[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87d558fe by security tracker role at 2023-12-10T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2023-6655 (A vulnerability, which was classified as critical, has been
found in H ...)
+ TODO: check
+CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS
6.x/7.0. Af ...)
+ TODO: check
+CVE-2023-6653 (A vulnerability was found in PHPGurukul Teacher Subject
Allocation Man ...)
+ TODO: check
+CVE-2023-6652 (A vulnerability was found in code-projects Matrimonial Site
1.0. It ha ...)
+ TODO: check
+CVE-2023-6651 (A vulnerability was found in code-projects Matrimonial Site
1.0. It ha ...)
+ TODO: check
+CVE-2023-6650 (A vulnerability was found in SourceCodester Simple Invoice
Generator S ...)
+ TODO: check
+CVE-2023-6649 (A vulnerability has been found in PHPGurukul Teacher Subject
Allocatio ...)
+ TODO: check
+CVE-2023-6648 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2023-50457 (An issue was discovered in Zammad before 6.2.0. When listing
tickets l ...)
+ TODO: check
+CVE-2023-50456 (An issue was discovered in Zammad before 6.2.0. An attacker
can trigge ...)
+ TODO: check
+CVE-2023-50455 (An issue was discovered in Zammad before 6.2.0. Due to lack of
rate li ...)
+ TODO: check
+CVE-2023-50454 (An issue was discovered in Zammad before 6.2.0. In several
subsystems, ...)
+ TODO: check
+CVE-2023-50453 (An issue was discovered in Zammad before 6.2.0. It uses the
public end ...)
+ TODO: check
+CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files
via ../ Di ...)
+ TODO: check
+CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before
2023.6-beta1 ...)
+ TODO: check
+CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows
Reflected XSS.)
+ TODO: check
CVE-2023-6647 (A vulnerability, which was classified as critical, has been
found in A ...)
NOT-FOR-US: AMTT HiBOS
CVE-2023-6646 (A vulnerability classified as problematic has been found in
linkding 1 ...)
@@ -4663,7 +4695,7 @@ CVE-2023-39295 (An OS command injection vulnerability has
been reported to affec
NOT-FOR-US: QNAP
CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-5870
+CVE-2023-5870 (A flaw was found in PostgreSQL involving the pg_cancel_backend
role th ...)
{DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 (bug #1056283)
@@ -4671,7 +4703,7 @@ CVE-2023-5870
- postgresql-11
NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
NOTE:
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
-CVE-2023-5869
+CVE-2023-5869 (A flaw was found in PostgreSQL that allows authenticated
database user ...)
{DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 (bug #1056283)
@@ -4679,7 +4711,7 @@ CVE-2023-5869
- postgresql-11
NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
NOTE:
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
-CVE-2023-5868
+CVE-2023-5868 (A memory disclosure vulnerability was found in PostgreSQL that
allows ...)
{DSA-5554-1 DSA-5553-1 DLA-3651-1}
- postgresql-16 16.1-1
- postgresql-15 (bug #1056283)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d558feae55915b951bd63de9a62f5c73cfe8ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87d558feae55915b951bd63de9a62f5c73cfe8ba
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take curl
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abf6516c by Adrian Bunk at 2023-12-11T01:40:38+02:00 dla: take curl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,7 +55,7 @@ cinder NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- -curl +curl (Adrian Bunk) NOTE: 20231210: Added by Front-Desk (ta) NOTE: 20231210: maybe also take care of https://lists.debian.org/debian-lts/2023/12/msg00020.html -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf6516cb938434da90bfe898bff02ae72fbf4e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf6516cb938434da90bfe898bff02ae72fbf4e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-33202
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36b93f8f by Salvatore Bonaccorso at 2023-12-10T20:33:23+01:00 Add upstream tag information for CVE-2023-33202 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2540,7 +2540,7 @@ CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial o [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33202 - NOTE: Fixed by https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c + NOTE: Fixed by https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c (r1rv73) CVE-2023-43123 (On unix-like systems, the temporary directory is shared between all us ...) NOT-FOR-US: Apache Storm CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b93f8f4abcded4020f5eed1ebff56e583ccad9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b93f8f4abcded4020f5eed1ebff56e583ccad9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad5fb21f by Salvatore Bonaccorso at 2023-12-10T21:19:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...) - TODO: check + NOT-FOR-US: Hongjing e-HR 2020 CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Af ...) - TODO: check + NOT-FOR-US: PHPEMS CVE-2023-6653 (A vulnerability was found in PHPGurukul Teacher Subject Allocation Man ...) - TODO: check + NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System CVE-2023-6652 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) - TODO: check + NOT-FOR-US: code-projects Matrimonial Site CVE-2023-6651 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) - TODO: check + NOT-FOR-US: code-projects Matrimonial Site CVE-2023-6650 (A vulnerability was found in SourceCodester Simple Invoice Generator S ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Invoice Generator System CVE-2023-6649 (A vulnerability has been found in PHPGurukul Teacher Subject Allocatio ...) - TODO: check + NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System CVE-2023-6648 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System CVE-2023-50457 (An issue was discovered in Zammad before 6.2.0. When listing tickets l ...) TODO: check CVE-2023-50456 (An issue was discovered in Zammad before 6.2.0. An attacker can trigge ...) @@ -25,9 +25,9 @@ CVE-2023-50454 (An issue was discovered in Zammad before 6.2.0. In several subsy CVE-2023-50453 (An issue was discovered in Zammad before 6.2.0. It uses the public end ...) TODO: check CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Di ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1 ...) - TODO: check + NOT-FOR-US: Mullvad VPN Windows app CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.) TODO: check CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5fb21f87ee0913e4d730fb50d56ff9c3fa941d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5fb21f87ee0913e4d730fb50d56ff9c3fa941d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track new CVEs in zammad, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0caf47e8 by Salvatore Bonaccorso at 2023-12-10T21:20:19+01:00 Track new CVEs in zammad, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,15 +15,15 @@ CVE-2023-6649 (A vulnerability has been found in PHPGurukul Teacher Subject Allo CVE-2023-6648 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System CVE-2023-50457 (An issue was discovered in Zammad before 6.2.0. When listing tickets l ...) - TODO: check + - zammad (bug #841355) CVE-2023-50456 (An issue was discovered in Zammad before 6.2.0. An attacker can trigge ...) - TODO: check + - zammad (bug #841355) CVE-2023-50455 (An issue was discovered in Zammad before 6.2.0. Due to lack of rate li ...) - TODO: check + - zammad (bug #841355) CVE-2023-50454 (An issue was discovered in Zammad before 6.2.0. In several subsystems, ...) - TODO: check + - zammad (bug #841355) CVE-2023-50453 (An issue was discovered in Zammad before 6.2.0. It uses the public end ...) - TODO: check + - zammad (bug #841355) CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Di ...) NOT-FOR-US: JFinalCMS CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0caf47e84a917d12f5e1fcdb509df4f0ee360c81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0caf47e84a917d12f5e1fcdb509df4f0ee360c81 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: add curl
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fe08ee5c by Thorsten Alteholz at 2023-12-10T19:42:33+01:00 add curl - - - - - bf5df810 by Thorsten Alteholz at 2023-12-10T19:45:39+01:00 add asterisk - - - - - 15ef4e77 by Thorsten Alteholz at 2023-12-10T19:47:30+01:00 add note for curl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -27,11 +27,17 @@ ansible NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an opportunity to NOTE: 20231202: assess/fix the situation. -- +asterisk + NOTE: 20231210: Added by Front-Desk (ta) +-- bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches NOTE: 20231203: almost done with testing -- +bluez + NOTE: 20231210: Added by Front-Desk (ta) +-- bouncycastle (Markus Koschany) NOTE: 20231127: Added by Front-Desk (Beuc) NOTE: 20231127: Also fix pending no-dsa CVEs, in particular CVE-2020-26939 was fixed in stretch-lts (Beuc/front-desk) @@ -49,6 +55,10 @@ cinder NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- +curl + NOTE: 20231210: Added by Front-Desk (ta) + NOTE: 20231210: maybe also take care of https://lists.debian.org/debian-lts/2023/12/msg00020.html +-- docker.io NOTE: 20230303: Added by Front-Desk (Beuc) NOTE: 20230303: Follow fixes from bullseye 11.2 (3 CVEs) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5cdebbfed5708f1e615fa0bdcb381a37de8c2295...15ef4e776da1fb2d916b4e95b2380bca6b4b44d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5cdebbfed5708f1e615fa0bdcb381a37de8c2295...15ef4e776da1fb2d916b4e95b2380bca6b4b44d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50431/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 988039c6 by Salvatore Bonaccorso at 2023-12-10T12:21:41+01:00 Add CVE-2023-50431/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,10 @@ CVE-2023-6647 (A vulnerability, which was classified as critical, has been found CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...) TODO: check CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) - TODO: check + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html CVE-2023-50430 (The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computer ...) TODO: check CVE-2023-50429 (IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensembl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988039c6a530937f78eead25b9862a07700c0e66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988039c6a530937f78eead25b9862a07700c0e66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f067f2f0 by security tracker role at 2023-12-10T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...) + TODO: check +CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...) + TODO: check +CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) + TODO: check +CVE-2023-50430 (The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computer ...) + TODO: check +CVE-2023-50429 (IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensembl ...) + TODO: check CVE-2023-50428 (In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots202311 ...) TODO: check CVE-2021-46899 (SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f067f2f0954d4e9827a01a4e6ba2dbe844e330da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f067f2f0954d4e9827a01a4e6ba2dbe844e330da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-36823/ruby-sanitize
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e79ca5f by Salvatore Bonaccorso at 2023-12-10T21:02:17+01:00
Add fixed version for CVE-2023-36823/ruby-sanitize
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -24051,7 +24051,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to
version 2.1.2, in environment
NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using
carefully ...)
{DLA-3652-1}
- - ruby-sanitize (bug #1041430)
+ - ruby-sanitize 6.0.2-1 (bug #1041430)
NOTE:
https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
(v6.0.2)
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
CVE-2023-36462 (Mastodon is a free, open-source social network server based on
Activit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e79ca5f97f73e5355da1d8f84a941945cb87279
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e79ca5f97f73e5355da1d8f84a941945cb87279
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 975404b7 by Salvatore Bonaccorso at 2023-12-10T14:12:03+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,16 @@ CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...) - TODO: check + NOT-FOR-US: AMTT HiBOS CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...) - TODO: check + NOT-FOR-US: linkding CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html CVE-2023-50430 (The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computer ...) - TODO: check + NOT-FOR-US: Goodix Fingerprint Device (as shipped in Dell Inspiron 15 computers) CVE-2023-50429 (IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensembl ...) - TODO: check + NOT-FOR-US: IzyBat Orange casiers CVE-2023-50428 (In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots202311 ...) TODO: check CVE-2021-46899 (SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/975404b7251acba112cb1b884952b6a0daed1f80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/975404b7251acba112cb1b884952b6a0daed1f80 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-43628/gpsd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1886bb3 by Salvatore Bonaccorso at 2023-12-10T16:35:27+01:00 Update information on CVE-2023-43628/gpsd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -749,12 +749,11 @@ CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BI CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) NOT-FOR-US: Dell CVE-2023-43628 (An integer underflow vulnerability exists in the NTRIP Stream Parsing ...) - - gpsd (bug #1057667) - [bookworm] - gpsd (Minor issue) - [bullseye] - gpsd (Minor issue) - [buster] - gpsd (Minor issue) + - gpsd (Vulnerable code introduced later, cf bug #1057667) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860 - NOTE: https://gitlab.com/gpsd/gpsd/-/commit/3e5c6c28c422102dd453e31912e1e79d1f7ff7f2 + NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/6ccd477f5e21a45f6c52a21ad323c93e59aa2461 + NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/c1c1c2706c4f5b9bf3be437d0a8f0106ef00c5e7 + NOTE: Fixed by: https://gitlab.com/gpsd/gpsd/-/commit/3e5c6c28c422102dd453e31912e1e79d1f7ff7f2 CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...) NOT-FOR-US: Buildroot CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1886bb3342785a1547b69b4794bf105e5248e04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1886bb3342785a1547b69b4794bf105e5248e04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2023-45866/bluez
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fef5975a by Salvatore Bonaccorso at 2023-12-10T17:15:30+01:00 Update notes for CVE-2023-45866/bluez - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,6 +230,8 @@ CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management se CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...) - bluez NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 + NOTE: The fix for CVE-2020-0556 allows to set manually the "ClassicBondedOnly" + NOTE: configuration options but defaulted to false. CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) NOT-FOR-US: Devolutions Server CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to 20231121. It h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef5975a7c1fdb10e5abf88a967865e8bb8804e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef5975a7c1fdb10e5abf88a967865e8bb8804e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45866/bluez
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ffa031e by Salvatore Bonaccorso at 2023-12-10T17:22:19+01:00 Add Debian bug reference for CVE-2023-45866/bluez - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -228,7 +228,7 @@ CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...) NOT-FOR-US: Dell CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...) - - bluez + - bluez (bug #1057914) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 NOTE: The fix for CVE-2020-0556 allows to set manually the "ClassicBondedOnly" NOTE: configuration options but defaulted to false. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffa031e168a20f14fe660b7b33eb113525ca89e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffa031e168a20f14fe660b7b33eb113525ca89e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bluez to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f7d7370 by Salvatore Bonaccorso at 2023-12-10T17:25:03+01:00 Add bluez to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +bluez (carnil) -- cryptojs -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7d73707f1164ac7a3ee7804315ccfc681c516e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7d73707f1164ac7a3ee7804315ccfc681c516e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bca31733 by Salvatore Bonaccorso at 2023-12-10T17:49:46+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -716,7 +716,7 @@ CVE-2023-49373 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...) - TODO: check + NOT-FOR-US: Elasticsearch-hadoop CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca317335a907e4d4971785482db903b10977da5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca317335a907e4d4971785482db903b10977da5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2023-32804 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cdebbfe by Salvatore Bonaccorso at 2023-12-10T17:51:42+01:00 Process CVE-2023-32804 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1099,7 +1099,7 @@ CVE-2023-44291 (Dell DM5500 5.14.0.0 contains an OS command injection vulnerabil CVE-2023-41613 (EzViz Studio v2.2.0 is vulnerable to DLL hijacking.) NOT-FOR-US: EzViz Studio CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Dri ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-checks' to ...) - consul [bullseye] - consul (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cdebbfed5708f1e615fa0bdcb381a37de8c2295 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cdebbfed5708f1e615fa0bdcb381a37de8c2295 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
