[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4060b332 by Moritz Muehlenhoff at 2024-05-28T14:22:39+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -86,7 +86,7 @@ CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) NOTE: Disputed GNOME Shell issue CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) - TODO: check + NOT-FOR-US: rockhopper Python library (different from src:rockhopper) CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) NOT-FOR-US: ASKEY CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4060b332e58f61e096c26b708f87cb3b50137c4c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4060b332e58f61e096c26b708f87cb3b50137c4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f2325d1 by Moritz Muehlenhoff at 2024-05-10T16:43:40+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6703,7 +6703,6 @@ CVE-2024-32473 (Moby is an open source container framework that is a key compone - docker.io (bug #1070378) NOTE: https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9 NOTE: https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa - TODO: check, said to be specific to the 26.0.0 and 26.0.1 versions but needs double-checking CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) NOT-FOR-US: SEMCMS CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) @@ -8279,7 +8278,7 @@ CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not p CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...) NOT-FOR-US: cskefu CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) - TODO: check + NOT-FOR-US: Disputed Laravel issue CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...) NOT-FOR-US: microsoft-authentication-library-for-dotnet CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2325d13ffd4789738de6ada4ae785724971178 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2325d13ffd4789738de6ada4ae785724971178 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bcddd417 by Moritz Muehlenhoff at 2024-04-23T12:28:02+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -96,7 +96,9 @@ CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via t CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) - TODO: check + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) NOT-FOR-US: D-Link CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcddd4171491dae7001c3857918e2119481992e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcddd4171491dae7001c3857918e2119481992e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 68a78d8d by Henri Salo at 2024-04-19T13:10:42+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1942,6 +1942,8 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 a NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...) NOT-FOR-US: KEYENCE KV STUDIO +CVE-2024-29217 + NOT-FOR-US: Apache Answer CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...) NOT-FOR-US: Cente CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ddc02a3a by Moritz Muehlenhoff at 2024-04-16T09:10:32+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-3597 + NOT-FOR-US: Keycloak CVE-2024-31497 [ecret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client] - putty 0.81-1 NOTE: https://www.openwall.com/lists/oss-security/2024/04/15/6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddc02a3a20b17e456c99de40456cc08d924bffe0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddc02a3a20b17e456c99de40456cc08d924bffe0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a53d3e6 by Moritz Muehlenhoff at 2024-03-21T18:40:03+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-1394 + NOT-FOR-US: golang-fips CVE-2024-26307 NOT-FOR-US: Apache Doris CVE-2024-27438 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a53d3e6f126620e93da87469c6ab46037751778 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a53d3e6f126620e93da87469c6ab46037751778 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e470a10 by Moritz Mühlenhoff at 2024-03-14T09:51:18+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-28746 + - airflow (bug #819700) CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e470a10b44e0c5f09e7bc64be07332f068c04e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e470a10b44e0c5f09e7bc64be07332f068c04e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f816cbaa by Moritz Muehlenhoff at 2024-02-29T14:25:58+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -273,7 +273,7 @@ CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc NOTE: https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 (v0.9.35) CVE-2024-27284 (cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts ...) - TODO: check + NOT-FOR-US: Rust crate cassandra-rs CVE-2024-27103 (Querybook is a Big Data Querying UI. When a user searches for their qu ...) NOT-FOR-US: Querybook CVE-2024-27083 (Flask-AppBuilder is an application development framework, built on top ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f816cbaa45375bb692e07a1e8c289f76f5a779c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f816cbaa45375bb692e07a1e8c289f76f5a779c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 115cdf63 by Moritz Muehlenhoff at 2024-02-28T17:22:34+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-22857 + NOT-FOR-US: zlog CVE-2024-26016 NOT-FOR-US: Apache Superset CVE-2024-24779 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115cdf6341d0d4e2565f748db0ec19aade0c6288 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115cdf6341d0d4e2565f748db0ec19aade0c6288 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c3c697b by Moritz Muehlenhoff at 2024-02-26T20:37:05+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-51518 + NOT-FOR-US: Apache James CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests] - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3c697bc0c6aa65d76a1768c2d2c604006e8141 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3c697bc0c6aa65d76a1768c2d2c604006e8141 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: dd5aa043 by Moritz Muehlenhoff at 2024-02-23T14:37:31+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -540,7 +540,7 @@ CVE-2023-52440 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4b081ce0d830b684fdf967abc3696d1261387254 (6.6-rc1) CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) ...) - TODO: check + NOT-FOR-US: QUIC protocol issue CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a ...) NOT-FOR-US: ProjeQtOr CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.5 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5aa043b18bedabe3a485680d5b21a55384bc38 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5aa043b18bedabe3a485680d5b21a55384bc38 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b3dad7a by Moritz Muehlenhoff at 2024-02-23T13:04:06+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1018,7 +1018,7 @@ CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Si CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: WordPress plugin CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did ...) - TODO: check + NOT-FOR-US: OpenVPN3 (separate codebase from OpenVPN as packaged by src:openvpn)) CVE-2023-52439 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3dad7ae4a6ec90279b6991cc6b3f814311c172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3dad7ae4a6ec90279b6991cc6b3f814311c172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4af64dc9 by Moritz Muehlenhoff at 2024-02-16T12:33:55+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,7 @@ CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs fu CVE-2024-25123 (MSS (Mission Support System) is an open source package designed for pl ...) NOT-FOR-US: MSS (Mission Support System) CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National Identity ...) - TODO: check + NOT-FOR-US: Questionable CVE assignment for Online-Ausweis-Funktion protocol scheme CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) NOT-FOR-US: SolarWinds CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af64dc9df88b979e871c4464fb55038d6988c61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af64dc9df88b979e871c4464fb55038d6988c61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2814be94 by Moritz Muehlenhoff at 2024-01-29T16:32:25+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47077,6 +47077,7 @@ CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to re NOT-FOR-US: Lenovo CVE-2023-29055 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < V11.3.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2814be940d3f2f35946ba4669cc5151accf62f7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2814be940d3f2f35946ba4669cc5151accf62f7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b9cddf7a by Moritz Muehlenhoff at 2024-01-29T12:36:29+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -115,7 +115,7 @@ CVE-2024-0618 (The Contact Form Plugin \u2013 Fastest Contact Form Builder Plugi CVE-2023-6497 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-6482 (Use of encryption key derived from static information in Synaptics Fin ...) - TODO: check + NOT-FOR-US: Synaptics CVE-2023-6470 REJECTED CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow a ...) @@ -6006,7 +6006,6 @@ CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allow - ruby-json-jwt NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md NOTE: https://github.com/nov/json-jwt/issues/113 - TODO: check if reported upstream CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read ...) NOT-FOR-US: BACnet Stack CVE-2023-51654 (Improper link resolution before file access ('Link Following') issue e ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9cddf7a04894f4e0617a100101283c60fd52c2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9cddf7a04894f4e0617a100101283c60fd52c2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: df0529b0 by Moritz Muehlenhoff at 2024-01-22T16:54:49+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,7 +71,7 @@ CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same AES/G CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring versions before ...) NOT-FOR-US: FOLIO mod-data-export-spring CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0 ...) - TODO: check + NOT-FOR-US: DependencyCheck for Maven CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 1.7.2 and ...) NOT-FOR-US: mod-remote-storage CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function in com. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0529b0f26ca3e31869c165018e8a6295e19fa6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0529b0f26ca3e31869c165018e8a6295e19fa6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c13efea by Moritz Muehlenhoff at 2023-12-25T19:49:02+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36907,7 +36907,7 @@ CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management Sy CVE-2018-25084 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Ping Identity Self-Service Account Manager CVE-2023-30451 (In TYPO3 11.5.24, the filelist component allows attackers (who have ac ...) - TODO: check + NOT-FOR-US: Typo3 CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...) NOT-FOR-US: Redpanda CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c13efeab2705876ba6cde02bab0173f6f528e16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c13efeab2705876ba6cde02bab0173f6f528e16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU / add tinydir references
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ba6b1ba by Moritz Muehlenhoff at 2023-12-22T09:49:53+01:00 NFU / add tinydir references - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -215,7 +215,7 @@ CVE-2023-50822 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library for creati ...) - TODO: check + NOT-FOR-US: Resque CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows remote att ...) NOT-FOR-US: blinksocks CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows remote att ...) @@ -4102,6 +4102,8 @@ CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer ove TODO: potentally affects falcosecurity-libs, gemmi, lwip NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1 NOTE: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf + NOTE: https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d + NOTE: https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0. ...) NOT-FOR-US: RakRak Document Plus CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6b1ba8336464c1551490aad6f7332f4ce4382 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6b1ba8336464c1551490aad6f7332f4ce4382 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 983b359e by Moritz Muehlenhoff at 2023-12-18T14:17:45+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-41314 + NOT-FOR-US: Apache Doris CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow CVE-2023-6908 (A vulnerability, which was classified as problematic, was found in DFI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983b359ee03142113d79917cddf5a9ccba4aa871 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983b359ee03142113d79917cddf5a9ccba4aa871 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cd2aa86b by Moritz Muehlenhoff at 2023-11-24T20:50:57+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -265050,6 +265050,7 @@ CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED + NOT-FOR-US: Broadcom CVE-2020-10369 RESERVED CVE-2020-10368 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2aa86b7f699b451d347905e52490a2e4d6748f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2aa86b7f699b451d347905e52490a2e4d6748f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b7ff8810 by Moritz Muehlenhoff at 2023-11-24T16:07:50+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -160717,7 +160717,7 @@ CVE-2021-39010 CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credential ...) NOT-FOR-US: IBM CVE-2021-39008 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileg ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-39007 RESERVED CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ff88100f1492982c972faefc88265f2d8c3243 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ff88100f1492982c972faefc88265f2d8c3243 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 43526e38 by Moritz Muehlenhoff at 2023-11-24T15:26:47+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-49068 + NOT-FOR-US: Apache DolphinScheduler CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.) NOT-FOR-US: Usedesk CVE-2023-49215 (Usedesk before 1.7.57 allows filter reflected XSS.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43526e38b73bf6e1584f0035cf1f5438f9f3e06f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43526e38b73bf6e1584f0035cf1f5438f9f3e06f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 46935e67 by Moritz Muehlenhoff at 2023-11-23T13:58:01+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-43123 + NOT-FOR-US: Apache Storm CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...) NOT-FOR-US: dom-sanitizer CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because the una ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0122346f by Moritz Muehlenhoff at 2023-11-09T12:52:11+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-46857 + NOT-FOR-US: Squidex CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...) NOT-FOR-US: Lenovo CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could allow a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0122346f0e53c4765ca68a7a46574cc4cdfd813d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0122346f0e53c4765ca68a7a46574cc4cdfd813d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c84d1db by Moritz Muehlenhoff at 2023-10-28T14:46:42+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-5056 + NOT-FOR-US: Skupper CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) NOT-FOR-US: HashiCorp Vagrant's Windows installer CVE-2023-5830 (A vulnerability classified as critical has been found in ColumbiaSoft ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c84d1db0068aca68eaffd1de4d843dba91d9c7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c84d1db0068aca68eaffd1de4d843dba91d9c7d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f162125 by Moritz Muehlenhoff at 2023-10-06T15:32:31+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3328,7 +3328,7 @@ CVE-2023-41846 (A vulnerability has been identified in Tecnomatix Plant Simulati CVE-2023-41764 (Microsoft Office Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41331 (SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerab ...) - TODO: check + NOT-FOR-US: SOFARPC CVE-2023-41036 (Macvim is a text editor for MacOS. Prior to version 178, Macvim makes ...) NOT-FOR-US: Macvim CVE-2023-41033 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f1621254afb5d2946dfbc7526933450ef01d9e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f1621254afb5d2946dfbc7526933450ef01d9e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 86c6ed85 by Moritz Muehlenhoff at 2023-09-15T10:29:07+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-4958 + NOT-FOR-US: StackRox CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...) NOT-FOR-US: Yepas Digital Yepas CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated as probl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86c6ed8522bddff4e2cd425edef15b2483533522 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86c6ed8522bddff4e2cd425edef15b2483533522 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 500c9fa8 by Moritz Muehlenhoff at 2023-09-14T08:42:42+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-4910 + NOT-FOR-US: 3scale-admin-portal CVE-2023-38039 [HTTP headers eat all memory] - curl [bookworm] - curl (Minor issue, can be fixed in point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500c9fa8487ac1a3c9ca10bf4317f5ec0c7e3736 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500c9fa8487ac1a3c9ca10bf4317f5ec0c7e3736 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU, concludes external check
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a4115914 by Moritz Muehlenhoff at 2023-09-12T11:16:57+02:00 NFU, concludes external check - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-31417 + - elasticsearch CVE-2023- [RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer] - rust-users [bookworm] - rust-users (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4115914188fdb30eb7e2bb15d4343cd296cbf64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4115914188fdb30eb7e2bb15d4343cd296cbf64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e99e4462 by Moritz Muehlenhoff at 2023-09-06T08:56:10+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-36851 + NOT-FOR-US: Juniper CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99e44627e0e38481c35122cebe1abf28247f2cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99e44627e0e38481c35122cebe1abf28247f2cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45d42aac by Moritz Muehlenhoff at 2023-08-30T09:06:30+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-4481 + NOT-FOR-US: Juniper CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...) TODO: check CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d42aac32b616f461093f900d642534712a0ffd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d42aac32b616f461093f900d642534712a0ffd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c05420f by Moritz Muehlenhoff at 2023-08-25T16:35:09+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24827,6 +24827,7 @@ CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab 15.10.8+ds1-2 CVE-2023-27604 RESERVED + NOT-FOR-US: Apache Airflow Sqoop Provider CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...) NOT-FOR-US: Apache Linkis CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploadsfiles withou ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c05420f5e0f265063d821e62ad4a228853c8da7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c05420f5e0f265063d821e62ad4a228853c8da7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 283c815d by Moritz Muehlenhoff at 2023-08-23T14:39:27+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-3899 + NOT-FOR-US: Red Hat Licence Manager CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...) NOT-FOR-US: Donation Forms by Charitable plugin for WordPress CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283c815d5a54f033f97c6487658370b21952d70d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283c815d5a54f033f97c6487658370b21952d70d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ef9763da by Moritz Muehlenhoff at 2023-08-22T13:33:26+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-32184 + NOT-FOR-US: OpenSUSE-welcome CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used for cach ...) NOT-FOR-US: LokiStack CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9763daa450bd4c929bb8b3ea0b7f3215322202 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9763daa450bd4c929bb8b3ea0b7f3215322202 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b66eade7 by Moritz Muehlenhoff at 2023-08-18T13:05:32+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56637,7 +56637,8 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS CVE-2023-20198 RESERVED CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) - TODO: check + NOT-FOR-US: Cisco + NOTE: CVE for underlying ClamAV issue is CVE-2023-20032 CVE-2023-20196 RESERVED CVE-2023-20195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 92acefda by Moritz Mühlenhoff at 2023-08-03T10:11:40+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-3971 + NOT-FOR-US: Red Hat Ansible Automation Controller CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77] - xen [buster] - xen (DSA 4677-1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92acefdac866458b399586201d159dc3449e9391 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92acefdac866458b399586201d159dc3449e9391 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 162485a6 by Moritz Muehlenhoff at 2023-07-31T08:38:33+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-3976 + NOT-FOR-US: Red Hat OpenStack Platform CVE-2023-37219 (Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formul ...) NOT-FOR-US: Tadiran Telecom Composit CVE-2023-37218 (Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162485a66176994643c03e08b93c4113f01f1879 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162485a66176994643c03e08b93c4113f01f1879 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-36542
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: aae19c90 by Henri Salo at 2023-07-29T10:58:22+03:00 NFU CVE-2023-36542 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2575,6 +2575,8 @@ CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x t NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) - airflow (bug #819700) +CVE-2023-36542 + NOT-FOR-US: Apache NiFi CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-38647
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: edfb6a00 by Henri Salo at 2023-07-25T20:53:00+03:00 NFU CVE-2023-38647 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -214,6 +214,8 @@ CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in Git NOT-FOR-US: pimcore CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...) - gitlab (Specific to EE) +CVE-2023-38647 + NOT-FOR-US: Apache Helix CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...) NOT-FOR-US: Metabase CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b415783 by Moritz Muehlenhoff at 2023-07-20T14:53:18+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-38200 + NOT-FOR-US: Keylime CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has ...) NOT-FOR-US: Dooblou WiFi File Explorer CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been classified as p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b415783e162a0d6b64e70b5f0ddaec0b6e9555d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b415783e162a0d6b64e70b5f0ddaec0b6e9555d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f5a4b16d by Moritz Muehlenhoff at 2023-07-07T16:30:58+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-34442 + NOT-FOR-US: Apache Camel JIRA CVE-2023-35887 NOT-FOR-US: Apache Mina SSHD CVE-2023-33008 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5a4b16dfacd29a385172ccbeede5fd496ac31d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5a4b16dfacd29a385172ccbeede5fd496ac31d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 18c33644 by Moritz Muehlenhoff at 2023-07-07T16:28:19+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-35887 + NOT-FOR-US: Apache Mina SSHD CVE-2023-33008 NOT-FOR-US: Apache Johnzon CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18c33644e67f13d624b3fa205b3ca9df622c6164 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18c33644e67f13d624b3fa205b3ca9df622c6164 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ba86a805 by Moritz Muehlenhoff at 2023-07-03T15:20:21+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-35797 + NOT-FOR-US: Hive provider for Apache Airflow CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...) TODO: check CVE-2023-3370 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba86a805cbd01216c63d2f6cd3c87fa0ce9773bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba86a805cbd01216c63d2f6cd3c87fa0ce9773bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f04a6fa4 by Moritz Mühlenhoff at 2023-06-13T09:55:41+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,7 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Pri NOTE: Fixed by: https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907 (v5.6.6) TODO: check ruby-doorkeeper-openid-connect CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) TODO: check CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04a6fa453bcc8bd7c2ce286627d15bf25aeec63 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04a6fa453bcc8bd7c2ce286627d15bf25aeec63 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5daeba57 by Moritz Mühlenhoff at 2023-04-27T17:18:55+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5210,6 +5210,7 @@ CVE-2023-29381 RESERVED CVE-2023-29380 RESERVED + NOT-FOR-US: Warpinator CVE-2023-29379 RESERVED CVE-2023-29378 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5daeba57f13be4571270ad3d20f6d2ce9b4cbbb0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5daeba57f13be4571270ad3d20f6d2ce9b4cbbb0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 63bbda92 by Moritz Muehlenhoff at 2023-04-26T12:58:47+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13054,7 +13054,7 @@ CVE-2023-26737 CVE-2023-26736 RESERVED CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access control ...) - TODO: check + TODO: check, looks bogus CVE-2023-26734 RESERVED CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...) @@ -39886,7 +39886,7 @@ CVE-2023-20875 CVE-2023-20874 RESERVED CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsup ...) - TODO: check + NOT-FOR-US: Spring Boot CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds read/write vuln ...) NOT-FOR-US: VMware CVE-2023-20871 (VMware Fusion contains a local privilege escalation vulnerability. A m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bbda9253a40638c25621e523609d2c8eb40817 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bbda9253a40638c25621e523609d2c8eb40817 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d9590944 by Moritz Muehlenhoff at 2023-04-20T15:42:42+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28389,7 +28389,7 @@ CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Bus CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - TODO: check + NOT-FOR-US: MySQL Connector for Java CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Suppo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9590944f876319e149a6957d52f0c59354bb15a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9590944f876319e149a6957d52f0c59354bb15a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d3db3bbc by Moritz Muehlenhoff at 2023-04-17T17:17:00+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28198,7 +28198,7 @@ CVE-2023-21825 (Vulnerability in the Oracle iSupplier Portal product of Oracle E CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic Charging Engi ...) NOT-FOR-US: Oracle CVE-2022-47522 (The IEEE 802.11 specifications through 802.11ax allow physically proxi ...) - TODO: check + NOT-FOR-US: IEEE 802.11 specifications CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) {DLA-3244-1} - linux 6.0.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3db3bbc070ce5adcf33b70e4c7d855815a3993e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3db3bbc070ce5adcf33b70e4c7d855815a3993e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 61b6c090 by Moritz Muehlenhoff at 2023-04-12T15:54:47+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6356,7 +6356,7 @@ CVE-2023-28262 (Visual Studio Elevation of Privilege Vulnerability ...) CVE-2023-28261 RESERVED CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft .NET CVE-2023-28259 RESERVED CVE-2023-28258 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b6c09017c6903b3884665a8668d81d3be1f772 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b6c09017c6903b3884665a8668d81d3be1f772 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: af8e549f by Henri Salo at 2023-03-15T13:11:59+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5806,7 +5806,7 @@ CVE-2023-26264 CVE-2023-26263 RESERVED CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...) - TODO: check + NOT-FOR-US: Sitecore CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...) NOT-FOR-US: UBIKA WAAP Gateway/Cloud CVE-2023-26260 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: c5de1b01 by Henri Salo at 2023-02-23T11:51:28+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2442,6 +2442,7 @@ CVE-2023-25622 RESERVED CVE-2023-25621 RESERVED + NOT-FOR-US: Apache Sling CVE-2023-25620 RESERVED CVE-2023-25619 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ee3fea33 by Moritz Muehlenhoff at 2023-02-20T14:20:11+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1552,6 +1552,7 @@ CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700 NOT-FOR-US: SAP CVE-2023-25613 RESERVED + NOT-FOR-US: Apache Kerby CVE-2023-0767 RESERVED {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3319-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3fea33deb2356835b500e7b395ff10c667a7fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3fea33deb2356835b500e7b395ff10c667a7fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 725c1659 by Moritz Muehlenhoff at 2023-02-06T12:46:49+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16945,7 +16945,7 @@ CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...) NOT-FOR-US: Apache James CVE-2022-45786 (There are issues with the AGE drivers for Golang and Python that enabl ...) - TODO: check + NOT-FOR-US: Apache AGE CVE-2022-4121 (In libetpan a null pointer dereference in mailimap_mailbox_data_status ...) {DLA-3261-1} - libetpan 1.9.4-3.1 (bug #1025120) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725c1659c3cc3e5930cc981db23575fd50367ac5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725c1659c3cc3e5930cc981db23575fd50367ac5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d9ddbc94 by Moritz Muehlenhoff at 2023-02-06T09:36:15+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75360,7 +75360,7 @@ CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expr CVE-2022-21192 (All versions of the package serve-lite are vulnerable to Directory Tra ...) TODO: check CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...) - TODO: check + NOT-FOR-US: Node global-modules-path CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...) NOT-FOR-US: Node convict CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ddbc94fb37c34efedcf9cc64bbd17c3f47e2d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ddbc94fb37c34efedcf9cc64bbd17c3f47e2d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: e3109616 by Henri Salo at 2023-02-04T11:07:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6602,6 +6602,7 @@ CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified a NOT-FOR-US: DrAzraelTod pyChao CVE-2023-22849 RESERVED + NOT-FOR-US: Apache Sling CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) NOT-FOR-US: Netis Netcore Router CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. It has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-24997 + RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24977 RESERVED NOT-FOR-US: Apache InLong View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2023-24977 RESERVED + NOT-FOR-US: Apache InLong CVE-2023-24976 RESERVED CVE-2023-24975 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 82b1acf7 by Moritz Muehlenhoff at 2023-01-30T16:54:38+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-24830 + NOT-FOR-US: Apache IoTDB CVE-2023-24829 NOT-FOR-US: Apache IoTDB CVE-2023-24803 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82b1acf7ab501402da6aab6aa803b75c814dbdae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82b1acf7ab501402da6aab6aa803b75c814dbdae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d8a2ee0 by Moritz Muehlenhoff at 2023-01-30T16:50:29+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2023-24829 + NOT-FOR-US: Apache IoTDB CVE-2023-24803 RESERVED CVE-2023-24802 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8a2ee0409bbdf834cf4a6809c09f0216091671 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8a2ee0409bbdf834cf4a6809c09f0216091671 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 65fd2192 by Moritz Muehlenhoff at 2023-01-27T12:49:16+01:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -288,6 +288,7 @@ CVE-2023-0482 RESERVED CVE-2023-0481 RESERVED + NOT-FOR-US: Quarkus CVE-2023-0480 RESERVED CVE-2023- [SQL injection, sanitization, and login bypass] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65fd2192c79cc4aae2f6f99b1884b5f48bc90a0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65fd2192c79cc4aae2f6f99b1884b5f48bc90a0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9631a922 by Moritz Muehlenhoff at 2023-01-17T10:03:11+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -395,6 +395,7 @@ CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b - pyload (bug #1001980) CVE-2023-0296 RESERVED + NOT-FOR-US: OpenShift CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Launchpad plugin for WordPress CVE-2023-0294 (The Mediamatic Media Library Folders plugin for WordPress is v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9631a922f37858af5306e0171ad7f9fc80b21cc3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9631a922f37858af5306e0171ad7f9fc80b21cc3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 233b0d56 by Moritz Muehlenhoff at 2023-01-09T18:00:02+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,19 +63,19 @@ CVE-2020-36646 (A vulnerability classified as problematic has been found in Medi NOTE: https://github.com/MediaArea/ZenLib/pull/119 NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39) CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...) - TODO: check + NOT-FOR-US: Symbiote Seed CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 1.x and cl ...) - TODO: check + NOT-FOR-US: CESNET theme-cesnet CVE-2016-15013 (A vulnerability was found in ForumHulp searchresults. It has been rate ...) - TODO: check + NOT-FOR-US: ForumHulp CVE-2015-10029 (A vulnerability classified as problematic was found in kelvinmo simple ...) - TODO: check + NOT-FOR-US: kelvinmo CVE-2014-125065 (A vulnerability, which was classified as critical, was found in john52 ...) - TODO: check + NOT-FOR-US: bottle-auth CVE-2014-125064 (A vulnerability, which was classified as critical, has been found in e ...) - TODO: check + NOT-FOR-US: gosqljson CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified as crit ...) - TODO: check + NOT-FOR-US: DrAzraelTod pyChao CVE-2023-22849 RESERVED CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) @@ -107,25 +107,25 @@ CVE-2015-10027 (A vulnerability, which was classified as problematic, has been f CVE-2015-10026 (A vulnerability was found in tiredtyrant flairbot. It has been declare ...) TODO: check CVE-2015-10025 (A vulnerability has been found in luelista miniConf up to 1.7.6 and cl ...) - TODO: check + NOT-FOR-US: luelista miniConf CVE-2015-10024 (A vulnerability classified as critical was found in hoffie larasync. T ...) - TODO: check + NOT-FOR-US: hoffie larasync CVE-2015-10023 (A vulnerability classified as critical has been found in Fumon trello- ...) - TODO: check + NOT-FOR-US: Fumon trello-octometric CVE-2015-10022 (A vulnerability was found in IISH nlgis2. It has been declared as crit ...) - TODO: check + NOT-FOR-US: IISH nlgis2 CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been classified ...) - TODO: check + NOT-FOR-US: ritterim CVE-2015-10020 RESERVED CVE-2015-10019 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MySimplifiedSQL CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified as critic ...) - TODO: check + NOT-FOR-US: ada-l0velace Bid CVE-2014-125062 (A vulnerability classified as critical was found in ananich bitstorm. ...) - TODO: check + NOT-FOR-US: ananich bitstorm CVE-2014-125061 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel file ...) - TODO: check + NOT-FOR-US: peel filebrokerrm CVE-2014-125060 (A vulnerability, which was classified as critical, was found in holden ...) TODO: check CVE-2014-125059 (A vulnerability, which was classified as problematic, has been found i ...) @@ -724,7 +724,7 @@ CVE-2019-25095 (A vulnerability, which was classified as problematic, was found CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...) TODO: check CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...) - TODO: check + NOT-FOR-US: OSM Lab show-me-the-way CVE-2017-20162 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233b0d563910074c95860c1bd1e69e3b060c0636 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233b0d563910074c95860c1bd1e69e3b060c0636 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 62597546 by Moritz Muehlenhoff at 2023-01-09T10:39:24+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7219,6 +7219,7 @@ CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x th NOT-FOR-US: qubes-mirage-firewall CVE-2022-46769 RESERVED + NOT-FOR-US: Apache Sling CVE-2022-4346 RESERVED CVE-2022-4345 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625975460c065dd5a4e1e476a103d3254ca20d19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625975460c065dd5a4e1e476a103d3254ca20d19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 52718548 by Henri Salo at 2023-01-06T09:38:17+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9098,6 +9098,7 @@ CVE-2022-4146 RESERVED CVE-2022-45935 RESERVED + NOT-FOR-US: Apache James CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) - linux NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d @@ -9506,6 +9507,7 @@ CVE-2022-45788 RESERVED CVE-2022-45787 RESERVED + NOT-FOR-US: Apache James CVE-2022-45786 RESERVED CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d02f76c4 by Henri Salo at 2022-12-30T13:18:57+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13178,6 +13178,7 @@ CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access NOT-FOR-US: JetBrains TeamCity CVE-2022-44621 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-44618 RESERVED CVE-2022-44614 @@ -18198,6 +18199,7 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers NOT-FOR-US: Siemens CVE-2022-43396 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0041f0f7 by Moritz Muehlenhoff at 2022-12-05T16:25:59+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4277,6 +4277,7 @@ CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP NOT-FOR-US: Apache Mina SSHD CVE-2022-45046 RESERVED + NOT-FOR-US: Apache Camel CVE-2022-3899 RESERVED CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0041f0f7bc623b40fdb8a587e4bc6b053cf06106 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0041f0f7bc623b40fdb8a587e4bc6b053cf06106 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) - TODO: check + NOT-FOR-US: authentik CVE-2022-46144 RESERVED CVE-2022-46143 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 34d7eefd by Moritz Muehlenhoff at 2022-12-02T12:10:03+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3768,7 +3768,7 @@ CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...) - TODO: check + NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle CVE-2022-45145 RESERVED CVE-2022-45144 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 51440a4b by Moritz Muehlenhoff at 2022-11-28T10:22:16+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2722,6 +2722,7 @@ CVE-2022-45168 RESERVED CVE-2022-3962 RESERVED + NOT-FOR-US: Kiali CVE-2022-3961 RESERVED CVE-2022-3960 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 91cd8e14 by Moritz Muehlenhoff at 2022-11-21T14:27:57+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -106,6 +106,7 @@ CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when NOT-FOR-US: JetBrains Hub CVE-2022-45470 RESERVED + NOT-FOR-US: Apache Hama CVE-2022-44456 RESERVED CVE-2022-4061 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 16267b2d by Moritz Muehlenhoff at 2022-11-16T12:25:00+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1351,6 +1351,7 @@ CVE-2022-45048 RESERVED CVE-2022-45047 RESERVED + NOT-FOR-US: Apache Mina SSHD CVE-2022-45046 RESERVED CVE-2022-3899 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16267b2d2e345fd900db3eeefc8b6aaaede28bde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16267b2d2e345fd900db3eeefc8b6aaaede28bde You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 205a514a by Moritz Muehlenhoff at 2022-11-11T14:40:35+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46,6 +46,7 @@ CVE-2022-3932 RESERVED CVE-2022-3931 RESERVED + NOT-FOR-US: Rook CVE-2022-3930 RESERVED CVE-2022-3929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/205a514acb85f25b1c2945ed38c0fd65a36c5340 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/205a514acb85f25b1c2945ed38c0fd65a36c5340 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fab16fb0 by Moritz Muehlenhoff at 2022-10-04T10:43:58+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10586,6 +10586,7 @@ CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the NOT-FOR-US: ovirt-log-collector CVE-2022-2805 RESERVED + NOT-FOR-US: ovirt-engine CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management System and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab16fb0921d12e0fe79e6443e06cff579c66d2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab16fb0921d12e0fe79e6443e06cff579c66d2d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU, concludes external check
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 54b2c084 by Moritz Muehlenhoff at 2022-09-14T12:24:25+02:00 NFU, concludes external check - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1247,6 +1247,7 @@ CVE-2022-3144 RESERVED CVE-2022-3143 RESERVED + NOT-FOR-US: WildFly Elytron CVE-2022-40137 RESERVED CVE-2022-40136 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2605,6 +2605,7 @@ CVE-2022-39136 RESERVED CVE-2022-39135 RESERVED + NOT-FOR-US: Apache Calcite CVE-2022-39134 RESERVED CVE-2022-39133 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f57ac939 by Moritz Muehlenhoff at 2022-09-01T11:41:58+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2657,6 +2657,7 @@ CVE-2022-2807 RESERVED CVE-2022-2806 RESERVED + NOT-FOR-US: ovirt-log-collector CVE-2022-2805 RESERVED CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57ac9394bb267b05065e2ea1bba3a424e849a51 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57ac9394bb267b05065e2ea1bba3a424e849a51 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fdd0407e by Moritz Muehlenhoff at 2022-08-24T10:42:58+02:00 NFU add note for shim entries - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4669,7 +4669,7 @@ CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution vi CVE-2022-2569 RESERVED CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...) - TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2108653 unclear if this is an issue on ansible level itself + NOT-FOR-US: Red Hat Ansible Automation Platform CVE-2022-2567 RESERVED CVE-2022-2566 @@ -11519,12 +11519,18 @@ CVE-2022-34304 CVE-2022-34303 RESERVED NOT-FOR-US: Eurosoft (UK) shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker CVE-2022-34302 RESERVED NOT-FOR-US: New Horizon Datasys Inc shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker CVE-2022-34301 RESERVED NOT-FOR-US: CryptoPro Secure Disk shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...) - tinyexr (bug #1014980) [bullseye] - tinyexr (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdd0407ea40f809edee8ae9e21a3009479ffe210 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdd0407ea40f809edee8ae9e21a3009479ffe210 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU CVE-2022-34916 Apache Flume
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 5964ae24 by Henri Salo at 2022-08-21T02:24:21+03:00 NFU CVE-2022-34916 Apache Flume - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8978,6 +8978,7 @@ CVE-2022-34917 RESERVED CVE-2022-34916 RESERVED + NOT-FOR-US: Apache Flume CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) NOT-FOR-US: Nakama CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1844,8 +1844,10 @@ CVE-2022-37413 RESERVED CVE-2022-37401 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37400 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37399 RESERVED CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d6d0ce48 by Moritz Muehlenhoff at 2022-08-07T21:18:40+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -293,7 +293,7 @@ CVE-2022-2638 CVE-2022-2637 RESERVED CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...) - TODO: check + NOT-FOR-US: Hestia Control Panel CVE-2022-2635 RESERVED CVE-2022-37393 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6d0ce483c6ff690a5487b577ba576feace777bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6d0ce483c6ff690a5487b577ba576feace777bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f6fab6fc by Moritz Muehlenhoff at 2022-07-29T22:33:22+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62732,7 +62732,8 @@ CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 vers CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html - TODO: fill in tracking details + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189897 + NOTE: No code changes necessary/needed, firewall rules are reponsibility of local admin CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may be able ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.16-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fab6fc15d800a4dbfbd85ee11e813be7e84bb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fab6fc15d800a4dbfbd85ee11e813be7e84bb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ab310190 by Moritz Muehlenhoff at 2022-07-28T12:53:01+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77479,7 +77479,7 @@ CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) NOT-FOR-US: CubeCoders AMP CVE-2021-34538 (Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does ...) - TODO: check + NOT-FOR-US: Apache Hive CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...) NOT-FOR-US: Cerberus FTP Server Enterprise CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3101902511e74869d1fa8fc32858daadc818c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3101902511e74869d1fa8fc32858daadc818c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f09c6b2d by Henri Salo at 2022-07-28T11:19:18+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1428,6 +1428,7 @@ CVE-2022-36367 RESERVED CVE-2022-36364 RESERVED + NOT-FOR-US: Apache Calcite CVE-2022-36298 RESERVED CVE-2022-35729 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b3e3745 by Moritz Muehlenhoff at 2022-07-11T21:31:19+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49248,9 +49248,7 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Sso CVE-2021-43504 RESERVED CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...) - - php-laravel-framework - NOTE: https://github.com/guoyanan1g/Laravel-vul/issues/2#issue-1045655892 - TODO: check, unclear status of report to upstream + NOTE: Disputed Laravel issue CVE-2021-43502 RESERVED CVE-2021-43501 @@ -126259,10 +126257,8 @@ CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 ma NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...) - - bluez - [bullseye] - bluez (Minor issue) - [buster] - bluez (Minor issue) - [stretch] - bluez (Mesh support introduced later) + NOT-FOR-US: Bluetooth + NOTE: There's no indication that any Bluetooth software in Debian is affected NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f9496a0 by Henri Salo at 2022-07-09T11:05:51+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80955,7 +80955,7 @@ CVE-2021-31647 CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) NOT-FOR-US: Gestsup CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote attackers t ...) - TODO: check + NOT-FOR-US: glFTPd CVE-2021-31644 RESERVED CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) @@ -579384,7 +579384,7 @@ CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNew CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) NOT-FOR-US: GProFTPD CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk ...) - NOT-FOR-US: Glftpd + NOT-FOR-US: glFTPd CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: TrackerCam CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 935d9b4e by Henri Salo at 2022-07-09T11:01:09+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -405940,9 +405940,9 @@ CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator - zendframework (the vulnerability was introduced specifically in the 2.3 series) NOTE: http://framework.zend.com/security/advisory/ZF2015-03 CVE-2015-1785 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin nextgen-galery CVE-2015-1784 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin nextgen-galery CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before c ...) - lasso 2.4.1-1 [wheezy] - lasso (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU, bugnum
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 800e7431 by Moritz Muehlenhoff at 2022-06-22T12:00:22+02:00 NFU, bugnum - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3975,6 +3975,7 @@ CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the me NOT-FOR-US: AgileBits 1Password CVE-2022-32549 RESERVED + NOT-FOR-US: Apache Sling CVE-2022-32289 RESERVED CVE-2022-32280 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) @@ -7788,7 +7789,7 @@ CVE-2022-31213 RESERVED CVE-2022-31212 RESERVED - - dbus-broker + - dbus-broker (bug #1013343) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718 CVE-2022-31211 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/800e7431599124aef4902845fceecd808f42ebd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/800e7431599124aef4902845fceecd808f42ebd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f044cbdc by Moritz Mühlenhoff at 2022-06-20T09:56:43+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62431,7 +62431,7 @@ CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attac [stretch] - prosody (Vulnerable code not present) NOTE: https://prosody.im/security/advisory_20210722/ CVE-2021-37404 (There is a potential heap buffer overflow in Apache Hadoop libhdfs nat ...) - TODO: check + - hadoop (bug #793644) CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) NOT-FOR-US: firefly-iii CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f044cbdc6fd66a5d091ae872b5e8f37875a0f85d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f044cbdc6fd66a5d091ae872b5e8f37875a0f85d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e060f329 by Moritz Muehlenhoff at 2022-06-17T17:17:58+02:00 NFU exo bugnum - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3756,7 +3756,7 @@ CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendi CVE-2022-32279 RESERVED CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...) - - exo + - exo (bug #1013129) NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4) CVE-2022-32277 RESERVED @@ -6524,6 +6524,7 @@ CVE-2022-1834 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 CVE-2022-1833 RESERVED + NOT-FOR-US: Red Hat AMQ Broker CVE-2022-1832 RESERVED CVE-2022-1831 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e060f329f6db3da20a124625e0ece3b034e7f9c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e060f329f6db3da20a124625e0ece3b034e7f9c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d1284c2e by Moritz Muehlenhoff at 2022-05-04T09:57:58+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5921,6 +5921,7 @@ CVE-2022-1118 RESERVED CVE-2022-1117 RESERVED + NOT-FOR-US: fapolicyd CVE-2022-1116 RESERVED CVE-2022-1115 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1284c2e209f483e73c825f35341c82d08f07e8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1284c2e209f483e73c825f35341c82d08f07e8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cf7ed91 by Henri Salo at 2022-04-07T22:12:05+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3844,8 +3844,10 @@ CVE-2022-27222 RESERVED CVE-2022-0993 RESERVED + NOT-FOR-US: WordPress plugin CVE-2022-0992 RESERVED + NOT-FOR-US: WordPress plugin CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3912f99d by Moritz Mühlenhoff at 2022-04-06T19:18:52+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4833,6 +4833,7 @@ CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct - swagger-ui (bug #895422) CVE-2022-26850 RESERVED + NOT-FOR-US: Apache NiFi CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-0922 (The software does not perform any authentication for critical system f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3912f99d206cf039cf2fdede0b09d7b617f39996 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3912f99d206cf039cf2fdede0b09d7b617f39996 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a1e0fe7 by Salvatore Bonaccorso at 2022-03-16T09:42:32+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22832,13 +22832,13 @@ CVE-2022-21642 (Discourse is an open source platform for community discussion. I CVE-2021-43959 RESERVED CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-43957 (Affected versions of Atlassian Fisheye Crucible allowed remote a ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before version ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and Crucible bef ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and Crucible before ...) NOT-FOR-US: Atlassian CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1e0fe7635554dee4e0e8b2e095faa0530fceea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1e0fe7635554dee4e0e8b2e095faa0530fceea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: dbb7190c by Henri Salo at 2022-02-07T10:42:19+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5075,6 +5075,7 @@ CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plug - apache-karaf (bug #881297) CVE-2022-22931 RESERVED + NOT-FOR-US: Apache James CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) NOT-FOR-US: MCMS CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 96cd9e0c by Henri Salo at 2022-02-05T13:03:47+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4335,6 +4335,7 @@ CVE-2021-23150 RESERVED CVE-2022-23206 RESERVED + NOT-FOR-US: Apache Traffic Control CVE-2022-23205 RESERVED CVE-2022-23204 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e6aaef1 by Henri Salo at 2022-02-04T11:04:40+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37033,8 +37033,10 @@ CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swif NOT-FOR-US: gRPC Swift CVE-2021-36152 RESERVED + NOT-FOR-US: Apache Gobblin CVE-2021-36151 RESERVED + NOT-FOR-US: Apache Gobblin CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) NOT-FOR-US: OpenShift CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 46c238ac by Henri Salo at 2022-02-01T11:15:27+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12377,6 +12377,7 @@ CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug NOT-FOR-US: mySCADA myPRO CVE-2021-44451 RESERVED + NOT-FOR-US: Apache Superset CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions ...) NOT-FOR-US: Siemens CVE-2021-9 (A vulnerability has been identified in JT Utilities (All versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: eb38c0ab by Moritz Mühlenhoff at 2022-01-06T19:23:43+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12244,6 +12244,7 @@ CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5 NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) CVE-2021-43045 RESERVED + NOT-FOR-US: Apache Avro CVE-2021-3913 RESERVED CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb38c0ab62fdafc2ceacb09e7dd46bec2274e996 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb38c0ab62fdafc2ceacb09e7dd46bec2274e996 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b2df1b42 by Henri Salo at 2022-01-06T15:57:46+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3335,10 +3335,13 @@ CVE-2022-22054 RESERVED CVE-2021-45458 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45457 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45456 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45455 RESERVED CVE-2021-45454 @@ -28722,6 +28725,7 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because o NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 CVE-2021-36774 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - ublock-origin 1.37.0+dfsg-1 (bug #991386) [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 @@ -41664,6 +41668,7 @@ CVE-2021-31524 RESERVED CVE-2021-31522 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) @@ -51378,6 +51383,7 @@ CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) NOT-FOR-US: JetBrains Ktor CVE-2021-27738 RESERVED + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...) - trafficserver (Only affects 9.x) CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient session exp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cb91b0f by Henri Salo at 2021-12-21T10:55:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,10 +20,13 @@ CVE-2021-4143 RESERVED CVE-2017-20010 RESERVED + NOT-FOR-US: MODX Revolution CVE-2017-20009 RESERVED + NOT-FOR-US: MODX Revolution CVE-2012-20001 RESERVED + NOT-FOR-US: PrestaShop CVE-2021-45442 RESERVED CVE-2021-45441 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits