @@ osslsigncode NOTE: 20230925: Added by Front-Desk (apo) NOTE: 20230925: Maybe a new upstream release should just do the trick here. -- +postgresql-multicorn + NOTE: 20231108: Added by Front-Desk (santiago) + NOTE: 20231108: Need to handle incompatibilities with versions in debian packages, brought up by PEP 440. See https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/70 +-- python-django (Chris Lamb) NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk) @@ -192,6 +196,10 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- +python-requestbuilder + NOTE: 20231108: Added by Front-Desk (santiago) + NOTE: 20231108: Need to handle incompatibilities with versions in debian packages, brought up by PEP 440. See https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/70 +-- rails NOTE: 20220909: Re-added due to regression (abhijith) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) @@ -206,6 +214,10 @@ rails NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh) NOTE: 20230828: want to rollout ruby-rack first. (utkarsh) -- +reportbug + NOTE: 20231108: Added by Front-Desk (santiago) + NOTE: 20231108: Need to handle incompatibilities with versions in debian packages, brought up by PEP 440. See https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/70 +-- ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/239bf2443e2b5fcd1885d29724e8e2d59c6d4589 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/239bf2443e2b5fcd1885d29724e8e2d59c6d4589 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f797e56 by Moritz Muehlenhoff at 2023-11-08T16:04:17+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2023-40114 + NOT-FOR-US: Android +CVE-2023-40111 + NOT-FOR-US: Android +CVE-2023-40110 + NOT-FOR-US: Android +CVE-2023-40109 + NOT-FOR-US: Android +CVE-2023-40107 + NOT-FOR-US: Android +CVE-2023-40106 + NOT-FOR-US: Android +CVE-2023-40105 + NOT-FOR-US: Android +CVE-2023-40124 + NOT-FOR-US: Android +CVE-2023-40115 + NOT-FOR-US: Android +CVE-2023-40100 + NOT-FOR-US: Android +CVE-2023-40104 + NOT-FOR-US: Android +CVE-2023-40113 + NOT-FOR-US: Android +CVE-2023-40112 + NOT-FOR-US: Android CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...) NOT-FOR-US: YugabyteDB CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f797e566ca31717c0a688cc7754aacf83a0e9be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f797e566ca31717c0a688cc7754aacf83a0e9be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2023-5678/openssl as postponed for buster
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: a20d208f by Emilio Pozuelo Monfort at 2023-11-08T12:58:49+01:00 Triage CVE-2023-5678/openssl as postponed for buster - - - - - eeb3ad01 by Emilio Pozuelo Monfort at 2023-11-08T12:58:51+01:00 Mark gpac issues as EOL for buster - - - - - d3d23685 by Emilio Pozuelo Monfort at 2023-11-08T12:58:51+01:00 lts: add ruby-sanitize - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -56,6 +56,7 @@ CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2629 NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) @@ -100,6 +101,7 @@ CVE-2023-45283 [path/filepath: recognize \??\ as a Root Local Device path prefix TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac + [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e CVE-2023-5996 @@ -1982,6 +1984,7 @@ CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or check - openssl (bug #1055473) [bookworm] - openssl (Minor issue; can be fixed along with future update) [bullseye] - openssl (Minor issue; can be fixed along with future update) + [buster] - openssl (Minor issue; can be fixed along with future update) NOTE: https://www.openssl.org/news/secadv/20231106.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0.y) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c (for 1.1.1y) = data/dla-needed.txt = @@ -210,6 +210,9 @@ ring NOTE: 20230903: Added by Front-Desk (gladk) NOTE: 20230928: will be likely hard to fix see https://lists.debian.org/debian-lts/2023/09/msg00035.html (rouca) -- +ruby-sanitize + NOTE: 20231108: Added by Front-Desk (pochu) +-- salt NOTE: 20220814: Added by Front-Desk (gladk) NOTE: 20220814: I am not sure, whether it is possible to fix issues View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ae562751e0b0d6af6c0c1b1491503bccec316f2...d3d23685c73af8d3add9a9f03dc68533d34ec01f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ae562751e0b0d6af6c0c1b1491503bccec316f2...d3d23685c73af8d3add9a9f03dc68533d34ec01f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ae56275 by Moritz Muehlenhoff at 2023-11-08T12:47:53+01:00 chromium fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,7 +103,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0- NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e CVE-2023-5996 - - chromium + - chromium 119.0.6045.123-1 [buster] - chromium (see DSA 5046) CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ae562751e0b0d6af6c0c1b1491503bccec316f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ae562751e0b0d6af6c0c1b1491503bccec316f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1845b22c by Moritz Muehlenhoff at 2023-11-08T12:36:28+01:00 bullseye/bookworm triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -926,6 +926,7 @@ CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8 CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) - gpac (bug #1055298) + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2661 NOTE: https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1 @@ -3802,6 +3803,7 @@ CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordP NOT-FOR-US: WordPress plugin CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac (bug #1055125) + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e NOTE: https://github.com/gpac/gpac/issues/2633 @@ -4469,6 +4471,7 @@ CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file NOT-FOR-US: Juniper CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) - gpac (bug #1053878) + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2567 NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06 @@ -10633,6 +10636,7 @@ CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to St NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 = data/dsa-needed.txt = @@ -60,6 +60,8 @@ python-glance-store/oldstable -- python-os-brick/oldstable -- +redmine/stable +-- ring might make sense to rebase to current version -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1845b22cc9848cecd3ab90e9732084e7787a9650 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1845b22cc9848cecd3ab90e9732084e7787a9650 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f7785ab by Salvatore Bonaccorso at 2023-11-08T12:14:46+01:00 Process two NFUs - - - - - df9513b7 by Salvatore Bonaccorso at 2023-11-08T12:14:48+01:00 Add CVE-2023-46001/gpac - - - - - 556f18f2 by Salvatore Bonaccorso at 2023-11-08T12:14:48+01:00 Add CVE-2023-46998/libjs-bootbox - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...) - TODO: check + NOT-FOR-US: YugabyteDB CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) - TODO: check + NOT-FOR-US: YugabyteDB CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...) @@ -55,7 +55,9 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2629 + NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) NOT-FOR-US: PrestaShop addon CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...) @@ -234,7 +236,8 @@ CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user ac CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...) NOT-FOR-US: RedisGraph CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...) - TODO: check + - libjs-bootbox + NOTE: https://github.com/bootboxjs/bootbox/issues/661 CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...) NOT-FOR-US: EC-CUBE CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fca46d1239331802a5c28b1ffd99353dc7a71994...556f18f2a1dae5259c8260880ee58ef0379b4033 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fca46d1239331802a5c28b1ffd99353dc7a71994...556f18f2a1dae5259c8260880ee58ef0379b4033 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim DLA-3649-1 for python-urllib3
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker Commits: fca46d12 by Sean Whitton at 2023-11-08T11:09:51+00:00 Claim DLA-3649-1 for python-urllib3 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -63,7 +63,7 @@ CVE-2023-44115 (Vulnerability of improper permission control in the Booster modu CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before v4.4.7 allow ...) NOT-FOR-US: Smart Soft advancedexport CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF Exporte ...) - NOT-FOR-US: Midori-global Better PDF Exporter for Jira Server + NOT-FOR-US: Midori-global Better PDF Exporter for Jira Server CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: Samsung CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Nov 2023] DLA-3649-1 python-urllib3 - security update + {CVE-2023-43803} + [buster] - python-urllib3 1.24.1-1+deb10u2 [07 Nov 2023] DLA-3648-1 tang - security update {CVE-2023-1672} [buster] - tang 7-1+deb10u2 = data/dla-needed.txt = @@ -192,9 +192,6 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- -python-urllib3 (spwhitton) - NOTE: 20231028: Added by Front-Desk (gladk) --- rails NOTE: 20220909: Re-added due to regression (abhijith) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fca46d1239331802a5c28b1ffd99353dc7a71994 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fca46d1239331802a5c28b1ffd99353dc7a71994 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] glusterfs fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 65a0ed4e by Moritz Muehlenhoff at 2023-11-08T11:01:38+01:00 glusterfs fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1557,6 +1557,8 @@ CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an NOT-FOR-US: Contec SolarView Compact CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...) - cacti + [bookworm] - cacti (Revisit when more details are available) + [bullseye] - cacti (Revisit when more details are available) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet) NOTE: https://gist.github.com/ISHGARD-2/a9563238fcd7ccf7432ccb145b53 CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote attacker to ex ...) @@ -40784,7 +40786,7 @@ CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android pr - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...) - - glusterfs (bug #1031796) + - glusterfs 11.1-1 (bug #1031796) [bookworm] - glusterfs (Minor issue) [bullseye] - glusterfs (Minor issue) [buster] - glusterfs (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65a0ed4e6e752db5d4052b9b3be5d767a467c8cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65a0ed4e6e752db5d4052b9b3be5d767a467c8cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fc438406 by Moritz Muehlenhoff at 2023-11-08T10:09:25+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,73 +3,73 @@ CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log in CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) TODO: check CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) - TODO: check + NOT-FOR-US: Online Matrimonial Project CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful exploitat ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module. Successful ex ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful exploitatio ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) - TODO: check + NOT-FOR-US: Online Job Portal CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) - TODO: check + NOT-FOR-US: Online Job Portal CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) - TODO: check + NOT-FOR-US: Online Job Portal CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) - TODO: check + NOT-FOR-US: Online Job Portal CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) - TODO: check + NOT-FOR-US: Online Job Portal CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) - TODO: check + NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) TODO: check CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) - TODO: check + NOT-FOR-US: PrestaShop addon CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-43984 (Insecure
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e1c2829 by security tracker role at 2023-11-08T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,75 @@ +CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...) + TODO: check +CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) + TODO: check +CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...) + TODO: check +CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...) + TODO: check +CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + TODO: check +CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful exploitat ...) + TODO: check +CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module. Successful ex ...) + TODO: check +CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful exploitatio ...) + TODO: check +CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + TODO: check +CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + TODO: check +CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + TODO: check +CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + TODO: check +CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + TODO: check +CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) + TODO: check +CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) + TODO: check +CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) + TODO: check +CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...) + TODO: check +CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before v4.4.7 allow ...) + TODO: check +CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF Exporte ...) + TODO: check +CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + TODO: check +CVE-2023-4 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + TODO: check CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and superscripts] - golang-1.21 1.21.4-1 - golang-1.20 1.20.11-1 @@ -763,11 +835,13 @@ CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m -CVE-2023-47360 +CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an