[Git][security-tracker-team/security-tracker][master] CVE-2024-32077/airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 673f20de by Henri Salo at 2024-05-14T18:05:10+03:00 CVE-2024-32077/airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6921,6 +6921,8 @@ CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Tool NOT-FOR-US: WordPress plugin CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) NOT-FOR-US: WordPress plugin +CVE-2024-32077 + - airflow (bug #819700) CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...) NOT-FOR-US: RoamWiFi CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f20deab4f753354cf6b2463ea1bafe3a49ee4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f20deab4f753354cf6b2463ea1bafe3a49ee4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-29733/airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f9f2b30e by Henri Salo at 2024-04-19T13:30:54+03:00 CVE-2024-29733/airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6187,6 +6187,8 @@ CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before NOT-FOR-US: WordPress plugin CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM Media View ...) NOT-FOR-US: SonicDICOM Media Viewer +CVE-2024-29733 + - airflow (bug #819700) CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 allows ...) NOT-FOR-US: Alldata CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9f2b30ed5f65fb6d6822345a78b8a11e18c2892 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9f2b30ed5f65fb6d6822345a78b8a11e18c2892 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 68a78d8d by Henri Salo at 2024-04-19T13:10:42+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1942,6 +1942,8 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 a NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...) NOT-FOR-US: KEYENCE KV STUDIO +CVE-2024-29217 + NOT-FOR-US: Apache Answer CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...) NOT-FOR-US: Cente CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] foswiki CVE-2023-33756, CVE-2023-24698
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 13164030 by Henri Salo at 2023-08-07T15:38:09+03:00 foswiki CVE-2023-33756, CVE-2023-24698 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7823,6 +7823,8 @@ CVE-2023-33960 (OpenProject is web-based project management software. For any Op NOT-FOR-US: OpenProject CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak +CVE-2023-33756 + - foswiki (bug #509864) CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...) NOT-FOR-US: Inpiazza Cloud WiFi CVE-2023-33552 (Heap Buffer Overflow in the erofs_read_one_data function at data.c in ...) @@ -30589,6 +30591,7 @@ CVE-2023-24699 RESERVED CVE-2023-24698 RESERVED + - foswiki (bug #509864) CVE-2023-24697 RESERVED CVE-2023-24696 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13164030f7338bdcbe9a8afa97eebe736a833cbe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13164030f7338bdcbe9a8afa97eebe736a833cbe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-36542
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: aae19c90 by Henri Salo at 2023-07-29T10:58:22+03:00 NFU CVE-2023-36542 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2575,6 +2575,8 @@ CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x t NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) - airflow (bug #819700) +CVE-2023-36542 + NOT-FOR-US: Apache NiFi CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-38647
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: edfb6a00 by Henri Salo at 2023-07-25T20:53:00+03:00 NFU CVE-2023-38647 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -214,6 +214,8 @@ CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in Git NOT-FOR-US: pimcore CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...) - gitlab (Specific to EE) +CVE-2023-38647 + NOT-FOR-US: Apache Helix CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...) NOT-FOR-US: Metabase CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-34478/shiro
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: eaffaf86 by Henri Salo at 2023-07-24T21:13:16+03:00 CVE-2023-34478/shiro - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -297,6 +297,10 @@ CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low privilege NOT-FOR-US: Keysight Geolocation Server CVE-2023-35134 (Weintek Weincloud v0.13.6 could allow an attacker to reset a passwor ...) NOT-FOR-US: Weincloud +CVE-2023-34478 + - shiro + NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4 + TODO: check CVE-2023-34429 (Weintek Weincloud v0.13.6 could allow an attacker to cause a denia ...) NOT-FOR-US: Weincloud CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker could upl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaffaf86dd5f0068447bc1a3d55ee33ae6ec646d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaffaf86dd5f0068447bc1a3d55ee33ae6ec646d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: af8e549f by Henri Salo at 2023-03-15T13:11:59+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5806,7 +5806,7 @@ CVE-2023-26264 CVE-2023-26263 RESERVED CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...) - TODO: check + NOT-FOR-US: Sitecore CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...) NOT-FOR-US: UBIKA WAAP Gateway/Cloud CVE-2023-26260 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: c5de1b01 by Henri Salo at 2023-02-23T11:51:28+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2442,6 +2442,7 @@ CVE-2023-25622 RESERVED CVE-2023-25621 RESERVED + NOT-FOR-US: Apache Sling CVE-2023-25620 RESERVED CVE-2023-25619 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-24580/python-django
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 35d1ce86 by Henri Salo at 2023-02-14T11:03:45+02:00 CVE-2023-24580/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3229,6 +3229,9 @@ CVE-2023-0526 RESERVED CVE-2023-24580 RESERVED + - python-django + TODO: check + NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ CVE-2023-24579 RESERVED CVE-2023-24578 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d1ce8677baf886c11f3a452f6321a27131975d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d1ce8677baf886c11f3a452f6321a27131975d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: e3109616 by Henri Salo at 2023-02-04T11:07:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6602,6 +6602,7 @@ CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified a NOT-FOR-US: DrAzraelTod pyChao CVE-2023-22849 RESERVED + NOT-FOR-US: Apache Sling CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) NOT-FOR-US: Netis Netcore Router CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. It has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-26068/pistache
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f8e69f4 by Henri Salo at 2023-02-03T05:48:54+02:00 CVE-2022-26068/pistache - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74458,7 +74458,8 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...) - - pistache (bug #929593) + - pistache + TODO: check CVE-2022-26066 RESERVED CVE-2022-26063 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-24997 + RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24977 RESERVED NOT-FOR-US: Apache InLong View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2023-24977 RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24976 RESERVED CVE-2023-24975 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 52718548 by Henri Salo at 2023-01-06T09:38:17+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9098,6 +9098,7 @@ CVE-2022-4146 RESERVED CVE-2022-45935 RESERVED + NOT-FOR-US: Apache James CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) - linux NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d @@ -9506,6 +9507,7 @@ CVE-2022-45788 RESERVED CVE-2022-45787 RESERVED + NOT-FOR-US: Apache James CVE-2022-45786 RESERVED CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d02f76c4 by Henri Salo at 2022-12-30T13:18:57+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13178,6 +13178,7 @@ CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access NOT-FOR-US: JetBrains TeamCity CVE-2022-44621 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-44618 RESERVED CVE-2022-44614 @@ -18198,6 +18199,7 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers NOT-FOR-US: Siemens CVE-2022-43396 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) - TODO: check + NOT-FOR-US: authentik CVE-2022-46144 RESERVED CVE-2022-46143 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typo
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fbfc044 by Henri Salo at 2022-10-28T08:55:36+03:00 Fix typo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1669,7 +1669,7 @@ CVE-2022-43761 RESERVED CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...) - vim - NOTE: ttps://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805) + NOTE: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805) CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...) - rails NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fbfc0446da5a4517f6461a9e81fdde0bb13c59b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fbfc0446da5a4517f6461a9e81fdde0bb13c59b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-41672/airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 15f2defb by Henri Salo at 2022-10-04T22:18:47+03:00 CVE-2022-41672/airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1656,6 +1656,7 @@ CVE-2022-41673 RESERVED CVE-2022-41672 RESERVED + - airflow (bug #819700) CVE-2022-41671 RESERVED CVE-2022-41670 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f2defbde0e35afb32d3aadb156b597e23a5247 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f2defbde0e35afb32d3aadb156b597e23a5247 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-41317 and CVE-2022-41318 squid
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 89090afc by Henri Salo at 2022-09-23T09:37:32+03:00 CVE-2022-41317 and CVE-2022-41318 squid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,6 +20,16 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd - rdiffweb (bug #969974) CVE-2022-3266 RESERVED +CVE-2022-41318 + - squid + - squid3 + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2 +CVE-2022-41317 + - squid + - squid3 + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1 CVE-2022-41313 RESERVED CVE-2022-41312 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89090afc119770a3b381a30dace75588b8b09f47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89090afc119770a3b381a30dace75588b8b09f47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2605,6 +2605,7 @@ CVE-2022-39136 RESERVED CVE-2022-39135 RESERVED + NOT-FOR-US: Apache Calcite CVE-2022-39134 RESERVED CVE-2022-39133 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-38054/airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7581d34c by Henri Salo at 2022-09-02T09:49:19+03:00 CVE-2022-38054/airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3176,6 +3176,7 @@ CVE-2022-38058 RESERVED CVE-2022-38054 RESERVED + - airflow (bug #819700) CVE-2022-37412 RESERVED CVE-2022-37411 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581d34cd072905a6c43584dd3c51fc13c3efb6c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581d34cd072905a6c43584dd3c51fc13c3efb6c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2022-34916 Apache Flume
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 5964ae24 by Henri Salo at 2022-08-21T02:24:21+03:00 NFU CVE-2022-34916 Apache Flume - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8978,6 +8978,7 @@ CVE-2022-34917 RESERVED CVE-2022-34916 RESERVED + NOT-FOR-US: Apache Flume CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) NOT-FOR-US: Nakama CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-38362/airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f89a0e0 by Henri Salo at 2022-08-16T22:09:06+03:00 CVE-2022-38362/airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,6 +20,7 @@ CVE-2022-2826 RESERVED CVE-2022-38362 RESERVED + - airflow (bug #819700) CVE-2022-38361 RESERVED CVE-2022-38360 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f89a0e0a31dc86dcf461818b81ecf92557c88b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f89a0e0a31dc86dcf461818b81ecf92557c88b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1844,8 +1844,10 @@ CVE-2022-37413 RESERVED CVE-2022-37401 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37400 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37399 RESERVED CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f09c6b2d by Henri Salo at 2022-07-28T11:19:18+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1428,6 +1428,7 @@ CVE-2022-36367 RESERVED CVE-2022-36364 RESERVED + NOT-FOR-US: Apache Calcite CVE-2022-36298 RESERVED CVE-2022-35729 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f9496a0 by Henri Salo at 2022-07-09T11:05:51+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80955,7 +80955,7 @@ CVE-2021-31647 CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) NOT-FOR-US: Gestsup CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote attackers t ...) - TODO: check + NOT-FOR-US: glFTPd CVE-2021-31644 RESERVED CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) @@ -579384,7 +579384,7 @@ CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNew CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) NOT-FOR-US: GProFTPD CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk ...) - NOT-FOR-US: Glftpd + NOT-FOR-US: glFTPd CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: TrackerCam CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 935d9b4e by Henri Salo at 2022-07-09T11:01:09+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -405940,9 +405940,9 @@ CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator - zendframework (the vulnerability was introduced specifically in the 2.3 series) NOTE: http://framework.zend.com/security/advisory/ZF2015-03 CVE-2015-1785 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin nextgen-galery CVE-2015-1784 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin nextgen-galery CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before c ...) - lasso 2.4.1-1 [wheezy] - lasso (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-25167
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d9ac5fd by Henri Salo at 2022-06-14T12:10:09+03:00 CVE-2022-25167 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22459,8 +22459,10 @@ CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and 2.4. NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4 CVE-2022-25168 RESERVED -CVE-2022-25167 +CVE-2022-25167 [Apache Flume JMSSource does not protect from malicious JNDI urls] RESERVED + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/1 CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...) NOT-FOR-US: phpUploader CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ac5fddca8a4cf72f076d597e186618c59c507 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9ac5fddca8a4cf72f076d597e186618c59c507 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f681b89 by Henri Salo at 2022-04-27T09:55:35+03:00 CVE-2022-27774, CVE-2022-27775, CVE-2022-27776 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5578,12 +5578,21 @@ CVE-2022-27778 RESERVED CVE-2022-2 RESERVED -CVE-2022-27776 +CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED -CVE-2022-27775 + - curl + NOTE: https://curl.se/docs/CVE-2022-27776.html + TODO: check +CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED -CVE-2022-27774 + - curl + NOTE: https://curl.se/docs/CVE-2022-27775.html + TODO: check +CVE-2022-27774 [Credential leak on redirect] RESERVED + - curl + NOTE: https://curl.se/docs/CVE-2022-27774.html + TODO: check CVE-2022-27773 RESERVED CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-25745, CVE-2021-25746
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b6f53575 by Henri Salo at 2022-04-22T20:17:05+03:00 CVE-2021-25745, CVE-2021-25746 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -78927,8 +78927,12 @@ CVE-2021-25747 RESERVED CVE-2021-25746 RESERVED + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/6 CVE-2021-25745 RESERVED + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/5 CVE-2021-25744 RESERVED CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f53575096973b46b62822b18e8d076b537f1e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f53575096973b46b62822b18e8d076b537f1e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove empty newline
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 88db86d5 by Henri Salo at 2022-04-15T13:16:58+03:00 Remove empty newline - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -487,7 +487,6 @@ CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions start - mutt NOTE: https://gitlab.com/muttmua/mutt/-/issues/404 NOTE: https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 - CVE-2022-1327 RESERVED CVE-2022-1326 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88db86d508e45608a362e9fa884fff39d91e033d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88db86d508e45608a362e9fa884fff39d91e033d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cf7ed91 by Henri Salo at 2022-04-07T22:12:05+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3844,8 +3844,10 @@ CVE-2022-27222 RESERVED CVE-2022-0993 RESERVED + NOT-FOR-US: WordPress plugin CVE-2022-0992 RESERVED + NOT-FOR-US: WordPress plugin CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-24986: KCron: Insecure temporary file handling
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b3df1883 by Henri Salo at 2022-02-25T14:11:49+02:00 CVE-2022-24986: KCron: Insecure temporary file handling - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2818,6 +2818,8 @@ CVE-2022-24987 RESERVED CVE-2022-24986 RESERVED + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2022/02/25/3 CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) NOT-FOR-US: JQueryForm.com CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3df1883f6c572ec19526c84e3b11bc5a4912f8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3df1883f6c572ec19526c84e3b11bc5a4912f8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-24948
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 0778ac16 by Henri Salo at 2022-02-25T14:02:11+02:00 CVE-2022-24948 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2995,6 +2995,7 @@ CVE-2022-24949 RESERVED CVE-2022-24948 RESERVED + - jspwiki CVE-2022-24947 RESERVED - jspwiki View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0778ac162f6403f75c7f31ef94b87626e41c72d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0778ac162f6403f75c7f31ef94b87626e41c72d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-24947
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: bd747801 by Henri Salo at 2022-02-25T13:59:39+02:00 CVE-2022-24947 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2997,6 +2997,7 @@ CVE-2022-24948 RESERVED CVE-2022-24947 RESERVED + - jspwiki CVE-2022-24946 RESERVED CVE-2022-24945 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd747801e11bd4a0aee32412d5674af6d76a3571 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd747801e11bd4a0aee32412d5674af6d76a3571 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] airflow
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a81b8b6c by Henri Salo at 2022-02-24T21:05:46+02:00 airflow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4049,6 +4049,7 @@ CVE-2022-24289 (Hessian serialization is a network protocol that supports object NOT-FOR-US: Apache Cayenne CVE-2022-24288 RESERVED + - airflow (bug #819700) CVE-2022-24287 RESERVED CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...) @@ -14418,6 +14419,7 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific - airflow (bug #819700) CVE-2021-45229 RESERVED + - airflow (bug #819700) CVE-2021-45228 RESERVED CVE-2021-45227 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: dbb7190c by Henri Salo at 2022-02-07T10:42:19+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5075,6 +5075,7 @@ CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plug - apache-karaf (bug #881297) CVE-2022-22931 RESERVED + NOT-FOR-US: Apache James CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) NOT-FOR-US: MCMS CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 96cd9e0c by Henri Salo at 2022-02-05T13:03:47+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4335,6 +4335,7 @@ CVE-2021-23150 RESERVED CVE-2022-23206 RESERVED + NOT-FOR-US: Apache Traffic Control CVE-2022-23205 RESERVED CVE-2022-23204 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e6aaef1 by Henri Salo at 2022-02-04T11:04:40+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37033,8 +37033,10 @@ CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swif NOT-FOR-US: gRPC Swift CVE-2021-36152 RESERVED + NOT-FOR-US: Apache Gobblin CVE-2021-36151 RESERVED + NOT-FOR-US: Apache Gobblin CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) NOT-FOR-US: OpenShift CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 46c238ac by Henri Salo at 2022-02-01T11:15:27+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12377,6 +12377,7 @@ CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug NOT-FOR-US: mySCADA myPRO CVE-2021-44451 RESERVED + NOT-FOR-US: Apache Superset CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions ...) NOT-FOR-US: Siemens CVE-2021-9 (A vulnerability has been identified in JT Utilities (All versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Typo fix
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc90f41 by Henri Salo at 2022-01-15T02:47:15+02:00 Typo fix - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -24,7 +24,7 @@ flatpak (seb) librecad -- libreswan/stable (carnil) - Maintainer preapred updates + Maintainer prepared updates -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc90f415e97a3489c5d0f934d78c0a0107abe79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc90f415e97a3489c5d0f934d78c0a0107abe79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b2df1b42 by Henri Salo at 2022-01-06T15:57:46+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3335,10 +3335,13 @@ CVE-2022-22054 RESERVED CVE-2021-45458 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45457 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45456 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45455 RESERVED CVE-2021-45454 @@ -28722,6 +28725,7 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because o NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 CVE-2021-36774 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - ublock-origin 1.37.0+dfsg-1 (bug #991386) [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 @@ -41664,6 +41668,7 @@ CVE-2021-31524 RESERVED CVE-2021-31522 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) @@ -51378,6 +51383,7 @@ CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) NOT-FOR-US: JetBrains Ktor CVE-2021-27738 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...) - trafficserver (Only affects 9.x) CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient session exp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: dd79b441 by Henri Salo at 2022-01-04T14:53:37+02:00 NFU - - - - - 06412638 by Henri Salo at 2022-01-04T14:55:16+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18914,6 +18914,7 @@ CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TT NOT-FOR-US: Peleton CVE-2021-40525 RESERVED + NOT-FOR-US: Apache James CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: showdoc CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -19994,8 +19995,10 @@ CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface o NOT-FOR-US: Cisco CVE-2021-40111 RESERVED + NOT-FOR-US: Apache James CVE-2021-40110 RESERVED + NOT-FOR-US: Apache James CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) NOT-FOR-US: Concrete CMS CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...) @@ -23711,6 +23714,7 @@ CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certai NOT-FOR-US: TP-Link CVE-2021-38542 RESERVED + NOT-FOR-US Apache James CVE-2021-38541 RESERVED CVE-2021-3699 @@ -32758,6 +32762,7 @@ CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, al NOT-FOR-US: Secure 8 (Evalos) CVE-2021-34797 RESERVED + NOT-FOR-US: Apache Geode CVE-2021-34796 RESERVED CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b074589480797821bc1933c2bc6d3a77e6664aaf...06412638e77ddd1dc0eb5a8c11dd8ebe8536b140 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b074589480797821bc1933c2bc6d3a77e6664aaf...06412638e77ddd1dc0eb5a8c11dd8ebe8536b140 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cb91b0f by Henri Salo at 2021-12-21T10:55:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,10 +20,13 @@ CVE-2021-4143 RESERVED CVE-2017-20010 RESERVED + NOT-FOR-US: MODX Revolution CVE-2017-20009 RESERVED + NOT-FOR-US: MODX Revolution CVE-2012-20001 RESERVED + NOT-FOR-US: PrestaShop CVE-2021-45442 RESERVED CVE-2021-45441 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 550a04b2 by Henri Salo at 2021-12-17T08:46:37+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2943,6 +2943,7 @@ CVE-2021-44146 RESERVED CVE-2021-44145 RESERVED + NOT-FOR-US: Apache NiFi CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...) NOT-FOR-US: Croatia Control Asterix CVE-2021-4004 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550a04b2c5d97de89cebb02973132baecfd5497d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550a04b2c5d97de89cebb02973132baecfd5497d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 53e80a2d by Henri Salo at 2021-12-06T21:21:27+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4166,6 +4166,7 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When - hurd 1:0.9.git20210404-9 CVE-2021-43410 RESERVED + NOT-FOR-US: Apache Airavata CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: twill CVE-2021-43409 (The WPO365 | LOGIN WordPress plugin (up to and including ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e80a2dbb483d93dfbe6b4b548a371c98047139 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e80a2dbb483d93dfbe6b4b548a371c98047139 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a9b32be by Henri Salo at 2021-11-29T20:58:42+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65233,10 +65233,14 @@ CVE-2020-35076 REJECTED CVE-2020-35061 RESERVED +CVE-2020-35037 + NOT-FOR-US: WordPress plugin events-manager CVE-2020-35030 RESERVED CVE-2020-35017 RESERVED +CVE-2020-35012 + NOT-FOR-US: WordPress plugin events-manager CVE-2020-35001 RESERVED CVE-2016-15001 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a9b32bef3bdd79045de2442bfaf2db78487746b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a9b32bef3bdd79045de2442bfaf2db78487746b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-36749 TODO
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d2c4dd95 by Henri Salo at 2021-09-24T07:44:39+03:00 CVE-2021-36749 TODO - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11140,6 +11140,8 @@ CVE-2021-36750 RESERVED CVE-2021-36749 RESERVED + NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 + TODO: check CVE-2021-3650 RESERVED CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Typo fix
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 33222c7d by Henri Salo at 2021-09-24T07:43:30+03:00 Typo fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46939,37 +46939,37 @@ CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) NOT-FOR-US: VMware CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...) - salt (bug #994016) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ @@ -46995,7 +46995,7 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability du CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...) NOT-FOR-US: VMware CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...) NOT-FOR-US: VMware CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...) @@ -312285,8 +312285,8 @@ CVE-2016- [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14] CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual S ...) {DLA-1599-1} - qemu 1:2.6+dfsg-2 (bug #825210) - [wheezy] - qemu (VMWare PVSCSI paravirtual device implementation introduced later) - - qemu-kvm (VMWare PVSCSI paravirtual device implementation introduced later) + [wheezy] - qemu (VMware PVSCSI paravirtual device implementation introduced later) + - qemu-kvm (VMware PVSCSI paravirtual device implementation introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0) CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kerne ...) @@ -375313,15 +375313,15 @@ CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.9 CVE-2014-1212 RESERVED CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud Direc ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2
[Git][security-tracker-team/security-tracker][master] CVE-2021-41303/shiro
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6068907e by Henri Salo at 2021-09-17T09:15:56+03:00 CVE-2021-41303/shiro - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,8 +8,11 @@ CVE-2021-3806 RESERVED CVE-2021-3805 RESERVED -CVE-2021-41303 +CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] RESERVED + - shiro + NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 + TODO: check CVE-2021-41302 RESERVED CVE-2021-41301 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 353fae8c by Henri Salo at 2021-09-11T10:49:13+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1640,6 +1640,7 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulne NOT-FOR-US: EmTec ZOC CVE-2021-40146 RESERVED + NOT-FOR-US: Apache Any23 CVE-2021-3738 RESERVED CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server] @@ -5211,6 +5212,7 @@ CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers t NOT-FOR-US: RaspAP CVE-2021-38555 RESERVED + NOT-FOR-US: Apache Any23 CVE-2021-38554 (HashiCorp Vault and Vault Enterprises UI erroneously cached and ...) NOT-FOR-US: HashiCorp Vault CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353fae8cb7fa0cb555efe2594bc17201201b4233 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353fae8cb7fa0cb555efe2594bc17201201b4233 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Typo fix
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b9d501b4 by Henri Salo at 2021-08-31T23:16:36+03:00 Typo fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43540,17 +43540,17 @@ CVE-2021-22029 CVE-2021-22028 RESERVED CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) NOT-FOR-US: VMware CVE-2021-22020 @@ -116134,13 +116134,13 @@ CVE-2020-5430 CVE-2020-5429 REJECTED CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2020-5424 REJECTED CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...) @@ -414475,7 +414475,7 @@ CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows {DSA-2314-1} - puppet 2.7.3-3 CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2011-3867 REJECTED CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...) @@ -463779,7 +463779,7 @@ CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System ( NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...) - NOT-FOR-US: Vmware ESX/i + NOT-FOR-US: VMware ESX/i CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...) NOT-FOR-US: BackLinkSpider CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook (com_flip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d501b4589bd0d9b29be1313ae3e51fb6d8286c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d501b4589bd0d9b29be1313ae3e51fb6d8286c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f892867d by Henri Salo at 2021-08-18T10:03:30+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12789,6 +12789,7 @@ CVE-2021-33581 RESERVED CVE-2021-33580 RESERVED + NOT-FOR-US: Apache Roller CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) - inspircd 3.8.1-2 (bug #989144) [buster] - inspircd (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f892867da16ef576b4d35f50293e9ee7f2a5e1b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f892867da16ef576b4d35f50293e9ee7f2a5e1b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unify product name
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a78f2b2 by Henri Salo at 2021-08-14T11:47:42+03:00 Unify product name - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77620,7 +77620,7 @@ CVE-2020-18465 CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...) NOT-FOR-US: AikCms CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...) - NOT-FOR-US: aikcms + NOT-FOR-US: AikCms CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...) NOT-FOR-US: AikCms CVE-2020-18461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 48874a43 by Henri Salo at 2021-07-27T23:22:24+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93460,6 +93460,7 @@ CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows remote NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11510 RESERVED + NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48874a43c7c7c75bbe1ca2083beb9933dc32e502 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48874a43c7c7c75bbe1ca2083beb9933dc32e502 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-33900/apacheds
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7adc1d9f by Henri Salo at 2021-07-24T12:54:54+03:00 CVE-2021-33900/apacheds - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7840,6 +7840,9 @@ CVE-2021-33901 RESERVED CVE-2021-33900 RESERVED + - apacheds + NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1 + TODO: check CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color settings. ...) NOT-FOR-US: PageLayer CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size paramete ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adc1d9f04061be3f19169636c98efa1cb81f972 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adc1d9f04061be3f19169636c98efa1cb81f972 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-32746, CVE-2021-32747/icinga2
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: ca3732e7 by Henri Salo at 2021-07-13T21:14:03+03:00 CVE-2021-32746, CVE-2021-32747/icinga2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8943,9 +8943,11 @@ CVE-2021-32749 CVE-2021-32748 RESERVED CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) - TODO: check + - icinga2 + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) - TODO: check + - icinga2 + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 CVE-2021-32745 RESERVED CVE-2021-32744 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3732e76942db10d59751a3802b80eca2fbdd23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3732e76942db10d59751a3802b80eca2fbdd23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 37842898 by Henri Salo at 2021-07-13T21:12:00+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29250,13 +29250,13 @@ CVE-2021-2 CVE-2021-24443 RESERVED CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24438 RESERVED CVE-2021-24437 @@ -29266,7 +29266,7 @@ CVE-2021-24436 CVE-2021-24435 RESERVED CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24433 RESERVED CVE-2021-24432 @@ -29276,29 +29276,29 @@ CVE-2021-24431 CVE-2021-24430 RESERVED CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24428 RESERVED CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24426 (The Backup by 10Web Backup and Restore Plugin WordPress plugin ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24425 RESERVED CVE-2021-24424 (The WP Reset Most Advanced WordPress Reset Tool WordPress plug ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24423 RESERVED CVE-2021-24422 RESERVED CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24417 RESERVED CVE-2021-24416 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37842898f539651e11f9ceb0c5143217c2633f50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37842898f539651e11f9ceb0c5143217c2633f50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f28e868 by Henri Salo at 2021-07-13T21:10:09+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29316,9 +29316,9 @@ CVE-2021-24411 CVE-2021-24410 RESERVED CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...) NOT-FOR-US: Wordpress theme CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...) @@ -29364,7 +29364,7 @@ CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not pr CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...) NOT-FOR-US: Wordpress plugin CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...) NOT-FOR-US: Wordpress plugin CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...) @@ -29404,7 +29404,7 @@ CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was aff CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...) NOT-FOR-US: WordPress plugin CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...) NOT-FOR-US: WordPress theme CVE-2021-24363 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f28e8686d632fbac264fcc38e2d5c161dd70e69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f28e8686d632fbac264fcc38e2d5c161dd70e69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 83641477 by Henri Salo at 2021-07-13T21:03:49+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34757,6 +34757,7 @@ CVE-2021-22001 RESERVED CVE-2021-22000 RESERVED + NOT-FOR-US: VMware CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...) NOT-FOR-US: VMware CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836414771cd691a49426ebbdb2b5e93d4578642f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836414771cd691a49426ebbdb2b5e93d4578642f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d936dc25 by Henri Salo at 2021-07-13T21:03:09+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34767,8 +34767,10 @@ CVE-2021-21996 RESERVED CVE-2021-21995 RESERVED + NOT-FOR-US: VMware CVE-2021-21994 RESERVED + NOT-FOR-US: VMware CVE-2021-21993 RESERVED CVE-2021-21992 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d936dc25c1c5ad895311ef2e3e534f8058afe886 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d936dc25c1c5ad895311ef2e3e534f8058afe886 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-36373, CVE-2021-36374/ant
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d55e220 by Henri Salo at 2021-07-13T21:01:56+03:00 CVE-2021-36373, CVE-2021-36374/ant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -726,8 +726,12 @@ CVE-2021-36375 RESERVED CVE-2021-36374 RESERVED + - ant + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 CVE-2021-36373 RESERVED + - ant + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 CVE-2021-36372 RESERVED CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d55e2203fd8a4810ddcf8c5da5881164f76cfc3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d55e2203fd8a4810ddcf8c5da5881164f76cfc3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8015d59e by Henri Salo at 2021-07-13T10:46:51+03:00 CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1310,6 +1310,8 @@ CVE-2021-3632 NOT-FOR-US: Keycloak CVE-2021-36090 RESERVED + - libcommons-compress-java + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) @@ -2640,10 +2642,16 @@ CVE-2021-35518 RESERVED CVE-2021-35517 RESERVED + - libcommons-compress-java + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 CVE-2021-35516 RESERVED + - libcommons-compress-java + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 CVE-2021-35515 RESERVED + - libcommons-compress-java + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) NOT-FOR-US: Narou CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8015d59e114d9e9e59677fa98c3dddfe65b00ed2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8015d59e114d9e9e59677fa98c3dddfe65b00ed2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-26920/druid
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 36eba64a by Henri Salo at 2021-07-02T08:59:34+03:00 CVE-2021-26920/druid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21685,6 +21685,7 @@ CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, token NOT-FOR-US: Argo CD CVE-2021-26920 RESERVED + - druid (bug #825797) CVE-2021-26919 (Apache Druid allows users to read data from other database systems usi ...) - druid (bug #825797) CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36eba64ae238fb4e7cf15389a424a20f053d8b9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36eba64ae238fb4e7cf15389a424a20f053d8b9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: e8ca41e5 by Henri Salo at 2021-06-16T08:04:48+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91495,6 +91495,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 RESERVED + NOT-FOR-US: Apache Chainsaw CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) - hadoop (bug #793644) CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a86f424b by Henri Salo at 2021-05-29T10:28:03+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -235,7 +235,7 @@ CVE-2021-33625 CVE-2021-33624 RESERVED CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) - TODO: check + NOT-FOR-US: Node.js trim-newlines package CVE-2021-33622 RESERVED CVE-2021-33621 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86f424bfcd78ba832ac7e2795ce3e41dbd1245d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86f424bfcd78ba832ac7e2795ce3e41dbd1245d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 4509e67f by Henri Salo at 2021-05-05T07:55:27+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3087,6 +3087,10 @@ CVE-2021-30640 RESERVED CVE-2021-30639 RESERVED +CVE-2020-36334 + NOT-FOR-US: WordPress plugin themegrill-demo-importer +CVE-2020-36333 + NOT-FOR-US: WordPress plugin themegrill-demo-importer CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...) NOT-FOR-US: Vaadin CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4509e67f7937e10079be4f1fe0452814dda02dae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4509e67f7937e10079be4f1fe0452814dda02dae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reverting commit as there was following error: 299286: error: bug name...
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 09067bdc by Henri Salo at 2021-04-07T23:09:18+03:00 Reverting commit as there was following error: 299286: error: bug name TEMP-000-D41D8C is not unique - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,3 @@ -CVE-2021- - - mediawiki - NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000271.html CVE-2021-3484 RESERVED CVE-2021-3483 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09067bdc29f8ed3be1da1baf50654b79fa5bea98 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09067bdc29f8ed3be1da1baf50654b79fa5bea98 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] MediaWiki security pre-release announcement: 1.31.13 / 1.35.2
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f5b2fdf by Henri Salo at 2021-04-07T23:04:12+03:00 MediaWiki security pre-release announcement: 1.31.13 / 1.35.2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2021- + - mediawiki + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000271.html CVE-2021-3484 RESERVED CVE-2021-3483 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5b2fdf5a90966326eeae5a7fb5793764e40dbb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5b2fdf5a90966326eeae5a7fb5793764e40dbb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-28918
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b7acc4f6 by Henri Salo at 2021-03-31T18:41:50+03:00 CVE-2021-28918 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1610,6 +1610,9 @@ CVE-2021-28919 RESERVED CVE-2021-28918 RESERVED + TODO: check + NOTE: https://sick.codes/sick-2021-011 + NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ CVE-2021-28917 RESERVED CVE-2021-28916 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7acc4f643dd39e3e1e866da3fcdd6368fab88ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7acc4f643dd39e3e1e866da3fcdd6368fab88ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: c9097fb9 by Henri Salo at 2021-02-28T17:32:07+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14236,7 +14236,7 @@ CVE-2020-36081 CVE-2020-36080 RESERVED CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary file upl ...) - TODO: check + NOT-FOR-US: Zenphoto CVE-2020-36078 RESERVED CVE-2020-36077 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9097fb9fed587bccd06b8b45013fe84f9d346a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9097fb9fed587bccd06b8b45013fe84f9d346a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: cf285a75 by Henri Salo at 2020-12-17T10:38:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40872,6 +40872,7 @@ CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt CVE-2020-13931 RESERVED + NOT-FOR-US: Apache TomEE CVE-2020-13930 RESERVED CVE-2020-13929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf285a75f0782d879dd6f8536de65e53fed7c177 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf285a75f0782d879dd6f8536de65e53fed7c177 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 03ad41ce by Henri Salo at 2020-12-14T10:19:35+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,9 +11,9 @@ CVE-2020-35237 CVE-2020-35236 (The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incor ...) TODO: check CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal. ...) - TODO: check + NOT-FOR-US: WordPress plugin secure-file-manager CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...) - TODO: check + NOT-FOR-US: WordPress plugin easy-wp-smtp CVE-2020-35233 RESERVED CVE-2020-35232 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ad41ce1b01cf2afb709e40c2aecf97f9b61af1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ad41ce1b01cf2afb709e40c2aecf97f9b61af1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-17521
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 63e150ff by Henri Salo at 2020-12-06T11:46:22+02:00 CVE-2020-17521 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29094,6 +29094,8 @@ CVE-2020-17522 RESERVED CVE-2020-17521 RESERVED + TODO: check + NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1 CVE-2020-17520 RESERVED CVE-2020-17519 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e150ff30b26d9f5e411798e1055382f85a3a3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e150ff30b26d9f5e411798e1055382f85a3a3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-13958
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d035971 by Henri Salo at 2020-11-11T08:42:52+02:00 CVE-2020-13958 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33540,6 +33540,9 @@ CVE-2020-13959 RESERVED CVE-2020-13958 RESERVED + - libreoffice + NOTE: https://www.openoffice.org/security/cves/CVE-2020-13958.html + TODO: check CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...) - lucene-solr (Vulnerable functionality not yet present) CVE-2020-13956 [incorrect handling of malformed authority component in request URIs] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d035971f580ac00afa463c77228ebc4dc68c763 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d035971f580ac00afa463c77228ebc4dc68c763 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: ded415b5 by Henri Salo at 2020-10-21T09:38:16+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -143735,6 +143735,7 @@ CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, - hadoop (bug #793644) CVE-2018-11764 RESERVED + - hadoop (bug #793644) CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...) - apache2 2.4.35-1 (bug #909591) [stretch] - apache2 2.4.25-3+deb9u6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded415b5193414c4639ebf6cbff9d4bae962bb92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded415b5193414c4639ebf6cbff9d4bae962bb92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b151b38 by Henri Salo at 2020-07-14T11:51:02+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4312,8 +4312,10 @@ CVE-2020-13927 RESERVED CVE-2020-13926 RESERVED + NOT-FOR-US: Apache Kylin CVE-2020-13925 RESERVED + NOT-FOR-US: Apache Kylin CVE-2020-13924 RESERVED CVE-2020-13923 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b151b3876046ea7924e3b123cddead3ef2d1b20 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b151b3876046ea7924e3b123cddead3ef2d1b20 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typo
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: fbdda2b5 by Henri Salo at 2020-07-03T13:58:55+03:00 Fix typo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3171,25 +3171,25 @@ CVE-2020-14175 CVE-2020-14174 RESERVED CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14171 RESERVED CVE-2020-14170 RESERVED CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) - NOT-FOR-US: Atlasstian + NOT-FOR-US: Atlassian CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) NOT-FOR-US: JerryScript CVE-2020-14162 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdda2b5b590f1fe0b11de342503cb95f8fb27d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdda2b5b590f1fe0b11de342503cb95f8fb27d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 132d700b by Henri Salo at 2020-05-12T08:36:58+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28381,6 +28381,7 @@ CVE-2020-1940 (The optional initial password change and password expiration feat NOT-FOR-US: Apache Jackrabbit Oak CVE-2020-1939 RESERVED + NOT-FOR-US: Apache NuttX CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 (bug #952437) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132d700b3126899badf4fa2219450b7eec199a28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132d700b3126899badf4fa2219450b7eec199a28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d1a2fa0a by Henri Salo at 2020-04-16T09:29:31+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24902,6 +24902,7 @@ CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, NOT-FOR-US: CA Automic Sysload CVE-2020-1964 RESERVED + NOT-FOR-US: Apache Heron CVE-2020-1963 RESERVED CVE-2020-1962 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a2fa0ac23ea04c6c67d395cbbc79d600d7f1bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a2fa0ac23ea04c6c67d395cbbc79d600d7f1bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d7246ebf by Henri Salo at 2020-02-23T10:39:38+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18098,6 +18098,7 @@ CVE-2020-1938 RESERVED CVE-2020-1937 RESERVED + NOT-FOR-US: Apache Kylin CVE-2020-1936 RESERVED CVE-2020-1935 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassin
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7734ce22 by Henri Salo at 2020-01-30T10:42:49+02:00 CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15767,8 +15767,16 @@ CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34 NOT-FOR-US: Apache Superset CVE-2020-1931 RESERVED + - spamassassin + NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt + NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 + TODO: check CVE-2020-1930 RESERVED + - spamassassin + NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt + NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 + TODO: check CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) TODO: check CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7734ce22ec68fb31e3a72955020a634994b8b3e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7734ce22ec68fb31e3a72955020a634994b8b3e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-18932/sarg
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 66a5c1e2 by Henri Salo at 2020-01-21T08:46:12+02:00 CVE-2019-18932/sarg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15090,8 +15090,10 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...) NOT-FOR-US: Zulip -CVE-2019-18932 +CVE-2019-18932 [sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector] RESERVED + - sarg + NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6 CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer O ...) NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66a5c1e251f8fc01e532eaa9f895f0310a6c2943 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66a5c1e251f8fc01e532eaa9f895f0310a6c2943 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: cd8297cc by Henri Salo at 2019-11-06T18:55:04Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13275,8 +13275,10 @@ CVE-2019-15005 RESERVED CVE-2019-15004 RESERVED + NOT-FOR-US: Atlassian CVE-2019-15003 RESERVED + NOT-FOR-US: Atlassian CVE-2019-15002 RESERVED CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd8297cc2a65a337411f867337e19c1b0add4344 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix Typo3 to TYPO3
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d6827f4b by Henri Salo at 2019-10-19T08:58:32Z Fix Typo3 to TYPO3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...) NOT-FOR-US: pfSense CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16697 RESERVED CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) @@ -4614,7 +4614,7 @@ CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. Wh CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...) NOT-FOR-US: Xoops CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...) NOT-FOR-US: Mastodon CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) @@ -17204,9 +17204,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1. NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269 NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016 CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...) {DLA-1877-1} - otrs2 6.0.20-1 @@ -19490,7 +19490,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zer - linux 4.19.37-4 NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...) {DSA-4445-1 DLA-1797-1} - drupal7 (bug #928688) @@ -140267,7 +140267,7 @@ CVE-2017-6372 CVE-2017-6371 RESERVED CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...) {DSA-3824-1 DLA-879-1} - firebird2.5 (bug #858641) @@ -141456,9 +141456,9 @@ CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...) NOT-FOR-US: Emoncms CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...) NOT-FOR-US: ionize CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...) @@ -184171,17 +184171,17 @@ CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...) NOT-FOR-US: Values module for Drupal CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote att ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in T ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified fro ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in T ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8756 (Cross
[Git][security-tracker-team/security-tracker][master] Fix minor typos
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8327a5a7 by Henri Salo at 2019-10-19T08:52:16Z Fix minor typos - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...) NOT-FOR-US: pfSense CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...) - NOT-FOR-US: Typo3 extenstion + NOT-FOR-US: Typo3 extension CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...) - NOT-FOR-US: Typo3 extenstion + NOT-FOR-US: Typo3 extension CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...) - NOT-FOR-US: Typo3 extenstion + NOT-FOR-US: Typo3 extension CVE-2019-16697 RESERVED CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8327a5a7904fcb5d64234cb80f0ca785d4d1c063 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8327a5a7904fcb5d64234cb80f0ca785d4d1c063 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix NOTE
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 328d8046 by Henri Salo at 2019-10-07T17:28:22Z Fix NOTE - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14803,8 +14803,9 @@ CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 NOTE: https://www.openwall.com/lists/oss-security/2019/09/10/1 NOTE: Upstream's fix (upgrading dependencies) suggests the issue is in libwoodstox-java: NOTE: https://issues.apache.org/jira/browse/SOLR-6830 - NOTE: May be related to the change in the 4.x series of libwoodstox-java to disabling coalescing by default which can trigger large memory consumption - when parsing specially crafted XML data + NOTE: May be related to the change in the 4.x series of libwoodstox-java to + NOTE: disabling coalescing by default which can trigger large memory consumption + NOTE: when parsing specially crafted XML data CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...) - libxml-security-java (bug #935548) [stretch] - libxml-security-java (Vulnerable code introduced in 2.0.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/328d80462b0ddfc431d59ecd84c75573dd48c586 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/328d80462b0ddfc431d59ecd84c75573dd48c586 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] References for exiv2 vulns
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 43c8c054 by Henri Salo at 2019-09-25T06:09:30Z References for exiv2 vulns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7319,8 +7319,12 @@ CVE-2019-14371 (An issue was discovered in Libav 12.3. There is an infinite loop - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163 CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...) + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/issues/954 TODO: check CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...) + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/issues/953 TODO: check CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...) TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c8c0544697abf317812b9da94557abe0b6045b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43c8c0544697abf317812b9da94557abe0b6045b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Cleanup one REJECTED entry
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f8635dab by Henri Salo at 2019-09-22T08:23:55Z Cleanup one REJECTED entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15500,7 +15500,6 @@ CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allo NOT-FOR-US: HumHub CVE-2019-11563 REJECTED - NOT-FOR-US: Shenzhen Sricctv DeviceViewer for XP CVE-2019-11562 RESERVED CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8635dabc80c000f74297c085c5f0493b7eeffa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 78443754 by Henri Salo at 2019-09-22T08:22:58Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.travelo CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) TODO: check CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...) - TODO: check + NOT-FOR-US: Gila CMS CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) - TODO: check + NOT-FOR-US: YzmCMS CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) TODO: check CVE-2019-16676 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/784437543ffa50bbf2fe524771c7702d534a7a93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b75e6e15 by Henri Salo at 2019-07-23T20:17:56Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2389,7 +2389,7 @@ CVE-2019-13572 CVE-2019-13571 RESERVED CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...) - TODO: check + NOT-FOR-US: WordPress plugin AJdG AdRotate CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress CVE-2019-13568 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b75e6e15633b62a22c07a32a744fd28386232c76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b75e6e15633b62a22c07a32a744fd28386232c76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 940c3cb7 by Henri Salo at 2019-06-24T06:39:17Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2019-12935 + NOT-FOR-US: Shopware CVE-2019-12933 (An XSS issue on the PIX-Link Repeater/Router LV-WR09 with firmware v28 ...) NOT-FOR-US: PIX-Link Repeater/Router LV-WR09 CVE-2019-12932 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c3cb7d36f863e8a273c1441bd57c87765ef87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c3cb7d36f863e8a273c1441bd57c87765ef87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 213a65a3 by Henri Salo at 2019-06-06T08:26:58Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21411,7 +21411,7 @@ CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 CVE-2019-4221 RESERVED CVE-2019-4220 (IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4219 RESERVED CVE-2019-4218 @@ -21449,7 +21449,7 @@ CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be explo CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to ...) NOT-FOR-US: IBM CVE-2019-4201 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4200 RESERVED CVE-2019-4199 @@ -21739,7 +21739,7 @@ CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user CVE-2019-4057 RESERVED CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does not val ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 ...) NOT-FOR-US: IBM CVE-2019-4054 @@ -21755,7 +21755,7 @@ CVE-2019-4050 CVE-2019-4049 RESERVED CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of the sys ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) @@ -81848,7 +81848,7 @@ CVE-2018-2030 CVE-2018-2029 RESERVED CVE-2018-2028 (IBM Maximo Asset Management 7.6 could allow a an authenticated user to ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2018-2027 RESERVED CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments could all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/213a65a32ab2e5594ef699153ff4a96282128d69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/213a65a32ab2e5594ef699153ff4a96282128d69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-12360/xpdf
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b4551eb3 by Henri Salo at 2019-06-06T08:24:36Z CVE-2019-12360/xpdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -850,6 +850,8 @@ CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/ CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...) NOT-FOR-US: EmpireCMS CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...) + - xpdf + NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3=41801 TODO: check CVE-2019-12359 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4551eb3186112be1096eb386a3829af44168aa0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4551eb3186112be1096eb386a3829af44168aa0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: fbd4f08c by Henri Salo at 2019-06-06T08:18:40Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -663,7 +663,7 @@ CVE-2019-12441 [Protected Branches Restriction Rules Bypass] - gitlab (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...) - TODO: check + NOT-FOR-US: Sitecore CMS CVE-2019-12438 RESERVED CVE-2019-12437 @@ -7635,7 +7635,7 @@ CVE-2019-9877 (There is an invalid memory access vulnerability in the function T CVE-2019-9876 RESERVED CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Sitecore ...) - TODO: check + NOT-FOR-US: Sitecore CMS CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...) NOT-FOR-US: Sitecore CMS CVE-2019-9873 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd4f08ce932b1dcda34014062d6395865ae4f3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbd4f08ce932b1dcda34014062d6395865ae4f3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-12730/ffmpeg
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f9ce830 by Henri Salo at 2019-06-05T08:19:02Z CVE-2019-12730/ffmpeg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,6 +3,9 @@ CVE-2019-12732 CVE-2019-12731 RESERVED CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not ...) + - ffmpeg + NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b + NOTE: https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40 TODO: check CVE-2019-12729 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f9ce830ac17f7fe64689d5d3a330e3ed7aef6b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f9ce830ac17f7fe64689d5d3a330e3ed7aef6b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-12616/phpmyadmin
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a0783f63 by Henri Salo at 2019-06-05T08:15:58Z CVE-2019-12616/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -231,6 +231,8 @@ CVE-2019-12618 CVE-2019-12617 RESERVED CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...) + - phpmyadmin + NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/ TODO: check CVE-2019-12613 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0783f632e3e1060a1dcf31797ae8dfeadf97bc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0783f632e3e1060a1dcf31797ae8dfeadf97bc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-8029/hadoop
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a517f95 by Henri Salo at 2019-05-30T09:40:28Z CVE-2018-8029/hadoop - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63252,6 +63252,7 @@ CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid Broker - qpid-java (bug #840131) CVE-2018-8029 RESERVED + - hadoop (bug #793644) CVE-2018-8028 (An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS with ...) NOT-FOR-US: Apache Sentry CVE-2018-8027 (Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a517f95860edab8b719c92ca2a4dda878ec0a82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a517f95860edab8b719c92ca2a4dda878ec0a82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cd9cf40 by Henri Salo at 2019-05-10T08:34:49Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2019-11872 CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...) TODO: check CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in t ...) - TODO: check + - serendipity CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...) - TODO: check + NOT-FOR-US: WordPress plugin yuzo-related-post CVE-2019-11868 RESERVED CVE-2019-11867 @@ -51,7 +51,7 @@ CVE-2019-11848 CVE-2019-11847 RESERVED CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...) - TODO: check + NOT-FOR-US: Typesetter CMS CVE-2019-11846 RESERVED CVE-2019-11845 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cd9cf403422382ae7041235ad887e2596074e48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cd9cf403422382ae7041235ad887e2596074e48 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits