[Git][security-tracker-team/security-tracker][master] Reference fixes for libxml2 in sid
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: bebdf42f by Aron Xu at 2024-05-25T15:20:46+08:00 Reference fixes for libxml2 in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6869,7 +6869,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - - libxml2 (unimportant; bug #1071162) + - libxml2 2.12.7+dfsg-1 (bug #1071162) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7) @@ -36177,7 +36177,7 @@ CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM NOT-FOR-US: Meinberg CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...) [experimental] - libxml2 2.12.5+dfsg-0exp1 - - libxml2 (bug #1063234) + - libxml2 2.12.7+dfsg-1 (bug #1063234) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue) @@ -58256,7 +58256,7 @@ CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.0 NOT-FOR-US: Subiquity CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - - libxml2 (bug #1053629) + - libxml2 2.12.7+dfsg-1 (bug #1053629) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue, very hard/unlikely to trigger) @@ -64190,7 +64190,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue. CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - - libxml2 (bug #1051230) + - libxml2 2.12.7+dfsg-1 (bug #1051230) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim nodejs in dsa-needed.txt
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 499dde51 by Aron Xu at 2024-05-21T17:10:09+08:00 claim nodejs in dsa-needed.txt - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -33,7 +33,7 @@ linux (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- -nodejs +nodejs (aron) -- opennds/stable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dde5119b912a38e0920af7168ae176926f281 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dde5119b912a38e0920af7168ae176926f281 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for tiff
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: a428d686 by Aron Xu at 2023-11-27T12:24:34+08:00 Reserve DSA for tiff - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[27 Nov 2023] DSA-5567-1 tiff - security update + {CVE-2023-3576 CVE-2023-40745 CVE-2023-41175} + [bullseye] - tiff 4.2.0-1+deb11u5 + [bookworm] - tiff 4.5.0-6+deb12u1 [26 Nov 2023] DSA-5566-1 thunderbird - security update {CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207 CVE-2023-6206 CVE-2023-6205 CVE-2023-6204} [bullseye] - thunderbird 1:115.5.0-1~deb11u1 = data/dsa-needed.txt = @@ -81,8 +81,6 @@ samba/oldstable -- squid -- -tiff (aron) --- xen (jmm) -- zbar View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a428d686e12891c808d9d963ca379dd1e18acf82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a428d686e12891c808d9d963ca379dd1e18acf82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim tiff
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: d335d95b by Aron Xu at 2023-09-14T16:09:19+08:00 claim tiff - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -80,7 +80,7 @@ salt/oldstable -- samba/oldstable -- -tiff +tiff (aron) -- trafficserver -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d335d95b1eba294839d337f767ab10c30b90d0be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d335d95b1eba294839d337f767ab10c30b90d0be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f5a6c5d by Aron Xu at 2023-09-11T15:04:24+08:00 Reserve DSA for frr - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[11 Sep 2023] DSA-5495-1 frr - security update + {CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681 CVE-2023-31490 CVE-2023-38802 CVE-2023-41358} + [bullseye] - frr 7.5.1-1.1+deb11u2 + [bookworm] - frr 8.4.4-1.1~deb12u1 [10 Sep 2023] DSA-5494-1 mutt - security update {CVE-2023-4874 CVE-2023-4875} [bullseye] - mutt 2.0.5-4.1+deb11u3 = data/dsa-needed.txt = @@ -18,9 +18,6 @@ cinder/oldstable -- flac/oldstable -- -frr (aron) - maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea --- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f5a6c5de4f53346d3bed24dd91d2ac3e8ca53c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f5a6c5de4f53346d3bed24dd91d2ac3e8ca53c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVEs for frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d386daf by Aron Xu at 2023-09-01T12:23:06+08:00 Triage CVEs for frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -457,6 +457,8 @@ CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface c CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...) - frr NOTE: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling + NOTE: https://github.com/FRRouting/frr/pull/14290 + NOTE: https://github.com/FRRouting/frr/pull/14290/commits/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186 CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...) - openbgpd 8.1-1 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig @@ -598,18 +600,21 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController all NOT-FOR-US: Cerebrate CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) - frr + [bullseye] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14241 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) - frr + [bullseye] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14245 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702 NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14249 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7 CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) - frr + [bullseye] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14232 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f96201e104892e18493f24cf67bb713678e8237b NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268 @@ -5670,6 +5675,7 @@ CVE-2023-3750 (A flaw was found in libvirt. The virStoragePoolObjListSearch func NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098 (v9.6.0-rc1) CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld unicast hell ...) - frr (bug #1042473) + [bullseye] - frr (The vulnerable code was introduced later) [buster] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/issues/11808 NOTE: https://github.com/FRRouting/frr/pull/12950 @@ -13855,7 +13861,8 @@ CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacke NOTE: Fixed by: https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802 CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...) - frr 8.4.4-1 (bug #1036061) - [buster] - frr (Minor issue) + [bullseye] - frr (The vulnerable code was introduced later) + [buster] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/issues/13098 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...) @@ -79538,7 +79545,6 @@ CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...) - frr 8.4.1-1 - [bullseye] - frr (Minor issue, requires untrivial porting) [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13202 NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d386daf1458ae2dc0d6df1ac8f044876dc23d98 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d386daf1458ae2dc0d6df1ac8f044876dc23d98 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Tag CVE-2022-36440 as ignored for frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 607af70e by Aron Xu at 2023-08-19T11:37:20+08:00 Tag CVE-2022-36440 as ignored for frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77647,7 +77647,8 @@ CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...) - frr 8.4.1-1 - [buster] - frr (Minor issue) + [bullseye] - frr (Minor issue, requires untrivial porting) + [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13202 NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: ff097dc8 by Aron Xu at 2023-07-31T15:14:58+08:00 claim frr - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,7 +18,7 @@ cjose -- cinder/oldstable -- -frr +frr (aron) maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- linux (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff097dc864d056ec5f9f8800a1890fd6057714b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff097dc864d056ec5f9f8800a1890fd6057714b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix comment
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 59c0828c by Aron Xu at 2023-07-19T16:55:11+08:00 fix comment - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -23,7 +23,7 @@ cinder/oldstable curl -- frr - maintainer proposed to update to 8.4.4 for bookworm-stable, which might be a good idea + maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59c0828c04deeaffc1125e723d1499c619236cd1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59c0828c04deeaffc1125e723d1499c619236cd1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add comment for nodejs
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: e495d440 by Aron Xu at 2023-07-19T16:52:36+08:00 add comment for nodejs - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -37,6 +37,7 @@ netatalk/oldstable See discussion on team mailing list. -- nodejs + maintainer proposed to follow the upstream 18.x LTS branch -- nova/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e495d44056dd66ed05ced33ec13556b5ecb08299 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e495d44056dd66ed05ced33ec13556b5ecb08299 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for iperf3
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 573516a4 by Aron Xu at 2023-07-17T21:56:51+08:00 Reserve DSA for iperf3 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[17 Jul 2023] DSA-5455-1 iperf3 - security update + [bullseye] - iperf3 3.9-1+deb11u1 + [bookworm] - iperf3 3.12-1+deb12u1 [16 Jul 2023] DSA-5454-1 kanboard - security update {CVE-2023-36813} [bookworm] - kanboard 1.2.26+ds-2+deb12u2 = data/dsa-needed.txt = @@ -21,8 +21,6 @@ cinder/oldstable frr maintainer proposed to update to 8.4.4 for bookworm-stable, which might be a good idea -- -iperf3 (aron) --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573516a4bf93db49dd7346fa0238ed62e1b0e0e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573516a4bf93db49dd7346fa0238ed62e1b0e0e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add iperf3
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 56fb135f by Aron Xu at 2023-07-13T23:52:05+08:00 add iperf3 - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,6 +18,8 @@ cinder/oldstable -- gpac/oldstable (jmm) -- +iperf3 (aron) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fb135f880804cd995ed04655eb98823b05e9d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fb135f880804cd995ed04655eb98823b05e9d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version of frr issues in unstable
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: e0f8de74 by Aron Xu at 2023-06-29T16:18:23+08:00 Track fixed version of frr issues in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50502,7 +50502,7 @@ CVE-2022-43683 CVE-2022-43682 RESERVED CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...) - - frr (bug #1035829) + - frr 8.4.1-1 (bug #1035829) [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 @@ -59783,7 +59783,7 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...) NOT-FOR-US: LISTSERV CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) - - frr (bug #1035829) + - frr 8.4.1-1 (bug #1035829) [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 @@ -59853,7 +59853,7 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336 CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) - - frr (bug #1035829) + - frr 8.4.1-1 (bug #1035829) [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0f8de747f10d7d00b3933eec3f8cca60bd590ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0f8de747f10d7d00b3933eec3f8cca60bd590ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] reassign flask to jmm since it's already worked on
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: d660aaf3 by Aron Xu at 2023-06-29T12:14:47+08:00 reassign flask to jmm since its already worked on - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,7 +16,7 @@ aom/oldstable -- cinder/oldstable -- -flask/oldstable (aron) +flask/oldstable (jmm) -- ghostscript (carnil) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d660aaf37bb06eebdd9a41262b2ba29f03c85a50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d660aaf37bb06eebdd9a41262b2ba29f03c85a50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add flask/oldstable
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: f1eaaad9 by Aron Xu at 2023-06-29T11:07:28+08:00 add flask/oldstable - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,6 +16,8 @@ aom/oldstable -- cinder/oldstable -- +flask/oldstable (aron) +-- ghostscript (carnil) -- gpac/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1eaaad959a7213ffe50f493e0f47059106bba0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1eaaad959a7213ffe50f493e0f47059106bba0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] maradns DSA
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: ff61117e by Aron Xu at 2023-06-29T10:20:19+08:00 maradns DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -87767,7 +87767,6 @@ CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 t CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) {DLA-3457-1} - maradns (bug #1033252) - [bullseye] - maradns (Minor issue) NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-manylabel-TTL.patch NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-cname-TTL.patch = data/DSA/list = @@ -1,3 +1,6 @@ +[29 Jun 2023] DSA-5441-1 maradns - security update + {CVE-2022-30256 CVE-2023-31137} + [bullseye] - maradns 2.0.13-1.4+deb11u1 [28 Jun 2023] DSA-5440-1 chromium - security update {CVE-2023-3420 CVE-2023-3421 CVE-2023-3422} [bullseye] - chromium 114.0.5735.198-1~deb11u1 = data/dsa-needed.txt = @@ -27,8 +27,6 @@ linux (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- -maradns/oldstable (aron) --- netatalk/oldstable open regression with MacOS, tentative patch not yet merged upstream See discussion on team mailing list. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff61117e377b18943fcb43a9727f04f3d26ef594 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff61117e377b18943fcb43a9727f04f3d26ef594 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim maradns
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: b1026e61 by Aron Xu at 2023-06-27T14:27:34+08:00 claim maradns - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -27,7 +27,7 @@ linux (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- -maradns/oldstable +maradns/oldstable (aron) -- netatalk/oldstable open regression with MacOS, tentative patch not yet merged upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1026e61bca2c44047cbb045f412e9334dd3064b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1026e61bca2c44047cbb045f412e9334dd3064b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5426-1 for owslib (oldstable)
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 42567882 by Aron Xu at 2023-06-14T10:02:28+08:00 Reserve DSA-5426-1 for owslib (oldstable) - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[14 Jun 2023] DSA-5426-1 owslib - security update + {CVE-2023-27476} + [bullseye] - owslib 0.23.0-1+deb11u1 [13 Jun 2023] DSA-5425-1 php8.2 - security update [bookworm] - php8.2 8.2.7-1~deb12u1 [13 Jun 2023] DSA-5424-1 php7.4 - security update = data/dsa-needed.txt = @@ -35,8 +35,6 @@ openjdk-11/oldstable (jmm) -- openjdk-17 (jmm) -- -owslib/oldstable (aron) --- php-cas/oldstable -- php-horde-mime-viewer/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425678822a1a764bae34ce3559fa7b7bef5c25fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425678822a1a764bae34ce3559fa7b7bef5c25fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5422-1 for jupyter-core
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: caf292ae by Aron Xu at 2023-06-09T15:21:25+08:00 Reserve DSA-5422-1 for jupyter-core - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[09 Jun 2023] DSA-5422-1 jupyter-core - security update + {CVE-2022-39286} + [bullseye] - jupyter-core 4.7.1-1+deb11u1 [07 Jun 2023] DSA-5421-1 firefox-esr - security update {CVE-2023-34414 CVE-2023-34416} [bullseye] - firefox-esr 102.12.0esr-1~deb11u1 = data/dsa-needed.txt = @@ -16,9 +16,6 @@ asterisk -- cinder -- -jupyter-core (aron) - Maintainer asked for availability to prepare updates --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf292ae4854a46b82144188f35c979baf80b6b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf292ae4854a46b82144188f35c979baf80b6b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim owslib
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 3207fe99 by Aron Xu at 2023-06-09T12:06:22+08:00 claim owslib - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -36,7 +36,7 @@ openjdk-11 (jmm) -- openjdk-17 (jmm) -- -owslib +owslib (aron) -- php-cas -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3207fe997ee4d9a352c6bd7c1facbe2e49b4b506 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3207fe997ee4d9a352c6bd7c1facbe2e49b4b506 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct CVE mentioned in DSA-5419-1
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: e9b8a08a by Aron Xu at 2023-06-07T12:54:39+08:00 Correct CVE mentioned in DSA-5419-1 - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,5 +1,5 @@ [07 Jun 2023] DSA-5419-1 c-ares - security update - {CVE-2022-4904 CVE-2023-31130 CVE-2023-32067} + {CVE-2023-31130 CVE-2023-32067} [bullseye] - c-ares 1.17.1-1+deb11u3 [03 Jun 2023] DSA-5418-1 chromium - security update {CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b8a08a5f41859b7ca099bd5327e549703b7fca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b8a08a5f41859b7ca099bd5327e549703b7fca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for c-ares
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c3e03b4 by Aron Xu at 2023-06-07T12:52:55+08:00 Reserve DSA for c-ares - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[07 Jun 2023] DSA-5419-1 c-ares - security update + {CVE-2022-4904 CVE-2023-31130 CVE-2023-32067} + [bullseye] - c-ares 1.17.1-1+deb11u3 [03 Jun 2023] DSA-5418-1 chromium - security update {CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941} [bookworm] - chromium 114.0.5735.90-2~deb12u1 = data/dsa-needed.txt = @@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk -- -c-ares (aron) --- chromium -- cinder View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c3e03b47c116042037d29dfbe7dec3cfd3bfe69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c3e03b47c116042037d29dfbe7dec3cfd3bfe69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim jupyter-core
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 17843949 by Aron Xu at 2023-05-31T14:44:06+08:00 claim jupyter-core - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -20,7 +20,7 @@ chromium -- cinder -- -jupyter-core +jupyter-core (aron) Maintainer asked for availability to prepare updates -- linux (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17843949b2cceba3ee2e5c153d85eb6bd388c5b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17843949b2cceba3ee2e5c153d85eb6bd388c5b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed: claim c-ares
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a6e1068 by Aron Xu at 2023-05-31T01:35:22+08:00 dsa-needed: claim c-ares - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -14,7 +14,7 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk -- -c-ares +c-ares (aron) -- cinder -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e1068b522e0566b0f1a773a2fadb353e4f3e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e1068b522e0566b0f1a773a2fadb353e4f3e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for connman
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: ca7e9bcb by Aron Xu at 2023-05-31T01:22:08+08:00 Reserve DSA for connman - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[31 May 2023] DSA-5416-1 connman - security update + {CVE-2023-28488} + [bullseye] - connman 1.36-2.2+deb11u2 [28 May 2023] DSA-5415-1 libreoffice - security update {CVE-2023-0950 CVE-2023-2255} [bullseye] - libreoffice 1:7.0.4-4+deb11u7 = data/dsa-needed.txt = @@ -18,8 +18,6 @@ c-ares -- cinder -- -connman (aron) --- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7e9bcb3fe137af274603b2ba89a9714344047a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7e9bcb3fe137af274603b2ba89a9714344047a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: add connman
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 35b565c1 by Aron Xu at 2023-05-29T19:49:48+08:00 dsa-needed.txt: add connman - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,6 +18,8 @@ c-ares -- cinder -- +connman (aron) +-- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b565c16e5519f3bdccc993e17c5b45a8f2fcf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b565c16e5519f3bdccc993e17c5b45a8f2fcf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gpac DSA
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a375365 by Aron Xu at 2023-05-26T21:56:16+08:00 gpac DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -365,25 +365,21 @@ CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to con NOT-FOR-US: cu/silicon CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 @@ -17830,7 +17826,6 @@ CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilitie NOT-FOR-US: OpenNMS CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 @@ -18274,13 +18269,11 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does n NOT-FOR-US: WordPress plugin CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff @@ -18848,7 +18841,6 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7 - ampache CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 @@ -30899,31 +30891,26 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10) CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2360 NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2359 NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) - gpac (bug #1033116) - [bullseye] - gpac
[Git][security-tracker-team/security-tracker][master] sniproxy DSA
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 9630370d by Aron Xu at 2023-05-26T21:26:30+08:00 sniproxy DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[26 May 2023] DSA-5413-1 sniproxy - security update + {CVE-2023-25076} + [bullseye] - sniproxy 0.6.0-2+deb11u1 [24 May 2023] DSA-5410-1 sofia-sip - security update {CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741} [bullseye] - sofia-sip 1.12.11+20110422.1-2.1+deb11u1 = data/dsa-needed.txt = @@ -77,9 +77,6 @@ salt -- samba -- -sniproxy (aron) - Thorsten Alteholz proposed changes for review --- xrdp needs some additional clarification, tentatively DSA worthy maybe upgrade to 0.9.21 within bullseye? View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9630370de4787750001217d7161832a605c5b61d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9630370de4787750001217d7161832a605c5b61d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add sniproxy to dsa-needed
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: f513fcac by Aron Xu at 2023-05-24T10:59:03+08:00 add sniproxy to dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -75,6 +75,9 @@ salt -- samba -- +sniproxy (aron) + Thorsten Alteholz proposed changes for review +-- sofia-sip Maintainer proposed debdiff for review with additional question and sent a followup -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f513fcac0aa2aa40dfbb58cca2b64a8d5addc0f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f513fcac0aa2aa40dfbb58cca2b64a8d5addc0f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5395-1 for nodejs
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 401eb627 by Aron Xu at 2023-05-02T21:42:52+08:00 Reserve DSA-5395-1 for nodejs - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[02 May 2023] DSA-5395-1 nodejs - security update + {CVE-2023-23920} + [bullseye] - nodejs 12.22.12~dfsg-1~deb11u4 [30 Apr 2023] DSA-5394-1 ffmpeg - security update {CVE-2022-3109} [bullseye] - ffmpeg 7:4.3.6-0+deb11u1 = data/dsa-needed.txt = @@ -24,8 +24,6 @@ linux (carnil) netatalk open regression with MacOS, tentative patch not yet merged upstream -- -nodejs (aron) --- odoo (seb) Patches for all CVEs backporting, still needs some serious testing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401eb627be7c2dc2c4024b0d421c71435fac62eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401eb627be7c2dc2c4024b0d421c71435fac62eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] triage two nodejs CVEs
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 062d2fac by Aron Xu at 2023-04-26T18:16:08+08:00 triage two nodejs CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21221,12 +21221,14 @@ CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. 19 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js 19.2.0, 18.14. ...) - nodejs (bug #1031834) [buster] - nodejs (X509Certificate API introduced in v15.6.0) + [bullseye] - nodejs (X509Certificate API introduced in v15.6.0) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919 NOTE: https://hackerone.com/reports/1808596 NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js 19.6.1, ...) - nodejs (bug #1031834) [buster] - nodejs (v10.x doesn't support policy manifests) + [bullseye] - nodejs (Permissions policy introduced in v16.x) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918 NOTE: Only affects users enabling experimental permissions option with --experimental-policy. NOTE: https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062d2fac8074a3772a5d82ae064d322c1d623c5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062d2fac8074a3772a5d82ae064d322c1d623c5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] reserve DSA for rails update
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 4ccc1dbc by Aron Xu at 2023-04-15T00:39:42+08:00 reserve DSA for rails update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[14 Apr 2023] DSA-5389-1 rails - security update + {CVE-2023-23913 CVE-2023-28120} + [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u2 [13 Apr 2023] DSA-5388-1 haproxy - security update {CVE-2023-0836} [bullseye] - haproxy 2.2.9-2+deb11u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccc1dbc25da7b2b1cc320c8ff7a7a4b3d12c597 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccc1dbc25da7b2b1cc320c8ff7a7a4b3d12c597 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add gpac to dsa-needed and claim it
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 6caf7eec by Aron Xu at 2023-03-13T15:22:24+08:00 Add gpac to dsa-needed and claim it - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- apache2 (jmm) -- +gpac (aron) +-- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6caf7eecb552c8e32c747a94c2a4f8307996f5ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6caf7eecb552c8e32c747a94c2a4f8307996f5ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5372-1 for rails
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 069f696a by Aron Xu at 2023-03-13T10:59:44+08:00 Reserve DSA-5372-1 for rails - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -160805,7 +160805,6 @@ CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and e CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...) [experimental] - rails 2:6.1.4.1+dfsg-1 - rails 2:6.1.4.1+dfsg-3 (bug #992586) - [bullseye] - rails (Minor issue) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1 = data/DSA/list = @@ -1,3 +1,6 @@ +[13 Mar 2023] DSA-5372-1 rails - security update + {CVE-2021-22942 CVE-2021-44528 CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-2 CVE-2023-22792 CVE-2023-22794 CVE-2023-22795 CVE-2023-22796} + [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u1 [09 Mar 2023] DSA-5371-1 chromium - security update {CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236} [bullseye] - chromium 111.0.5563.64-1~deb11u1 = data/dsa-needed.txt = @@ -37,8 +37,6 @@ php-horde-turba -- py7zr -- -rails (aron) --- ring might make sense to rebase to current version -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/069f696a6c6326073e6f85aa6fd93f27280c0592 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/069f696a6c6326073e6f85aa6fd93f27280c0592 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add nodejs to dsa-needed and claim it
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 78465ba7 by Aron Xu at 2023-02-27T01:35:03+08:00 add nodejs to dsa-needed and claim it - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -32,6 +32,8 @@ multipath-tools (carnil) Issue with the upload; has a hard dependency on systemd for systemd-tmpfiles, as systemd-standalone-tmpfiles is unavailable for bullseye. Should we ignore this? -- +nodejs (aron) +-- php-cas -- php-horde-mime-viewer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5362-1 for frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: b85a2061 by Aron Xu at 2023-02-24T20:45:46+08:00 Reserve DSA-5362-1 for frr - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[24 Feb 2023] DSA-5362-1 frr - security update + {CVE-2022-37032} + [bullseye] - frr 7.5.1-1.1+deb11u1 [24 Feb 2023] DSA-5361-1 tiff - security update {CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804} [bullseye] - tiff 4.2.0-1+deb11u4 = data/dsa-needed.txt = @@ -19,8 +19,6 @@ apr (carnil) curl (jmm) pending work on remaining test case -- -frr (aron) --- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b85a20619c531d7edee713f7b33e884b408acd2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b85a20619c531d7edee713f7b33e884b408acd2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed: claim rails
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 285d282b by Aron Xu at 2023-02-24T18:34:21+08:00 dsa-needed: claim rails - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -43,7 +43,7 @@ php-horde-mime-viewer -- php-horde-turba -- -rails +rails (aron) -- ruby-nokogiri -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285d282b26af497dfef30bf6c426c288d6d95ab4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285d282b26af497dfef30bf6c426c288d6d95ab4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] tiff DSA
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 3938ffe8 by Aron Xu at 2023-02-24T16:11:45+08:00 tiff DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[24 Feb 2023] DSA-5361-1 tiff - security update + {CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804} + [bullseye] - tiff 4.2.0-1+deb11u4 [23 Feb 2023] DSA-5360-1 emacs - security update {CVE-2022-48337 CVE-2022-48338 CVE-2022-48339} [bullseye] - emacs 1:27.1+1-3.1+deb11u2 = data/dsa-needed.txt = @@ -58,8 +58,6 @@ samba sofia-sip Maintainer proposed debdiff for review with additional question and sent a followup -- -tiff (aron) --- xrdp needs some additional clarification, tentatively DSA worthy maybe upgrade to 0.9.21 within bullseye? View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3938ffe80d3ff33afdf50f32fb76821d65a2406c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3938ffe80d3ff33afdf50f32fb76821d65a2406c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: claim frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: c4de7c83 by Aron Xu at 2023-02-23T17:21:14+08:00 dsa-needed.txt: claim frr - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -23,7 +23,7 @@ curl (jmm) -- emacs (jmm) -- -frr +frr (aron) -- jupyter-core Maintainer asked for availability to prepare updates View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4de7c830b47bb345b85e9f7fc8127b0cf9ff911 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4de7c830b47bb345b85e9f7fc8127b0cf9ff911 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] track fixed CVE for tiff
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c5218b5 by Aron Xu at 2023-02-23T17:10:17+08:00 track fixed CVE for tiff - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22557,6 +22557,7 @@ CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...) {DLA-3278-1} - tiff 4.4.0-6 (bug #1024737) + [bullseye] - tiff 4.2.0-1+deb11u3 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be NOTE: https://oss-fuzz.com/download?testcase_id=5738253143900160 @@ -30040,6 +30041,7 @@ CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...) {DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) + [bullseye] - tiff 4.2.0-1+deb11u3 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...) @@ -30131,6 +30133,7 @@ CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...) {DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) + [bullseye] - tiff 4.2.0-1+deb11u3 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5218b5345302eeebc2eb62c7485ff0d4f7a9bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5218b5345302eeebc2eb62c7485ff0d4f7a9bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5357-1 for git
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 0de6743b by Aron Xu at 2023-02-23T14:26:37+08:00 Reserve DSA-5357-1 for git - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[23 Feb 2023] DSA-5357-1 git - security update + {CVE-2023-22490 CVE-2023-23946} + [bullseye] - git 1:2.30.2-1+deb11u2 [20 Feb 2023] DSA-5356-1 sox - security update {CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651} [bullseye] - sox 14.4.2+git20190427-2+deb11u1 = data/dsa-needed.txt = @@ -20,8 +20,6 @@ curl -- frr -- -git (aron) --- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de6743b8832a40427fcd3aadd96bee9169bc39c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de6743b8832a40427fcd3aadd96bee9169bc39c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: add git and claim it
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b371a17 by Aron Xu at 2023-02-21T00:32:42+08:00 dsa-needed.txt: add git and claim it - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -20,6 +20,8 @@ curl -- frr -- +git (aron) +-- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b371a177388c51dbb3b80853169d227d00c2c49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b371a177388c51dbb3b80853169d227d00c2c49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add tiff to dsa-needed.txt and claim it
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: f7db63d1 by Aron Xu at 2023-01-29T21:20:57+08:00 add tiff to dsa-needed.txt and claim it There are three more open CVEs to be addressed which is not covered by previous release - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -59,6 +59,8 @@ sox -- thunderbird (jmm) -- +tiff (aron) +-- varnish (carnil) -- xrdp View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7db63d1e9908f34db27c4245219b8906cb030c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7db63d1e9908f34db27c4245219b8906cb030c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5333-1 for tiff
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: d53c7a9f by Aron Xu at 2023-01-29T15:07:04+08:00 Reserve DSA-5333-1 for tiff - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -38247,20 +38247,17 @@ CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as proble CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...) {DLA-3278-1} - tiff 4.4.0~rc1-1 - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...) {DLA-3278-1} - tiff 4.4.0~rc1-1 - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...) {DLA-3278-1} - tiff 4.4.0~rc1-1 - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) @@ -48831,7 +48828,6 @@ CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a comm CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...) {DLA-3278-1} - tiff 4.4.0-4 - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990 CVE-2022-34525 @@ -52801,21 +52797,18 @@ CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2. CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) - [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab @@ -60519,14 +60512,12 @@ CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allo NOT-FOR-US: RCCMD CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) - tiff 4.4.0~rc1-1 - [bullseye] - tiff (Minor issue) [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) - tiff 4.4.0~rc1-1 - [bullseye] - tiff (Minor issue) [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) @@ -63760,14 +63751,12 @@ CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By defau CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...) {DLA-3278-1} - tiff 4.3.0-8 (bug #1011160) - [bullseye] - tiff (Minor issue) NOTE:
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5332-1 for git
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a81e0fb by Aron Xu at 2023-01-29T15:00:36+08:00 Reserve DSA-5332-1 for git - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -35492,7 +35492,6 @@ CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44. CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...) {DLA-3239-1} - git 1:2.38.1-1 (bug #1022046) - [bullseye] - git (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u NOTE: https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa (v2.30.6) @@ -35516,7 +35515,6 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...) {DLA-3239-1} - git 1:2.38.1-1 (bug #1022046) - [bullseye] - git (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u NOTE: https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 (v2.30.6) @@ -64008,7 +64006,6 @@ CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescre CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...) {DLA-3239-1} - git 1:2.37.2-1 (bug #1014848) - [bullseye] - git (Minor issue) NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5) NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression) @@ -76899,7 +76896,6 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...) {DLA-3239-1} - git 1:2.35.2-1 - [bullseye] - git (Minor issue) [stretch] - git (Minor issue) NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3) NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3) = data/DSA/list = @@ -1,3 +1,6 @@ +[29 Jan 2023] DSA-5332-1 git - security update + {CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41903} + [bullseye] - git 1:2.30.2-1+deb11u1 [28 Jan 2023] DSA-5331-1 openjdk-11 - security update {CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843} [bullseye] - openjdk-11 11.0.18+10-1~deb11u1 = data/dsa-needed.txt = @@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- frr -- -git (aron) --- jupyter-core Maintainer asked for availability to prepare updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim git
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: a2b44d24 by Aron Xu at 2023-01-22T13:43:19+08:00 data/dsa-needed.txt: claim git mirabilos has asked jrnieder about his plan on fixing the security issues, help was offerred and lets wait for response - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -20,7 +20,7 @@ curl (jmm) -- frr -- -git +git (aron) -- jupyter-core Maintainer asked for availability to prepare updates View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2b44d248c916a8cb565aa8957521978382c7022 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2b44d248c916a8cb565aa8957521978382c7022 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim tiff in dsa-needed.txt
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: e5655bd9 by Aron Xu at 2023-01-09T11:42:11+08:00 Claim tiff in dsa-needed.txt - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -64,5 +64,5 @@ sofia-sip sox patch needed for CVE-2021-40426, check with upstream -- -tiff +tiff (aron) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5655bd99403139327002ea683fc3c954279db0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5655bd99403139327002ea683fc3c954279db0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unclaim trafficserver
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: eb91a048 by Aron Xu at 2022-12-28T21:31:19+08:00 Unclaim trafficserver Put back since maintainer is preparing the update. - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -61,7 +61,7 @@ sox -- tiff -- -trafficserver (aron) +trafficserver Maintainer asked for an update -- webkit2gtk (berto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb91a048fdb3e3b5f8687d23150ee0a3ea651f6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb91a048fdb3e3b5f8687d23150ee0a3ea651f6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim trafficserver
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f717860 by Aron Xu at 2022-12-28T17:45:14+08:00 Claim trafficserver - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -61,7 +61,7 @@ sox -- tiff -- -trafficserver +trafficserver (aron) -- webkit2gtk (berto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7178602fca168659b7edd39502079ab1f8d193 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7178602fca168659b7edd39502079ab1f8d193 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take nodejs
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 627226eb by Aron Xu at 2022-12-23T13:57:41+08:00 Take nodejs - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -26,7 +26,7 @@ linux (carnil) netatalk open regression with MacOS, tentative patch not yet merged upstream -- -nodejs +nodejs (aron) -- multipath-tools -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627226eb445992437e2b19b5ce90ba17e5b696e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627226eb445992437e2b19b5ce90ba17e5b696e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take gerbv again
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ec2ab03 by Aron Xu at 2022-12-09T15:54:06+08:00 Take gerbv again - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,7 +16,7 @@ cacti -- frr -- -gerbv +gerbv (aron) -- lava -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec2ab03a278e37d4d533d01c562e440aa4d133b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec2ab03a278e37d4d533d01c562e440aa4d133b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dsa-needed: de-claim gerbv
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: c403105b by Aron Xu at 2022-10-15T14:10:45+08:00 dsa-needed: de-claim gerbv - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -20,7 +20,7 @@ commons-configuration2 -- frr -- -gerbv (aron) +gerbv -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c403105b9c4de933d298f87fde4fd8bf7e3b936b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c403105b9c4de933d298f87fde4fd8bf7e3b936b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim gerbv and maven-shared-utils
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b53260d by Aron Xu at 2022-09-23T11:33:18+08:00 data/dsa-needed.txt: claim gerbv and maven-shared-utils - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,7 +18,7 @@ commons-configuration -- firefox-esr (jmm) -- -gerbv +gerbv (aron) -- gdal (aron) -- @@ -26,7 +26,7 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions -- -maven-shared-utils +maven-shared-utils (aron) -- netatalk open regression with MacOS, tentative patch not yet merged upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53260d73a9a1e740b52587f345763ef1b3c0ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53260d73a9a1e740b52587f345763ef1b3c0ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim gdal
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 8387d550 by Aron Xu at 2022-09-21T14:55:04+08:00 data/dsa-needed.txt: claim gdal - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -26,7 +26,7 @@ fish (aron) -- gerbv -- -gdal +gdal (aron) -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8387d550cddfb16db64d74e9a8ba9c9cc642b165 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8387d550cddfb16db64d74e9a8ba9c9cc642b165 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim fish.
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 81ac8a8f by Aron Xu at 2022-09-16T22:45:49+08:00 data/dsa-needed.txt: claim fish. - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,7 +18,7 @@ commons-configuration -- connman (carnil) -- -fish +fish (aron) -- gdal -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81ac8a8f18629c2c514c5969abd5b217b268397c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81ac8a8f18629c2c514c5969abd5b217b268397c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] librecad fixed in sid
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 14161dcd by Aron Xu at 2022-01-30T21:11:17+08:00 librecad fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8867,17 +8867,17 @@ CVE-2021-45345 CVE-2021-45344 RESERVED CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...) - - librecad (bug #1004518) + - librecad 2.1.3-3 NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468 NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469 NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7 CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...) - - librecad (bug #1004518) + - librecad 2.1.3-3 NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464 NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465 NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4 CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...) - - librecad (bug #1004518) + - librecad 2.1.3-3 NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462 NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463 NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14161dcd62310a87ab5793ba6b841f42de6ac954 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14161dcd62310a87ab5793ba6b841f42de6ac954 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-0235/node-fetch
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: a261a33d by Aron Xu at 2022-01-19T16:55:09+08:00 Reference upstream commit for CVE-2022-0235/node-fetch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -714,7 +714,7 @@ CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium vers CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) - node-fetch NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ - TODO: check fixing commit + NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) CVE-2022-0234 RESERVED CVE-2022-0233 (The ProfileGrid User Profiles, Memberships, Groups and Communi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a261a33df92c837a592b41ccc540808c99c7c747 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a261a33df92c837a592b41ccc540808c99c7c747 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits