Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2022-46768[0]:
| Arbitrary file read vulnerability exists in Zabbix Web Service Report
| Generation, which listens on the port 10053. The
Am Wed, Nov 16, 2022 at 03:27:53PM +0100 schrieb Jan Altenberg:
> On Thu, 10 Nov 2022 22:45:57 +0100 Bastian Germann wrote:
> > As a new maintainer has stepped up, this cannot be the reason anymore
> > to dump the package. Actually, with the next version of swupdate (one
> > of those handful) I
Source: bookkeeper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bookkeeper.
CVE-2022-32531[0]:
| The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does
| not close the connection to the bookkeeper
Hi Martina,
> Control: affects -1 + src:golang-github-prometheus-exporter-toolkit
>
> [ Reason ]
> This package is currently FTBFS on stable due to flaky tests.
If we're doing a stable update anyway, could we also piggyback the
fix https://security-tracker.debian.org/tracker/CVE-2022-46146 ?
Source: python-pyrdfa
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-pyrdfa.
CVE-2022-4396[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib
| pyrdfa3 and classified as problematic. This
Source: jquery-minicolors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jquery-minicolors.
CVE-2021-4243[0]:
| A vulnerability was found in claviska jquery-minicolors up to 2.3.5.
| It has been rated as problematic.
Source: redmine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redmine.
CVE-2022-44030[0]:
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any
| Issue or any Wiki page due to insufficient permission
Am Wed, Dec 07, 2022 at 08:27:05PM + schrieb Adam D. Barratt:
> Control: tags -1 + confirmed
>
> On Mon, 2022-11-28 at 20:35 +0100, Moritz Muehlenhoff wrote:
> > openjdk bumped the requirements for the test suite within
> > their 11.x branch (which is what we ship in Bullseye), it
> > now
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in
Am Wed, Dec 07, 2022 at 08:31:06PM + schrieb Adam D. Barratt:
> Control: tags -1 + confirmed
>
> On Wed, 2022-11-30 at 22:42 +0100, Moritz Muehlenhoff wrote:
> > This updates fixes various minor crashes in mplayer, which
> > don't warrant a DSA by itself. I've run the PoCs against
> > the
Hi Antoine,
> At your convenience, please review the changes I've done on the package,
> and let me know when I can upload it.
Thanks so much for moving this forward! It looks great to me, please
upload at your convenience.
> PS: and I think you should get rid of the debian/ branches on your
Am Sun, Nov 27, 2022 at 11:45:27AM +0100 schrieb Clément Hermann:
> Hi
>
> Le 25/10/2022 à 13:53, Clément Hermann a écrit :
> > Hi Moritz,
> >
> > Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit :
> >
> > > Given that the primary use case for onionshare will be tails, my
> > > suggestion
Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari:
> Hi,
>
> I adjusted the affected versions in the BTS, but I couldn't find any
> patch for it. The reference to buffer overflows seem related to
> CVE-2020-27818, so I wonder whether it is a duplicate or not.
>
> If it
Hi,
> Heck, you shouldn't even need to build your own debs if we do this
> right; this will trickle down to bookworm and, from there, backports,
> ubuntu, etc.
Agreed, from my perspective an upstream-included debian/ dir is only
useful until it gets packaged. From that point onwards fetching a
Hi Antoine,
[Adding Riccardo Coccilo, my colleague at Wikimedia and the primary
author of Cumin to CC]
> which makes me wonder: should we drop the debian branch on github and
> gerrit? or should we (say, debian sponsors) pull changes from you and
> sync them to salsa?
>
> how should we play this
Hi,
> On 2022-11-18 14:49:28, Moritz Mühlenhoff wrote:
> > There is https://apt.wikimedia.org/wikimedia/pool/main/c/cumin/ which
> > would be a good starting point.
>
> ... if you don't mind, I'll start here instead:
>
> https://github.com/wikimedia/cumin/tre
Antoine wrote:
Thanks! I would put that in the Python team, is that okay? Probably next
> week too.
>
Sure, Python team sounds good to me as well.
Cheers,
Moritz
Source: znuny
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
There is https://otrs.com/release-notes/otrs-security-advisory-2022-13-2/
which they claim to also affect OTRS 6.0, from which Znuny forked. Is
there any available information about whether this affects
Hi Antoine,
> > NEW was thawed, and I just reinstalled cumin in a virtualenv, and
> > thought of this bug. :) Need help with the packaging? I'd be happy to
> > just throw it in the python packaging team...
>
> Ping! did you receive that message?
Sorry for the late reply, this got backlogged in
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file.
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2022-3872[0]:
| An off-by-one read/write issue was found in the SDHCI device of QEMU.
| It occurs when reading/writing the Buffer Data Port Register
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for net-snmp.
CVE-2022-44792[0]:
| handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
| 5.8 through 5.9.3 has a NULL Pointer Exception
Source: python-cleo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-cleo.
CVE-2022-42966[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the cleo PyPI package, when an
Source: pymatgen
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2022-42964[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the pymatgen PyPI package, when an
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2022-39400[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2021-37789[0]:
| stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load,
| leading to Information Disclosure or Denial of Service.
Source: puppet-module-puppetlabs-apt
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for puppet-module-puppetlabs-apt.
CVE-2022-3275[0]:
| Command injection is possible in the puppetlabs-apt module prior to
| version 9.0.0.
Am Fri, Aug 30, 2019 at 07:26:40AM + schrieb Matthias Klose:
> Package: src:mini-buildd
> Version: 1.0.41
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from
Source: libx11
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libx11.
CVE-2022-3554[0]:
| A vulnerability has been found in X.org libX11 and classified as
| problematic. This vulnerability affects the function
|
Source: shapelib
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for shapelib.
CVE-2022-0699[0]:
| A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0
| and older releases. This issue may allow an attacker
Source: exim4
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for exim4.
CVE-2022-3620[0]:
| A vulnerability was found in Exim and classified as problematic. This
| issue affects the function dmarc_dns_lookup of the file
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tiff.
CVE-2022-3627[0]:
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
| libtiff/tif_unix.c:346 when called from extractImageSection,
|
Am Thu, Oct 13, 2022 at 09:36:09PM +0200 schrieb Markus Koschany:
> Hi,
>
> I just had a go at this issue and I discovered that libxalan2-java in Debian
> is
> not affected but rather bcel.
>
> https://tracker.debian.org/pkg/bcel
>
> The fixing commit in OpenJDK addresses the same code which
Source: commons-text
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for commons-text.
CVE-2022-42889[0]:
| Apache Commons Text performs variable interpolation, allowing
| properties to be dynamically evaluated and expanded.
Source: nss
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nss.
CVE-2022-3479[0]:
| A vulnerability found in nss. By this security vulnerability, nss
| client auth crash without a user certificate in the database and
Source: golang-golang-x-text
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-golang-x-text.
CVE-2022-32149[0]:
| An attacker may cause a denial of service by crafting an Accept-
| Language header which
Source: openvswitch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for openvswitch.
CVE-2019-25076[0]:
| The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through
| 2.17.2 and 3.0.0 allows remote attackers to
Source: nekohtml
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nekohtml.
CVE-2022-24839[0]:
| org.cyberneko.html is an html parser written in Java. The fork of
| `org.cyberneko.html` used by Nokogiri (Rubygem) raises a
|
Source: man2html
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for man2html.
CVE-2021-40647[0]:
| In man2html 1.6g, a specific string being read in from a file will
| overwrite the size parameter in the top chunk of
Source: lava
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lava.
CVE-2022-42902[0]:
| In Linaro Automated Validation Architecture (LAVA) before 2022.10,
| there is dynamic code execution in lava_server/lavatable.py. Due
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2022-40664[0]:
| Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in
| Shiro when forwarding or including via RequestDispatcher.
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nomad.
CVE-2022-41606[0]:
| HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5
| jobs submitted with an artifact stanza using invalid S3 or
Source: poppler
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for poppler.
CVE-2022-24106[0]:
| In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing
| the 'interleaved' flag to be changed after the first
Source: xen
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for xen.
CVE-2022-33749[0]:
| XAPI open file limit DoS It is possible for an unauthenticated client
| on the network to cause XAPI to hit its file-descriptor
Source: flask-security
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for flask-security.
CVE-2021-23385[0]:
| This affects all versions of package Flask-Security. When using the
| get_post_logout_redirect and
Source: pngcheck
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pngcheck.
CVE-2020-35511[0]:
| A global buffer overflow was discovered in pngcheck function in
| pngcheck-2.4.0(5 patches applied) via a crafted png file.
Source: strongswan
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for strongswan.
CVE-2022-40617[0]:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
Patch:
Source: snort
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
These all lack details, but all boil down to the fact Snort needs
to be updated:
CVE-2020-3315[0]:
| Multiple Cisco products are affected by a
Source: python-opcua
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-opcua.
CVE-2022-25304[0]:
| All versions of package opcua; all versions of package asyncua are
| vulnerable to Denial of Service (DoS) due to a
Source: keystone
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for keystone.
CVE-2022-2447[0]:
| A flaw was found in Keystone. There is a time lag (up to one hour in a
| default configuration) between when security policy
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nomad.
CVE-2021-37218[0]:
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server
| agents with a valid certificate signed by the same CA to
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2022-0367[0]:
| A heap-based buffer overflow flaw was found in libmodbus in function
| modbus_reply() in src/modbus.c.
Source: rust-cargo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for rust-cargo.
CVE-2022-36113[0]:
| Cargo is a package manager for the rust programming language. After a
| package is downloaded, Cargo extracts its
Source: cargo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cargo.
CVE-2022-36113[0]:
| Cargo is a package manager for the rust programming language. After a
| package is downloaded, Cargo extracts its source code
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2022-3213[0]:
| A heap buffer overflow issue was found in ImageMagick. When an
| application processes a malformed TIFF file, it could
Source: barbican
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for barbican.
CVE-2022-3100[0]:
access policy bypass via query string injection
Only reference so far is Red Hat Bugzilla:
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for php8.1.
CVE-2022-31628[0]:
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar
| uncompressor code would recursively uncompress "quines" gzip files,
Source: modsecurity-crs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for modsecurity-crs.
CVE-2022-39955[0]:
| The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial
| rule set bypass by submitting a
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-39236[0]:
| Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.
| Starting with version 17.1.0-rc.1, improperly formed beacon
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-33844[0]:
| A floating point exception (divide-by-zero) issue was discovered in
| SoX in functon startread() of wav.c file. An attacker with a
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-23172[0]:
| A vulnerability was found in SoX, where a heap-buffer-overflow occurs
| in function startread() in hcom.c file. The vulnerability is
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-23159[0]:
| A vulnerability was found in SoX, where a heap-buffer-overflow occurs
| in function lsx_read_w_buf() in formats_i.c file. The
Source: samba
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for samba.
CVE-2022-1615[0]:
| In Samba, GnuTLS gnutls_rnd() can fail and give predictable random
| values.
https://bugzilla.samba.org/show_bug.cgi?id=15103
Source: samba
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for samba.
CVE-2022-32743[0]:
| Samba does not validate the Validated-DNS-Host-Name right for the
| dNSHostName attribute which could permit unprivileged users to
Source: wolfssl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for wolfssl.
CVE-2022-38152[0]:
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client
| connects to a wolfSSL server and SSL_clear is called
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2022-3165[0]:
VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
https://bugzilla.redhat.com/show_bug.cgi?id=2129739
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2022-38528[0]:
| Open Asset Import Library (assimp) commit 3c253ca was discovered to
| contain a segmentation violation via the component
|
Source: amanda
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for amanda.
CVE-2022-37703[0]:
| In Amanda 3.5.1, an information leak vulnerability was found in the
| calcsize SUID binary. An attacker can abuse this
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2022-37032[0]:
| An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4
| may lead to a segmentation fault and denial of service. This
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyproxy.
CVE-2022-40468[0]:
| Tinyproxy commit 84f203f and earlier does not process HTTP request
| lines in the process_request() function and is using
Source: snakeyaml
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for snakeyaml.
CVE-2022-38752[0]:
| Using snakeYAML to parse untrusted YAML files may be vulnerable to
| Denial of Service attacks (DOS). If the parser is
Source: mplayer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mplayer.
CVE-2022-38600[0]:
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and
| vf_vo.c.
Source: texlive-bin
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for OFTCC, which starting
with some texlive release after Bullseye gets included in texlive
(web2c/mfluadir):
Source: swfmill
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for swfmill.
CVE-2022-36139[0]:
| SWFMill commit 53d7690 was discovered to contain a heap-buffer
| overflow via SWF::Writer::writeByte(unsigned char).
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2022-36109[0]:
| Moby is an open-source project created by Docker to enable software
| containerization. A bug was found in Moby (Docker
Source: libconfuse
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libconfuse.
CVE-2022-40320[0]:
| cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
| buffer over-read.
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-38530[0]:
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a
| stack overflow when processing ISOM_IOD.
Source: w3m
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for w3m.
CVE-2022-38223[0]:
| There is an out-of-bounds write in checkType located in etc.c in w3m
| 0.5.3. It can be triggered by sending a crafted HTML file to
Source: pspp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pspp.
CVE-2022-39832[0]:
| An issue was discovered in PSPP 1.6.2. There is a heap-based buffer
| overflow at the function read_string in
Source: pspp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pspp.
CVE-2022-39831[0]:
| An issue was discovered in PSPP 1.6.2. There is a heap-based buffer
| overflow at the function read_bytes_internal in
Source: deluge
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for deluge.
CVE-2021-3427[0]:
| The Deluge Web-UI is vulnerable to XSS through a crafted torrent file.
| The the data from torrent files is not properly
Source: advancecomp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for advancecomp.
Multiple issues in advancement, I suppose none of these have actually
been forwarded upstream by the reporter:
CVE-2022-35020[0]:
|
Source: libpod
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libpod.
CVE-2022-2989[0]:
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for vim.
CVE-2022-2946[0]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0246.
https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
Source: dpdk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
CVE-2022-28199[0]:
| NVIDIA#8217;s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a
severity 995838 normal
reassign 995838 ftp.debian.org
retitle 995838 RM: condor -- RoM; unmaintained, many RC bugs, toolchain issues
(GCC9/Python2)
thanks
Am Mon, Apr 25, 2022 at 11:05:51PM +0200 schrieb Moritz Mühlenhoff:
> Am Fri, Oct 29, 2021 at 01:36:27PM + schrieb Tim Theisen:
&g
severity 1016667 normal
reassign 1016667 ftp.debian.org
retitle 1016667 RM: caldav-tester -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> The plan is to remove Python 2 in Bookworm and there's no
> porting activity towards Python 3.
>
> If you
severity 1016986 normal
reassign 1016986 ftp.debian.org
retitle 1016986 RM: pd-py -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> - Still depends on Python 2, which is finally being removed in Bookworm
> - Last upload in 2018
>
> If you
Am Thu, Sep 01, 2022 at 06:30:42PM +0100 schrieb Simon McVittie:
> Remaining things to do
> --
>
> Security team and duktape maintainers: do you have any strong objections?
Sounds great, no objections at all!
Cheers,
Moritz
severity 1015981 normal
reassign 1015981 ftp.debian.org
retitle 1015981 RM: grokmirror -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:20:21PM +0200 schrieb Moritz Muehlenhoff:
> Source: grokmirror
> Version: 1.0.0-1.1
> Severity: serious
>
> Your package came up as a
severity 1015980 normal
reassign 1015980 ftp.debian.org
retitle 1015980 RM: pd-aubio -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:17:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: pd-aubio
> Version: 0.4-1
> Severity: serious
>
> Your package came up as a
severity 1015979 normal
reassign 1015979 ftp.debian.org
retitle 1015979 RM: python-unshare -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:15:51PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-unshare
> Version: 0.2-1
> Severity: serious
>
> Your package came up as a candidate
severity 1015977 normal
reassign 1015977 ftp.debian.org
retitle 1015977 RM: vland -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:12:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: vland
> Version: 0.8-1
> Severity: serious
>
> Your package came up as a candidate for removal from
severity 1015973 normal
reassign 1015973 ftp.debian.org
retitle 1015973 RM: xdeb -- RoM; depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 07:59:33PM +0200 schrieb Moritz Muehlenhoff:
> Source: xdeb
> Version: 0.6.7
> Severity: serious
>
> Your package came up as a candidate for
severity 1015975 normal
reassign 1015975 ftp.debian.org
retitle 1015975 RM: -- RoM; depends on Python 2, unmaintained, dead
upstream
thanks
Am Sun, Jul 24, 2022 at 08:03:54PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-neuroshare
> Version: 0.9.2-1
> Severity: serious
>
> Your package
Am Wed, Aug 10, 2022 at 10:52:18PM +0200 schrieb Manuel A. Fernandez Montecelo:
> Hi Moritz,
>
> On Wed, 10 Aug 2022 at 22:33, Moritz Muehlenhoff wrote:
> >
> > Source: k3d
> > Version: 0.8.0.6-8
> > Severity: serious
> >
> > Your package came up as a candidate for removal from Debian:
> >
> > -
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-2[0]:
| A XSS Vulnerability in Action View tag helpers = 5.2.0 and
| 5.2.0 which would allow an attacker to inject content if able to
|
Source: wolfssl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wolfssl.
CVE-2022-34293[0]:
| wolfSSL before 5.4.0 allows remote attackers to cause a denial of
| service via DTLS because a check for return-routability
Source: nova
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nova.
CVE-2022-37394[0]:
| An issue was discovered in OpenStack Nova before 23.2.2, 24.x before
| 24.1.2, and 25.x before 25.0.2. By creating a neutron port
Source: php-laravel-framework
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for php-laravel-framework.
CVE-2022-34943[0]:
| Laravel v5.1 was discovered to contain a remote code execution (RCE)
| vulnerability via the
501 - 600 of 2466 matches
Mail list logo