Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: apac...@packages.debian.org
> Control: affects -1 + src:apache2
>
> [ Reason ]
> apache2 silently
Am Tue, Mar 28, 2023 at 09:29:57PM +0200 schrieb Salvatore Bonaccorso:
> Hi László,
>
> On Sun, Mar 26, 2023 at 04:13:01PM +0200, László Böszörményi wrote:
> > Hi,
> >
> > On Fri, Mar 17, 2023 at 7:54 PM László Böszörményi (GCS)
> > wrote:
> > &g
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23456[0]:
| A heap-based buffer overflow issue was discovered in UPX in
| PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
|
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2023-27102[0]:
| Libde265 v1.0.11 was discovered to contain a segmentation violation
| via the function
Source: aflplusplus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for aflplusplus.
CVE-2023-26266[0]:
| In AFL++ 4.05c, the CmpLog component uses the current working
| directory to resolve and execute unprefixed fuzzing
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2023-1289[0]:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
Source: maradns
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maradns.
CVE-2022-30256[0]:
| An issue was discovered in MaraDNS Deadwood through 3.5.0021 that
| allows variant V1 of unintended domain name resolution. A
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-1108[0]:
https://issues.redhat.com/browse/UNDERTOW-2239
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: wordpress
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wordpress.
CVE-2022-3590[0]:
| WordPress is affected by an unauthenticated blind SSRF in the pingback
| feature. Because of a TOCTOU race condition
Source: node-request
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for node-request.
CVE-2023-28155[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for
| Node.js allows a bypass of SSRF mitigations
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.
Source: golang-github-go-macaron-csrf
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-go-macaron-csrf.
CVE-2018-25060[0]:
| A vulnerability was found in Macaron csrf and classified as
| problematic.
Source: python-oslo.privsep
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-oslo.privsep.
CVE-2022-38065[0]:
| A privilege escalation vulnerability exists in the oslo.privsep
| functionality of OpenStack git
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C.
Source: r-cran-commonmark
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for r-cran-commonmark.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C.
Source: python-cmarkgfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-cmarkgfm.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C.
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cmark-gfm.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Versions prior to
Source: libcpan-checksums-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcpan-checksums-perl.
CVE-2020-16155[0]:
| The CPAN::Checksums package 2.12 for Perl does not uniquely define
| signed data.
Am Mon, Jun 20, 2022 at 04:59:39PM +0200 schrieb Moritz Mühlenhoff:
> Source: cookiecutter
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for cookiecutter.
>
> CVE-2022-24065[0]
Am Mon, Mar 13, 2023 at 03:07:34PM + schrieb Holger Levsen:
> On Mon, Mar 13, 2023 at 03:58:45PM +0100, Moritz Mühlenhoff wrote:
> > Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> > > * security-support-limited:
> > > - for golang and openjd
Am Fri, May 21, 2021 at 09:46:31PM +0200 schrieb Moritz Muehlenhoff:
> Source: thrift
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2019-11939:
> https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
Hi,
is this fixed in
Am Mon, Jun 13, 2022 at 06:12:36PM +0200 schrieb Moritz Mühlenhoff:
> Source: golang-github-emicklei-go-restful
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for
> golang-github-em
Am Fri, Jul 08, 2022 at 04:31:10PM +0200 schrieb Moritz Mühlenhoff:
> Source: svgpp
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> The following vulnerability was published for svgpp.
>
> CVE-2021-44960[0]:
&g
Am Sun, Feb 19, 2023 at 06:03:09PM + schrieb Debian Bug Tracking System:
> This is an automatic notification regarding your Bug report
> which was filed against the src:deluge package:
>
> #1019594: deluge: CVE-2021-3427
>
> It has been closed by Daniel Baumann .
>
> Their explanation is
Am Fri, Feb 26, 2021 at 05:29:07PM +0100 schrieb Moritz Muehlenhoff:
> Source: open-build-service
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2020-8020:
> https://bugzilla.suse.com/show_bug.cgi?id=1171439
>
Am Tue, Nov 08, 2022 at 08:42:05PM +0100 schrieb Moritz Mühlenhoff:
> Source: libstb
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for libstb.
>
> CVE-2021-37789[0]:
> |
Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler:
> On 2021-08-14 Salvatore Bonaccorso wrote:
> > Source: exim4
> > Version: 4.94.2-7
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> >
>
> > Hi,
>
> > The following
Am Sun, Jul 10, 2022 at 07:31:30PM +0200 schrieb Moritz Mühlenhoff:
> Source: nim
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> The following vulnerability was published for nim.
>
> CVE-2021-41259[0]:
> | Nim
Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> * security-support-limited:
> - for golang and openjdk-17, point to the bookworm manual instead the one
> for bullseye.
That's wrong, though. (And the release notes need updating to, I'll file
a bug soonish): In
Source: allegro4.4
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for allegro4.4.
CVE-2021-36489[0]:
| Buffer Overflow vulnerability in Allegro through 5.2.6 allows
| attackers to cause a denial of service via crafted
Source: wabt
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for wabt.
CVE-2023-27115[0]:
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via
| the component wabt::cat_compute_size.
Source: nvidia-cuda-toolkit
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for nvidia-cuda-toolkit.
CVE-2023-0193[0]:
No description was found (try on a search engine)
CVE-2023-0196[1]:
| NVIDIA CUDA Toolkit SDK contains
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-27114[0]:
| radare2 v5.8.3 was discovered to contain a segmentation fault via the
| component wasm_dis at p/wasm/wasm.c.
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2021-33367[0]:
| Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to
| cause a denial of service via a crafted JXR file.
Source: tidy-html5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tidy-html5.
CVE-2021-33391[0]:
| An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute
| arbitrary code via the -g option of the CleanNode()
Source: mootools
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for mootools.
CVE-2021-32821[0]:
| MooTools is a collection of JavaScript utilities for JavaScript
| developers. All known versions include a CSS selector
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2023-0996[0]:
| There is a vulnerability in the strided image data parsing code in the
| emscripten wrapper for libheif. An attacker could exploit
Source: golang-github-hashicorp-go-getter
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-hashicorp-go-getter.
CVE-2023-0475[0]:
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to
| decompression
Source: libpod
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libpod.
CVE-2023-0778[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2168256
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-23537[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based
Source: py7zr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for py7zr.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD support is enabled. If the
Source: grave
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grave.
CVE-2022-44900[0]:
| A directory traversal vulnerability in the SevenZipFile.extractall()
| function of the python library py7zr v0.20.0 and earlier
Source: libwoodstox-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libwoodstox-java.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2022-4492[0]:
| The undertow client is not checking the server identity presented by
| the server certificate in https connections. This is
Source: vtk9
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vtk9.
CVE-2021-42521[0]:
| There is a NULL pointer dereference vulnerability in VTK, and it lies
| in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vim.
CVE-2023-0054[0]:
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23457[0]:
| A Segmentation fault was found in UPX in
| PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with
| a crafted
Source: qtbase-opensource-src-gles
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src-gles.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a
Source: qtbase-opensource-src
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a specifically
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a specifically crafted string
Source: nethack
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nethack.
CVE-2023-24809[0]:
| NetHack is a single player dungeon exploration game. Starting with
| version 3.6.2 and prior to version 3.6.7, illegal input
Am Sun, Feb 19, 2023 at 05:23:55PM +0100 schrieb Markus Koschany:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: a...@debian.org
>
> Hi,
>
> I would like to update snakeyaml in Bullseye. The package
Source: libcommons-fileupload-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcommons-fileupload-java.
CVE-2023-24998[0]:
| Apache Commons FileUpload before 1.5 does not limit the number of
| request parts to be
Source: iortcw
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rtcwcoop, which seems
to be a fork of iortcw, but the patches don't seem to have flown back?
CVE-2019-25104[0]:
| A vulnerability has been found in rtcwcoop
Source: glusterfs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for glusterfs.
CVE-2023-26253[0]:
| In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-
| bridge.c notify stack-based buffer over-read.
Source: resteasy3.0
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy3.0.
CVE-2023-0482[0]:
| In RESTEasy the insecure File.createTempFile() is used in the
| DataSourceProvider, FileProvider and Mime4JWorkaround
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for emacs.
CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the
Source: resteasy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for resteasy.
CVE-2023-0482[0]:
| In RESTEasy the insecure File.createTempFile() is used in the
| DataSourceProvider, FileProvider and Mime4JWorkaround
Source: epiphany-browser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for epiphany-browser.
CVE-2023-26081[0]:
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can
| trick users into exfiltrating
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hdf5. The reports
mentioned a vendor disclosure, but not sure when/how.
CVE-2022-26061[0]:
| A heap-based buffer overflow vulnerability exists in the gif2h5
|
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
Source: node-http-server
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-http-server.
CVE-2021-23797[0]:
| All versions of package http-server-node are vulnerable to Directory
| Traversal via use of --path-as-is.
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rails.
CVE-2023-22796[0]:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
Source: pgpool2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2023-22332[0]:
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to
| 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to
Source: opusfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opusfile.
CVE-2022-47021[0]:
| A null pointer dereference issue was discovered in functions
| op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-23627[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0
| and later, prior to 6.0.1, are vulnerable
severity 1027788 important
thanks
Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.12.0-1
> Severity: grave
>
> Dear Moritz,
>
> after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my
> local leafnode instance anymore and Gnus refuses
Source: rust-bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-bzip2.
CVE-2023-22895[0]:
| The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
| denial of service via a large file that triggers an
Source: rust-tokio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-tokio.
I haven't checked this is a Windows-specific issue or whether rust-tokio
as packaged in Debian would also be affected if e.g. operating on a
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2023-0330[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2160151
Proposed patch:
Source: swift
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for swift.
CVE-2022-47950:
OSSA-2023-001: Arbitrary file access through custom S3 XML entities
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
Fixed in 7.0.6
CVE-2023-21884[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core).
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in 8.0.32.
CVE-2023-21863[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer).
Am Thu, Jan 12, 2023 at 09:17:18PM +0100 schrieb Paul Gevers:
> On 12-01-2023 16:50, Shengjing Zhu wrote:
> > > But this bug report triggered me: did the golang security situation
> > > already improved during this release cycle. I may be misremembering, but
> > > I recall the problems on the
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
>
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2023-22602[0]:
| When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+,
| a specially crafted HTTP request may cause an authentication
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2023-0302[0]:
| Failure to Sanitize Special Elements into a Different Plane (Special
| Element Injection) in GitHub repository
Source: zip4j
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for zip4j.
CVE-2023-22899[0]:
| Zip4j through 2.11.2, as used in Threema and other products, does not
| always check the MAC when decrypting a ZIP archive.
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity:
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > >
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43603[0]:
| A denial of service vulnerability exists in the ZfileOutput::close()
| functionality of OpenImageIO Project
Am Tue, Nov 29, 2022 at 10:04:34PM +0100 schrieb Salvatore Bonaccorso:
> Source: libetpan
> Version: 1.9.4-3
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/dinhvh/libetpan/issues/420
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The
Source: netty
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for netty.
CVE-2022-41915[0]:
| Netty project is an event-driven asynchronous network application
| framework. In versions prior to 4.1.86.Final, when calling
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43235[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse
Source: dcmtk
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for dcmtk.
CVE-2022-43272[0]:
| DCMTK v3.6.7 was discovered to contain a memory leak via the
| T_ASC_Association object.
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2021-3574[0]:
| A vulnerability was found in ImageMagick-7.0.11-5, where executing a
| crafted file with the convert command, ASAN
Source: python-git
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-git.
CVE-2022-24439[0]:
| All versions of package gitpython are vulnerable to Remote Code
| Execution (RCE) due to improper user input validation,
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for consul.
CVE-2022-40716[0]:
| HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and
| 1.13.1 do not check for multiple SAN URI values in a CSR on
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for consul.
CVE-2022-40716[0]:
| HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and
| 1.13.1 do not check for multiple SAN URI values in a CSR on
Source: xdg-utils
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for xdg-utils.
CVE-2022-4055[0]:
| When xdg-mail is configured to use thunderbird for mailto URLs,
| improper parsing of the URL can lead to additional
Source: puppet-module-puppetlabs-mysql
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for puppet-module-puppetlabs-mysql.
CVE-2022-3276[0]:
| Command injection is possible in the puppetlabs-mysql module prior to
| version
Source: ruby-rails-html-sanitizer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rails-html-sanitizer.
CVE-2022-23517[0]:
| rails-html-sanitizer is responsible for sanitizing HTML fragments in
| Rails applications.
Source: ceph
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ceph.
CVE-2022-3854[0]:
https://tracker.ceph.com/issues/55765
Per the tracker entry, the fix will land in 16.2.11.
If you fix the vulnerability please also
Source: neutron
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for neutron.
For CVE-2022-3277 the original reference is from Red Hat Bugzilla,
not sure if it was been reported upstream:
Source: jython
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
This also affects Jython:
CVE-2019-16935[0]:
| The documentation XML-RPC server in Python through 2.7.16, 3.x through
| 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field.
| This occurs in
Am Wed, Dec 28, 2022 at 05:31:34PM +0100 schrieb Moritz Mühlenhoff:
> Source: openimageio
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for openimageio.
And two more
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for vim.
CVE-2022-4141[0]:
| Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing
| an attacker to CTRL-W gf in the expression used in the RHS of
Source: node-json5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-json5.
CVE-2022-46175[0]:
| JSON5 is an extension to the popular JSON file format that aims to be
| easier to write and maintain by hand (e.g. for
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2022-4398[0]:
| Integer Overflow or Wraparound in GitHub repository radareorg/radare2
| prior to 5.8.0.
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43592[0]:
| An information disclosure vulnerability exists in the
| DPXOutput::close() functionality of OpenImageIO Project
401 - 500 of 2466 matches
Mail list logo
