[Git][security-tracker-team/security-tracker][master] chromium dsa
Andres Salomon pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5831ba74 by Andres Salomon at 2024-02-23T01:06:04-05:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[23 Feb 2024] DSA-5629-1 chromium - security update
+ {CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673
CVE-2024-1674 CVE-2024-1675 CVE-2024-1676}
+ [bookworm] - chromium 122.0.6261.57-1~deb12u1
[22 Feb 2024] DSA-5628-1 imagemagick - security update
{CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428
CVE-2023-5341 CVE-2023-34151}
[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u3
=
data/dsa-needed.txt
=
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
cacti
--
-chromium (dilinger)
---
composer (seb)
Maintainer prepared an update for bookworm, but needs more time for bullseye
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5831ba740e702411d58a48deba43adb29bae1014
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5831ba740e702411d58a48deba43adb29bae1014
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional version tracking notes for new ruby-rack issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9547f5ac by Salvatore Bonaccorso at 2024-02-23T06:47:52+01:00 Add additional version tracking notes for new ruby-rack issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,13 @@ CVE-2024-26141 [Reject Range headers which are too large] - ruby-rack + NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 NOTE: https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) CVE-2024-25126 [Fixed ReDoS in Content Type header parsing] - ruby-rack + NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 CVE-2024-26146 [Fixed ReDoS in Accept header parsing] - ruby-rack + NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 NOTE: https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) CVE-2024-26592 - linux 6.6.15-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9547f5ac92dc186bbd81ea25b340ec0e82520a87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9547f5ac92dc186bbd81ea25b340ec0e82520a87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new ruby-rack CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 159e03af by Salvatore Bonaccorso at 2024-02-23T06:44:06+01:00 Add new ruby-rack CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-26141 [Reject Range headers which are too large] + - ruby-rack + NOTE: https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) +CVE-2024-25126 [Fixed ReDoS in Content Type header parsing] + - ruby-rack +CVE-2024-26146 [Fixed ReDoS in Accept header parsing] + - ruby-rack + NOTE: https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) CVE-2024-26592 - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159e03af511e5a75cf46b365e0befe93c7d15341 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159e03af511e5a75cf46b365e0befe93c7d15341 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: update cacti status
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: eda6d880 by Sylvain Beucler at 2024-02-22T23:23:58+01:00 dla: update cacti status - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,6 +47,8 @@ cacti (Sylvain Beucler) NOTE: 20240123: Backport patches, report duplicate to MITRE (CVE-2023-50569) (Beuc) NOTE: 20240131: Tidy https://salsa.debian.org/debian/cacti/-/tree/buster?ref_type=heads (Beuc) NOTE: 20240219: Backport patches, update patch commits (Beuc) + NOTE: 20240222: Coordinating with maintainer to prepare bullseye updates (Beuc) + NOTE: 20240222: Reported incomplete fix upstream (Beuc) -- cairosvg NOTE: 20230323: Added by Front-Desk (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eda6d8808332b2be4c08488bef5d99a42289ffc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eda6d8808332b2be4c08488bef5d99a42289ffc1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add some fixing commits for bind9 issues
Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b7664c8 by Santiago Ruano Rincón at 2024-02-22T18:52:05-03:00
Add some fixing commits for bind9 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2245,6 +2245,8 @@ CVE-2023-4408 (The DNS message parsing code in `named`
includes a section whose
{DSA-5621-1}
- bind9 1:9.19.21-1
NOTE: https://kb.isc.org/docs/cve-2023-4408
+ NOTE:
https://gitlab.isc.org/isc-projects/bind9/-/commit/0bbb0065e63c3231b320bd20d1121aed6c4d00d8
(9.16)
+ NOTE:
https://gitlab.isc.org/isc-projects/bind9/-/commit/f397ff5bb81413004fa6367f63a833fe70a3ac59
(9.16)
CVE-2023-5517 (A flaw in query-handling code can cause `named` to exit
prematurely wi ...)
{DSA-5621-1}
- bind9 1:9.19.21-1
@@ -2275,6 +2277,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS
protocol (in RFC 4033, 4034, 4
NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae
(release-1.19.1)
+ NOTE:
https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614
and four previous commits (bind9 9.16)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC
5155 whe ...)
{DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1}
- bind9 1:9.19.21-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b7664c8d9bdee2d9cec58cc3db3c30c3ff68e56
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b7664c8d9bdee2d9cec58cc3db3c30c3ff68e56
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e020bdd9 by Salvatore Bonaccorso at 2024-02-22T22:47:32+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-26592 + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/38d20c62903d669693a1869aa68c4dd5674e2544 (6.8-rc1) +CVE-2023-52446 + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90 (6.8-rc1) CVE-2024-26588 [LoongArch: BPF: Prevent out-of-bounds memory access] - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e020bdd95fed021b8a48041a195715335fa9c73f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e020bdd95fed021b8a48041a195715335fa9c73f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e0c4100 by Salvatore Bonaccorso at 2024-02-22T22:31:08+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,82 @@ +CVE-2024-26588 [LoongArch: BPF: Prevent out-of-bounds memory access] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/36a87385e31c9343af9a4756598e704741250a67 (6.8-rc1) +CVE-2024-26587 [net: netdevsim: don't try to destroy PHC on VFs] + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ea937f77208323d35ffe2f8d8fc81b00118bfcda (6.8-rc1) +CVE-2024-26586 [mlxsw: spectrum_acl_tcam: Fix stack corruption] + - linux 6.6.15-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/483ae90d8f976f8339cf81066312e1329f2d3706 (6.8-rc1) +CVE-2024-26591 [bpf: Fix re-attachment branch in bpf_tracing_prog_attach] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/715d82ba636cb3629a6e18a33bb9dbe53f9936ee (6.8-rc1) +CVE-2023-52451 [powerpc/pseries/memhp: Fix access beyond end of drmem array] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5 (6.8-rc1) +CVE-2023-52452 [bpf: Fix accesses to uninit stack slots] + - linux 6.6.15-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6b4a64bafd107e521c01eec3453ce94a3fb38529 (6.8-rc1) +CVE-2023-52450 [perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()] + - linux 6.6.15-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1692cf434ba13ee212495b5af795b6a07e986ce4 (6.8-rc1) +CVE-2023-52448 [gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa (6.8-rc1) +CVE-2023-52449 [mtd: Fix gluebi NULL pointer dereference caused by ftl notifier] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6 (6.8-rc1) +CVE-2023-52447 [bpf: Defer the free of inner map when necessary] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/876673364161da50eed6b472d746ef88242b2368 (6.8-rc1) +CVE-2023-52445 [media: pvrusb2: fix use after free on context disconnection] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/ded85b0c0edd8f45fec88783d7555a5b982449c1 (6.8-rc1) +CVE-2023-52444 [f2fs: fix to avoid dirent corruption] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/53edb549565f55ccd0bdf43be3d66ce4c2d48b28 (6.8-rc1) +CVE-2024-26590 [erofs: fix inconsistent per-file compression format] + - linux 6.6.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/118a8cf504d7dfa519562d000f423ee3ca75d2c4 (6.8-rc1) +CVE-2024-26589 [bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed (6.8-rc1) +CVE-2023-52443 [apparmor: avoid crash when parsed profile name is empty] + - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 + [bullseye] - linux 5.10.209-1 + NOTE: https://git.kernel.org/linus/55a8210c9e7d21ff2644809699765796d4bfb200 (6.8-rc1) CVE-2024-26578 NOT-FOR-US: Apache Answer CVE-2024-23349 View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Adjust not-affected note for CVE-2023-5679
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2e212c1 by Salvatore Bonaccorso at 2024-02-22T21:13:08+01:00
Adjust not-affected note for CVE-2023-5679
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2161,7 +2161,7 @@ CVE-2023-5517 (A flaw in query-handling code can cause
`named` to exit premature
CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause
`named` to c ...)
{DSA-5621-1}
- bind9 1:9.19.21-1
- [buster] - bind9 (Vulnerable code only in 9.16.y series)
+ [buster] - bind9 (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2023-5679
CVE-2023-6516 (To keep its cache database efficient, `named` running as a
recursive r ...)
- bind9 1:9.17.19-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e212c1c1f0ffd2da839596b9319a0b147f74ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e212c1c1f0ffd2da839596b9319a0b147f74ca
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Pinpoint upstream version for CVE-2024-1597 commits
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eeb65677 by Salvatore Bonaccorso at 2024-02-22T21:09:04+01:00 Pinpoint upstream version for CVE-2024-1597 commits - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -933,12 +933,12 @@ CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...) - libpgjava 42.7.2-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 - NOTE: https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (master) - NOTE: https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee (master) - NOTE: https://github.com/pgjdbc/pgjdbc/commit/1b1d6b53eca90409af0069d5327d4fdf8d40a255 (release/42.5.x) - NOTE: https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5 (release/42.5.x) - NOTE: https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (release/42.2) - NOTE: https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (release/42.2) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (REL42.7.2) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee (REL42.7.2) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/1b1d6b53eca90409af0069d5327d4fdf8d40a255 (REL42.5.5) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5 (REL42.5.5) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (REL42.2.28) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (REL42.2.28) CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding ...) - dav1d 1.4.0-1 (bug #1064310) NOTE: https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51 (1.4.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb6567763097986b9448fcd6bc6760b4da43ccc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb6567763097986b9448fcd6bc6760b4da43ccc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f4f4c51 by Moritz Muehlenhoff at 2024-02-22T20:20:33+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-26578 + NOT-FOR-US: Apache Answer +CVE-2024-23349 + NOT-FOR-US: Apache Answer +CVE-2024-22393 + NOT-FOR-US: Apache Answer CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...) NOT-FOR-US: Veritas CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f4c51835e00ae51e6e4553424828951ce8cad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f4c51835e00ae51e6e4553424828951ce8cad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] imagemagick DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7be9fc49 by Moritz Mühlenhoff at 2024-02-22T19:52:46+01:00
imagemagick DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -50948,8 +50948,6 @@ CVE-2023-1907
RESERVED
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in
ImageMagick's Imp ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
- [bookworm] - imagemagick (Minor issue)
- [bullseye] - imagemagick (Minor issue)
[buster] - imagemagick (Vulnerable code introduced later)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
(ImageMagick 6.9.12-84)
@@ -56193,8 +56191,6 @@ CVE-2023-1290 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially
create ...)
- imagemagick 8:6.9.12.98+dfsg1-2
- [bookworm] - imagemagick (Minor issue)
- [bullseye] - imagemagick (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
(7.1.1-0)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
(6.9.12-78)
@@ -121847,8 +121843,6 @@ CVE-2022-32547 (In ImageMagick, there is load of
misaligned address for type 'do
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
(6.9.12-45)
CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw
ouccers a ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
- [bookworm] - imagemagick (Minor issue)
- [bullseye] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158
(7.1.1-10)
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512
(6.9.12-88)
@@ -135373,8 +135367,6 @@ CVE-2022-1116 (Integer Overflow or Wraparound
vulnerability in io_uring of Linux
- linux (Vulnerable code not present; introduced in
5.4.24; fixed in 5.4.189)
CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s
PushShortP ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
- [bookworm] - imagemagick (Minor issue)
- [bullseye] - imagemagick (Minor issue)
[buster] - imagemagick (code is introduced later)
[stretch] - imagemagick (code is introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
@@ -188329,8 +188321,6 @@ CVE-2021-3611 (A stack overflow vulnerability was
found in the Intel HD Audio de
CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in
ImageMagick in ...)
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
- [bookworm] - imagemagick (Minor issue)
- [bullseye] - imagemagick (Minor issue)
[buster] - imagemagick (Vulnerable code introduced later)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
NOTE: ImageMagick6 prerequisite for <= 6.9.10-92:
https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[22 Feb 2024] DSA-5628-1 imagemagick - security update
+ {CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428
CVE-2023-5341 CVE-2023-34151}
+ [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u3
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1
[21 Feb 2024] DSA-5627-1 firefox-esr - security update
{CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550
CVE-2024-1551 CVE-2024-1552 CVE-2024-1553}
[bullseye] - firefox-esr 115.8.0esr-1~deb11u1
=
data/dsa-needed.txt
=
@@ -35,8 +35,6 @@ gtkwave
--
h2o (jmm)
--
-imagemagick (jmm)
---
iwd (carnil)
--
libreswan (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c
You're
[Git][security-tracker-team/security-tracker][master] lts: add thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b41cf60 by Emilio Pozuelo Monfort at 2024-02-22T19:36:59+01:00 lts: add thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -280,6 +280,10 @@ suricata NOTE: 20231016: Still reviewing+testing CVEs. (bunk) NOTE: 20231120: DLA coming soon. (bunk) -- +thunderbird + NOTE: 20240222: Added by Front-Desk (pochu) + NOTE: 20240222: send DLA after maintainer uploads 115.8.0 +-- tiff NOTE: 20231231: Added by Front-Desk (lamby) NOTE: 20231231: CVE-2023-3576 already fixed in bullseye via DSA or point release(s). (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b41cf60d5d814dee838af8c8a2bdff7b78b6dee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b41cf60d5d814dee838af8c8a2bdff7b78b6dee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f82bb5a by Emilio Pozuelo Monfort at 2024-02-22T19:35:15+01:00 lts: take firefox-esr - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -94,6 +94,9 @@ engrampa exiftags NOTE: 20240121: Added by Front-Desk (apo) -- +firefox-esr (Emilio) + NOTE: 20240222: Added by Front-Desk (pochu) +-- freeimage NOTE: 20240121: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f82bb5afa8fde2fc0cf8f72e00fa9b2606f3d8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f82bb5afa8fde2fc0cf8f72e00fa9b2606f3d8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-5679/bind9/buster as not affected
Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4396c971 by Santiago Ruano Rincón at 2024-02-22T15:07:44-03:00
Mark CVE-2023-5679/bind9/buster as not affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2155,6 +2155,7 @@ CVE-2023-5517 (A flaw in query-handling code can cause
`named` to exit premature
CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause
`named` to c ...)
{DSA-5621-1}
- bind9 1:9.19.21-1
+ [buster] - bind9 (Vulnerable code only in 9.16.y series)
NOTE: https://kb.isc.org/docs/cve-2023-5679
CVE-2023-6516 (To keep its cache database efficient, `named` running as a
recursive r ...)
- bind9 1:9.17.19-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4396c9718c6c36063849f7dc402740e1274ca597
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4396c9718c6c36063849f7dc402740e1274ca597
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-39360/cacti: precise note again
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79e1fa5a by Sylvain Beucler at 2024-02-22T18:26:28+01:00
CVE-2023-39360/cacti: precise note again
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -30371,7 +30371,7 @@ CVE-2023-39360 (Cacti is an open source operational
monitoring and fault managem
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
NOTE: Initial fix:
https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
(release/1.2.25)
NOTE: Final fix:
https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa
(release/1.2.25)
- NOTE: Attack is usually blocked by browser CORS/CSP policies before
https://github.com/Cacti/cacti/commit/137340264ac550d060ef17c4d0794fa4abae1c26
(release/1.2.23)
+ NOTE: PoC doesn't seem to trigger without
https://github.com/Cacti/cacti/commit/137340264ac550d060ef17c4d0794fa4abae1c26
(release/1.2.23)
CVE-2023-39359 (Cacti is an open source operational monitoring and fault
management fr ...)
{DSA-5550-1}
- cacti 1.2.25+ds1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79e1fa5a8ad748d48aa852d78507f6456b99934e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79e1fa5a8ad748d48aa852d78507f6456b99934e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-49088,CVE-2023-50250/cacti: another follow-up commit
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0470d1be by Sylvain Beucler at 2024-02-22T18:00:36+01:00 CVE-2023-49088,CVE-2023-50250/cacti: another follow-up commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11532,6 +11532,7 @@ CVE-2023-50250 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 (release/1.2.26) + NOTE: https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b (release/1.2.26) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/27a36d48e1cea172b0750c970324208b39d2bec5 (release/1.2.23) CVE-2023-50147 (There is an arbitrary command execution vulnerability in the setDiagno ...) NOT-FOR-US: TOTOLINK @@ -11554,6 +11555,7 @@ CVE-2023-49088 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h (CVE-2023-39515) NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 (release/1.2.26) + NOTE: https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x) CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.26+ds1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0470d1bee0d1738f176e54b83a480de7b602c6ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0470d1bee0d1738f176e54b83a480de7b602c6ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-49088/cacti: reference additional patches
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 296cb887 by Sylvain Beucler at 2024-02-22T17:39:49+01:00 CVE-2023-49088/cacti: reference additional patches Despite the reference to CVE-2023-49088 in 56f9d99e6e5ab434ea18fa344236f41e78f99c59, that patch doesnt fix the tooltip issue. This is done with the commit introducing purify.js. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11552,6 +11552,8 @@ CVE-2023-49088 (Cacti is an open source operational monitoring and fault managem NOTE: Caused by an incomplete fix for CVE-2023-39515 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h (CVE-2023-39515) + NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) + NOTE: https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x) CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.26+ds1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/296cb88759992e5bcbf54127cb3d9a03d79a024a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/296cb88759992e5bcbf54127cb3d9a03d79a024a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nodejs commit references
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 15973cb7 by Moritz Muehlenhoff at 2024-02-22T17:03:02+01:00 nodejs commit references - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1311,6 +1311,8 @@ CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normal CVE-2023-46809 - nodejs 18.19.1+dfsg-1 (bug #1064055) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium + NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x) + NOTE: https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587 (main) CVE-2024-22017 [experimental] - nodejs - nodejs (Only affects 20.x and later) @@ -1324,7 +1326,11 @@ CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to se NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high CVE-2024-21892 (On Linux, Node.js ignores certain environment variables if those may h ...) - nodejs 18.19.1+dfsg-1 (bug #1064055) + [bullseye] - nodejs (Vulnerable code not present) + [buster] - nodejs (Vulnerable code not present) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high + NOTE: https://github.com/nodejs/node/commit/e6b4c105e0795fba8afb3f8e910c56ba9e60f4b5 (v18.x) + NOTE: https://github.com/nodejs/node/commit/10ecf400679e04eddab940721cad3f6c1d603b61 (main) CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...) NOT-FOR-US: flusity CMS CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15973cb765f658d6f94dbd0ec6c85e2a21f953f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15973cb765f658d6f94dbd0ec6c85e2a21f953f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new libpgjava issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 554757e5 by Moritz Muehlenhoff at 2024-02-22T15:49:30+01:00 new libpgjava issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -925,7 +925,14 @@ CVE-2024-25623 (Mastodon is a free, open-source social network server based on A CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...) TODO: check CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...) - TODO: check + - libpgjava 42.7.2-1 + NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 + NOTE: https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (master) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee (master) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/1b1d6b53eca90409af0069d5327d4fdf8d40a255 (release/42.5.x) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5 (release/42.5.x) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (release/42.2) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (release/42.2) CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding ...) - dav1d 1.4.0-1 (bug #1064310) NOTE: https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51 (1.4.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/554757e5227a31c99dcef5c0ba54638749994723 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/554757e5227a31c99dcef5c0ba54638749994723 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52437
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0377017 by Salvatore Bonaccorso at 2024-02-22T14:52:16+01:00 Remove notes from CVE-2023-52437 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -786,10 +786,8 @@ CVE-2023-52438 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3f489c2067c5824528212b0fc18b28d51332d906 (6.8-rc1) -CVE-2023-52437 (In the Linux kernel, the following vulnerability has been resolved: R ...) - - linux 6.6.13-1 - [bookworm] - linux 6.1.76-1 - NOTE: https://git.kernel.org/linus/bed9e27baf52a09b7ba2a3714f1e24e17ced386d (6.8-rc1) +CVE-2023-52437 + REJECTED CVE-2023-52436 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e037701796943029c5a2debf5b11b06e1f2b12c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e037701796943029c5a2debf5b11b06e1f2b12c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Partial revert of "CVE-2023-43907/OptiPNG fixed in 0.7.8+ds-1"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5083748a by Salvatore Bonaccorso at 2024-02-22T14:43:10+01:00 Partial revert of CVE-2023-43907/OptiPNG fixed in 0.7.8+ds-1 This (partially) reverts commit dae7f314618bf7e6ff7b69b6f9c3d4f8f0efb936. The commit did lost some meta information we want to carry. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26599,7 +26599,7 @@ CVE-2023-5112 (Os Commerce is currently susceptible to a Cross-Site Scripting (X CVE-2023-5111 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43907 (OptiPNG v0.7.7 was discovered to contain a global buffer overflow via ...) - - optipng 0.7.8+ds-1 + - optipng 0.7.8+ds-1 (unimportant; bug #1055668) NOTE: https://sourceforge.net/p/optipng/bugs/87/ NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md NOTE: Crash in CLI tool, no security impact View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5083748a88dfb48aff09cce97d0ba61957e046a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5083748a88dfb48aff09cce97d0ba61957e046a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-43907/OptiPNG fixed in 0.7.8+ds-1
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: dae7f314 by Bastien Roucariès at 2024-02-22T13:38:13+00:00 CVE-2023-43907/OptiPNG fixed in 0.7.8+ds-1 Mark this CVE as fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26599,7 +26599,7 @@ CVE-2023-5112 (Os Commerce is currently susceptible to a Cross-Site Scripting (X CVE-2023-5111 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43907 (OptiPNG v0.7.7 was discovered to contain a global buffer overflow via ...) - - optipng (unimportant; bug #1055668) + - optipng 0.7.8+ds-1 NOTE: https://sourceforge.net/p/optipng/bugs/87/ NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md NOTE: Crash in CLI tool, no security impact View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae7f314618bf7e6ff7b69b6f9c3d4f8f0efb936 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae7f314618bf7e6ff7b69b6f9c3d4f8f0efb936 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3738-1 for iwd
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
efddaa4c by Chris Lamb at 2024-02-22T12:59:37+00:00
Reserve DLA-3738-1 for iwd
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[22 Feb 2024] DLA-3738-1 iwd - security update
+ {CVE-2023-52161}
+ [buster] - iwd 0.14-2+deb10u1
[22 Feb 2024] DLA-3737-1 imagemagick - security update
{CVE-2023-1289 CVE-2023-5341 CVE-2023-34151}
[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6
=
data/dla-needed.txt
=
@@ -127,9 +127,6 @@ imagemagick
NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
NOTE: 20231014: Some work under git branch debian/buster but unease
--
-iwd (Chris Lamb)
- NOTE: 20240218: Added by Front-Desk (lamby)
---
jenkins-htmlunit-core-js
NOTE: 20231231: Added by Front-Desk (lamby)
NOTE: 20231231: Needs checking that this is definitely vulnerable: a quick
glance
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efddaa4c9c76ad52ae047356521ca5290f418a0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efddaa4c9c76ad52ae047356521ca5290f418a0f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-39360/cacti: precise note
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56b966d9 by Sylvain Beucler at 2024-02-22T12:36:19+01:00
CVE-2023-39360/cacti: precise note
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -30356,7 +30356,7 @@ CVE-2023-39360 (Cacti is an open source operational
monitoring and fault managem
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
NOTE: Initial fix:
https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
(release/1.2.25)
NOTE: Final fix:
https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa
(release/1.2.25)
- NOTE: Attack is usually blocked by browser CORS/CSP policies.
+ NOTE: Attack is usually blocked by browser CORS/CSP policies before
https://github.com/Cacti/cacti/commit/137340264ac550d060ef17c4d0794fa4abae1c26
(release/1.2.23)
CVE-2023-39359 (Cacti is an open source operational monitoring and fault
management fr ...)
{DSA-5550-1}
- cacti 1.2.25+ds1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b966d955358a84963e59965f4fcbe011ae6d72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b966d955358a84963e59965f4fcbe011ae6d72
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] sqlfluff fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 06a67291 by Moritz Muehlenhoff at 2024-02-22T11:51:22+01:00 sqlfluff fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38998,7 +38998,7 @@ CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Executio CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...) NOT-FOR-US: Food Ordering System CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...) - - sqlfluff (bug #1041428) + - sqlfluff 2.3.5-1 (bug #1041428) [bookworm] - sqlfluff (Minor issue) NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a67291add05b5b4460c6325f34e4ceb8e3d0cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a67291add05b5b4460c6325f34e4ceb8e3d0cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-39978/imagemagick only mentioned on changelog not fixed
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ffd3d73 by Bastien Roucariès at 2024-02-22T09:38:40+00:00
CVE-2023-39978/imagemagick only mentioned on changelog not fixed
CVE-2023-39978 was fixed due to be introduced by fixes of
other problems
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,5 +1,5 @@
[22 Feb 2024] DLA-3737-1 imagemagick - security update
- {CVE-2023-1289 CVE-2023-5341 CVE-2023-34151 CVE-2023-39978}
+ {CVE-2023-1289 CVE-2023-5341 CVE-2023-34151}
[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6
[21 Feb 2024] DLA-3736-1 unbound - security update
{CVE-2023-50387 CVE-2023-50868}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ffd3d733ffe48b438bd7d7a491647cfcad30735
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ffd3d733ffe48b438bd7d7a491647cfcad30735
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 062a767a by Salvatore Bonaccorso at 2024-02-22T10:27:29+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,49 +25,49 @@ CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...) TODO: check CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...) - TODO: check + NOT-FOR-US: Discourse plugin CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed thr ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed through Aut ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through Autodesk Au ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed through ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dllw ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dllwhen par ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in opennurbs.dll w ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed VCRUNTIM ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll through Auto ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23124 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23123 (A maliciously crafted CATPART file when parsed in CC5Dll.dll and ASMBA ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23122 (A maliciously crafted 3DM file when parsed in opennurbs.dll through Au ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23120 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...) TODO: check CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...) @@ -146,7 +146,7 @@ CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python li CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.) NOT-FOR-US: HackMD CodiMD CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...) - TODO: check + NOT-FOR-US: Silabs CVE-2024-0 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 ...) TODO: check CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...) @@ -180,9 +180,9 @@ CVE-2024-1212 (Unauthenticated remote attackers can access the system through th CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the proper ...) TODO: check CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to crash PC C ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent to th ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-50975 (The
[Git][security-tracker-team/security-tracker][master] Keep imagemagick dla entry
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 857719c3 by Bastien Roucariès at 2024-02-22T09:25:51+00:00 Keep imagemagick dla entry Imagemagick has a few CVEs that need more investigation - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -122,6 +122,11 @@ i2p NOTE: 20230809: Added by Front-Desk (Beuc) NOTE: 20230809: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28 -- +imagemagick + NOTE: 20230622: Added by Front-Desk (Beuc) + NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk) + NOTE: 20231014: Some work under git branch debian/buster but unease +-- iwd (Chris Lamb) NOTE: 20240218: Added by Front-Desk (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/857719c3751083b81fcfa97928f68895b1be9a8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/857719c3751083b81fcfa97928f68895b1be9a8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3737-1 for imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f250824 by Bastien Roucariès at 2024-02-22T09:25:02+00:00
Reserve DLA-3737-1 for imagemagick
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -56179,7 +56179,6 @@ CVE-2023-1289 (A vulnerability was discovered in
ImageMagick where a specially c
- imagemagick 8:6.9.12.98+dfsg1-2
[bookworm] - imagemagick (Minor issue)
[bullseye] - imagemagick (Minor issue)
- [buster] - imagemagick (Should be fixed together with some
other CVEs)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
(7.1.1-0)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
(6.9.12-78)
@@ -121834,7 +121833,6 @@ CVE-2023-34151 (A vulnerability was found in
ImageMagick. This security flaw ouc
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
[bookworm] - imagemagick (Minor issue)
[bullseye] - imagemagick (Minor issue)
- [buster] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158
(7.1.1-10)
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512
(6.9.12-88)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[22 Feb 2024] DLA-3737-1 imagemagick - security update
+ {CVE-2023-1289 CVE-2023-5341 CVE-2023-34151 CVE-2023-39978}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6
[21 Feb 2024] DLA-3736-1 unbound - security update
{CVE-2023-50387 CVE-2023-50868}
[buster] - unbound 1.9.0-2+deb10u4
=
data/dla-needed.txt
=
@@ -122,11 +122,6 @@ i2p
NOTE: 20230809: Added by Front-Desk (Beuc)
NOTE: 20230809: Experimental issue-based workflow: please self-assign and
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28
--
-imagemagick
- NOTE: 20230622: Added by Front-Desk (Beuc)
- NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
- NOTE: 20231014: Some work under git branch debian/buster but unease
---
iwd (Chris Lamb)
NOTE: 20240218: Added by Front-Desk (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f250824eeb595aa560a5d58364d4e7a120b09ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f250824eeb595aa560a5d58364d4e7a120b09ac
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster CVE-2023-3745/imagemagick
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: fdc095e7 by Bastien Roucariès at 2024-02-22T09:16:52+00:00 buster CVE-2023-3745/imagemagick Buster is not affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36910,6 +36910,7 @@ CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld unicast NOTE: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085 (frr-8.5) CVE-2023-3745 (A heap-based buffer overflow issue was found in ImageMagick's PushChar ...) - imagemagick 8:6.9.11.24+dfsg-1 + [buster] - imagemagick (vulnerable code was introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73 (6.9.11-0) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b (6.9.11-0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc095e7f57bd523d624908fe5e554585060703b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc095e7f57bd523d624908fe5e554585060703b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 152cc177 by Salvatore Bonaccorso at 2024-02-22T09:54:56+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...) - TODO: check + NOT-FOR-US: Veritas CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...) - TODO: check + NOT-FOR-US: flusity-CMS module CVE-2024-26490 (A cross-site scripting (XSS) vulnerability in the Addon JD Simple modu ...) - TODO: check + NOT-FOR-US: flusity-CMS module CVE-2024-26489 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'So ...) - TODO: check + NOT-FOR-US: flusity-CMS module CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Content ...) - TODO: check + NOT-FOR-US: Kirby CMS module CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of ...) - TODO: check + NOT-FOR-US: Kirby CMS module CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...) - TODO: check + NOT-FOR-US: Kirby CMS module CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...) - TODO: check + NOT-FOR-US: Kirby CMS CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version ...) TODO: check CVE-2024-25801 (An arbitrary file upload vulnerability in the Add Media function of SK ...) - TODO: check + NOT-FOR-US: SKINsoft S-Museum CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execu ...) - TODO: check + NOT-FOR-US: MAXON CINEMA 4D CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from Incorr ...) - TODO: check + NOT-FOR-US: code-projects Agro-School Management System CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...) TODO: check CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/152cc1773cd28d13185ac9ce24c5a9776cc67103 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/152cc1773cd28d13185ac9ce24c5a9776cc67103 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 04ac12b5 by security tracker role at 2024-02-22T08:11:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,86 @@ -CVE-2024-26147 +CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...) + TODO: check +CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...) + TODO: check +CVE-2024-26490 (A cross-site scripting (XSS) vulnerability in the Addon JD Simple modu ...) + TODO: check +CVE-2024-26489 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'So ...) + TODO: check +CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Content ...) + TODO: check +CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of ...) + TODO: check +CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...) + TODO: check +CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...) + TODO: check +CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version ...) + TODO: check +CVE-2024-25801 (An arbitrary file upload vulnerability in the Add Media function of SK ...) + TODO: check +CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execu ...) + TODO: check +CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from Incorr ...) + TODO: check +CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...) + TODO: check +CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...) + TODO: check +CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed thr ...) + TODO: check +CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed through Aut ...) + TODO: check +CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through ...) + TODO: check +CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through Autodesk Au ...) + TODO: check +CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed through ...) + TODO: check +CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...) + TODO: check +CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dllw ...) + TODO: check +CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dllwhen par ...) + TODO: check +CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in opennurbs.dll w ...) + TODO: check +CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) + TODO: check +CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed VCRUNTIM ...) + TODO: check +CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll through Auto ...) + TODO: check +CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...) + TODO: check +CVE-2024-23124 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...) + TODO: check +CVE-2024-23123 (A maliciously crafted CATPART file when parsed in CC5Dll.dll and ASMBA ...) + TODO: check +CVE-2024-23122 (A maliciously crafted 3DM file when parsed in opennurbs.dll through Au ...) + TODO: check +CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...) + TODO: check +CVE-2024-23120 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...) + TODO: check +CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...) + TODO: check +CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...) + TODO: check +CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...) + TODO: check +CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...) + TODO: check +CVE-2023-52153 (A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.p ...) + TODO: check +CVE-2023-51828 (A SQL Injection vulnerability in /admin/convert/export.class.php in PM ...) + TODO: check +CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote ...) + TODO: check +CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7
