[Git][security-tracker-team/security-tracker][master] Reserve DLA-3331-2 for python-cryptography
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: a52ad797 by Chris Lamb at 2023-02-27T07:35:14+00:00 Reserve DLA-3331-2 for python-cryptography - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 Feb 2023] DLA-3331-2 python-cryptography - regression update + {CVE-2023-23931} + [buster] - python-cryptography 2.6.1-3+deb10u4 [26 Feb 2023] DLA-3345-1 php7.3 - security update {CVE-2022-31631 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662} [buster] - php7.3 7.3.31-1~deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a52ad7976be187c11e63d6a4db45386c5c775aef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a52ad7976be187c11e63d6a4db45386c5c775aef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-37708/docker.io
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9139429c by Salvatore Bonaccorso at 2023-02-27T07:55:04+01:00 Add CVE-2022-37708/docker.io - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46104,7 +46104,9 @@ CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there a CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...) NOT-FOR-US: Tesla CVE-2022-37708 (Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permi ...) - TODO: check + - docker.io + NOTE: https://github.com/thekevinday/docker_lightman_exploit + TODO: check, seems like a negligible security impact issue, and might be marked unimportant CVE-2022-37707 RESERVED CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9139429c165d5845adcb6d6cd5544312745c7c5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9139429c165d5845adcb6d6cd5544312745c7c5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim syslog-ng in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 806adb7b by Guilhem Moulin at 2023-02-26T23:27:08+01:00 LTS: claim syslog-ng in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -300,7 +300,7 @@ sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- -syslog-ng +syslog-ng (guilhem) NOTE: 20230226: Programming language: C. NOTE: 20230226: No patch available and therefore we cannot fully determine whether the problem is applicable to the version in buster. (opal). NOTE: 20230226: VCS: https://salsa.debian.org/lts-team/packages/syslog-ng.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806adb7bb7604e78a0fc1b7b454d3b290580bee5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806adb7bb7604e78a0fc1b7b454d3b290580bee5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] u-boot/buster is not affected by CVE-2022-33103 and CVE-2022-33967
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab774c79 by Adrian Bunk at 2023-02-27T00:18:03+02:00 u-boot/buster is not affected by CVE-2022-33103 and CVE-2022-33967 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54110,7 +54110,7 @@ CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptib CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...) - u-boot 2022.07+dfsg-1 [bullseye] - u-boot (Minor issue) - [buster] - u-boot (Minor issue) + [buster] - u-boot (SquashFS support added in 2020.10) NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6) CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya ...) @@ -58531,7 +58531,7 @@ CVE-2022-33104 CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...) - u-boot 2022.07+dfsg-1 (bug #1014528) [bullseye] - u-boot (Minor issue) - [buster] - u-boot (Minor issue) + [buster] - u-boot (SquashFS support added in 2020.10) NOTE: https://lore.kernel.org/all/CALO=dhfb+yboxxvr5kcsk0ifdg+e7ywko4-e+72kjbcs8jb...@mail.gmail.com/ NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.ray...@bootlin.com/ NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/2ac0baab4aff1a0b45067d0b62f00c15f4e86856 (v2022.07-rc5) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab774c7963426287083136ecfb23136257b5a973 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab774c7963426287083136ecfb23136257b5a973 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3345-1 for php7.3
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: b383d3eb by Guilhem Moulin at 2023-02-26T22:41:01+01:00 Reserve DLA-3345-1 for php7.3 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -62666,7 +62666,6 @@ CVE-2022-31631 - php8.1 - php7.4 - php7.3 - [buster] - php7.3 (Minor issue, fix along in next update) NOTE: Fixed in 8.0.27, 8.1.14, 8.2.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740 NOTE: Fixed by: https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba (php-8.0.27) = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Feb 2023] DLA-3345-1 php7.3 - security update + {CVE-2022-31631 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662} + [buster] - php7.3 7.3.31-1~deb10u3 [26 Feb 2023] DLA-3344-1 nodejs - security update {CVE-2022-43548 CVE-2023-23920} [buster] - nodejs 10.24.0~dfsg-1~deb10u3 = data/dla-needed.txt = @@ -188,11 +188,6 @@ php-cas NOTE: 20221110: upcoming DSA (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git -- -php7.3 (guilhem) - NOTE: 20230225: Programming language: C. - NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html - NOTE: 20230226: VCS: https://salsa.debian.org/lts-team/packages/php.git --- pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b383d3eb6707450509e2b8a8a6f45c5e51241743 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b383d3eb6707450509e2b8a8a6f45c5e51241743 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note on man2html
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: c8e9681c by Anton Gladky at 2023-02-26T22:22:34+01:00 Update note on man2html - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -129,6 +129,8 @@ man2html (gladk) NOTE: 20221004: It looks like not patch is available. NOTE: 20221004: Please evalulate, whether the issue can be marked as . NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git + NOTE: 20230226: I would prefer to fix it instead of ignoring. (gladk) + NOTE: 20230226: It looks like upstream is dead. Patch needs to be written. (gladk) -- mariadb-10.3 NOTE: 20230225: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8e9681c8f1a007062e562b78fba2b998a3b98aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8e9681c8f1a007062e562b78fba2b998a3b98aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba6933d5 by Salvatore Bonaccorso at 2023-02-26T22:10:33+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1407,7 +1407,7 @@ CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injec CVE-2023-26092 (Liima before 1.17.28 allows server-side template injection. ...) NOT-FOR-US: Liima CVE-2023-26091 (The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4. ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2023-26090 RESERVED CVE-2023-26089 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba6933d50fe06b87017134d5f7f6b210dc721512 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba6933d50fe06b87017134d5f7f6b210dc721512 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add missing meta-info
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 075e163f by Anton Gladky at 2023-02-26T21:44:49+01:00 LTS: add missing meta-info - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -189,6 +189,7 @@ php-cas php7.3 (guilhem) NOTE: 20230225: Programming language: C. NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html + NOTE: 20230226: VCS: https://salsa.debian.org/lts-team/packages/php.git -- pluxml NOTE: 20220913: Programming language: PHP. @@ -305,6 +306,7 @@ sssd syslog-ng NOTE: 20230226: Programming language: C. NOTE: 20230226: No patch available and therefore we cannot fully determine whether the problem is applicable to the version in buster. (opal). + NOTE: 20230226: VCS: https://salsa.debian.org/lts-team/packages/syslog-ng.git -- tinymce NOTE: 20221227: Programming language: PHP. @@ -323,8 +325,9 @@ trafficserver xfig (gladk) NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/xfig.git - NOTE: 20230213: Communication with the maintainer. + NOTE: 20230206: VCS: https://salsa.debian.org/debian/xfig + NOTE: 20230213: ddCommunication with the maintainer. + NOTE: 20230226: CVE-2021-4024 is prepared by maintainer. -- xrdp NOTE: 20221225: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e163f61072319ff4c1cb8491b7666f80f89da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e163f61072319ff4c1cb8491b7666f80f89da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for CVE-2022-3770{3,4,5}/amanda via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97558d00 by Salvatore Bonaccorso at 2023-02-26T21:39:45+01:00 Track fixes for CVE-2022-3770{3,4,5}/amanda via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46114,7 +46114,7 @@ CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local us NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141 CVE-2022-37705 RESERVED - - amanda (bug #1029829) + - amanda 1:3.5.1-10 (bug #1029829) [bullseye] - amanda (Minor issue) [buster] - amanda (Minor issue) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37705 @@ -46125,7 +46125,7 @@ CVE-2022-37705 CVE-2022-37704 RESERVED {DLA-3330-1} - - amanda (bug #1029829) + - amanda 1:3.5.1-10 (bug #1029829) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37704 NOTE: https://github.com/zmanda/amanda/issues/192 NOTE: https://marc.info/?l=amanda-hackers=167437716918603=2 @@ -46133,7 +46133,7 @@ CVE-2022-37704 NOTE: https://github.com/zmanda/amanda/commit/e890d08e16ea0621966a7ae35cce53ccb44a472e NOTE: Followup: https://github.com/zmanda/amanda/pull/202 CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...) - - amanda (bug #1021017) + - amanda 1:3.5.1-10 (bug #1021017) [bullseye] - amanda (Minor issue) [buster] - amanda (Minor issue) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97558d00377aaa85d361499615716d77dc4d14d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97558d00377aaa85d361499615716d77dc4d14d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-1033/froxlor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d1a8acb by Salvatore Bonaccorso at 2023-02-26T21:38:27+01:00 Add CVE-2023-1033/froxlor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -123,7 +123,7 @@ CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Manag CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) NOT-FOR-US: suitecrm CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) - TODO: check + - froxlor (bug #581792) CVE-2023-1032 RESERVED CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1a8acb04e8f0967239eba6eb2830f6857d6458 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1a8acb04e8f0967239eba6eb2830f6857d6458 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0913a4e1 by Salvatore Bonaccorso at 2023-02-26T21:35:26+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -79,7 +79,7 @@ CVE-2023-26552 CVE-2023-26551 RESERVED CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...) - TODO: check + NOT-FOR-US: BMC Control-M CVE-2023-26549 RESERVED CVE-2023-26548 @@ -93,41 +93,41 @@ CVE-2023-24544 CVE-2023-24464 RESERVED CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: TechPowerUp Ryzen DRAM Calculator CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...) - TODO: check + NOT-FOR-US: TechPowerUp RealTemp CVE-2023-1046 (A vulnerability classified as critical has been found in MuYuCMS 2.2. ...) - TODO: check + NOT-FOR-US: MuYuCMS CVE-2023-1045 (A vulnerability was found in MuYuCMS 2.2. It has been rated as problem ...) - TODO: check + NOT-FOR-US: MuYuCMS CVE-2023-1044 (A vulnerability was found in MuYuCMS 2.2. It has been declared as prob ...) - TODO: check + NOT-FOR-US: MuYuCMS CVE-2023-1043 (A vulnerability was found in MuYuCMS 2.2. It has been classified as pr ...) - TODO: check + NOT-FOR-US: MuYuCMS CVE-2023-1042 (A vulnerability has been found in SourceCodester Online Pet Shop We Ap ...) - TODO: check + NOT-FOR-US: SourceCodester Online Pet Shop We App CVE-2023-1041 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Responsive Tourism Website CVE-2023-1040 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1039 (A vulnerability classified as critical was found in SourceCodester Cla ...) - TODO: check + NOT-FOR-US: SourceCodester Class and Exam Timetabling System CVE-2023-1038 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Reviewer Management System CVE-2023-1037 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) - TODO: check + NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System CVE-2023-1036 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) - TODO: check + NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Management ...) - TODO: check + NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) - TODO: check + NOT-FOR-US: suitecrm CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) TODO: check CVE-2023-1032 RESERVED CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2022-48361 RESERVED CVE-2022-48360 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0913a4e15fc4b2594c779fcc4b2df10431ab58a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0913a4e15fc4b2594c779fcc4b2df10431ab58a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bfd66dc by security tracker role at 2023-02-26T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,175 @@ -CVE-2023-26545 [net: mpls: fix stale pointer if allocation fails during device rename] +CVE-2023-26602 + RESERVED +CVE-2023-26601 + RESERVED +CVE-2023-26600 + RESERVED +CVE-2023-26599 + RESERVED +CVE-2023-26598 + RESERVED +CVE-2023-26588 + RESERVED +CVE-2023-26584 + RESERVED +CVE-2023-26583 + RESERVED +CVE-2023-26582 + RESERVED +CVE-2023-26581 + RESERVED +CVE-2023-26580 + RESERVED +CVE-2023-26579 + RESERVED +CVE-2023-26578 + RESERVED +CVE-2023-26577 + RESERVED +CVE-2023-26576 + RESERVED +CVE-2023-26575 + RESERVED +CVE-2023-26574 + RESERVED +CVE-2023-26573 + RESERVED +CVE-2023-26572 + RESERVED +CVE-2023-26571 + RESERVED +CVE-2023-26570 + RESERVED +CVE-2023-26569 + RESERVED +CVE-2023-26568 + RESERVED +CVE-2023-26567 + RESERVED +CVE-2023-26566 + RESERVED +CVE-2023-26565 + RESERVED +CVE-2023-26564 + RESERVED +CVE-2023-26563 + RESERVED +CVE-2023-26562 + RESERVED +CVE-2023-26561 + RESERVED +CVE-2023-26560 + RESERVED +CVE-2023-26559 + RESERVED +CVE-2023-26558 + RESERVED +CVE-2023-26557 + RESERVED +CVE-2023-26556 + RESERVED +CVE-2023-26555 + RESERVED +CVE-2023-26554 + RESERVED +CVE-2023-26553 + RESERVED +CVE-2023-26552 + RESERVED +CVE-2023-26551 + RESERVED +CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...) + TODO: check +CVE-2023-26549 + RESERVED +CVE-2023-26548 + RESERVED +CVE-2023-26547 + RESERVED +CVE-2023-26546 + RESERVED +CVE-2023-24544 + RESERVED +CVE-2023-24464 + RESERVED +CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...) + TODO: check +CVE-2023-1046 (A vulnerability classified as critical has been found in MuYuCMS 2.2. ...) + TODO: check +CVE-2023-1045 (A vulnerability was found in MuYuCMS 2.2. It has been rated as problem ...) + TODO: check +CVE-2023-1044 (A vulnerability was found in MuYuCMS 2.2. It has been declared as prob ...) + TODO: check +CVE-2023-1043 (A vulnerability was found in MuYuCMS 2.2. It has been classified as pr ...) + TODO: check +CVE-2023-1042 (A vulnerability has been found in SourceCodester Online Pet Shop We Ap ...) + TODO: check +CVE-2023-1041 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2023-1040 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2023-1039 (A vulnerability classified as critical was found in SourceCodester Cla ...) + TODO: check +CVE-2023-1038 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2023-1037 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) + TODO: check +CVE-2023-1036 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) + TODO: check +CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) + TODO: check +CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) + TODO: check +CVE-2023-1032 + RESERVED +CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) + TODO: check +CVE-2022-48361 + RESERVED +CVE-2022-48360 + RESERVED +CVE-2022-48359 + RESERVED +CVE-2022-48358 + RESERVED +CVE-2022-48357 + RESERVED +CVE-2022-48356 + RESERVED +CVE-2022-48355 + RESERVED +CVE-2022-48354 + RESERVED +CVE-2022-48353 + RESERVED +CVE-2022-48352 + RESERVED +CVE-2022-48351 + RESERVED +CVE-2022-48350 + RESERVED +CVE-2022-48349 + RESERVED +CVE-2022-48348 + RESERVED +CVE-2022-48347 + RESERVED +CVE-2022-48346 + RESERVED +CVE-2020-36662 + RESERVED +CVE-2015-10087 + RESERVED +CVE-2015-10086 + RESERVED +CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...) - linux NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2) -CVE-2023-26544 [KASAN: use-after-free Read in run_unpack] +CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-26545/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17c629b7 by Salvatore Bonaccorso at 2023-02-26T20:42:12+01:00 Add CVE-2023-26545/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-26545 [net: mpls: fix stale pointer if allocation fails during device rename] + - linux + NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2) CVE-2023-26544 [KASAN: use-after-free Read in run_unpack] - linux (unimportant) [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c629b7dae374e05eaa09960f41e9c10c7fe1a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c629b7dae374e05eaa09960f41e9c10c7fe1a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-26544/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d7aa45d by Salvatore Bonaccorso at 2023-02-26T20:39:28+01:00 Add CVE-2023-26544/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023-26544 [KASAN: use-after-free Read in run_unpack] + - linux (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2023/2/20/128 + NOTE: NTFS3 driver not enabled in Debian. CVE-2023-1031 RESERVED CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7aa45d9e944aa02e37f8d31b8fb3aae42c2ee5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7aa45d9e944aa02e37f8d31b8fb3aae42c2ee5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add as well Debian downstream reference for memory leak for original patch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ca01020 by Salvatore Bonaccorso at 2023-02-26T20:31:08+01:00 Add as well Debian downstream reference for memory leak for original patch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -968,6 +968,7 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817 NOTE: Original fix introduced memory leak: + NOTE: https://bugs.debian.org/1031888 NOTE: https://debbugs.gnu.org/61819 NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14 CVE-2023-26213 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca010200529582590990ab777a20294c07b63fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca010200529582590990ab777a20294c07b63fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Devices affected by CVE-2021-2323 and CVE-2021-44545 are not supported by...
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 10a39f85 by Tobias Frost at 2023-02-26T20:15:02+01:00 Devices affected by CVE-2021-2323 and CVE-2021-44545 are not supported by busters kernel. (Firmware files also not present in firmware-nonfree) Affected devices: (via https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html) CVE-2021-44545 Intel® Wi-Fi 6E AX411 Intel® Wi-Fi 6E AX211 Intel® Wi-Fi 6E AX210 Intel® Wi-Fi 6 AX201 Intel® Wi-Fi 6 AX200 CVE-2021-23223 Intel® Wi-Fi 6E AX411 Intel® Wi-Fi 6E AX211 Intel® Wi-Fi 6E AX210 Support for above devices was added with kernel 5.10+ (See https://wireless.wiki.kernel.org/en/users/drivers/iwlwifi) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -96978,6 +96978,7 @@ CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and ear CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) + [buster] - firmware-nonfree (Affected devices not supported by buster's kernel) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd @@ -98031,6 +98032,7 @@ CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVI CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...) - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) + [buster] - firmware-nonfree (Affected devices not supported by buster's kernel) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a39f859df4cbc82c57f074c86042049f09e7fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a39f859df4cbc82c57f074c86042049f09e7fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-48337: Add note about memory leak in original fix
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: aba6e210 by Adrian Bunk at 2023-02-26T20:39:28+02:00 CVE-2022-48337: Add note about memory leak in original fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -967,6 +967,9 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via - emacs 1:28.2+1-11 (bug #1031730) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817 + NOTE: Original fix introduced memory leak: + NOTE: https://debbugs.gnu.org/61819 + NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14 CVE-2023-26213 RESERVED CVE-2023-26212 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba6e21048a9db55cd07c31c9dc51827c8d3e274 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba6e21048a9db55cd07c31c9dc51827c8d3e274 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add nodejs to dsa-needed and claim it
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 78465ba7 by Aron Xu at 2023-02-27T01:35:03+08:00 add nodejs to dsa-needed and claim it - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -32,6 +32,8 @@ multipath-tools (carnil) Issue with the upload; has a hard dependency on systemd for systemd-tmpfiles, as systemd-standalone-tmpfiles is unavailable for bullseye. Should we ignore this? -- +nodejs (aron) +-- php-cas -- php-horde-mime-viewer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qtbase-opensource-src-gles n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ebfcb7ff by Moritz Muehlenhoff at 2023-02-26T17:13:24+01:00 qtbase-opensource-src-gles n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5455,8 +5455,7 @@ CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Minor issue) - qt6-base 6.4.2+dfsg-6 (bug #1031871) - - qtbase-opensource-src-gles (bug #1031873) - [bullseye] - qtbase-opensource-src-gles (Minor issue) + - qtbase-opensource-src-gles (GLES build only ships libqt5gui5, not the DB modules, see #1031873) NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin NOTE: https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d (6.4) NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfcb7ffa4a2b76cc85f8ec10f94a287b6ce5dfc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfcb7ffa4a2b76cc85f8ec10f94a287b6ce5dfc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-25193/harfbuzz
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a20cf54 by Salvatore Bonaccorso at 2023-02-26T16:25:01+01:00 Update information for CVE-2023-25193/harfbuzz - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3903,7 +3903,9 @@ CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attack - harfbuzz (bug #1030612) [bullseye] - harfbuzz (Minor issue) [buster] - harfbuzz (Minor issue) - NOTE: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc + NOTE: Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc + NOTE: Reverted: https://github.com/harfbuzz/harfbuzz/commit/661050b4659ee490dfe622821bc7fde7d1c40510 + NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8 (7.0.0) CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...) NOT-FOR-US: Gimmie CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a20cf54b206062036da4e2b2635f0fb1623c7c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a20cf54b206062036da4e2b2635f0fb1623c7c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Pinpoint upstream tag introducing issue for CVE-2022-48338
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a4cea97 by Salvatore Bonaccorso at 2023-02-26T15:08:47+01:00 Pinpoint upstream tag introducing issue for CVE-2022-48338 - - - - - 055fe529 by Salvatore Bonaccorso at 2023-02-26T15:08:47+01:00 Prefix fixing commits reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -953,19 +953,19 @@ CVE-2022-48331 CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) - NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295 CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) [buster] - emacs (Vulnerable code introduced later) - NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268 - NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (27.1) + NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (emacs-27.0.90) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) - NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817 CVE-2023-26213 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e6feb8bc4931f8841732b76c6e31a8a60ed1361...055fe5293e11e02a87c79e2575af3302db5f9483 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e6feb8bc4931f8841732b76c6e31a8a60ed1361...055fe5293e11e02a87c79e2575af3302db5f9483 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim spip in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e6feb8b by Guilhem Moulin at 2023-02-26T15:05:15+01:00 LTS: claim spip in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -293,7 +293,7 @@ samba (Lee Garrett) NOTE: 20220904: Special attention: High popcon! Used in many servers. NOTE: 20220904: Many postponed or open CVE in general. (apo) -- -spip +spip (guilhem) NOTE: 20230206: Programming language: PHP. NOTE: 20230206: Special attention: Please contact maintainer regarding VCS usage NOTE: 20230206: VCS: https://salsa.debian.org/debian/spip.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6feb8bc4931f8841732b76c6e31a8a60ed1361 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e6feb8bc4931f8841732b76c6e31a8a60ed1361 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim firmware-nonfree in dla-needed.txt
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c0b0c0e by Tobias Frost at 2023-02-26T14:32:28+01:00 LTS: claim firmware-nonfree in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -48,7 +48,7 @@ erlang NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used. -- -firmware-nonfree +firmware-nonfree (tobi) NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. NOTE: 20221204: Coming soon in the first week of December. (apo) NOTE: 20221211: Programming language: Binary blob @@ -99,7 +99,7 @@ imagemagick (Adrian Bunk) NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git NOTE: 20220904: Should be synced with Stretch. (apo) NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to work. (roberto) - NOTE: 20230220: roberto put his work in lts-team/packages/imagemagick.git on Salsa so far on the debian/buster branch. He also pushed the related commits on the upstream and pristine-tar branches. + NOTE: 20230220: roberto put his work in lts-team/packages/imagemagick.git on Salsa so far on the debian/buster branch. He also pushed the related commits on the upstream and pristine-tar branches. -- intel-microcode View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0b0c0eaee3b45e9a787a84953d14ee3334ee8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0b0c0eaee3b45e9a787a84953d14ee3334ee8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for apr-util update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c432d77a by Salvatore Bonaccorso at 2023-02-26T14:20:11+01:00 Reserve DSA number for apr-util update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[26 Feb 2023] DSA-5364-1 apr-util - security update + {CVE-2022-25147} + [bullseye] - apr-util 1.6.1-5+deb11u1 [24 Feb 2023] DSA-5363-1 php7.4 - security update {CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2022-31631} [bullseye] - php7.4 7.4.33-1+deb11u3 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -apr-util (carnil) -- apr (carnil) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c432d77ab05099d711c5ea077ca99f53a775d9e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c432d77ab05099d711c5ea077ca99f53a775d9e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add comment for multipath-tools
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96d55eef by Salvatore Bonaccorso at 2023-02-26T14:17:09+01:00 Add comment for multipath-tools - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -31,6 +31,8 @@ netatalk -- multipath-tools (carnil) Tobias Frost proposed a potential update to be reviewed, maintainer reviewed changes, pending ack + Issue with the upload; has a hard dependency on systemd for systemd-tmpfiles, as systemd-standalone-tmpfiles + is unavailable for bullseye. Should we ignore this? -- php-cas -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96d55eef0b823e1d714f03b165b3068c26019048 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96d55eef0b823e1d714f03b165b3068c26019048 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3453f3c0 by security tracker role at 2023-02-26T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7335,6 +7335,7 @@ CVE-2023-0408 CVE-2023-0407 RESERVED CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. 19.6.1, ...) + {DLA-3344-1} - nodejs (bug #1031834) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920 NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1 @@ -30059,7 +30060,7 @@ CVE-2022-43550 (A command injection vulnerability exists in Jitsi before commit CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...) NOT-FOR-US: Veeam CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions 14 ...) - {DSA-5326-1} + {DSA-5326-1 DLA-3344-1} - nodejs 18.12.1+dfsg-1 (bug #1023518) NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 NOTE: https://hackerone.com/reports/1710652 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3453f3c0eb2a30aae7dcaff87ea966cb310dfe4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3453f3c0eb2a30aae7dcaff87ea966cb310dfe4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits