[Git][security-tracker-team/security-tracker][master] Reference fix from upstream for CVE-2023-38472/avahi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d4b440a by Salvatore Bonaccorso at 2023-10-20T22:47:25+02:00 Reference fix from upstream for CVE-2023-38472/avahi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2764,6 +2764,7 @@ CVE-2023-38472 [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/452 + NOTE: https://github.com/lathiat/avahi/pull/490 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38471 - avahi View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d4b440a5be85185dd490e0e07d96eb06c6fbf8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d4b440a5be85185dd490e0e07d96eb06c6fbf8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add pull reference for CVE-2023-38473/avahi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e98094ef by Salvatore Bonaccorso at 2023-10-20T22:46:19+02:00 Add pull reference for CVE-2023-38473/avahi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2756,6 +2756,7 @@ CVE-2023-38473 [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/451 + NOTE: https://github.com/lathiat/avahi/pull/486 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38472 - avahi View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e98094ef809552079e231c585876474e4842febe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e98094ef809552079e231c585876474e4842febe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-46267/roundcube
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1424c9b by Salvatore Bonaccorso at 2023-10-20T22:35:58+02:00 Add CVE-2023-46267/roundcube Note this is a duplicate of CVE-2023-5631 and the two assigning CNAs are contacted to resolve the issue. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -158,7 +158,10 @@ CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation t NOTE: https://gitlab.com/edneville/please/-/issues/13 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...) - TODO: check + - roundcube 1.6.4+dfsg-1 + NOTE: https://github.com/roundcube/roundcubemail/issues/9168 + NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4) + NOTE: Technically a duplicate of CVE-2023-5631, CNAs contacted to resolve duplication CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2023-45823 (Artifact Hub is a web-based application that enables finding, installi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1424c9b0cb37ab8ad8046596a1b44678a5e6ca8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1424c9b0cb37ab8ad8046596a1b44678a5e6ca8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-46287/nagvis
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 564583fc by Salvatore Bonaccorso at 2023-10-20T22:33:23+02:00 Add CVE-2023-46287/nagvis - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,9 @@ CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) - TODO: check + - nagvis 1:1.9.38-1 + NOTE: https://github.com/NagVis/nagvis/pull/356 + NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38) CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) NOT-FOR-US: reconFTW CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564583fcd474723f59d6303aede231bf1c157b3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564583fcd474723f59d6303aede231bf1c157b3b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5686/radare2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d25aa109 by Salvatore Bonaccorso at 2023-10-20T22:29:16+02:00 Add CVE-2023-5686/radare2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,9 @@ CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/mod CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo ...) NOT-FOR-US: mosparo CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - TODO: check + - radare2 + NOTE: https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 + NOTE: https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d25aa109abdfdec041e4805977f6d45fa8dc34c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d25aa109abdfdec041e4805977f6d45fa8dc34c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94f0d9a1 by Salvatore Bonaccorso at 2023-10-20T22:28:11+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) - TODO: check + NOT-FOR-US: Modoboa CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) - TODO: check + NOT-FOR-US: Modoboa CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) - TODO: check + NOT-FOR-US: Modoboa CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo ...) - TODO: check + NOT-FOR-US: mosparo CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) TODO: check CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) TODO: check CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) - TODO: check + NOT-FOR-US: reconFTW CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...) TODO: check CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f0d9a1f5c7f3928f6640fa3751840766976879 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f0d9a1f5c7f3928f6640fa3751840766976879 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbdac71a by security tracker role at 2023-10-20T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository
modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository
modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository
mosparo/mosparo ...)
+ TODO: check
+CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
+ TODO: check
+CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in
share/se ...)
+ TODO: check
+CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a
target dom ...)
+ TODO: check
+CVE-2023-45805 (pdm is a Python package and dependency manager supporting the
latest P ...)
+ TODO: check
+CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior
to 2.2. ...)
+ TODO: check
+CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in
Fortinet Fort ...)
+ TODO: check
+CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected
Cross-Site Scri ...)
+ TODO: check
+CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected
Cross- ...)
+ TODO: check
+CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version
4.3.1 and ...)
+ TODO: check
+CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was
discovered to ...)
+ TODO: check
+CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU
(Time-of-check Tim ...)
+ TODO: check
+CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege
escalation ...)
+ TODO: check
+CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior
to 13.5) ...)
+ TODO: check
CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception]
- linux
[bullseye] - linux (Vulnerable code not present)
@@ -1535,6 +1573,7 @@ CVE-2023-27380 (An OS command injection vulnerability
exists in the admin.cgi US
CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd
nvram.cgi f ...)
NOT-FOR-US: Yifan
CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability
in Apac ...)
+ {DLA-3624-1}
- zookeeper (bug #1054224)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4
NOTE:
https://github.com/apache/zookeeper/commit/e2070bed85d8b0c98a5a0045bf92421f473c412e
(master)
@@ -27366,7 +27405,7 @@ CVE-2023-1906 (A heap-based buffer overflow issue was
discovered in ImageMagick'
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
(ImageMagick 6.9.12-84)
CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to
1.10.5. ...)
+CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to
1.10.5 o ...)
NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to
2.6 on Wo ...)
NOT-FOR-US: WordPress plugin
@@ -33774,11 +33813,11 @@ CVE-2017-20180 (A vulnerability classified as
critical has been found in Zerocoi
NOT-FOR-US: Zerocoin libzerocoin
CVE-2015-10095 (A vulnerability classified as problematic has been found in
woo-popup ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97. It has
been rat ...)
+CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97 on
WordPress. It ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin
1.0.0/1.0.1. ...)
+CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin
1.0.0/1.0.1 o ...)
NOT-FOR-US: Mark User as Spammer Plugin
-CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to
1.1.16. It h ...)
+CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to
1.1.16 on Wo ...)
NOT-FOR-US: Qtranslate Slug Plugin
CVE-2015-10091 (A vulnerability has been found in ByWater Solutions
bywater-koha-xslt
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45853/zlib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54fa3eb4 by Salvatore Bonaccorso at 2023-10-20T21:51:10+02:00 Add Debian bug reference for CVE-2023-45853/zlib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1054,7 +1054,7 @@ CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachmen CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) NOT-FOR-US: qdPM CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) - - zlib + - zlib (bug #1054290) NOTE: https://github.com/madler/zlib/pull/843 NOTE: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fa3eb48ec6f8dafccbc2f65cc0e513bc64986a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fa3eb48ec6f8dafccbc2f65cc0e513bc64986a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-45802
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0360bb34 by Salvatore Bonaccorso at 2023-10-20T21:38:24+02:00 Add reference for CVE-2023-45802 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -217,6 +217,7 @@ CVE-2023-45802 - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 + NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802 CVE-2023-43622 - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0360bb3403b28b6e802f9aa9f17b4107c9d902c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0360bb3403b28b6e802f9aa9f17b4107c9d902c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5090/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51061fc4 by Salvatore Bonaccorso at 2023-10-20T21:31:45+02:00 Add CVE-2023-5090/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b65235f6e102354ccafda601eaa1c5bef5284d21 CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5656 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51061fc489177e5a7f3b8985296b7393f12a96e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51061fc489177e5a7f3b8985296b7393f12a96e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-33065/libsndfile
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 876ed6eb by Salvatore Bonaccorso at 2023-10-20T21:21:56+02:00 Reference upstream commit for CVE-2022-33065/libsndfile - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -96781,6 +96781,7 @@ CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in [buster] - libsndfile (Minor issue) NOTE: https://github.com/libsndfile/libsndfile/issues/833 NOTE: https://github.com/libsndfile/libsndfile/issues/789 + NOTE: https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...) - libsndfile (bug #1051890) [bookworm] - libsndfile (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/876ed6ebc0dae0bdbc698463e6284035adab2752 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/876ed6ebc0dae0bdbc698463e6284035adab2752 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-46228/zchunk via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9dd8090a by Salvatore Bonaccorso at 2023-10-20T21:18:20+02:00 Track fixed version for CVE-2023-46228/zchunk via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -336,7 +336,7 @@ CVE-2023-4645 (The Ad Inserter for WordPress is vulnerable to Sensitive Informat CVE-2023-46229 (LangChain before 0.0.317 allows SSRF via document_loaders/recursive_ur ...) NOT-FOR-US: LanChain-ai Langchain CVE-2023-46228 (zchunk before 1.3.2 has multiple integer overflows via malformed zchun ...) - - zchunk (bug #1054235) + - zchunk 1.3.2+ds1-1 (bug #1054235) NOTE: https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe (1.3.2) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216268 CVE-2023-45958 (Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dd8090aeef599c117b83da43793452a2bd3f8bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dd8090aeef599c117b83da43793452a2bd3f8bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46277/rust-pleaser
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee5cfea2 by Salvatore Bonaccorso at 2023-10-20T21:14:32+02:00 Add Debian bug reference for CVE-2023-46277/rust-pleaser - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107,7 +107,7 @@ CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to S CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...) - - rust-pleaser + - rust-pleaser (bug #1054289) NOTE: https://gitlab.com/edneville/please/-/issues/13 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5cfea287ad8b429e38df6a4b11f4c574bbed97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5cfea287ad8b429e38df6a4b11f4c574bbed97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-44487/h2o via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9b896ab by Salvatore Bonaccorso at 2023-10-20T21:13:09+02:00 Track fixed version for CVE-2023-44487/h2o via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2091,7 +2091,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource - tomcat9 9.0.70-2 - tomcat10 10.1.14-1 - trafficserver (bug #1053801) - - h2o (bug #1054232) + - h2o 2.2.5+dfsg2-8 (bug #1054232) - haproxy 1.8.13-1 - nginx 1.24.0-2 (unimportant; bug #1053770) - nghttp2 1.57.0-1 (bug #1053769) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b896ab9fbd3978dac93e5cad691ccf90385fd4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b896ab9fbd3978dac93e5cad691ccf90385fd4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Slightly redact information on CVE-2023-30847
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 807b40cd by Salvatore Bonaccorso at 2023-10-20T21:04:35+02:00 Slightly redact information on CVE-2023-30847 No need to replicate twice the GHSA-p5hj-phwj-hrvx link. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23323,13 +23323,11 @@ CVE-2023-30849 (Pimcore is an open source data and experience management platfor CVE-2023-30848 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30847 (H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the rev ...) - - h2o (versions up to 2.2.6 not affected) + - h2o (Vulnerable code not present before 2.2.6 upstream) NOTE: Fixed by: https://github.com/h2o/h2o/commit/a70af675328dda438ecd9d8a1673c1715fd93cc7 NOTE: Fixed by: https://github.com/h2o/h2o/commit/5f57d505514e937d13787b1f408837cb9197e2b2 NOTE: https://github.com/h2o/h2o/pull/3229 NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx - NOTE: https://github.com/h2o/h2o/commit/f2d9056ba5004000755a5a7adccd27d0d79d83da has done a major refactoring, but issue possibly present before - NOTE: versions up to 2.2.6 not affected (May 15 2023). Never been in Debian. https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...) NOT-FOR-US: typed-rest-client CVE-2023-30845 (ESPv2 is a service proxy that provides API management capabilities usi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/807b40cdd0f3422b0d1a85449b51d3a9de3deac6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/807b40cdd0f3422b0d1a85449b51d3a9de3deac6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference apache2 advisories with upstream details
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f96ee0d1 by Salvatore Bonaccorso at 2023-10-20T21:01:03+02:00 Reference apache2 advisories with upstream details - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -211,9 +211,11 @@ CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is CVE-2023-45802 - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 CVE-2023-43622 - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622 CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...) NOT-FOR-US: React Developer Tools extension CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of user-supplied d ...) @@ -22515,6 +22517,7 @@ CVE-2023-31122 RESERVED - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 CVE-2023-31121 RESERVED CVE-2023-31120 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96ee0d18ad02b77fa6db49bf09f29f2fa6614d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96ee0d18ad02b77fa6db49bf09f29f2fa6614d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new rust-pleaser issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 254e6fb4 by Moritz Mühlenhoff at 2023-10-20T18:38:14+02:00 new rust-pleaser issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107,7 +107,9 @@ CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to S CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...) - TODO: check + - rust-pleaser + NOTE: https://gitlab.com/edneville/please/-/issues/13 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...) TODO: check CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/254e6fb4266880ffab643c120922780a6bc5f176 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/254e6fb4266880ffab643c120922780a6bc5f176 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 99af4cf5 by Moritz Mühlenhoff at 2023-10-20T18:36:31+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,211 +1,211 @@ CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5656 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5655 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5647 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5646 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4947 (The WooCommerce
[Git][security-tracker-team/security-tracker][master] Update note for Django.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b7b1c03 by Chris Lamb at 2023-10-20T16:40:28+01:00 Update note for Django. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -170,6 +170,8 @@ phppgadmin (Chris Lamb) python-django (Chris Lamb) NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk) + NOTE: 20231020: ^ CVE-2021-28658, CVE-2021-31542, CVE-2021-33203 & CVE-2021-33571. (lamby) + NOTE: 20231020: Also now vulnerable to CVE-2023-43665. (lamby) -- python-glance-store NOTE: 20230525: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b7b1c03177004e70d128a4ae0ff24889777ca4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b7b1c03177004e70d128a4ae0ff24889777ca4e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3624-1 for zookeeper
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b806af77 by Chris Lamb at 2023-10-20T16:24:06+01:00
Reserve DLA-3624-1 for zookeeper
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[20 Oct 2023] DLA-3624-1 zookeeper - security update
+ {CVE-2023-44981}
+ [buster] - zookeeper 3.4.13-2+deb10u1
[19 Oct 2023] DLA-3623-1 linux-5.10 - security update
{CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380 CVE-2023-2002
CVE-2023-2007 CVE-2023-2124 CVE-2023-2269 CVE-2023-2898 CVE-2023-3090
CVE-2023-3111 CVE-2023-3141 CVE-2023-3212 CVE-2023-3268 CVE-2023-3338
CVE-2023-3389 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773
CVE-2023-3776 CVE-2023-3863 CVE-2023-4004 CVE-2023-4128 CVE-2023-4132
CVE-2023-4147 CVE-2023-4194 CVE-2023-4244 CVE-2023-4273 CVE-2023-4622
CVE-2023-4623 CVE-2023-4921 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400
CVE-2023-31084 CVE-2023-34256 CVE-2023-34319 CVE-2023-35788 CVE-2023-35823
CVE-2023-35824 CVE-2023-40283 CVE-2023-42753 CVE-2023-42755 CVE-2023-42756}
[buster] - linux-5.10 5.10.197-1~deb10u1
=
data/dla-needed.txt
=
@@ -236,6 +236,3 @@ trafficserver
zabbix
NOTE: 20231015: Added by Front-Desk (ta)
--
-zookeeper (Chris Lamb)
- NOTE: 20231014: Added by Front-Desk (ta)
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b806af77b2095380d837f2fca86bab6919ab83bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b806af77b2095380d837f2fca86bab6919ab83bd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9491a8a by security tracker role at 2023-10-20T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,211 @@ +CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-5656 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) + TODO: check +CVE-2023-5655 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2023-5647 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...) + TODO: check +CVE-2023-5646 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...) + TODO: check +CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) + TODO: check +CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...) + TODO: check +CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) + TODO: check +CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...) + TODO: check +CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...) + TODO: check +CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...) + TODO: check +CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + TODO: check +CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + TODO: check +CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...) + TODO: check +CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) + TODO: check +CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2023-4947 (The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-4943 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + TODO: check +CVE-2023-4942 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4941 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + TODO: check +CVE-2023-4940 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4937 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4935 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4926 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4924 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + TODO: check +CVE-2023-4923 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + TODO: check +CVE-2023-4920
[Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5527-2
Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebba11c6 by Alberto Garcia at 2023-10-20T08:36:00+02:00
webkit2gtk DSA-5527-2
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,5 @@
+[20 Oct 2023] DSA-5527-2 webkit2gtk - regression update
+ [bullseye] - webkit2gtk 2.42.1-1~deb11u2
[17 Oct 2023] DSA-5529-1 slurm-wlm - security update
{CVE-2023-41914}
[bookworm] - slurm-wlm 22.05.8-4+deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebba11c6dbbaed4b8a90549e2eec04ceb69edfd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebba11c6dbbaed4b8a90549e2eec04ceb69edfd8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
