Am Fri, May 31, 2024 at 03:53:13PM -0300 schrieb Leandro Cunha:
> Package: release.debian.org
> Control: affects -1 + src:phppgadmin
> X-Debbugs-Cc: phppgad...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: rm
> X-Debbugs-Cc: leandrocunha...@gmail.com
> Severity:
Source: golang-github-lucas-clemente-quic-go
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
golang-github-lucas-clemente-quic-go.
CVE-2024-22189[0]:
| quic-go is an implementation of the QUIC protocol in Go. Prior to
Source: pypy3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pypy3.
CVE-2023-27043[0]:
| The email module of Python through 3.11.3 incorrectly parses e-mail
| addresses that contain a special character. The wrong
Source: libnetwork-ipv4addr-perl
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libnetwork-ipv4addr-perl.
CVE-2021-47155[0]:
| The Net::IPV4Addr module 0.10 for Perl does not properly consider
| extraneous zero characters
Hi Guilhem,
> > CVE-2024-3651[0]:
> > | potential DoS via resource consumption via specially crafted inputs to
> > | idna.encode()
>
> I'm preparing an update for this issue for Buster LTS, would you like me
> to propose debdiffs for (o)s-pu and sid too?
Please do so!
Cheers,
Moritz
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-31948[0]:
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix
| SID attribute in a BGP UPDATE packet can cause the bgpd daemon to
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-31949[0]:
| In FRRouting (FRR) through 9.1, an infinite loop can occur when
| receiving a MP/GR capability as a dynamic capability because
|
Am Sat, May 04, 2024 at 06:00:24PM +0200 schrieb Moritz Mühlenhoff:
> Source: frr
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for frr.
>
> CVE-2024-34088[0]:
>
Source: gnome-shell
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gnome-shell.
CVE-2024-36472[0]:
| In GNOME Shell through 45.7, a portal helper can be launched
| automatically (without user confirmation) based on
Source: jayway-jsonpath
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jayway-jsonpath.
CVE-2023-51074[0]:
| json-path v2.8.0 was discovered to contain a stack overflow via the
| Criteria.parse() method.
Source: node-ip
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-ip.
CVE-2024-29415[0]:
| The ip package through 2.0.1 for Node.js might allow SSRF because
| some IP addresses (such as 127.1, 01200034567, 012.1.2.3,
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for zabbix.
CVE-2024-22120[0]:
| Zabbix server can perform command execution for configured scripts.
| After command is executed, audit entry is added to "Audit
Source: python-aiosmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-aiosmtpd.
CVE-2024-34083[0]:
| aiosmptd is a reimplementation of the Python stdlib smtpd.py based
| on asyncio. Prior to version 1.4.6, servers
Source: liboqs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for liboqs.
CVE-2024-31510[0]:
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker
| to escalate privileges via the crypto_sign_signature
Source: iperf3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for iperf3.
CVE-2024-26306[0]:
| iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server
| with RSA authentication, allows a timing side channel in
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2024-25581[0]:
| When incoming DNS over HTTPS support is enabled using the nghttp2
| provider, and queries are routed to a tcp-only or DNS
Source: bpftrace
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpftrace.
CVE-2024-2313[0]:
| If kernel headers need to be extracted, bpftrace will attempt to
| load them from a temporary directory. An unprivileged
Source: bpfcc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpfcc.
CVE-2024-2314[0]:
| If kernel headers need to be extracted, bcc will attempt to load
| them from a temporary directory. An unprivileged attacker could
Source: clojure
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clojure.
CVE-2024-22871[0]:
| An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an
| attacker to cause a denial of service (DoS) via the
|
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-24557[0]:
| Moby is an open-source project created by Docker to enable software
| containerization. The classic builder cache system
Source: lief
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lief.
CVE-2024-31636[0]:
| An issue in LIEF v.0.14.1 allows a local attacker to obtain
| sensitive information via the name parameter of the machd_reader.c
|
Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cjson.
CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
|
Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> Hi Christoph Berg,
>
> On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote:
> >
> > Re: Leandro Cunha
> > > The
> > > next job would be to make it available through backports and I would
> > > choose to remove this package from
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2024-34244[0]:
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
| modbus_write_bits function. This issue can be triggered when
Source: node-braces
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-braces.
CVE-2024-4068[0]:
| The NPM package `braces`, versions prior to 3.0.3, fails to limit
| the number of characters it can handle, which
Source: node-micromatch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-micromatch.
CVE-2024-4067[0]:
| The NPM package `micromatch` is vulnerable to Regular Expression
| Denial of Service (ReDoS). The
Source: maxima
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maxima.
CVE-2024-34490[0]:
| In Maxima through 5.47.0 before 51704c, the plotting facilities make
| use of predictable names under /tmp. Thus, the contents
Source: python-pymysql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-pymysql.
We should also fix this in a DSA, could you prepare debdiffs for
bookworm-security and bullseye-security?
CVE-2024-36039[0]:
| PyMySQL
Source: ruby3.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML
Source: ruby3.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.2.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML
Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
> This is a bit like the limited security support for binutils,
> I suppose. Could/should we document that in the same places?
Sure thing, this sounds similar to what was done for Lilypond,
best to simply ship a similar
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for hdf5:
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
CVE-2024-33877[0]:
| HDF5 Library through 1.14.3 has a heap-based buffer
Source: musescore3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for musescore3.
CVE-2023-44428[0]:
| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows
Source: npgsql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for npgsql.
CVE-2024-32655[0]:
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()`
| method in
Source: golang-github-opencontainers-go-digest
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
golang-github-opencontainers-go-digest.
CVE-2024-3727[0]:
| A flaw was found in the github.com/containers/image library.
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tinyproxy.
CVE-2023-40533[0]:
| An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1
| while parsing HTTP requests. In certain
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2023-47212[0]:
| A heap-based buffer overflow vulnerability exists in the comment
| functionality of stb _vorbis.c v1.22. A specially crafted
Source: exiv2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for exiv2.
The advisories are a little misleading, they mention it as
new in v0.28.0, but that only applies to the "main" branch,
where it was removed and later
Source: gobgp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gobgp.
CVE-2023-46565[0]:
| Buffer Overflow vulnerability in osrg gobgp commit
| 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to
| cause
Source: opendmarc
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for opendmarc. It's unclear
whether this is actually a security issue, it doesn't appear to have
been reported upstream...
CVE-2024-25768[0]:
| OpenDMARC 1.4.2
Source: jupyterhub
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterhub.
CVE-2024-28233[0]:
| JupyterHub is an open source multi-user server for Jupyter
| notebooks. By tricking a user into visiting a malicious
Source: gdcm
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gdcm.
These are fixed in 3.0.24:
CVE-2024-25569[0]:
| An out-of-bounds read vulnerability exists in the
| RAWCodec::DecodeBytes functionality of Mathieu
Source: llvm-toolchain-14
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-14.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-15
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-15.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-16
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-16.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-17
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-17.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-18
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-18.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: pytorch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for pytorch.
CVE-2024-31580[0]:
| PyTorch before v2.2.0 was discovered to contain a heap buffer
| overflow vulnerability in the component
|
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-32473[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-34088[0]:
| In FRRouting (FRR) through 9.1, it is possible for the get_edge()
| function in ospf_te.c in the OSPF daemon to return a NULL
Source: uriparser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for uriparser.
CVE-2024-34402[0]:
| An issue was discovered in uriparser through 0.9.7.
| ComposeQueryEngine in UriQuery.c has an integer overflow via
Source: python-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-jose.
CVE-2024-33663[0]:
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA
| keys and other key formats. This is similar
Source: quickjs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for quickjs.
CVE-2024-33263[0]:
| QuickJS commit 3b45d15 was discovered to contain an Assertion
| Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
Source: social-auth-app-django
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for social-auth-app-django.
CVE-2024-32879[0]:
| Python Social Auth is a social authentication/registration
| mechanism. Prior to version 5.4.1,
Source: tqdm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tqdm.
CVE-2024-34062[0]:
| tqdm is an open source progress bar for Python and CLI. Any optional
| non-boolean CLI arguments (e.g. `--delim`, `--buf-size`,
|
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ofono.
It's not clear whether they were actually reported upstream or only
submitted to Red Hat Bugzilla:
CVE-2023-4232[0]:
| A flaw was found in ofono,
Source: dmitry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause
Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-flask-cors.
CVE-2024-1681[0]:
| corydolphin/flask-cors is vulnerable to log injection when the log
| level is set to debug. An attacker
Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with
Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
|
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21102[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that
Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Bastien Roucariès
> Control: affects -1 + src:json-smart
> Control: block 1039985 with
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3567[0]:
| A flaw was found in QEMU. An assertion failure was present in the
| update_sctp_checksum() function in hw/net/net_tx_pkt.c when
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3447[0]:
https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/
https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3446[0]:
| A double free vulnerability was found in QEMU virtio devices
| (virtio-gpu, virtio-serial-bus, virtio-crypto), where the
|
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for qemu.
CVE-2024-26327[0]:
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in
| hw/pci/pcie_sriov.c mishandles the situation where a
Source: sngrep
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sngrep.
CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1635[0]:
| A vulnerability was found in Undertow. This vulnerability impacts a
| server that supports the wildfly-http-client protocol.
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-1973[0]:
The only reference is at Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=2185662
If you fix the vulnerability please
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted
Am Tue, Apr 09, 2024 at 02:02:13PM +1200 schrieb Vladimir Petko:
> Hi,
>
> I have realized that I have not submitted the bug report for this
> issue, so the decision to try vendoring dependencies for JTREG is not
> visible anywhere.
>
> Starting from the April OpenJDK release, JTREG 7.3 will be
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
|
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for freeimage. They are all
only published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
and don't appear to be forwarded
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-29018[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other
Source: murano
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for murano.
CVE-2024-29156[0]:
| In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used,
| the Murano service's MuranoPL extension to the YAQL
Source: varnish
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for varnish.
CVE-2024-30156[0]:
| Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13
| LTS), and Varnish Enterprise 6 before 6.0.12r6, allows
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-29195[0]:
| The azure-c-shared-utility is a C library for AMQP/MQTT
| communication to Azure Cloud Services. This
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2024-30161[0]:
| In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may
| access QNetworkReply header data via a dangling
Source: request-tracker5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker5.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: request-tracker4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker4.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
Source: node-express
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-express.
CVE-2024-29041[0]:
| Express.js minimalist web framework for node. Versions of Express.js
| prior to 4.19.0 and all pre-release alpha
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
Source: slang2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for slang2. From my perspective
they have no real security impact, but we can still treat/fix them as regular
bugs:
CVE-2023-45927[0]:
| S-Lang 2.3.2 was
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: erlang-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for erlang-jose.
CVE-2023-50966[0]:
| erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow
| attackers to cause a denial of service (CPU
Source: jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jose.
CVE-2023-50967[0]:
| latchset jose through version 11 allows attackers to cause a denial
| of service (CPU consumption) via a large p2c (aka PBES2
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2024-26369[0]:
| An issue in the HistoryQosPolicy component of FastDDS v2.12.x,
| v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal
Source: ldap-account-manager
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ldap-account-manager.
CVE-2024-2[0]:
| LDAP Account Manager (LAM) is a webfrontend for managing entries
| stored in an LDAP directory.
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2024-22412[0]:
| ClickHouse is an open-source column-oriented database management
| system. A bug exists in the cloud ClickHouse
Source: black
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for black.
CVE-2024-21503[0]:
| Versions of the package black before 24.3.0 are vulnerable to
| Regular Expression Denial of Service (ReDoS) via the
|
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for net-snmp. This appeared
in the CVE feed, but I doubt that it was actually forwarded upstream.
CVE-2024-26464[0]:
| net-snmp 5.9.4 contains a memory leak
Source: fontforge
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for fontforge.
CVE-2024-25081[0]:
| Splinefont in FontForge through 20230101 allows command injection
| via crafted filenames.
CVE-2024-25082[1]:
|
Source: apache-mime4j
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for apache-mime4j.
CVE-2024-21742[0]:
| Improper input validation allows for header injection in MIME4J
| library when using MIME4J DOM for composing
Source: krb5
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for krb5. They appeared
in the CVE feed, but I doubt they have actually been forwarded to
Kerberos upstream...
CVE-2024-26458[0]:
| Kerberos 5 (aka krb5) 1.21.2
Source: texlive-bin
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for texlive-bin.
CVE-2024-25262[0]:
| texlive-bin commit c515e was discovered to contain heap buffer
| overflow via the function ttfLoadHDMX:ttfdump. This
Source: ruby-rack
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rack.
CVE-2024-26141[0]:
Reject Range headers which are too large
https://github.com/rack/rack/releases/tag/v2.2.8.1
1 - 100 of 2461 matches
Mail list logo