Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for r-cran-commonmark.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-cmarkgfm.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized version of
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cmark-gfm.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized version of Markdown
Source: orthanc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for orthanc.
CVE-2023-33466[0]:
| Orthanc before 1.12.0 allows authenticated users with access to the
| Orthanc API to overwrite arbitrary files on the file
Source: yt-dlp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for yt-dlp.
CVE-2023-35934[0]:
| yt-dlp is a command-line program to download videos from video
| sites. During file downloads, yt-dlp or the external
Source: kodi
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for kodi.
CVE-2023-30207[0]:
| A divide by zero issue discovered in Kodi Home Theater Software 19.5
| and earlier allows attackers to cause a denial of service via
Source: libcoap3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcoap3.
CVE-2023-30362[0]:
| Buffer Overflow vulnerability in coap_send function in libcoap
| library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200
Source: node-dottie
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-dottie.
CVE-2023-26132[0]:
| Versions of the package dottie before 2.0.4 are vulnerable to
| Prototype Pollution due to insufficient checks, via
Am Wed, Jun 28, 2023 at 01:03:33PM -0700 schrieb Ryan Tandy:
> Hmm. So on upgrade I suppose we would want to automatically migrate those
> settings to a drop-in? That actually sounds doable; such a drop-in would
> probably not have to be a conffile.
Indeed, so my idea was that e.g. the systemd
Am Wed, Jun 28, 2023 at 09:49:06AM -0700 schrieb Ryan Tandy:
> On Wed, Jun 28, 2023 at 06:29:31PM +0200, Andreas Henriksson wrote:
> > I'm attaching a patch which has only been compile-tested as I don't
> > use slapd myself. It would be great if someone who uses slapd could
> > pick it up, test it
Am Wed, Jun 21, 2023 at 05:41:36PM +0200 schrieb Emanuele Rocca:
> Hey Moritz,
>
> On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> > I think this should rather be applied early after the Bookworm
> > release (and ideally we can also finish off the necessary testing
>
Source: fdkaac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for fdkaac.
CVE-2023-34823[0]:
| fdkaac before 1.0.5 was discovered to contain a stack overflow in
| read_callback function in src/main.c.
Source: sabnzbdplus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sabnzbdplus.
CVE-2023-34237[0]:
| SABnzbd is an open source automated Usenet download tool. A design
| flaw was discovered in SABnzbd that could allow
Source: ruby-doorkeeper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-doorkeeper.
CVE-2023-34246[0]:
| Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior
| to version 5.6.6, Doorkeeper
Source: flask-appbuilder
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for flask-appbuilder.
CVE-2023-34110[0]:
| Flask-AppBuilder is an application development framework, built on
| top of Flask. Prior to version 4.3.2,
Source: netty
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for netty.
CVE-2023-34462[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid development of maintainable high performance
tags fixed-upstream
thanks
Am Thu, Jun 15, 2023 at 02:08:04PM +0100 schrieb Simon McVittie:
> Source: raincat
> Tags: trixie sid
> User: pkg-sdl-maintain...@lists.alioth.debian.org
> Usertags: libsdl1.2
>
> This package depends on libghc-sdl-dev, which is a language binding
> for SDL 1.2. SDL
Am Fri, May 27, 2022 at 09:48:05AM +0200 schrieb Guillem Jover:
> I don't think the issues presented by Florian were ever resolved, so
> my concerns in https://bugs.debian.org/918914#15 would still apply,
> even though Ubuntu has enabled this, but they have a different set of
> architectures.
I
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters:
> Source: gpac
> Source-Version: 2.2.1+dfsg1-1
> Done: Reinhard Tartler
> Changes:
> gpac (2.2.1+dfsg1-1) experimental; urgency=medium
> .
>* New upstream version,
> closes: #1033116, #1034732, #1034187, #1036701,
Source: jtidy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jtidy.
CVE-2023-34623[0]:
| An issue was discovered jtidy thru r938 allows attackers to cause a
| denial of service or other unspecified impacts via crafted
1025011, thanks to Moritz Mühlenhoff
It's nice that there's renewed interest, but this involves also taking
care of netatalk in stable, there's a range of issues (full list at
https://security-tracker.debian.org/tracker/source-package/netatalk)
which need to be backported to bullseye-security.
I'm re
Am Wed, May 24, 2023 at 03:50:06PM +0200 schrieb Moritz Mühlenhoff:
> Source: qtbase-opensource-src-gles
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for qtbase-opensource-src-gle
Source: teeworlds
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for teeworlds.
CVE-2023-31517[0]:
| Teeworlds v0.7.5 was discovered to contain memory leaks.
Source: qtbase-opensource-src-gles
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src-gles.
CVE-2023-32762[0]:
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
Per IRC
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-2837[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.2.
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for asterisk.
CVE-2023-27585[0]:
| PJSIP is a free and open source multimedia communication library
| written in C. A buffer overflow vulnerability in versions
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2018-20587[0]:
| Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through
| 0.17.x before 0.17.1.knots20181229 have Incorrect
Source: civicrm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for civicrm.
CVE-2023-25440[0]:
| Stored Cross Site Scripting (XSS) vulnerability in the add contact
| function CiviCRM 5.59.alpha1, allows attackers to
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for angular.js.
CVE-2022-25869[0]:
| All versions of package angular are vulnerable to Cross-site Scripting
| (XSS) due to insecure page caching in the
Am Tue, Jul 12, 2022 at 04:44:36PM +0200 schrieb László Böszörményi (GCS):
> Hi Moritz,
>
> On Mon, Jul 11, 2022 at 9:27 PM Moritz Mühlenhoff wrote:
> > The following vulnerability was published for angular.js.
> >
> > CVE-2022-25844[0]:
> I don't think
Source: civicrm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for snappy, which is bundled
by civicrm:
CVE-2023-28115[0]:
| Snappy is a PHP library allowing thumbnail, snapshot or PDF generation
| from a url or a html
Source: jruby
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for jruby.
CVE-2023-28755[0]:
| A ReDoS issue was discovered in the URI component through 0.12.0 in
| Ruby through 3.2.1. The URI parser mishandles invalid URLs
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tiff.
CVE-2023-2731[0]:
| A NULL pointer dereference flaw was found in Libtiff's LZWDecode()
| function in the libtiff/tif_lzw.c file. This flaw allows a
Source: libraw
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libraw.
CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an
Source: openjdk-11
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-11.
CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE).
Source: libpodofo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libpodofo.
CVE-2023-31566[0]:
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the
| component
Source: openjdk-17
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-17.
CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE).
Source: docker-registry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker-registry.
CVE-2023-2253[0]:
https://www.openwall.com/lists/oss-security/2023/05/09/1
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vim.
CVE-2023-2610[0]:
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to
| 9.0.1532.
Source: opencv
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for opencv.
CVE-2023-2617[0]:
| A vulnerability classified as problematic was found in OpenCV
| wechat_qrcode Module up to 4.7.0. Affected by this vulnerability
Source: yasm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for yasm.
CVE-2023-29579[0]:
| yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via
| the component yasm/yasm+0x43b466 in vsprintf.
Source: odoo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for odoo.
CVE-2021-23166[0]:
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo
| Enterprise 15.0 and earlier allows authenticated administrators
Source: apache-jena
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for apache-jena.
CVE-2023-22665[0]:
| There is insufficient checking of user queries in Apache Jena versions
| 4.7.0 and earlier, when invoking custom
Source: dav1d
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dav1d.
CVE-2023-32570[0]:
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that
| can lead to an application crash, related to
Source: maradns
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maradns.
CVE-2023-31137[0]:
| MaraDNS is open-source software that implements the Domain Name System
| (DNS). In version 3.5.0024 and prior, a remotely
Source: libpodofo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libpodofo.
CVE-2023-31555[0]:
| podofoinfo 0.10.0 was discovered to contain a segmentation violation
| via the function
Source: in-toto
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for in-toto.
CVE-2023-32076[0]:
| in-toto is a framework to protect supply chain integrity. The in-toto
| configuration is read from various directories and
Moritz Muehlenhoff wrote:
> call. $MENU is set to '/usr/bin/main-menu' and in fact running
>
> "debconf -o d-i /usr/bin/main-menu" tries to emit some output (I can see the
> cursor
> moving), but drops back to the shell right away.
>
> I'm not familiar with cdebconf, if there's some suggested
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for frr.
CVE-2022-43681[0]:
| An out-of-bounds read exists in the BGP daemon of FRRouting FRR
| through 8.4. When sending a malformed BGP OPEN message that ends
Source: puppetserver
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for puppetserver.
CVE-2023-1894[0]:
| A Regular Expression Denial of Service (ReDoS) issue was discovered in
| Puppet Server 7.9.2 certificate validation.
Am Tue, May 02, 2023 at 01:05:55PM +0200 schrieb Moritz Schlarb:
> Dear Security Team,
>
> regarding fixing this in Bullseye
> (https://salsa.debian.org/debian/libapache2-mod-auth-openidc/-/compare/769c3920203e7c64f6ff9456ee6858ac0cb034f0...a8e821213ac28ca0909ca4f1bf512de5e35f90fa):
>
> Shall I
Source: 389-ds-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2023-1055[0]:
| A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP
| tries to decode the userPassword attribute
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2023-0841[0]:
| A vulnerability, which was classified as critical, has been found in
| GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function
|
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-commonmarker.
CVE-2022-39209[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. In
Source: mariadb
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for mariadb.
CVE-2022-47015[0]:
| MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of
| Service. It is possible for function
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-cmarkgfm.
CVE-2022-39209[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. In
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2022-37708[0]:
| Docker version 20.10.15, build fd82621 is vulnerable to Insecure
| Permissions. Unauthorized users outside the Docker
Source: slic3r
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for slic3r.
CVE-2022-36788[0]:
| A heap-based buffer overflow vulnerability exists in the TriangleMesh
| clone functionality of Slic3r libslic3r 1.3.0 and Master
Source: lua5.3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lua5.3.
CVE-2021-43519[0]:
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4
| allows attackers to perform a Denial of Service via a
Source: lua5.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lua5.1.
CVE-2021-43519[0]:
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4
| allows attackers to perform a Denial of Service via a
Source: lua5.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lua5.2.
CVE-2021-43519[0]:
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4
| allows attackers to perform a Denial of Service via a
Source: vtk7
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vtk7.
CVE-2021-42521[0]:
| There is a NULL pointer dereference vulnerability in VTK before 9.2.5,
| and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor
Source: vtk6
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vtk6.
CVE-2021-42521[0]:
| There is a NULL pointer dereference vulnerability in VTK before 9.2.5,
| and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for consul.
CVE-2021-41803[0]:
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
| properly validate the node or segment names prior to interpolation
Source: etcd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for etcd.
CVE-2021-28235[0]:
| Authentication vulnerability found in Etcd-io v.3.4.10 allows remote
| attackers to escalate privileges via the debug function.
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for hdf5.
CVE-2019-8396[0]:
| A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5
| through 1.10.4 library allows attackers to cause a
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for hdf5.
CVE-2018-11205[0]:
| A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the
| HDF HDF5 1.10.2 library. It could allow a remote denial of
Source: dogecoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for dogecoin.
CVE-2021-37491[0]:
| An issue discovered in src/wallet/wallet.cpp in Dogecoin Project
| Dogecoin Core 1.14.3 and earlier allows attackers to view
Source: fis-gtm
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44496[0]:
| An issue was discovered in FIS GT.M through V7.0-000 (related to the
| YottaDB code base). Using crafted input, an attacker
Source: samba
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for samba.
CVE-2018-14628[0]:
| An information leak vulnerability was discovered in Samba's LDAP
| server. Due to missing access control checks, an authenticated
Source: resteasy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy.
CVE-2020-1695[0]:
| A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final
| and all resteasy 4.x.x versions prior to
Source: dogtag-pki
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dogtag-pki.
CVE-2022-2393[0]:
| A flaw was found in pki-core, which could allow a user to get a
| certificate for another user identity when
Source: nvidia-cuda-toolkit
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for nvidia-cuda-toolkit.
CVE-2023-25510[0]:
| NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer
| dereference in cuobjdump,
Source: pev
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pev.
CVE-2021-45423[0]:
| A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports
| function from exports.c.. The array offsets_to_Names is
Source: libyang2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libyang2.
CVE-2023-26917[0]:
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL
| pointer dereference via the function
Source: rust-hyper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-hyper.
CVE-2023-26964[0]:
| An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking
| occurs when the H2 component processes HTTP2
Source: jpeg-xl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jpeg-xl.
CVE-2023-0645[0]:
| An out of bounds read exists in libjxl. An attacker using a
| specifically crafted file could cause an out of bounds read in
Source: wireshark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for wireshark.
CVE-2023-1992[0]:
| RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to
| 3.6.12 allows denial of service via packet
Source: openssl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for openssl.
CVE-2023-1255[0]:
| Issue summary: The AES-XTS cipher decryption implementation for 64 bit
| ARM platform contains a bug that could cause it to
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2023-21982[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2023-1906[0]:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
Source: ncurses
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ncurses.
CVE-2023-29491 was assigned to
https://invisible-island.net/ncurses/NEWS.html#index-t20230408
If you fix the vulnerability please also make sure
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-1448[1]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the
Source: opendoas
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opendoas.
CVE-2023-28339[0]:
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege
| escalation because of sharing a terminal with the
Source: heat
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for heat.
CVE-2023-1625[0]:
information leak in API
https://bugzilla.redhat.com/show_bug.cgi?id=2181621
https://review.opendev.org/c/openstack/heat/+/868166
Source: nextcloud-desktop
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2023-28999[0]:
| Nextcloud is an open-source productivity platform. In Nextcloud
| Desktop client 3.0.0 until 3.8.0,
Source: stellarium
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for stellarium.
CVE-2023-28371[0]:
| In Stellarium through 1.2, attackers can write to files that are
| typically unintended, such as ones with absolute
Source: owslib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for owslib.
CVE-2023-27476[0]:
| OWSLib is a Python package for client programming with Open Geospatial
| Consortium (OGC) web service interface standards, and
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nomad.
CVE-2023-0821[0]:
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3
| jobs using a maliciously compressed artifact stanza source
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-1544[0]:
| A flaw was found in the QEMU implementation of VMWare's paravirtual
| RDMA device. This flaw allows a crafted guest driver to
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-1605[0]:
| Denial of Service in GitHub repository radareorg/radare2 prior to
| 5.8.6.
Source: opensmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opensmtpd.
CVE-2023-29323[0]:
| ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2
| before errata 020, and OpenSMTPD Portable before
Source: bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for bzip2.
CVE-2023-29415[0]:
| An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial
| of service (process hang) can occur with a crafted archive
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-cmarkgfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A
Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for r-cran-commonmark.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cmark-gfm.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A polynomial time
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Am Tue, Apr 04, 2023 at 09:14:36PM +0200 schrieb Paul Gevers:
> On 04-04-2023 20:07, Moritz Mühlenhoff wrote:
> > If we would add the list of source packages which are following micro
> releases
> > in stable-security to a machine-parseable list (e.g. somewhere in the
> &g
Am Tue, Apr 04, 2023 at 08:58:37AM +0200 schrieb Ondřej Surý:
> Hi Paul, Salvatore,
>
> In all honesty, I thought that the pre-negotiated exception for PHP
> does apply to all future Debian releases, so it did come as surprise
> that I have to explain this again.
Question to the release team:
If
301 - 400 of 2466 matches
Mail list logo