[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4060b332 by Moritz Muehlenhoff at 2024-05-28T14:22:39+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -86,7 +86,7 @@ CVE-2023-6349 (A heap overflow vulnerability exists in libvpx 
-Encoding a frame
 CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code 
execution can ...)
NOTE: Disputed GNOME Shell issue
 CVE-2022-4969 (A vulnerability, which was classified as critical, has been 
found in b ...)
-   TODO: check
+   NOT-FOR-US: rockhopper Python library (different from src:rockhopper)
 CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for 
certain ...)
NOT-FOR-US: ASKEY
 CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of 
specific CGI. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4060b332e58f61e096c26b708f87cb3b50137c4c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4060b332e58f61e096c26b708f87cb3b50137c4c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f2325d1 by Moritz Muehlenhoff at 2024-05-10T16:43:40+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6703,7 +6703,6 @@ CVE-2024-32473 (Moby is an open source container 
framework that is a key compone
- docker.io  (bug #1070378)
NOTE: 
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
NOTE: 
https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa
-   TODO: check, said to be specific to the 26.0.0 and 26.0.1 versions but 
needs double-checking
 CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute 
arbitrary ...)
NOT-FOR-US: SEMCMS
 CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the 
component \af ...)
@@ -8279,7 +8278,7 @@ CVE-2024-2101 (The Salon booking system WordPress plugin 
before 9.6.3 does not p
 CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which 
allows a ...)
NOT-FOR-US: cskefu
 CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a 
remote attack ...)
-   TODO: check
+   NOT-FOR-US: Disputed Laravel issue
 CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to 
call protec ...)
NOT-FOR-US: microsoft-authentication-library-for-dotnet
 CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs 
MoveTo.This issue  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2325d13ffd4789738de6ada4ae785724971178

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2325d13ffd4789738de6ada4ae785724971178
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bcddd417 by Moritz Muehlenhoff at 2024-04-23T12:28:02+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -96,7 +96,9 @@ CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site 
Scripting (XSS) via t
 CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote 
attacker to ex ...)
NOT-FOR-US: OpenStack Storlets yoga-eom
 CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a 
local attac ...)
-   TODO: check
+   NOT-FOR-US: pdf2json
+   NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no 
point in
+   NOTE: tracking whether this affects src:poppler
 CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products 
DAP-2230, DA ...)
NOT-FOR-US: D-Link
 CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search 
function in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcddd4171491dae7001c3857918e2119481992e1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcddd4171491dae7001c3857918e2119481992e1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68a78d8d by Henri Salo at 2024-04-19T13:10:42+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1942,6 +1942,8 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists 
in KV STUDIO Ver.11.64 a
NOT-FOR-US: KEYENCE KV STUDIO
 CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO 
Ver.11.64 and ea ...)
NOT-FOR-US: KEYENCE KV STUDIO
+CVE-2024-29217
+   NOT-FOR-US: Apache Answer
 CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente 
middleware ...)
NOT-FOR-US: Cente
 CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking 
of the op ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a78d8d7f1dae39c7df5cc3bd4714fc27bbd9ff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ddc02a3a by Moritz Muehlenhoff at 2024-04-16T09:10:32+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-3597
+   NOT-FOR-US: Keycloak
 CVE-2024-31497 [ecret Key Recovery of NIST P-521 Private Keys Through Biased 
ECDSA Nonces in PuTTY Client]
- putty 0.81-1
NOTE: https://www.openwall.com/lists/oss-security/2024/04/15/6



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddc02a3a20b17e456c99de40456cc08d924bffe0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddc02a3a20b17e456c99de40456cc08d924bffe0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a53d3e6 by Moritz Muehlenhoff at 2024-03-21T18:40:03+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2024-1394
+   NOT-FOR-US: golang-fips
 CVE-2024-26307
NOT-FOR-US: Apache Doris
 CVE-2024-27438



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a53d3e6f126620e93da87469c6ab46037751778

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a53d3e6f126620e93da87469c6ab46037751778
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3e470a10 by Moritz Mühlenhoff at 2024-03-14T09:51:18+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2024-28746
+   - airflow  (bug #819700)
 CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to 
Reflected Cro ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for 
WordPress is v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e470a10b44e0c5f09e7bc64be07332f068c04e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e470a10b44e0c5f09e7bc64be07332f068c04e6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f816cbaa by Moritz Muehlenhoff at 2024-02-29T14:25:58+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -273,7 +273,7 @@ CVE-2024-27285 (YARD is a Ruby Documentation tool. The 
"frames.html" file within
NOTE: 
https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
NOTE: 
https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 
(v0.9.35)
 CVE-2024-27284 (cassandra-rs is a Cassandra (CQL) driver for Rust. Code that 
attempts  ...)
-   TODO: check
+   NOT-FOR-US: Rust crate cassandra-rs
 CVE-2024-27103 (Querybook is a Big Data Querying UI. When a user searches for 
their qu ...)
NOT-FOR-US: Querybook
 CVE-2024-27083 (Flask-AppBuilder is an application development framework, 
built on top ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f816cbaa45375bb692e07a1e8c289f76f5a779c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f816cbaa45375bb692e07a1e8c289f76f5a779c5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
115cdf63 by Moritz Muehlenhoff at 2024-02-28T17:22:34+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2024-22857
+   NOT-FOR-US: zlog
 CVE-2024-26016
NOT-FOR-US: Apache Superset
 CVE-2024-24779



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115cdf6341d0d4e2565f748db0ec19aade0c6288

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115cdf6341d0d4e2565f748db0ec19aade0c6288
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1c3c697b by Moritz Muehlenhoff at 2024-02-26T20:37:05+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-51518
+   NOT-FOR-US: Apache James
 CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA 
requests]
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3c697bc0c6aa65d76a1768c2d2c604006e8141

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3c697bc0c6aa65d76a1768c2d2c604006e8141
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd5aa043 by Moritz Muehlenhoff at 2024-02-23T14:37:31+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -540,7 +540,7 @@ CVE-2023-52440 (In the Linux kernel, the following 
vulnerability has been resolv
[buster] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/4b081ce0d830b684fdf967abc3696d1261387254 (6.6-rc1)
 CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification 
(section 17.4) ...)
-   TODO: check
+   NOT-FOR-US: QUIC protocol issue
 CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 
allows a  ...)
NOT-FOR-US: ProjeQtOr
 CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 
V22.03.02.5 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5aa043b18bedabe3a485680d5b21a55384bc38

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5aa043b18bedabe3a485680d5b21a55384bc38
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b3dad7a by Moritz Muehlenhoff at 2024-02-23T13:04:06+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1018,7 +1018,7 @@ CVE-2023-6806 (The Starbox plugin for WordPress is 
vulnerable to Stored Cross-Si
 CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to 
Sensitive  ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through 
3.8.3 did ...)
-   TODO: check
+   NOT-FOR-US: OpenVPN3 (separate codebase from OpenVPN as packaged by 
src:openvpn))
 CVE-2023-52439 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
- linux 6.6.13-1
[bookworm] - linux 6.1.76-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3dad7ae4a6ec90279b6991cc6b3f814311c172

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3dad7ae4a6ec90279b6991cc6b3f814311c172
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4af64dc9 by Moritz Muehlenhoff at 2024-02-16T12:33:55+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,7 +7,7 @@ CVE-2024-25413 (A XSLT Server Side injection vulnerability in 
the Import Jobs fu
 CVE-2024-25123 (MSS (Mission Support System) is an open source package 
designed for pl ...)
NOT-FOR-US: MSS (Mission Support System)
 CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National 
Identity ...)
-   TODO: check
+   NOT-FOR-US: Questionable CVE assignment for Online-Ausweis-Funktion 
protocol scheme
 CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be 
susceptible to  ...)
NOT-FOR-US: SolarWinds
 CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be 
susceptible to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af64dc9df88b979e871c4464fb55038d6988c61

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af64dc9df88b979e871c4464fb55038d6988c61
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2814be94 by Moritz Muehlenhoff at 2024-01-29T16:32:25+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -47077,6 +47077,7 @@ CVE-2023-29056 (A valid LDAP user, under specific 
conditions, will default to re
NOT-FOR-US: Lenovo
 CVE-2023-29055
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT 
(All versi ...)
NOT-FOR-US: Siemens
 CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < 
V11.3.2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2814be940d3f2f35946ba4669cc5151accf62f7b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2814be940d3f2f35946ba4669cc5151accf62f7b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b9cddf7a by Moritz Muehlenhoff at 2024-01-29T12:36:29+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -115,7 +115,7 @@ CVE-2024-0618 (The Contact Form Plugin \u2013 Fastest 
Contact Form Builder Plugi
 CVE-2023-6497 (The WordPress Simple Shopping Cart plugin for WordPress is 
vulnerable  ...)
NOT-FOR-US: WordPress plugin
 CVE-2023-6482 (Use of encryption key derived from static information in 
Synaptics Fin ...)
-   TODO: check
+   NOT-FOR-US: Synaptics
 CVE-2023-6470
REJECTED
 CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer 
overflow a ...)
@@ -6006,7 +6006,6 @@ CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 
for Ruby sometimes allow
- ruby-json-jwt 
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
NOTE: https://github.com/nov/json-jwt/issues/113
-   TODO: check if reported upstream
 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer 
over-read  ...)
NOT-FOR-US: BACnet Stack
 CVE-2023-51654 (Improper link resolution before file access ('Link Following') 
issue e ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9cddf7a04894f4e0617a100101283c60fd52c2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9cddf7a04894f4e0617a100101283c60fd52c2c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df0529b0 by Moritz Muehlenhoff at 2024-01-22T16:54:49+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -71,7 +71,7 @@ CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 
uses the same AES/G
 CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring 
versions before ...)
NOT-FOR-US: FOLIO mod-data-export-spring
 CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 
9.0.0 to 9.0 ...)
-   TODO: check
+   NOT-FOR-US: DependencyCheck for Maven
 CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 
1.7.2 and  ...)
NOT-FOR-US: mod-remote-storage
 CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function 
in com. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0529b0f26ca3e31869c165018e8a6295e19fa6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0529b0f26ca3e31869c165018e8a6295e19fa6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c13efea by Moritz Muehlenhoff at 2023-12-25T19:49:02+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -36907,7 +36907,7 @@ CVE-2023-1963 (A vulnerability was found in PHPGurukul 
Bank Locker Management Sy
 CVE-2018-25084 (A vulnerability, which was classified as problematic, has been 
found i ...)
NOT-FOR-US: Ping Identity Self-Service Account Manager
 CVE-2023-30451 (In TYPO3 11.5.24, the filelist component allows attackers (who 
have ac ...)
-   TODO: check
+   NOT-FOR-US: Typo3
 CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the 
redpanda.rpc_server_tls f ...)
NOT-FOR-US: Redpanda
 CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c13efeab2705876ba6cde02bab0173f6f528e16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c13efeab2705876ba6cde02bab0173f6f528e16
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU / add tinydir references

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ba6b1ba by Moritz Muehlenhoff at 2023-12-22T09:49:53+01:00
NFU / add tinydir references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -215,7 +215,7 @@ CVE-2023-50822 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
NOT-FOR-US: XWiki
 CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library 
for creati ...)
-   TODO: check
+   NOT-FOR-US: Resque
 CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows 
remote att ...)
NOT-FOR-US: blinksocks
 CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows 
remote att ...)
@@ -4102,6 +4102,8 @@ CVE-2023-49287 (TinyDir is a lightweight C directory and 
file reader. Buffer ove
TODO: potentally affects falcosecurity-libs, gemmi, lwip
NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1
NOTE: 
https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
+   NOTE: 
https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d
+   NOTE: 
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt
 CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus 
Ver.3.2.0. ...)
NOT-FOR-US: RakRak Document Plus
 CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is 
vulnerab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6b1ba8336464c1551490aad6f7332f4ce4382

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6b1ba8336464c1551490aad6f7332f4ce4382
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
983b359e by Moritz Muehlenhoff at 2023-12-18T14:17:45+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-41314
+   NOT-FOR-US: Apache Doris
 CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository 
mlflow/mlflow prio ...)
NOT-FOR-US: mlflow
 CVE-2023-6908 (A vulnerability, which was classified as problematic, was found 
in DFI ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983b359ee03142113d79917cddf5a9ccba4aa871

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983b359ee03142113d79917cddf5a9ccba4aa871
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd2aa86b by Moritz Muehlenhoff at 2023-11-24T20:50:57+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -265050,6 +265050,7 @@ CVE-2020-10371
RESERVED
 CVE-2020-10370
RESERVED
+   NOT-FOR-US: Broadcom
 CVE-2020-10369
RESERVED
 CVE-2020-10368



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2aa86b7f699b451d347905e52490a2e4d6748f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2aa86b7f699b451d347905e52490a2e4d6748f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b7ff8810 by Moritz Muehlenhoff at 2023-11-24T16:07:50+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -160717,7 +160717,7 @@ CVE-2021-39010
 CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user 
credential ...)
NOT-FOR-US: IBM
 CVE-2021-39008 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a 
privileg ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2021-39007
RESERVED
 CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an 
attacker to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ff88100f1492982c972faefc88265f2d8c3243

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ff88100f1492982c972faefc88265f2d8c3243
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43526e38 by Moritz Muehlenhoff at 2023-11-24T15:26:47+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-49068
+   NOT-FOR-US: Apache DolphinScheduler
 CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.)
NOT-FOR-US: Usedesk
 CVE-2023-49215 (Usedesk before 1.7.57 allows filter reflected XSS.)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43526e38b73bf6e1584f0035cf1f5438f9f3e06f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43526e38b73bf6e1584f0035cf1f5438f9f3e06f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46935e67 by Moritz Muehlenhoff at 2023-11-23T13:58:01+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-43123
+   NOT-FOR-US: Apache Storm
 CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via 
an SVG do ...)
NOT-FOR-US: dom-sanitizer
 CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because 
the una ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46935e67399a9f2e579bfa5fe6b7cc825850dcb1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0122346f by Moritz Muehlenhoff at 2023-11-09T12:52:11+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-46857
+   NOT-FOR-US: Squidex
 CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers 
to acces ...)
NOT-FOR-US: Lenovo
 CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could 
allow a  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0122346f0e53c4765ca68a7a46574cc4cdfd813d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0122346f0e53c4765ca68a7a46574cc4cdfd813d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c84d1db by Moritz Muehlenhoff at 2023-10-28T14:46:42+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-5056
+   NOT-FOR-US: Skupper
 CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom 
location with  ...)
NOT-FOR-US: HashiCorp Vagrant's Windows installer
 CVE-2023-5830 (A vulnerability classified as critical has been found in 
ColumbiaSoft  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c84d1db0068aca68eaffd1de4d843dba91d9c7d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c84d1db0068aca68eaffd1de4d843dba91d9c7d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0f162125 by Moritz Muehlenhoff at 2023-10-06T15:32:31+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3328,7 +3328,7 @@ CVE-2023-41846 (A vulnerability has been identified in 
Tecnomatix Plant Simulati
 CVE-2023-41764 (Microsoft Office Spoofing Vulnerability)
NOT-FOR-US: Microsoft
 CVE-2023-41331 (SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are 
vulnerab ...)
-   TODO: check
+   NOT-FOR-US: SOFARPC
 CVE-2023-41036 (Macvim is a text editor for MacOS. Prior to version 178, 
Macvim makes  ...)
NOT-FOR-US: Macvim
 CVE-2023-41033 (A vulnerability has been identified in Parasolid V35.0 (All 
versions < ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f1621254afb5d2946dfbc7526933450ef01d9e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f1621254afb5d2946dfbc7526933450ef01d9e8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86c6ed85 by Moritz Muehlenhoff at 2023-09-15T10:29:07+02:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-4958
+   NOT-FOR-US: StackRox
 CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital 
Yepas all ...)
NOT-FOR-US: Yepas Digital Yepas
 CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated 
as probl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86c6ed8522bddff4e2cd425edef15b2483533522

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86c6ed8522bddff4e2cd425edef15b2483533522
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
500c9fa8 by Moritz Muehlenhoff at 2023-09-14T08:42:42+02:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-4910
+   NOT-FOR-US: 3scale-admin-portal
 CVE-2023-38039 [HTTP headers eat all memory]
- curl 
[bookworm] - curl  (Minor issue, can be fixed in point release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500c9fa8487ac1a3c9ca10bf4317f5ec0c7e3736

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500c9fa8487ac1a3c9ca10bf4317f5ec0c7e3736
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU, concludes external check

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4115914 by Moritz Muehlenhoff at 2023-09-12T11:16:57+02:00
NFU, concludes external check

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-31417
+   - elasticsearch 
 CVE-2023- [RUSTSEC-2023-0059: Unaligned read of *const *const c_char 
pointer]
- rust-users 
[bookworm] - rust-users  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4115914188fdb30eb7e2bb15d4343cd296cbf64

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4115914188fdb30eb7e2bb15d4343cd296cbf64
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e99e4462 by Moritz Muehlenhoff at 2023-09-06T08:56:10+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-36851
+   NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
- vim 
NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99e44627e0e38481c35122cebe1abf28247f2cc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99e44627e0e38481c35122cebe1abf28247f2cc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
45d42aac by Moritz Muehlenhoff at 2023-08-30T09:06:30+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-4481
+   NOT-FOR-US: Juniper
 CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 
116.0.5845.140 ...)
TODO: check
 CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support 
Option 1 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d42aac32b616f461093f900d642534712a0ffd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d42aac32b616f461093f900d642534712a0ffd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c05420f by Moritz Muehlenhoff at 2023-08-25T16:35:09+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -24827,6 +24827,7 @@ CVE-2023-1178 (An issue has been discovered in GitLab 
CE/EE affecting all versio
- gitlab 15.10.8+ds1-2
 CVE-2023-27604
RESERVED
+   NOT-FOR-US: Apache Airflow Sqoop Provider
 CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn 
materia ...)
NOT-FOR-US: Apache Linkis
 CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module 
uploadsfiles withou ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c05420f5e0f265063d821e62ad4a228853c8da7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c05420f5e0f265063d821e62ad4a228853c8da7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
283c815d by Moritz Muehlenhoff at 2023-08-23T14:39:27+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-3899
+   NOT-FOR-US: Red Hat Licence Manager
 CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is 
vulnerable to ...)
NOT-FOR-US: Donation Forms by Charitable plugin for WordPress
 CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer 
Overflow') ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283c815d5a54f033f97c6487658370b21952d70d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/283c815d5a54f033f97c6487658370b21952d70d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef9763da by Moritz Muehlenhoff at 2023-08-22T13:33:26+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-32184
+   NOT-FOR-US: OpenSUSE-welcome
 CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used 
for cach ...)
NOT-FOR-US: LokiStack
 CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository 
wallabag/wallab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9763daa450bd4c929bb8b3ea0b7f3215322202

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9763daa450bd4c929bb8b3ea0b7f3215322202
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b66eade7 by Moritz Muehlenhoff at 2023-08-18T13:05:32+02:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -56637,7 +56637,8 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor 
Authentication for macOS
 CVE-2023-20198
RESERVED
 CVE-2023-20197 (A vulnerability in the filesystem image parser for 
Hierarchical File S ...)
-   TODO: check
+   NOT-FOR-US: Cisco
+   NOTE: CVE for underlying ClamAV issue is CVE-2023-20032
 CVE-2023-20196
RESERVED
 CVE-2023-20195



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
92acefda by Moritz Mühlenhoff at 2023-08-03T10:11:40+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-3971
+   NOT-FOR-US: Red Hat Ansible Automation Controller
 CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
- xen 
[buster] - xen  (DSA 4677-1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92acefdac866458b399586201d159dc3449e9391

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92acefdac866458b399586201d159dc3449e9391
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
162485a6 by Moritz Muehlenhoff at 2023-07-31T08:38:33+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-3976
+   NOT-FOR-US: Red Hat OpenStack Platform
 CVE-2023-37219 (Tadiran Telecom Composit - CWE-1236: Improper Neutralization 
of Formul ...)
NOT-FOR-US: Tadiran Telecom Composit
 CVE-2023-37218 (Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a 
Pathname to a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162485a66176994643c03e08b93c4113f01f1879

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162485a66176994643c03e08b93c4113f01f1879
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-36542

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aae19c90 by Henri Salo at 2023-07-29T10:58:22+03:00
NFU CVE-2023-36542

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2575,6 +2575,8 @@ CVE-2022-48521 (An issue was discovered in OpenDKIM 
through 2.10.3, and 2.11.x t
NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability 
where an au ...)
- airflow  (bug #819700)
+CVE-2023-36542
+   NOT-FOR-US: Apache NiFi
 CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a 
vulnerability  ...)
- airflow  (bug #819700)
 CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been 
rated  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae19c902f0b14dce105828c1605257d42e5d1d9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2023-38647

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
edfb6a00 by Henri Salo at 2023-07-25T20:53:00+03:00
NFU CVE-2023-38647

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -214,6 +214,8 @@ CVE-2023-3819 (Exposure of Sensitive Information to an 
Unauthorized Actor in Git
NOT-FOR-US: pimcore
 CVE-2023-3102 (A sensitive information leak issue has been discovered in 
GitLab EE af ...)
- gitlab  (Specific to EE)
+CVE-2023-38647
+   NOT-FOR-US: Apache Helix
 CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise 
before 1. ...)
NOT-FOR-US: Metabase
 CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfb6a00925b8c18a55653454380eca9dac106e6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b415783 by Moritz Muehlenhoff at 2023-07-20T14:53:18+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-38200
+   NOT-FOR-US: Keylime
 CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. 
It has ...)
NOT-FOR-US: Dooblou WiFi File Explorer
 CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been 
classified as p ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b415783e162a0d6b64e70b5f0ddaec0b6e9555d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b415783e162a0d6b64e70b5f0ddaec0b6e9555d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f5a4b16d by Moritz Muehlenhoff at 2023-07-07T16:30:58+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-34442
+   NOT-FOR-US: Apache Camel JIRA
 CVE-2023-35887
NOT-FOR-US: Apache Mina SSHD
 CVE-2023-33008



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5a4b16dfacd29a385172ccbeede5fd496ac31d9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5a4b16dfacd29a385172ccbeede5fd496ac31d9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18c33644 by Moritz Muehlenhoff at 2023-07-07T16:28:19+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-35887
+   NOT-FOR-US: Apache Mina SSHD
 CVE-2023-33008
NOT-FOR-US: Apache Johnzon
 CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository 
outline/outli ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18c33644e67f13d624b3fa205b3ca9df622c6164

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18c33644e67f13d624b3fa205b3ca9df622c6164
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ba86a805 by Moritz Muehlenhoff at 2023-07-03T15:20:21+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-35797
+   NOT-FOR-US: Hive provider for Apache Airflow
 CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the 
install t ...)
TODO: check
 CVE-2023-3370



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba86a805cbd01216c63d2f6cd3c87fa0ce9773bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba86a805cbd01216c63d2f6cd3c87fa0ce9773bb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f04a6fa4 by Moritz Mühlenhoff at 2023-06-13T09:55:41+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -65,7 +65,7 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on 
Rails / Grape. Pri
NOTE: Fixed by: 
https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907
 (v5.6.6)
TODO: check ruby-doorkeeper-openid-connect
 CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along 
with th ...)
-   TODO: check
+   NOT-FOR-US: Apache NiFi
 CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, 
HTTP-FLV ...)
TODO: check
 CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
BrokenCr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04a6fa453bcc8bd7c2ce286627d15bf25aeec63

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04a6fa453bcc8bd7c2ce286627d15bf25aeec63
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5daeba57 by Moritz Mühlenhoff at 2023-04-27T17:18:55+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5210,6 +5210,7 @@ CVE-2023-29381
RESERVED
 CVE-2023-29380
RESERVED
+   NOT-FOR-US: Warpinator
 CVE-2023-29379
RESERVED
 CVE-2023-29378



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5daeba57f13be4571270ad3d20f6d2ce9b4cbbb0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5daeba57f13be4571270ad3d20f6d2ce9b4cbbb0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63bbda92 by Moritz Muehlenhoff at 2023-04-26T12:58:47+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13054,7 +13054,7 @@ CVE-2023-26737
 CVE-2023-26736
RESERVED
 CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access 
control  ...)
-   TODO: check
+   TODO: check, looks bogus
 CVE-2023-26734
RESERVED
 CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a 
local a ...)
@@ -39886,7 +39886,7 @@ CVE-2023-20875
 CVE-2023-20874
RESERVED
 CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and 
older unsup ...)
-   TODO: check
+   NOT-FOR-US: Spring Boot
 CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds 
read/write vuln ...)
NOT-FOR-US: VMware
 CVE-2023-20871 (VMware Fusion contains a local privilege escalation 
vulnerability. A m ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bbda9253a40638c25621e523609d2c8eb40817

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bbda9253a40638c25621e523609d2c8eb40817
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d9590944 by Moritz Muehlenhoff at 2023-04-20T15:42:42+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28389,7 +28389,7 @@ CVE-2023-21973 (Vulnerability in the Oracle 
iProcurement product of Oracle E-Bus
 CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
- mysql-8.0 
 CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL 
(compone ...)
-   TODO: check
+   NOT-FOR-US: MySQL Connector for Java
 CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle 
Analytics ( ...)
NOT-FOR-US: Oracle
 CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: 
Installation). Suppo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9590944f876319e149a6957d52f0c59354bb15a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9590944f876319e149a6957d52f0c59354bb15a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d3db3bbc by Moritz Muehlenhoff at 2023-04-17T17:17:00+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28198,7 +28198,7 @@ CVE-2023-21825 (Vulnerability in the Oracle iSupplier 
Portal product of Oracle E
 CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic 
Charging Engi ...)
NOT-FOR-US: Oracle
 CVE-2022-47522 (The IEEE 802.11 specifications through 802.11ax allow 
physically proxi ...)
-   TODO: check
+   NOT-FOR-US: IEEE 802.11 specifications
 CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. 
Missing val ...)
{DLA-3244-1}
- linux 6.0.12-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3db3bbc070ce5adcf33b70e4c7d855815a3993e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3db3bbc070ce5adcf33b70e4c7d855815a3993e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61b6c090 by Moritz Muehlenhoff at 2023-04-12T15:54:47+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6356,7 +6356,7 @@ CVE-2023-28262 (Visual Studio Elevation of Privilege 
Vulnerability ...)
 CVE-2023-28261
RESERVED
 CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft .NET
 CVE-2023-28259
RESERVED
 CVE-2023-28258



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b6c09017c6903b3884665a8668d81d3be1f772

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b6c09017c6903b3884665a8668d81d3be1f772
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8e549f by Henri Salo at 2023-03-15T13:11:59+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5806,7 +5806,7 @@ CVE-2023-26264
 CVE-2023-26263
RESERVED
 CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an 
authenticated Si ...)
-   TODO: check
+   NOT-FOR-US: Sitecore
 CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath 
injection lead ...)
NOT-FOR-US: UBIKA WAAP Gateway/Cloud
 CVE-2023-26260



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8e549f29cd79e0b8a7332dfbec232101c349a5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5de1b01 by Henri Salo at 2023-02-23T11:51:28+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2442,6 +2442,7 @@ CVE-2023-25622
RESERVED
 CVE-2023-25621
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2023-25620
RESERVED
 CVE-2023-25619



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5de1b012cdb26294b09b19792a86c43f701fd45
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ee3fea33 by Moritz Muehlenhoff at 2023-02-20T14:20:11+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1552,6 +1552,7 @@ CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) 
application - versions 700
NOT-FOR-US: SAP
 CVE-2023-25613
RESERVED
+   NOT-FOR-US: Apache Kerby
 CVE-2023-0767
RESERVED
{DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3319-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3fea33deb2356835b500e7b395ff10c667a7fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3fea33deb2356835b500e7b395ff10c667a7fc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
725c1659 by Moritz Muehlenhoff at 2023-02-06T12:46:49+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -16945,7 +16945,7 @@ CVE-2022-45788 (A CWE-754: Improper Check for Unusual 
or Exceptional Conditions
 CVE-2022-45787 (Unproper laxist permissions on the temporary files used by 
MIME4J Temp ...)
NOT-FOR-US: Apache James
 CVE-2022-45786 (There are issues with the AGE drivers for Golang and Python 
that enabl ...)
-   TODO: check
+   NOT-FOR-US: Apache AGE
 CVE-2022-4121 (In libetpan a null pointer dereference in 
mailimap_mailbox_data_status ...)
{DLA-3261-1}
- libetpan 1.9.4-3.1 (bug #1025120)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725c1659c3cc3e5930cc981db23575fd50367ac5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725c1659c3cc3e5930cc981db23575fd50367ac5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d9ddbc94 by Moritz Muehlenhoff at 2023-02-06T09:36:15+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -75360,7 +75360,7 @@ CVE-2022-21195 (All versions of package url-regex are 
vulnerable to Regular Expr
 CVE-2022-21192 (All versions of the package serve-lite are vulnerable to 
Directory Tra ...)
TODO: check
 CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are 
vulnerabl ...)
-   TODO: check
+   NOT-FOR-US: Node global-modules-path
 CVE-2022-21190 (This affects the package convict before 6.2.3. This is a 
bypass of [CV ...)
NOT-FOR-US: Node convict
 CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 
4.0.0-al ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ddbc94fb37c34efedcf9cc64bbd17c3f47e2d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ddbc94fb37c34efedcf9cc64bbd17c3f47e2d0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3109616 by Henri Salo at 2023-02-04T11:07:20+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6602,6 +6602,7 @@ CVE-2013-10009 (A vulnerability was found in DrAzraelTod 
pyChao and classified a
NOT-FOR-US: DrAzraelTod pyChao
 CVE-2023-22849
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been 
rated a ...)
NOT-FOR-US: Netis Netcore Router
 CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. 
It has  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e310961624138610c9a7a3fc1aedf9bfcb99656d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,6 @@
+CVE-2023-24997
+   RESERVED
+   NOT-FOR-US: Apache InLong
 CVE-2023-24977
RESERVED
NOT-FOR-US: Apache InLong



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/891c57d120814dc9d8113687413b010413a7aaee
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,6 @@
 CVE-2023-24977
RESERVED
+   NOT-FOR-US: Apache InLong
 CVE-2023-24976
RESERVED
 CVE-2023-24975



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13e905a632f8dda74b274c0d86fd5e868ea5d97
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82b1acf7 by Moritz Muehlenhoff at 2023-01-30T16:54:38+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-24830
+   NOT-FOR-US: Apache IoTDB
 CVE-2023-24829
NOT-FOR-US: Apache IoTDB
 CVE-2023-24803



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82b1acf7ab501402da6aab6aa803b75c814dbdae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82b1acf7ab501402da6aab6aa803b75c814dbdae
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d8a2ee0 by Moritz Muehlenhoff at 2023-01-30T16:50:29+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2023-24829
+   NOT-FOR-US: Apache IoTDB
 CVE-2023-24803
RESERVED
 CVE-2023-24802



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8a2ee0409bbdf834cf4a6809c09f0216091671

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8a2ee0409bbdf834cf4a6809c09f0216091671
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65fd2192 by Moritz Muehlenhoff at 2023-01-27T12:49:16+01:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -288,6 +288,7 @@ CVE-2023-0482
RESERVED
 CVE-2023-0481
RESERVED
+   NOT-FOR-US: Quarkus
 CVE-2023-0480
RESERVED
 CVE-2023- [SQL injection, sanitization, and login bypass]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65fd2192c79cc4aae2f6f99b1884b5f48bc90a0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65fd2192c79cc4aae2f6f99b1884b5f48bc90a0c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9631a922 by Moritz Muehlenhoff at 2023-01-17T10:03:11+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -395,6 +395,7 @@ CVE-2023-0297 (Code Injection in GitHub repository 
pyload/pyload prior to 0.5.0b
- pyload  (bug #1001980)
 CVE-2023-0296
RESERVED
+   NOT-FOR-US: OpenShift
 CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
NOT-FOR-US: Launchpad plugin for WordPress
 CVE-2023-0294 (The Mediamatic  Media Library Folders plugin for 
WordPress is v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9631a922f37858af5306e0171ad7f9fc80b21cc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9631a922f37858af5306e0171ad7f9fc80b21cc3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
233b0d56 by Moritz Muehlenhoff at 2023-01-09T18:00:02+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -63,19 +63,19 @@ CVE-2020-36646 (A vulnerability classified as problematic 
has been found in Medi
NOTE: https://github.com/MediaArea/ZenLib/pull/119
NOTE: 
https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408
 (v0.4.39)
 CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has 
been cl ...)
-   TODO: check
+   NOT-FOR-US: Symbiote Seed
 CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 
1.x and cl ...)
-   TODO: check
+   NOT-FOR-US: CESNET theme-cesnet
 CVE-2016-15013 (A vulnerability was found in ForumHulp searchresults. It has 
been rate ...)
-   TODO: check
+   NOT-FOR-US: ForumHulp
 CVE-2015-10029 (A vulnerability classified as problematic was found in 
kelvinmo simple ...)
-   TODO: check
+   NOT-FOR-US: kelvinmo
 CVE-2014-125065 (A vulnerability, which was classified as critical, was found 
in john52 ...)
-   TODO: check
+   NOT-FOR-US: bottle-auth
 CVE-2014-125064 (A vulnerability, which was classified as critical, has been 
found in e ...)
-   TODO: check
+   NOT-FOR-US: gosqljson
 CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified 
as crit ...)
-   TODO: check
+   NOT-FOR-US: DrAzraelTod pyChao
 CVE-2023-22849
RESERVED
 CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been 
rated a ...)
@@ -107,25 +107,25 @@ CVE-2015-10027 (A vulnerability, which was classified as 
problematic, has been f
 CVE-2015-10026 (A vulnerability was found in tiredtyrant flairbot. It has been 
declare ...)
TODO: check
 CVE-2015-10025 (A vulnerability has been found in luelista miniConf up to 
1.7.6 and cl ...)
-   TODO: check
+   NOT-FOR-US: luelista miniConf
 CVE-2015-10024 (A vulnerability classified as critical was found in hoffie 
larasync. T ...)
-   TODO: check
+   NOT-FOR-US: hoffie larasync
 CVE-2015-10023 (A vulnerability classified as critical has been found in Fumon 
trello- ...)
-   TODO: check
+   NOT-FOR-US: Fumon trello-octometric
 CVE-2015-10022 (A vulnerability was found in IISH nlgis2. It has been declared 
as crit ...)
-   TODO: check
+   NOT-FOR-US: IISH nlgis2
 CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been 
classified ...)
-   TODO: check
+   NOT-FOR-US: ritterim
 CVE-2015-10020
RESERVED
 CVE-2015-10019 (A vulnerability, which was classified as problematic, has been 
found i ...)
-   TODO: check
+   NOT-FOR-US: MySimplifiedSQL
 CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified 
as critic ...)
-   TODO: check
+   NOT-FOR-US: ada-l0velace Bid
 CVE-2014-125062 (A vulnerability classified as critical was found in ananich 
bitstorm.  ...)
-   TODO: check
+   NOT-FOR-US: ananich bitstorm
 CVE-2014-125061 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
peel file ...)
-   TODO: check
+   NOT-FOR-US: peel filebrokerrm
 CVE-2014-125060 (A vulnerability, which was classified as critical, was found 
in holden ...)
TODO: check
 CVE-2014-125059 (A vulnerability, which was classified as problematic, has 
been found i ...)
@@ -724,7 +724,7 @@ CVE-2019-25095 (A vulnerability, which was classified as 
problematic, was found
 CVE-2018-25065 (A vulnerability was found in Wikimedia 
mediawiki-extensions-I18nTags a ...)
TODO: check
 CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has 
been rate ...)
-   TODO: check
+   NOT-FOR-US: OSM Lab show-me-the-way
 CVE-2017-20162 (A vulnerability, which was classified as problematic, has been 
found i ...)
TODO: check
 CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as 
problema ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233b0d563910074c95860c1bd1e69e3b060c0636

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233b0d563910074c95860c1bd1e69e3b060c0636
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
62597546 by Moritz Muehlenhoff at 2023-01-09T10:39:24+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7219,6 +7219,7 @@ CVE-2022-46770 (qubes-mirage-firewall (aka Mirage 
firewall for QubesOS) 0.8.x th
NOT-FOR-US: qubes-mirage-firewall
 CVE-2022-46769
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2022-4346
RESERVED
 CVE-2022-4345



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625975460c065dd5a4e1e476a103d3254ca20d19

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625975460c065dd5a4e1e476a103d3254ca20d19
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52718548 by Henri Salo at 2023-01-06T09:38:17+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9098,6 +9098,7 @@ CVE-2022-4146
RESERVED
 CVE-2022-45935
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. 
l2cap_conf ...)
- linux 
NOTE: 
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
@@ -9506,6 +9507,7 @@ CVE-2022-45788
RESERVED
 CVE-2022-45787
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-45786
RESERVED
 CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free 
in low-level/imap/mailimap_types.c]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527185484998c90bf431880b9461961e177df804
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d02f76c4 by Henri Salo at 2022-12-30T13:18:57+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13178,6 +13178,7 @@ CVE-2022-44622 (In JetBrains TeamCity version between 
2021.2 and 2022.10 access
NOT-FOR-US: JetBrains TeamCity
 CVE-2022-44621
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-44618
RESERVED
 CVE-2022-44614
@@ -18198,6 +18199,7 @@ CVE-2022-43397 (A vulnerability has been identified in 
Parasolid V34.0 (All vers
NOT-FOR-US: Siemens
 CVE-2022-43396
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. 
...)
- vim 2:9.0.0813-1 (unimportant)
NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d02f76c44a2f42e124d2f75fab4f76dcf3c56fe4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0041f0f7 by Moritz Muehlenhoff at 2022-12-05T16:25:59+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4277,6 +4277,7 @@ CVE-2022-45047 (Class 
org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP
NOT-FOR-US: Apache Mina SSHD
 CVE-2022-45046
RESERVED
+   NOT-FOR-US: Apache Camel
 CVE-2022-3899
RESERVED
 CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to 
Cross- ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0041f0f7bc623b40fdb8a587e4bc6b053cf06106

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0041f0f7bc623b40fdb8a587e4bc6b053cf06106
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility 
package to build export
NOTE: 
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: 
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
 (v0.8.2)
 CVE-2022-46145 (authentik is an open-source identity provider. Versions prior 
to 2022. ...)
-   TODO: check
+   NOT-FOR-US: authentik
 CVE-2022-46144
RESERVED
 CVE-2022-46143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34d7eefd by Moritz Muehlenhoff at 2022-12-02T12:10:03+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3768,7 +3768,7 @@ CVE-2022-3943 (A vulnerability was found in ForU CMS. It 
has been classified as
 CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization 
Management Sy ...)
NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle 
BC-FJA b ...)
-   TODO: check
+   NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian 
package for Bouncycastle
 CVE-2022-45145
RESERVED
 CVE-2022-45144



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
51440a4b by Moritz Muehlenhoff at 2022-11-28T10:22:16+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2722,6 +2722,7 @@ CVE-2022-45168
RESERVED
 CVE-2022-3962
RESERVED
+   NOT-FOR-US: Kiali
 CVE-2022-3961
RESERVED
 CVE-2022-3960



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51440a4bfe9085bb6c1edbfae276d7241e818674
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
91cd8e14 by Moritz Muehlenhoff at 2022-11-21T14:27:57+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -106,6 +106,7 @@ CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 
Throttling was missed when
NOT-FOR-US: JetBrains Hub
 CVE-2022-45470
RESERVED
+   NOT-FOR-US: Apache Hama
 CVE-2022-44456
RESERVED
 CVE-2022-4061



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
16267b2d by Moritz Muehlenhoff at 2022-11-16T12:25:00+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1351,6 +1351,7 @@ CVE-2022-45048
RESERVED
 CVE-2022-45047
RESERVED
+   NOT-FOR-US: Apache Mina SSHD
 CVE-2022-45046
RESERVED
 CVE-2022-3899



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16267b2d2e345fd900db3eeefc8b6aaaede28bde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16267b2d2e345fd900db3eeefc8b6aaaede28bde
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
205a514a by Moritz Muehlenhoff at 2022-11-11T14:40:35+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -46,6 +46,7 @@ CVE-2022-3932
RESERVED
 CVE-2022-3931
RESERVED
+   NOT-FOR-US: Rook
 CVE-2022-3930
RESERVED
 CVE-2022-3929



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/205a514acb85f25b1c2945ed38c0fd65a36c5340

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/205a514acb85f25b1c2945ed38c0fd65a36c5340
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fab16fb0 by Moritz Muehlenhoff at 2022-10-04T10:43:58+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -10586,6 +10586,7 @@ CVE-2022-2806 (It was found that the 
ovirt-log-collector/sosreport collects the
NOT-FOR-US: ovirt-log-collector
 CVE-2022-2805
RESERVED
+   NOT-FOR-US: ovirt-engine
 CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management 
System. It  ...)
NOT-FOR-US: SourceCodester Zoo Management System
 CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management 
System and  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab16fb0921d12e0fe79e6443e06cff579c66d2d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab16fb0921d12e0fe79e6443e06cff579c66d2d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU, concludes external check

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54b2c084 by Moritz Muehlenhoff at 2022-09-14T12:24:25+02:00
NFU, concludes external check

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1247,6 +1247,7 @@ CVE-2022-3144
RESERVED
 CVE-2022-3143
RESERVED
+   NOT-FOR-US: WildFly Elytron
 CVE-2022-40137
RESERVED
 CVE-2022-40136



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2605,6 +2605,7 @@ CVE-2022-39136
RESERVED
 CVE-2022-39135
RESERVED
+   NOT-FOR-US: Apache Calcite
 CVE-2022-39134
RESERVED
 CVE-2022-39133



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f57ac939 by Moritz Muehlenhoff at 2022-09-01T11:41:58+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2657,6 +2657,7 @@ CVE-2022-2807
RESERVED
 CVE-2022-2806
RESERVED
+   NOT-FOR-US: ovirt-log-collector
 CVE-2022-2805
RESERVED
 CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management 
System. It  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57ac9394bb267b05065e2ea1bba3a424e849a51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57ac9394bb267b05065e2ea1bba3a424e849a51
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fdd0407e by Moritz Muehlenhoff at 2022-08-24T10:42:58+02:00
NFU
add note for shim entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4669,7 +4669,7 @@ CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 
local code execution vi
 CVE-2022-2569
RESERVED
 CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation 
Platfo ...)
-   TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2108653 
unclear if this is an issue on ansible level itself
+   NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2022-2567
RESERVED
 CVE-2022-2566
@@ -11519,12 +11519,18 @@ CVE-2022-34304
 CVE-2022-34303
RESERVED
NOT-FOR-US: Eurosoft (UK) shim
+   NOTE: This transitively affects Secure Boot as used in Debian, but 
tracking DBX updates
+   NOTE: is out of scope for the Debian Security Tracker
 CVE-2022-34302
RESERVED
NOT-FOR-US: New Horizon Datasys Inc shim
+   NOTE: This transitively affects Secure Boot as used in Debian, but 
tracking DBX updates
+   NOTE: is out of scope for the Debian Security Tracker
 CVE-2022-34301
RESERVED
NOT-FOR-US: CryptoPro Secure Disk shim
+   NOTE: This transitively affects Secure Boot as used in Debian, but 
tracking DBX updates
+   NOTE: is out of scope for the Debian Security Tracker
 CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in 
tinyexr::D ...)
- tinyexr  (bug #1014980)
[bullseye] - tinyexr  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdd0407ea40f809edee8ae9e21a3009479ffe210

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdd0407ea40f809edee8ae9e21a3009479ffe210
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU CVE-2022-34916 Apache Flume

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5964ae24 by Henri Salo at 2022-08-21T02:24:21+03:00
NFU CVE-2022-34916 Apache Flume

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8978,6 +8978,7 @@ CVE-2022-34917
RESERVED
 CVE-2022-34916
RESERVED
+   NOT-FOR-US: Apache Flume
 CVE-2022-2306 (Old session tokens can be used to authenticate to the 
application and  ...)
NOT-FOR-US: Nakama
 CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not 
sanitise ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5964ae24ae828da23329a544a0ef9e8b91ed0d21
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1844,8 +1844,10 @@ CVE-2022-37413
RESERVED
 CVE-2022-37401
RESERVED
+   NOT-FOR-US: Apache OpenOffice
 CVE-2022-37400
RESERVED
+   NOT-FOR-US: Apache OpenOffice
 CVE-2022-37399
RESERVED
 CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside 
ADM when  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d6d0ce48 by Moritz Muehlenhoff at 2022-08-07T21:18:40+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -293,7 +293,7 @@ CVE-2022-2638
 CVE-2022-2637
RESERVED
 CVE-2022-2636 (Improper Input Validation in GitHub repository 
hestiacp/hestiacp prior ...)
-   TODO: check
+   NOT-FOR-US: Hestia Control Panel
 CVE-2022-2635
RESERVED
 CVE-2022-37393



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6d0ce483c6ff690a5487b577ba576feace777bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6d0ce483c6ff690a5487b577ba576feace777bc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f6fab6fc by Moritz Muehlenhoff at 2022-07-29T22:33:22+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -62732,7 +62732,8 @@ CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch 
(MSS550X), on its 3.1.3 vers
 CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to 
infer  ...)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
NOTE: 
https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
-   TODO: fill in tracking details
+   NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189897
+   NOTE: No code changes necessary/needed, firewall rules are 
reponsibility of local admin
 CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may 
be able ...)
{DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fab6fc15d800a4dbfbd85ee11e813be7e84bb7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fab6fc15d800a4dbfbd85ee11e813be7e84bb7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab310190 by Moritz Muehlenhoff at 2022-07-28T12:53:01+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -77479,7 +77479,7 @@ CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 
allows XSS via the username
 CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A 
lack of va ...)
NOT-FOR-US: CubeCoders AMP
 CVE-2021-34538 (Apache Hive before 3.1.3 "CREATE" and "DROP" function 
operations does  ...)
-   TODO: check
+   NOT-FOR-US: Apache Hive
 CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 
10.0.19 and 11 ...)
NOT-FOR-US: Cerberus FTP Server Enterprise
 CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3101902511e74869d1fa8fc32858daadc818c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3101902511e74869d1fa8fc32858daadc818c2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f09c6b2d by Henri Salo at 2022-07-28T11:19:18+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1428,6 +1428,7 @@ CVE-2022-36367
RESERVED
 CVE-2022-36364
RESERVED
+   NOT-FOR-US: Apache Calcite
 CVE-2022-36298
RESERVED
 CVE-2022-35729



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09c6b2d2389f48da039eeb1ac01f27d17a54c88
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b3e3745 by Moritz Muehlenhoff at 2022-07-11T21:31:19+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -49248,9 +49248,7 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) 
vulnerabilities exist in Sso
 CVE-2021-43504
RESERVED
 CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h 
laravel 5.8.38 ...)
-   - php-laravel-framework 
-   NOTE: 
https://github.com/guoyanan1g/Laravel-vul/issues/2#issue-1045655892
-   TODO: check, unclear status of report to upstream
+   NOTE: Disputed Laravel issue
 CVE-2021-43502
RESERVED
 CVE-2021-43501
@@ -126259,10 +126257,8 @@ CVE-2020-26557 (Mesh Provisioning in the Bluetooth 
Mesh profile 1.0 and 1.0.1 ma
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009
 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 
may perm ...)
-   - bluez 
-   [bullseye] - bluez  (Minor issue)
-   [buster] - bluez  (Minor issue)
-   [stretch] - bluez  (Mesh support introduced later)
+   NOT-FOR-US: Bluetooth
+   NOTE: There's no indication that any Bluetooth software in Debian is 
affected
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f9496a0 by Henri Salo at 2022-07-09T11:05:51+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -80955,7 +80955,7 @@ CVE-2021-31647
 CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the 
password rec ...)
NOT-FOR-US: Gestsup
 CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote 
attackers t ...)
-   TODO: check
+   NOT-FOR-US: glFTPd
 CVE-2021-31644
RESERVED
 CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU 
Technolo ...)
@@ -579384,7 +579384,7 @@ CVE-2005-0485 (Cross-site scripting (XSS) 
vulnerability in comment.php for paNew
 CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 
8.1.9 may ...)
NOT-FOR-US: GProFTPD
 CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, 
sitezipchk ...)
-   NOT-FOR-US: Glftpd
+   NOT-FOR-US: glFTPd
 CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a 
denial  ...)
NOT-FOR-US: TrackerCam
 CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log 
files  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9496a0ee9f6535e56bed83d4c675ab7174ca3c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
935d9b4e by Henri Salo at 2022-07-09T11:01:09+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -405940,9 +405940,9 @@ CVE-2015-1786 (Cross-site request forgery (CSRF) 
vulnerability in Zend/Validator
- zendframework  (the vulnerability was introduced 
specifically in the 2.3 series)
NOTE: http://framework.zend.com/security/advisory/ZF2015-03
 CVE-2015-1785 (In nextgen-galery wordpress plugin before 2.0.77.3 there are 
two vulne ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin nextgen-galery
 CVE-2015-1784 (In nextgen-galery wordpress plugin before 2.0.77.3 there are 
two vulne ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin nextgen-galery
 CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso 
before c ...)
- lasso 2.4.1-1
[wheezy] - lasso  (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d9b4e2f0e6de0849966f0be24e710d4091621
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU, bugnum

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
800e7431 by Moritz Muehlenhoff at 2022-06-22T12:00:22+02:00
NFU, bugnum

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3975,6 +3975,7 @@ CVE-2022-32550 (An issue was discovered in AgileBits 
1Password, involving the me
NOT-FOR-US: AgileBits 1Password
 CVE-2022-32549
RESERVED
+   NOT-FOR-US: Apache Sling
 CVE-2022-32289
RESERVED
 CVE-2022-32280 (Authenticated (contributor or higher user role) Stored 
Cross-Site Scri ...)
@@ -7788,7 +7789,7 @@ CVE-2022-31213
RESERVED
 CVE-2022-31212
RESERVED
-   - dbus-broker 
+   - dbus-broker  (bug #1013343)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718
 CVE-2022-31211
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/800e7431599124aef4902845fceecd808f42ebd8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/800e7431599124aef4902845fceecd808f42ebd8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f044cbdc by Moritz Mühlenhoff at 2022-06-20T09:56:43+02:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -62431,7 +62431,7 @@ CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 
0.11.9 allows remote attac
[stretch] - prosody  (Vulnerable code not present)
NOTE: https://prosody.im/security/advisory_20210722/
 CVE-2021-37404 (There is a potential heap buffer overflow in Apache Hadoop 
libhdfs nat ...)
-   TODO: check
+   - hadoop  (bug #793644)
 CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive 
Authent ...)
NOT-FOR-US: firefly-iii
 CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be 
vulnerable to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f044cbdc6fd66a5d091ae872b5e8f37875a0f85d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f044cbdc6fd66a5d091ae872b5e8f37875a0f85d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e060f329 by Moritz Muehlenhoff at 2022-06-17T17:17:58+02:00
NFU
exo bugnum

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3756,7 +3756,7 @@ CVE-2022-32285 (A vulnerability has been identified in 
Mendix SAML Module (Mendi
 CVE-2022-32279
RESERVED
 CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because 
xdg-open  ...)
-   - exo 
+   - exo  (bug #1013129)
NOTE: 
https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
 (exo-4.16.4)
 CVE-2022-32277
RESERVED
@@ -6524,6 +6524,7 @@ CVE-2022-1834
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
 CVE-2022-1833
RESERVED
+   NOT-FOR-US: Red Hat AMQ Broker
 CVE-2022-1832
RESERVED
 CVE-2022-1831



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e060f329f6db3da20a124625e0ece3b034e7f9c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e060f329f6db3da20a124625e0ece3b034e7f9c7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d1284c2e by Moritz Muehlenhoff at 2022-05-04T09:57:58+02:00
NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5921,6 +5921,7 @@ CVE-2022-1118
RESERVED
 CVE-2022-1117
RESERVED
+   NOT-FOR-US: fapolicyd
 CVE-2022-1116
RESERVED
 CVE-2022-1115



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1284c2e209f483e73c825f35341c82d08f07e8e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1284c2e209f483e73c825f35341c82d08f07e8e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cf7ed91 by Henri Salo at 2022-04-07T22:12:05+03:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3844,8 +3844,10 @@ CVE-2022-27222
RESERVED
 CVE-2022-0993
RESERVED
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0992
RESERVED
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0991 (Insufficient Session Expiration in GitHub repository 
admidio/admidio p ...)
NOT-FOR-US: admidio
 CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository 
janeczku/calib ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7ed9135f222d59f38cfb311009b4c7419fd0d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3912f99d by Moritz Mühlenhoff at 2022-04-06T19:18:52+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4833,6 +4833,7 @@ CVE-2018-25031 (Swagger UI before 4.1.3 could allow a 
remote attacker to conduct
- swagger-ui  (bug #895422)
 CVE-2022-26850
RESERVED
+   NOT-FOR-US: Apache NiFi
 CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) 
has a  ...)
NOT-FOR-US: Delta Electronics
 CVE-2022-0922 (The software does not perform any authentication for critical 
system f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3912f99d206cf039cf2fdede0b09d7b617f39996

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3912f99d206cf039cf2fdede0b09d7b617f39996
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a1e0fe7 by Salvatore Bonaccorso at 2022-03-16T09:42:32+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22832,13 +22832,13 @@ CVE-2022-21642 (Discourse is an open source platform 
for community discussion. I
 CVE-2021-43959
RESERVED
 CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 
4.8.9 al ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2021-43957 (Affected versions of Atlassian Fisheye  Crucible allowed 
remote a ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before 
version  ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and 
Crucible bef ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and 
Crucible before ...)
NOT-FOR-US: Atlassian
 CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center 
allow unaut ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1e0fe7635554dee4e0e8b2e095faa0530fceea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1e0fe7635554dee4e0e8b2e095faa0530fceea
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbb7190c by Henri Salo at 2022-02-07T10:42:19+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5075,6 +5075,7 @@ CVE-2022-22932 (Apache Karaf obr:* commands and run goal 
on the karaf-maven-plug
- apache-karaf  (bug #881297)
 CVE-2022-22931
RESERVED
+   NOT-FOR-US: Apache James
 CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template 
Management ...)
NOT-FOR-US: MCMS
 CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload 
vulnerabil ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbb7190c08ffe44065a6b1fb3a50be28132e584e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96cd9e0c by Henri Salo at 2022-02-05T13:03:47+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4335,6 +4335,7 @@ CVE-2021-23150
RESERVED
 CVE-2022-23206
RESERVED
+   NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205
RESERVED
 CVE-2022-23204



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cd9e0cfaaebd052779e800decaabbea9cd1e25
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e6aaef1 by Henri Salo at 2022-02-04T11:04:40+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -37033,8 +37033,10 @@ CVE-2021-36153 (Mismanaged state in 
GRPCWebToHTTP2ServerCodec.swift in gRPC Swif
NOT-FOR-US: gRPC Swift
 CVE-2021-36152
RESERVED
+   NOT-FOR-US: Apache Gobblin
 CVE-2021-36151
RESERVED
+   NOT-FOR-US: Apache Gobblin
 CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the 
generated cert ...)
NOT-FOR-US: OpenShift
 CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation 
in versi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6aaef17151f2c5f744089a729528a7be6618e2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46c238ac by Henri Salo at 2022-02-01T11:15:27+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12377,6 +12377,7 @@ CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and 
prior has a vulnerable debug
NOT-FOR-US: mySCADA myPRO
 CVE-2021-44451
RESERVED
+   NOT-FOR-US: Apache Superset
 CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All 
versions  ...)
NOT-FOR-US: Siemens
 CVE-2021-9 (A vulnerability has been identified in JT Utilities (All 
versions  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46c238ac902f84385165ba47a44ae46e24e2cee4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eb38c0ab by Moritz Mühlenhoff at 2022-01-06T19:23:43+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12244,6 +12244,7 @@ CVE-2021-43056 (An issue was discovered in the Linux 
kernel for powerpc before 5
NOTE: 
https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
 CVE-2021-43045
RESERVED
+   NOT-FOR-US: Apache Avro
 CVE-2021-3913
RESERVED
 CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance 
before 10 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb38c0ab62fdafc2ceacb09e7dd46bec2274e996

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb38c0ab62fdafc2ceacb09e7dd46bec2274e996
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2df1b42 by Henri Salo at 2022-01-06T15:57:46+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3335,10 +3335,13 @@ CVE-2022-22054
RESERVED
 CVE-2021-45458
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45457
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45456
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45455
RESERVED
 CVE-2021-45454
@@ -28722,6 +28725,7 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS 
before 2.23.0. Because o
NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
 CVE-2021-36774
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support 
an arbitr ...)
- ublock-origin 1.37.0+dfsg-1 (bug #991386)
[bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
@@ -41664,6 +41668,7 @@ CVE-2021-31524
RESERVED
 CVE-2021-31522
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr 
version ...)
NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard 
component ...)
@@ -51378,6 +51383,7 @@ CVE-2019-10102 (JetBrains Ktor framework (created using 
the Kotlin IDE template)
NOT-FOR-US: JetBrains Ktor
 CVE-2021-27738
RESERVED
+   NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS 
attack on th ...)
- trafficserver  (Only affects 9.x)
 CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient 
session exp ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2df1b4218cbed97dd84e9008d3c994ee260d411
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cb91b0f by Henri Salo at 2021-12-21T10:55:20+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -20,10 +20,13 @@ CVE-2021-4143
RESERVED
 CVE-2017-20010
RESERVED
+   NOT-FOR-US: MODX Revolution
 CVE-2017-20009
RESERVED
+   NOT-FOR-US: MODX Revolution
 CVE-2012-20001
RESERVED
+   NOT-FOR-US: PrestaShop
 CVE-2021-45442
RESERVED
 CVE-2021-45441



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits