[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39cbb059 by security tracker role at 2024-03-15T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) + TODO: check +CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) + TODO: check +CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) + TODO: check +CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) + TODO: check +CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) + TODO: check +CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) + TODO: check +CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) + TODO: check +CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) + TODO: check +CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) + TODO: check +CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) + TODO: check +CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) + TODO: check +CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) + TODO: check +CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) + TODO: check +CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) + TODO: check +CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) + TODO: check +CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) + TODO: check +CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) + TODO: check +CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) + TODO: check +CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) + TODO: check +CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) + TODO: check +CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) + TODO: check +CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) + TODO: check +CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) + TODO: check +CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) + TODO: check +CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) + TODO: check +CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) + TODO: check CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cbb05978b0cbe9d5df4be5f4f3dfcc5a7cf49f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cbb05978b0cbe9d5df4be5f4f3dfcc5a7cf49f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debi
[Git][security-tracker-team/security-tracker][master] dla: cacti status update
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8841ff3b by Sylvain Beucler at 2024-03-15T12:02:46+01:00 dla: cacti status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,6 +50,7 @@ cacti (Sylvain Beucler) NOTE: 20240222: Coordinating with maintainer to prepare bullseye&bookworm updates (Beuc) NOTE: 20240222: Reported incomplete fix upstream (Beuc) NOTE: 20240227: Sent debdiffs for buster/bullseye/bookworm to maintainer+secteam; no news from upstream yet (Beuc) + NOTE: 20240315: Final (hopefully) debdiffs sent for upcoming DSA, buster update ready; still no news from upstream (Beuc) -- composer (rouca) NOTE: 20240209: Added by Front-Desk (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8841ff3b4ab8e2034d3dc0a04d890a35ef9d1523 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8841ff3b4ab8e2034d3dc0a04d890a35ef9d1523 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-28054/amavisd-new: buster postponed
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: bb96c54f by Sylvain Beucler at 2024-03-15T12:53:53+01:00 CVE-2024-28054/amavisd-new: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72,6 +72,7 @@ CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) [bullseye] - amavisd-new (Minor issue; will be fixed via point release) + [buster] - amavisd-new (Minor issue; new configuration to spam-tag some broken e-mails; follow point release) NOTE: https://gitlab.com/amavis/amavis/commit/78c4b7076ebf1d711629a95860aae1bc0db5277a (v2.13.1) NOTE: https://gitlab.com/amavis/amavis/commit/d921bc5208ce5b4e8f3e387a1d4e1f8fa4e85008 (v2.13.1) NOTE: https://gitlab.com/amavis/amavis/commit/c6c4a4c27c60194b68b617b7d3cfb033d6c587e2 (v2.13.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb96c54f4bcfbc8a16b5fe39402c3cb3febe7d7c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb96c54f4bcfbc8a16b5fe39402c3cb3febe7d7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reference DSA 5632-1/composer
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: dc8d397b by Sylvain Beucler at 2024-03-15T13:41:42+01:00 dla: reference DSA 5632-1/composer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,6 +56,7 @@ composer (rouca) NOTE: 20240209: Added by Front-Desk (utkarsh) NOTE: 20240304: Need to backport bullseye (rouca) NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca) + NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk) -- curl (rouca) NOTE: 20231229: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8d397bd3846584024cc36293019136e6dfc4e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8d397bd3846584024cc36293019136e6dfc4e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-27756/glpi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9195a240 by Salvatore Bonaccorso at 2024-03-15T14:21:49+01:00 Add CVE-2024-27756/glpi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,8 @@ CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-8 CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) NOT-FOR-US: TRENDnet CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) - TODO: check + - glpi + NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) TODO: check CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9195a240cd2bd11bbeeb2367806bf49efe30f6d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9195a240cd2bd11bbeeb2367806bf49efe30f6d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d2fe5d by Salvatore Bonaccorso at 2024-03-15T14:21:19+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,71 +1,71 @@ CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) - TODO: check + NOT-FOR-US: BradWenqiang HR CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) TODO: check CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) TODO: check CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) - TODO: check + NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) TODO: check CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) - TODO: check + NOT-FOR-US: Healthcare-Chatbot CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) - TODO: check + NOT-FOR-US: ABO.CMS CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) TODO: check CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-26540/cimg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67bfcee6 by Salvatore Bonaccorso at 2024-03-15T14:22:25+01:00 Add CVE-2024-26540/cimg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32,7 +32,8 @@ CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker t - glpi NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) - TODO: check + - cimg + NOTE: https://github.com/GreycLab/CImg/issues/403 CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bfcee67554fb5cb80e3a080bbe45195666de79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bfcee67554fb5cb80e3a080bbe45195666de79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-26475/radare2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d48452a7 by Salvatore Bonaccorso at 2024-03-15T14:22:53+01:00 Add CVE-2024-26475/radare2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,8 @@ CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) - TODO: check + - radare2 + NOTE: https://github.com/TronciuVlad/CVE-2024-26475 CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) NOT-FOR-US: Healthcare-Chatbot CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48452a7cfefddda764e6f5fcb29963b2adb9db9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48452a7cfefddda764e6f5fcb29963b2adb9db9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 61b65e49 by Moritz Mühlenhoff at 2024-03-15T15:30:42+01:00 bookworm/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -33,6 +33,8 @@ CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker t NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) - cimg + [bookworm] - cimg (Minor issue) + [bullseye] - cimg (Minor issue) NOTE: https://github.com/GreycLab/CImg/issues/403 CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass @@ -97,6 +99,8 @@ CVE-2024-2437 REJECTED CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node's `ht ...) - node-follow-redirects + [bookworm] - node-follow-redirects (Minor issue) + [bullseye] - node-follow-redirects (Minor issue) NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp NOTE: https://github.com/psf/requests/issues/1885 NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6) @@ -1060,6 +1064,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran CVE-2024-2193 [GhostRace: Speculative Race Conditions] - linux - xen + [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/14 = data/dsa-needed.txt = @@ -57,7 +57,7 @@ opennds/stable -- php-cas/oldstable -- -php-dompdf-svg-lib/stable +php-dompdf-svg-lib/stable (jmm) William Desportes is proposing an update needing review (6883e24c-b53d-4dcd-ad27-b944dbd68...@wdes.fr) -- php-horde-mime-viewer/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b65e49392c4f566c674e4da4b8a10227162082 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3761-1 for spip
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: bc4c12fc by Guilhem Moulin at 2024-03-15T15:46:34+01:00 Reserve DLA-3761-1 for spip - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -17619,7 +17619,6 @@ CVE-2023-52322 (ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x befo - spip 4.1.13+dfsg-1 (bug #1059331) [bookworm] - spip 4.1.9+dfsg-1+deb12u4 [bullseye] - spip 3.2.11-3+deb11u10 - [buster] - spip (Minor issue) NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr NOTE: https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb CVE-2023-7059 (A vulnerability was found in SourceCodester School Visitor Log e-Book ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Mar 2024] DLA-3761-1 spip - security update + {CVE-2023-52322} + [buster] - spip 3.2.4-1+deb10u13 [14 Mar 2024] DLA-3760-1 node-xml2js - security update {CVE-2023-0842} [buster] - node-xml2js 0.2.8-1.1+deb11u1~deb10u1 = data/dla-needed.txt = @@ -272,10 +272,6 @@ sendmail shim NOTE: 20240306: Added by Front-Desk (opal) -- -spip (guilhem) - NOTE: 20240313: Added by Front-Desk (Beuc) - NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-52322) (Beuc/front-desk) --- squid NOTE: 20240109: Added by Front-Desk (apo) NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc4c12fc42916abc7ae9c1b72d3be9a945f47e08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc4c12fc42916abc7ae9c1b72d3be9a945f47e08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3762-1 for unadf
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 62f50578 by Adrian Bunk at 2024-03-15T18:43:03+02:00 Reserve DLA-3762-1 for unadf - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -505651,7 +505651,6 @@ CVE-2016-1244 (The extractTree function in unADF allows remote attackers to exec - unadf 0.7.11a-6 (bug #838248) [bookworm] - unadf 0.7.11a-5+deb12u1 [bullseye] - unadf 0.7.11a-4+deb11u1 - [buster] - unadf (Minor issue) NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix. CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...) @@ -505659,7 +505658,6 @@ CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF - unadf 0.7.11a-6 (bug #838248) [bookworm] - unadf 0.7.11a-5+deb12u1 [bullseye] - unadf 0.7.11a-4+deb11u1 - [buster] - unadf (Minor issue) NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix. CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Mar 2024] DLA-3762-1 unadf - security update + {CVE-2016-1243 CVE-2016-1244} + [buster] - unadf 0.7.11a-4+deb11u1~deb10u1 [15 Mar 2024] DLA-3761-1 spip - security update {CVE-2023-52322} [buster] - spip 3.2.4-1+deb10u13 = data/dla-needed.txt = @@ -298,10 +298,6 @@ tiff tomcat9 NOTE: 20240121: Added by Front-Desk (apo) -- -unadf (Adrian Bunk) - NOTE: 20240314: Added by Front-Desk (Beuc) - NOTE: 20240314: Follow fixes from bullseye 11.9 (two 2016 CVEs) (Beuc/front-desk) --- varnish NOTE: 20231117: Added by Front-Desk (apo) NOTE: 20231204: Working on pre commits for CVE-2023-44487, https://github.com/varnishcache/varnish-cache/pull/4004 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f505787f67bbc9ca45d0141b0600de207e9bba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f505787f67bbc9ca45d0141b0600de207e9bba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad06b912 by security tracker role at 2024-03-15T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,141 @@ +CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) + TODO: check +CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...) + TODO: check +CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...) + TODO: check +CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...) + TODO: check +CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) + TODO: check +CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) + TODO: check +CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) + TODO: check +CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) + TODO: check +CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) + TODO: check +CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) + TODO: check +CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) + TODO: check +CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) + TODO: check +CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) + TODO: check +CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...) + TODO: check +CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) + TODO: check +CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) + TODO: check +CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) + TODO: check +CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...) + TODO: check +CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) + TODO: check +CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) + TODO: check +CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...) + TODO: check +CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61072614 by Salvatore Bonaccorso at 2024-03-15T21:24:05+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,17 +125,17 @@ CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulne CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...) TODO: check CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to o ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be store ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) @@ -184782,7 +184782,7 @@ CVE-2021-38940 CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...) NOT-FOR-US: IBM CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) NOT-FOR-US: IBM CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cc6066e by Salvatore Bonaccorso at 2024-03-15T21:35:37+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) - TODO: check + NOT-FOR-US: Logitech Logi Tune CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...) - TODO: check + NOT-FOR-US: RaspAP raspap-webgui CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...) - TODO: check + NOT-FOR-US: riendlyWrt firmware CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) TODO: check CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) @@ -23,77 +23,77 @@ CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) TODO: check CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) TODO: check CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) TODO: check CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...) - TODO: check + NOT-FOR-US: CoreWCF CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) TODO: check CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) - TODO: check + NOT-FOR-US: projectdiscovery/nuclei CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25934 (Improper Neutralization of Input During Web Page G
[Git][security-tracker-team/security-tracker][master] Process some CVEs in mattermost-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08dcd2d5 by Salvatore Bonaccorso at 2024-03-15T21:41:49+01:00 Process some CVEs in mattermost-server, itp'ed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,11 +13,11 @@ CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) NOT-FOR-US: Tenda CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) TODO: check CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) @@ -47,7 +47,7 @@ CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication F CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08dcd2d52f3ac42643f319da0e439b77a8dbe44e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08dcd2d52f3ac42643f319da0e439b77a8dbe44e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d77c71a by Salvatore Bonaccorso at 2024-03-15T21:42:43+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,7 @@ CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) TODO: check CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) - TODO: check + NOT-FOR-US: Snowflake Hive metastore connector CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d77c71a2add3be7bb8b63da7d2292aee6851340 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d77c71a2add3be7bb8b63da7d2292aee6851340 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1fd772a by Salvatore Bonaccorso at 2024-03-15T21:49:22+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,100 @@ +CVE-2021-47135 [mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5) +CVE-2021-47134 [efi/fdt: fix panic when no valid fdt found] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5) +CVE-2021-47133 [HID: amd_sfh: Fix memory leak in amd_sfh_work] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 (5.13-rc5) +CVE-2021-47132 [mptcp: fix sk_forward_memory corruption on retransmission] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b5941f066b4ca331db225a976dae1d6ca8cf0ae3 (5.13-rc5) +CVE-2021-47131 [net/tls: Fix use-after-free after the TLS device goes down and up] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4 (5.13-rc5) +CVE-2021-47130 [nvmet: fix freeing unallocated p2pmem] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bcd9a0797d73eeff659582f23277e7ab6e5f18f3 (5.13-rc5) +CVE-2021-47129 [netfilter: nft_ct: skip expectations for confirmed conntrack] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1710eb913bdcda3917f44d383c32de6bdabfc836 (5.13-rc5) +CVE-2021-47128 [bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ff40e51043af63715ab413995ff46996ecf9583f (5.13-rc5) +CVE-2021-47127 [ice: track AF_XDP ZC enabled queues in bitmap] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e102db780e1c14f10c70dafa7684af22a745b51d (5.13-rc5) +CVE-2021-47126 [ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/821bbf79fe46a8b1d18aa456e8ed0a3c208c3754 (5.13-rc5) +CVE-2021-47125 [sch_htb: fix refcount leak in htb_parent_to_leaf_offload] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/944d671d5faa0d78980a3da5c0f04960ef1ad893 (5.13-rc5) +CVE-2021-47124 [io_uring: fix link timeout refs] + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82 (5.13-rc2) +CVE-2021-47123 [io_uring: fix ltout double free on completion race] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/447c19f3b5074409c794b350b10306e1da1ef4ba (5.13-rc2) +CVE-2021-47122 [net: caif: fix memory leak in caif_device_notify] + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/b53558a950a89824938e9811eddfc8efcd94e1bb (5.13-rc5) +CVE-2021-47121 [net: caif: fix memory leak in cfusbl_device_notify] + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/7f5d86669fa4d485523ddb1d212e0a2d90bd62bb (5.13-rc5) +CVE-2021-47120 [HID: magicmouse: fix NULL-deref on disconnect] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497 (5.13-rc5) +CVE-2021-47119 [ext4: fix memory leak in ext4_fill_super] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/afd09b617db3786b6ef3dc43e28fe728cfea84df (5.13-rc5) +CVE-2021-47118 [pid: take a reference when initializing `cad_pid`] + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (5.13-rc5) +CVE-2021-47117 [ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed] + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/082cd4ec240b8734a82a89ffb890216ac98fec68 (5.13-rc5) +CVE-2021-47116 [ext4: fix memory leak in ext4_mb_init_backend on error path.] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/a8867f4e3809050571c98de7a2d465aff5e4daf5 (5.13-rc5) +CVE-2021-47115 [nfc: fix NULL ptr dereference in llcp_sock
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83db5455 by Salvatore Bonaccorso at 2024-03-15T22:14:55+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -116,7 +116,7 @@ CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3. CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) - mattermost-server (bug #823556) CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) - TODO: check + NOT-FOR-US: tls-listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) NOT-FOR-US: Snowflake Hive metastore connector CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) @@ -192,23 +192,23 @@ CVE-2023-7248 (Certain functionality in OpenText Vertica Management console migh CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...) - TODO: check + NOT-FOR-US: Sciener locks' firmware CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...) - TODO: check + NOT-FOR-US: Sciener-based locks CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...) - TODO: check + NOT-FOR-US: Sciener server CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component ...) TODO: check CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...) - TODO: check + NOT-FOR-US: Fluid CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...) NOT-FOR-US: WordPress plugin CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...) @@ -299,7 +299,7 @@ CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plu CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) - TODO: check + NOT-FOR-US: Softing CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) @@ -307,7 +307,7 @@ CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Co CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) NOT-FOR-US: NETGEAR CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) - TODO: check + NOT-FOR-US: eyoucms CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two gpac issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0aa8eb63 by Salvatore Bonaccorso at 2024-03-15T22:15:44+01:00 Add two gpac issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -130,9 +130,13 @@ CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cr CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2763 + NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2764 + NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aa8eb6386f703b07066c1a349c5886eec89d4c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aa8eb6386f703b07066c1a349c5886eec89d4c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-43279/tcpreplay
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9b798bd by Salvatore Bonaccorso at 2024-03-15T22:19:14+01:00 Add CVE-2023-43279/tcpreplay - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -971,7 +971,8 @@ CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site S CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) NOT-FOR-US: My Food Recipe Using PHP with Source Code CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) - TODO: check + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/824 CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) NOT-FOR-US: Code-Projects Exam Form Submission CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b798bd6e9c61e3ab0f6492f12de61b52a98b28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b798bd6e9c61e3ab0f6492f12de61b52a98b28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-23944/zookeeper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4eeb8eb4 by Salvatore Bonaccorso at 2024-03-15T22:37:51+01:00 Add Debian bug reference for CVE-2024-23944/zookeeper - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -326,7 +326,7 @@ CVE-2024-28054 CVE-2024-28752 (A SSRF vulnerability using the Aegis DataBinding in versions of Apache ...) NOT-FOR-US: Apache CXF CVE-2024-23944 (Information disclosure in persistent watchers handling in Apache ZooKe ...) - - zookeeper + - zookeeper (bug #1066947) NOTE: https://www.openwall.com/lists/oss-security/2024/03/14/2 CVE-2024-1930 NOT-FOR-US: dnf5daemon-server View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eeb8eb4acbbc0030e9e9b6dbd5d79150c3eb8f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eeb8eb4acbbc0030e9e9b6dbd5d79150c3eb8f4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add note
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab1a836f by Adrian Bunk at 2024-03-16T01:03:19+02:00 dla: add note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -103,6 +103,7 @@ frr (Abhijith PA) gtkwave (Adrian Bunk) NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240116: For CVE-2023-32650 etc. (lamby) + NOTE: 20240316: https://bugs.debian.org/1060407 (bunk) -- h2o NOTE: 20231228: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a836f4e73def6f65220cc52bd2f203a5d2f64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1a836f4e73def6f65220cc52bd2f203a5d2f64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits