[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr for mfsa2023-36 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd6768dc by Salvatore Bonaccorso at 2023-08-30T06:44:27+02:00 Track fixed version for firefox-esr for mfsa2023-36 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50,21 +50,21 @@ CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass v NOT-FOR-US: VMware CVE-2023-4585 - firefox 117.0-1 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 CVE-2023-4584 - - firefox-esr + - firefox-esr 115.2.0esr-1 - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 CVE-2023-4583 - firefox 117.0-1 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) @@ -77,14 +77,14 @@ CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 CVE-2023-4581 - - firefox-esr + - firefox-esr 115.2.0esr-1 - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 CVE-2023-4580 - firefox 117.0-1 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) @@ -95,14 +95,14 @@ CVE-2023-4579 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 CVE-2023-4578 - firefox 117.0-1 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578 CVE-2023-4577 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) @@ -117,19 +117,19 @@ CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 CVE-2023-4575 - - firefox-esr + - firefox-esr 115.2.0esr-1 - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 CVE-2023-4574 - - firefox-esr + - firefox-esr 115.2.0esr-1 - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 CVE-2023-4573 - - firefox-esr + - firefox-esr 115.2.0esr-1 - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 @@ -3839,7 +3839,7 @@ CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054 CVE-2023-4053 (A website could have obscured the full screen notification by using a ...) - firefox 116.0-1 - - firefox-esr + - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr
[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox via unstable for mfsa2023-34 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7eb3bc09 by Salvatore Bonaccorso at 2023-08-30T06:43:17+02:00 Track fixed version for firefox via unstable for mfsa2023-34 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,7 @@ CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (l CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...) NOT-FOR-US: VMware CVE-2023-4585 - - firefox + - firefox 117.0-1 - firefox-esr [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) @@ -58,12 +58,12 @@ CVE-2023-4585 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 CVE-2023-4584 - firefox-esr - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 CVE-2023-4583 - - firefox + - firefox 117.0-1 - firefox-esr [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) @@ -78,12 +78,12 @@ CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 CVE-2023-4581 - firefox-esr - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 CVE-2023-4580 - - firefox + - firefox 117.0-1 - firefox-esr [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) @@ -91,10 +91,10 @@ CVE-2023-4580 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580 CVE-2023-4579 - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 CVE-2023-4578 - - firefox + - firefox 117.0-1 - firefox-esr [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) @@ -106,7 +106,7 @@ CVE-2023-4577 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577 @@ -118,19 +118,19 @@ CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 CVE-2023-4575 - firefox-esr - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 CVE-2023-4574 - firefox-esr - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 CVE-2023-4573 - firefox-esr - - firefox + - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eb3bc09ef71d62f75f6fd3fca5ad8e75a0ae092 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eb3bc09ef71d62f75f6fd3fca5ad8e75a0ae092 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for oggvideotools issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3249df18 by Salvatore Bonaccorso at 2023-08-30T06:38:26+02:00 Add Debian bug reference for oggvideotools issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -221214,17 +221214,17 @@ CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in / CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) NOT-FOR-US: OpenSNS CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...) - - oggvideotools + - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/ CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...) - - oggvideotools + - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/ CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...) - - oggvideotools + - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3249df18069e8b162050709e24bd24a7e13f455d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3249df18069e8b162050709e24bd24a7e13f455d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take file from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86cd3dcb by Salvatore Bonaccorso at 2023-08-30T05:40:35+02:00 Take file from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,7 +16,7 @@ aom/oldstable (apo) -- cinder/oldstable -- -file/oldstable +file/oldstable (carnil) -- firefox-esr (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86cd3dcbab2b60a0a4bff4f7c87de9743e389c09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86cd3dcbab2b60a0a4bff4f7c87de9743e389c09 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3549-1 for ring
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c016457 by Thorsten Alteholz at 2023-08-29T23:09:48+02:00 Reserve DLA-3549-1 for ring - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[29 Aug 2023] DLA-3549-1 ring - security update + {CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23537 CVE-2022-23547 CVE-2022-23608 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793 CVE-2022-31031 CVE-2022-39244 CVE-2023-27585} + [buster] - ring 20190215.1.f152c98~ds1-1+deb10u2 [29 Aug 2023] DLA-3548-1 qpdf - security update {CVE-2018-18020 CVE-2021-25786 CVE-2021-36978} [buster] - qpdf 8.4.0-2+deb10u1 = data/dla-needed.txt = @@ -178,10 +178,6 @@ rails (utkarsh) NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh) NOTE: 20230828: want to rollout ruby-rack first. (utkarsh) -- -ring (Thorsten Alteholz) - NOTE: 20221120: Added by Front-Desk (ta) - NOTE: 20230827: testing package, almost done --- ruby-loofah NOTE: 20221231: Added by Front-Desk (ola) NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c016457521eb531b0510858181ad2fe8cc81312 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c016457521eb531b0510858181ad2fe8cc81312 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: eb7ca0fb by Moritz Muehlenhoff at 2023-08-29T23:02:42+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -169,20 +169,20 @@ CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-pl CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948 CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java + - libpf4j-java (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/pull/537 NOTE: https://github.com/pf4j/pf4j/pull/538 NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java + - libpf4j-java (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 NOTE: https://github.com/pf4j/pf4j/pull/537 NOTE: https://github.com/pf4j/pf4j/pull/538 NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java + - libpf4j-java (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526 @@ -19499,7 +19499,7 @@ CVE-2023-29339 CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) - - nuget + - nuget (bug #1050835) [buster] - nuget (Can wait for next update) NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7ca0fbe9c30d1a868ff114bf690847076b1bf0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7ca0fbe9c30d1a868ff114bf690847076b1bf0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3548-1 for qpdf
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ffdf337 by Thorsten Alteholz at 2023-08-29T23:00:36+02:00 Reserve DLA-3548-1 for qpdf - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -151410,7 +151410,6 @@ CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_arme NOT-FOR-US: Unicorn Engine CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) - qpdf 10.1.0-1 - [buster] - qpdf (Minor issue) [stretch] - qpdf (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml @@ -338377,7 +338376,6 @@ CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers - extplorer CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...) - qpdf 9.0.0-1 - [buster] - qpdf (Minor issue) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/243 = data/DLA/list = @@ -1,3 +1,6 @@ +[29 Aug 2023] DLA-3548-1 qpdf - security update + {CVE-2018-18020 CVE-2021-25786 CVE-2021-36978} + [buster] - qpdf 8.4.0-2+deb10u1 [29 Aug 2023] DLA-3547-1 tryton-server - security update [buster] - tryton-server 5.0.4-2+deb10u2 [28 Aug 2023] DLA-3546-1 opendmarc - security update = data/dla-needed.txt = @@ -160,9 +160,6 @@ python2.7 NOTE: 20230826: and wasn't fixed in Debian, but the extra patch is now available and can be fixed now. (utkarsh) NOTE: 20230826: contact Utkarsh in case you're unable to find the supplementary patch. (utkarsh) -- -qpdf (Thorsten Alteholz) - NOTE: 20230820: Added by Front-Desk (ta) --- qt4-x11 NOTE: 20230822: Re-added for one remaining open CVE (roberto) NOTE: 20230822: CVE-2021-28025 maybe a dup of CVE-2021-3481; once resolved, fix or remove entry from this file (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffdf33738fbbee2ad47c0774e58cc1609cdc4ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffdf33738fbbee2ad47c0774e58cc1609cdc4ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for clamav via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0abe983e by Salvatore Bonaccorso at 2023-08-29T22:43:16+02:00 Track proposed update for clamav via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -31,3 +31,7 @@ CVE-2023-3817 [bookworm] - openssl 3.0.10-1~deb12u1 CVE-2023-40305 [bookworm] - indent 2.2.12-4+deb12u2 +CVE-2023-20197 + [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 +CVE-2023-20212 + [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe983eeffae6edbb069499b5be2196910707dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe983eeffae6edbb069499b5be2196910707dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for clamav via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e302e666 by Salvatore Bonaccorso at 2023-08-29T22:42:14+02:00 Track proposed update for clamav via bullseye-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -185,3 +185,5 @@ CVE-2023-3446 [bullseye] - openssl 1.1.1v-0~deb11u1 CVE-2023-3817 [bullseye] - openssl 1.1.1v-0~deb11u1 +CVE-2023-20197 + [bullseye] - clamav 0.103.9+dfsg-0+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e302e666c687bbd6676e0a1c4e56fc0df1566ab6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e302e666c687bbd6676e0a1c4e56fc0df1566ab6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two zbar issues, with unclear upstream status
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c63ab282 by Salvatore Bonaccorso at 2023-08-29T22:24:22+02:00 Add two zbar issues, with unclear upstream status The reporter uses an older version, but unlcear if it is fixed or even reported upstream. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,13 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain h CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...) TODO: check CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...) - TODO: check + - zbar + NOTE: https://hackmd.io/@cspl/H1PxPAUnn + TODO: check if reported upsream CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...) - TODO: check + - zbar + NOTE: https://hackmd.io/@cspl/B1ZkFZv23 + TODO: check if reported upstream CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) TODO: check CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63ab282103440a61b7e0e2d48eb036592704987 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63ab282103440a61b7e0e2d48eb036592704987 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65698136 by Salvatore Bonaccorso at 2023-08-29T22:23:22+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.584 CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) TODO: check CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...) - TODO: check + NOT-FOR-US: Nokia Service Router Operating System (SR OS) and SR Linux CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...) - TODO: check + NOT-FOR-US: MyBB CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...) TODO: check CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...) @@ -15,7 +15,7 @@ CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_cente CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) TODO: check CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...) TODO: check CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...) @@ -33,17 +33,17 @@ CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffe CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...) TODO: check CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...) - TODO: check + NOT-FOR-US: Aruba CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...) TODO: check CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...) - TODO: check + NOT-FOR-US: Aruba CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...) TODO: check CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...) TODO: check CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-4585 - firefox - firefox-esr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65698136929bfc88bdaa0b870b40204d78dadad1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65698136929bfc88bdaa0b870b40204d78dadad1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24165/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b8ef00d by Salvatore Bonaccorso at 2023-08-29T22:16:03+02:00 Add CVE-2020-24165/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -215944,6 +215944,9 @@ CVE-2020-24167 CVE-2020-24166 RESERVED CVE-2020-24165 (An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local ...) + - qemu 1:5.0-1 + NOTE: https://bugs.launchpad.net/qemu/+bug/1863025 + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=886cc68943ebe8cf7e5f970be33459f95068a441 (v5.0.0-rc0) TODO: check CVE-2020-24164 (A deserialization flaw is present in Taoensso Nippy before 2.14.2. In ...) NOT-FOR-US: Taoensso Nippy View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8ef00d04c2930193517d78340a24cf95a5e80f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8ef00d04c2930193517d78340a24cf95a5e80f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20a17e2e by security tracker role at 2023-08-29T20:12:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...) + TODO: check +CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) + TODO: check +CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...) + TODO: check +CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...) + TODO: check +CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...) + TODO: check +CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...) + TODO: check +CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...) + TODO: check +CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) + TODO: check +CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) + TODO: check +CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...) + TODO: check +CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...) + TODO: check +CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote attack ...) + TODO: check +CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...) + TODO: check +CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...) + TODO: check +CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...) + TODO: check +CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...) + TODO: check +CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...) + TODO: check +CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...) + TODO: check +CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...) + TODO: check +CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...) + TODO: check +CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...) + TODO: check +CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...) + TODO: check +CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...) + TODO: check CVE-2023-4585 - firefox - firefox-esr @@ -3392,7 +3438,7 @@ CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before NOT-FOR-US: Codesys CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...) NOT-FOR-US: Codesys -CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0) was affected by a di ...) +CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) ...) NOT-FOR-US: Wrangler CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Mitsubishi @@ -32866,8 +32912,8 @@ CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows NOT-FOR-US: SonicOS CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...) NOT-FOR-US: SonicWall -CVE-2023-0654 - RESERVED +CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android ...) + TODO: check CVE-2023-0653 RESERVED CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the repair ...) @@ -34314,8 +34360,8 @@ CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All ve NOT-FOR-US: Siemens CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens -CVE-2023-24548 - RESERVED +CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN configured, malfor ...) + TODO: check CVE-2023-24547 RESERVED CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...) @@ -36594,16 +36640,16 @@ CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise- NOT-FOR-US: Anant Labs google-enterprise-connect CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...) NOT-FOR-US: oktora24 2moons -CVE-2023-23774 - RESERVED
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-4082{6,7,8}/libpf4j-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c5694f3 by Salvatore Bonaccorso at 2023-08-29T22:03:15+02:00 Update information on CVE-2023-4082{6,7,8}/libpf4j-java All three issues, following the upstream reference boil down to the https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 commit upstream . - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -119,21 +119,25 @@ CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-pl CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948 CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java 3.9.0+dfsg-1 + - libpf4j-java [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/pull/537 NOTE: https://github.com/pf4j/pf4j/pull/538 - NOTE: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java 3.9.0+dfsg-1 + - libpf4j-java [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 NOTE: https://github.com/pf4j/pf4j/pull/537 - NOTE: https://github.com/pf4j/pf4j/pull/537/commits/ed9392069fe14c6c30d9f876710e5ad40f7ea8c1 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - - libpf4j-java 3.9.0+dfsg-1 + - libpf4j-java [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 + NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) NOT-FOR-US: PerfreeBlog CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5694f37116fffc3ccd07c5a9a88ebc8e62165e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5694f37116fffc3ccd07c5a9a88ebc8e62165e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d210c9c by Salvatore Bonaccorso at 2023-08-29T21:58:10+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -85,7 +85,7 @@ CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573 CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) - frr NOTE: https://github.com/FRRouting/frr/pull/14241 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d210c9c288eeeb4b2215824c95e41f025552e9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d210c9c288eeeb4b2215824c95e41f025552e9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-31102 and CVE-2023-40481
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb8c8f90 by Salvatore Bonaccorso at 2023-08-29T18:52:38+02:00 Add CVE-2023-31102 and CVE-2023-40481 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14274,8 +14274,15 @@ CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveRes NOT-FOR-US: JetBrains Ktor CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) NOT-FOR-US: Apache InLong +CVE-2023-40481 + - 7zip 23.01+dfsg-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ + NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ CVE-2023-31102 RESERVED + - 7zip 23.01+dfsg-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ + NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...) NOT-FOR-US: Apache InLong CVE-2023-31100 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8c8f90a899f454a59b7c77c1e1aa51b9879d55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8c8f90a899f454a59b7c77c1e1aa51b9879d55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: take orthanc and tiff
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: ac555012 by Anton Gladky at 2023-08-29T18:49:24+02:00 LTS: take orthanc and tiff - - - - - de4dd34a by Anton Gladky at 2023-08-29T18:50:54+02:00 Update email - - - - - 2 changed files: - data/dla-needed.txt - org/lts-frontdesk.2023.txt Changes: = data/dla-needed.txt = @@ -126,7 +126,7 @@ openjdk-11 (Emilio) NOTE: 20230802: update prepared for new CPU, waiting for DSA and checking NOTE: 20230802: whether to change jtreg version (pochu) -- -orthanc +orthanc (gladk) NOTE: 20230812: Added by Front-Desk (Beuc) NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/41 NOTE: 20230812: Check DSA-5473-1 (Beuc/front-desk) @@ -233,7 +233,7 @@ suricata (Adrian Bunk) thunderbird (Emilio) NOTE: 20230829: Added by pochu -- -tiff +tiff (gladk) NOTE: 20230826: Added by Front-Desk (utkarsh) -- trafficserver = org/lts-frontdesk.2023.txt = @@ -24,15 +24,15 @@ From 05-06 to 11-06:Markus Koschany From 12-06 to 18-06:Ola Lundqvist From 19-06 to 25-06:Sylvain Beucler From 26-06 to 02-07:Thorsten Alteholz -From 03-07 to 09-07:Anton Gladky +From 03-07 to 09-07:Anton Gladky From 10-07 to 16-07:Chris Lamb From 17-07 to 23-07:Emilio Pozuelo Monfort From 24-07 to 30-07:Markus Koschany -From 31-07 to 06-08:Anton Gladky +From 31-07 to 06-08:Anton Gladky From 07-08 to 13-08:Sylvain Beucler From 14-08 to 20-08:Thorsten Alteholz From 21-08 to 27-08:Utkarsh Gupta -From 28-08 to 03-09:Anton Gladky +From 28-08 to 03-09:Anton Gladky From 04-09 to 10-09:Chris Lamb From 11-09 to 17-09:Emilio Pozuelo Monfort From 18-09 to 24-09:Markus Koschany @@ -40,7 +40,7 @@ From 25-09 to 01-10:Ola Lundqvist From 02-10 to 08-10:Sylvain Beucler From 09-10 to 15-10:Thorsten Alteholz From 16-10 to 22-10:Utkarsh Gupta -From 23-10 to 29-10:Anton Gladky +From 23-10 to 29-10:Anton Gladky From 30-10 to 05-11:Chris Lamb From 06-11 to 12-11:Emilio Pozuelo Monfort From 13-11 to 19-11:Markus Koschany @@ -48,5 +48,5 @@ From 20-11 to 26-11:Ola Lundqvist From 27-11 to 03-12:Sylvain Beucler From 04-12 to 10-12:Thorsten Alteholz From 11-12 to 17-12:Utkarsh Gupta -From 18-12 to 24-12:Anton Gladky +From 18-12 to 24-12:Anton Gladky From 25-12 to 31-12:Chris Lamb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fdb067e1a312feac5be29e31047dac80828d1552...de4dd34a68381a1344af5927547073b1b104c0b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fdb067e1a312feac5be29e31047dac80828d1552...de4dd34a68381a1344af5927547073b1b104c0b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add buster tryton-server 5.0.4-2+deb10u2 entry in data/CVE/list
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: fdb067e1 by Santiago Ruano Rincón at 2023-08-29T13:19:11-03:00 Add buster tryton-server 5.0.4-2+deb10u2 entry in data/CVE/list - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -587,6 +587,7 @@ CVE-2023- [tryton-server lack of record validation] - tryton-server 6.0.34-1 [bookworm] - tryton-server 6.0.29-2+deb12u1 [bullseye] - tryton-server 5.0.33-2+deb11u2 + [buster] - tryton-server 5.0.4-2+deb10u2 NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...) - wireshark 4.0.8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb067e1a312feac5be29e31047dac80828d1552 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb067e1a312feac5be29e31047dac80828d1552 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3547-1 for tryton-server
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: af604791 by Santiago Ruano Rincón at 2023-08-29T13:05:47-03:00 Reserve DLA-3547-1 for tryton-server - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[29 Aug 2023] DLA-3547-1 tryton-server - security update + [buster] - tryton-server 5.0.4-2+deb10u2 [28 Aug 2023] DLA-3546-1 opendmarc - security update {CVE-2020-12272} [buster] - opendmarc 1.3.2-6+deb10u3 = data/dla-needed.txt = @@ -242,8 +242,3 @@ trafficserver NOTE: 20230826: Ubuntu side and track the fixing commits. I'll update when NOTE: 20230826: I have the answer here. (utkarsh) -- -tryton-server (santiago) - NOTE: 20230826: Added by Front-Desk (utkarsh) - NOTE: 20230826: sync with the DSA released. (utkarsh) - NOTE: 20230829: Maintainer has prepared the update. I'll do the paperwork (santiago) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af604791ed9f4365108011b715aadc5b151f590e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af604791ed9f4365108011b715aadc5b151f590e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41358/frr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c43fe3dd by Salvatore Bonaccorso at 2023-08-29T18:00:34+02:00 Add CVE-2023-41358/frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -105,7 +105,11 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is a NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) - TODO: check + - frr + NOTE: https://github.com/FRRouting/frr/pull/14260 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38 + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14270 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f291f1ee9434f56d4b185db0652794a92e313b00 CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) NOT-FOR-US: Pagekit CMS CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c43fe3dd8c3c20d43ff4388f50ed4e707188347c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c43fe3dd8c3c20d43ff4388f50ed4e707188347c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41359/frr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65d6a5da by Salvatore Bonaccorso at 2023-08-29T17:57:32+02:00 Add CVE-2023-41359/frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -99,7 +99,11 @@ CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_p NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14249 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7 CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) - TODO: check + - frr + NOTE: https://github.com/FRRouting/frr/pull/14232 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f96201e104892e18493f24cf67bb713678e8237b + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) TODO: check CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d6a5dad33ac75adad7e5c2b9d0917a7d1aa5c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d6a5dad33ac75adad7e5c2b9d0917a7d1aa5c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Document expected behaviour for check_by_ssh in monitoring-plugins
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f786c32 by Salvatore Bonaccorso at 2023-08-29T17:49:20+02:00 Document expected behaviour for check_by_ssh in monitoring-plugins - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6839,6 +6839,8 @@ CVE-2023-37154 NOTE: monitoring-plugins upstream does not plan to make an upstream change similar to NOTE: nagios-plugins because there are valid usecases to execute stuff locally via NOTE: check_by_ssh (although not commonly known and used). + NOTE: Documentation for expected behaviour in monitoring-plugins/check_by_ssh: + NOTE: https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4 CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: KodExplorer CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f786c32639ba9d3268827c099f01aa0721a7ddb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f786c32639ba9d3268827c099f01aa0721a7ddb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] yara non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: feef0239 by Moritz Muehlenhoff at 2023-08-29T17:18:50+02:00 yara non issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -109,7 +109,7 @@ CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-pl CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) - TODO: check + NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948 CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - libpf4j-java 3.9.0+dfsg-1 [bookworm] - libpf4j-java (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feef02391c060776ff268917364fdd8261f19230 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feef02391c060776ff268917364fdd8261f19230 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d2277139 by Moritz Muehlenhoff at 2023-08-29T16:59:51+02:00 new firefox issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,89 @@ +CVE-2023-4585 + - firefox + - firefox-esr + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 +CVE-2023-4584 + - firefox-esr + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 +CVE-2023-4583 + - firefox + - firefox-esr + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583 +CVE-2023-4582 + - firefox-esr (MacOS-specific) + - firefox (MacOS-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 +CVE-2023-4581 + - firefox-esr + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 +CVE-2023-4580 + - firefox + - firefox-esr + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580 +CVE-2023-4579 + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 +CVE-2023-4578 + - firefox + - firefox-esr + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578 +CVE-2023-4577 + - firefox-esr + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577 +CVE-2023-4576 + - firefox-esr (Windows-specific) + - firefox (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 +CVE-2023-4575 + - firefox-esr + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 +CVE-2023-4574 + - firefox-esr + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 +CVE-2023-4573 + - firefox-esr + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 + NOTE:
[Git][security-tracker-team/security-tracker][master] new libpf4j-java issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d616398 by Moritz Muehlenhoff at 2023-08-29T15:18:01+02:00 new libpf4j-java issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,11 +25,21 @@ CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-pl CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) TODO: check CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - TODO: check + - libpf4j-java 3.9.0+dfsg-1 + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/pull/537 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - TODO: check + - libpf4j-java 3.9.0+dfsg-1 + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/issues/536 + NOTE: https://github.com/pf4j/pf4j/pull/537 + NOTE: https://github.com/pf4j/pf4j/pull/537/commits/ed9392069fe14c6c30d9f876710e5ad40f7ea8c1 CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - TODO: check + - libpf4j-java 3.9.0+dfsg-1 + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/issues/536 CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) NOT-FOR-US: PerfreeBlog CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d616398e1fc8d65af3d11655167d6a6fd9d8512 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d616398e1fc8d65af3d11655167d6a6fd9d8512 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 539aaf27 by Moritz Muehlenhoff at 2023-08-29T15:13:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,11 +17,11 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is a CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) TODO: check CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) - TODO: check + NOT-FOR-US: Pagekit CMS CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) - TODO: check + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) - TODO: check + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) TODO: check CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) @@ -31,23 +31,23 @@ CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacke CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) TODO: check CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: PerfreeBlog CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) - TODO: check + - ming CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) TODO: check CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...) - TODO: check + NOT-FOR-US: Theme Volty CMS Blog CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...) TODO: check CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...) - TODO: check + NOT-FOR-US: Badaso CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) - TODO: check + NOT-FOR-US: TechView CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53 ...) - TODO: check + NOT-FOR-US: TechView CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...) - linux NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) @@ -113,31 +113,31 @@ CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL ...) - TODO: check + NOT-FOR-US: theme volty tvcmsvideotab CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...) - TODO: check + NOT-FOR-US: Zenario CMS CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...) TODO: check CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection vulnerability via ...) - TODO: check + NOT-FOR-US: ECTouch v2 CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) - TODO: check + NOT-FOR-US: Spinnaker CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 al ...) - TODO: check + NOT-FOR-US: Spipu HTML2PDF CVE-2023-38289 REJECTED CVE-2023-38288 REJECTED CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA byp ...) - TODO: check + NOT-FOR-US: Zoho CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...) - TODO: check + NOT-FOR-US: Slive CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki ...) - TODO: check + NOT-FOR-US: glb Meetup Tag Extension CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ...) - TODO: check + NOT-FOR-US: nikooo777 ckSurf CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: Omeka S CVE-2023-4560 (Improper Authorization of Index Containing Sensitive
[Git][security-tracker-team/security-tracker][master] Take tryton-server
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d19b16c by Santiago Ruano Rincón at 2023-08-29T10:04:21-03:00 Take tryton-server - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -242,7 +242,8 @@ trafficserver NOTE: 20230826: Ubuntu side and track the fixing commits. I'll update when NOTE: 20230826: I have the answer here. (utkarsh) -- -tryton-server +tryton-server (santiago) NOTE: 20230826: Added by Front-Desk (utkarsh) NOTE: 20230826: sync with the DSA released. (utkarsh) + NOTE: 20230829: Maintainer has prepared the update. I'll do the paperwork (santiago) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d19b16cf40631778aa1577e0fb4417ddaf3b940 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d19b16cf40631778aa1577e0fb4417ddaf3b940 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 12ab88d6 by Moritz Muehlenhoff at 2023-08-29T12:53:13+02:00 bookworm/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -105,6 +105,8 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr TODO: check CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...) - busybox + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System @@ -1875,14 +1877,18 @@ CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract de NOT-FOR-US: OpenZeppelin Contracts CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) - php8.2 (bug #1043477) + [bookworm] - php8.2 (Fix along in future update) - php7.4 + [bullseye] - php7.4 (Fix along in future update) - php7.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) - php8.2 (bug #1043477) + [bookworm] - php8.2 (Fix along in future update) - php7.4 + [bullseye] - php7.4 (Fix along in future update) - php7.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30) = data/dsa-needed.txt = @@ -16,15 +16,18 @@ aom/oldstable (apo) -- cinder/oldstable -- +file/oldstable +-- flac/oldstable -- frr (aron) maintainer proposed to update to 8.4.4 for bookworm, which might be a good idea -- +json-c/oldstable (jmm) +-- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports -- --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y and 6.1.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ab88d61fc5e175bd8070187d082a97e0cad596 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: take openjdk-11
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ad9731c by Emilio Pozuelo Monfort at 2023-08-29T12:52:35+02:00 lts: take openjdk-11 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,7 +118,7 @@ nvidia-cuda-toolkit opendkim NOTE: 20230821: Added by Front-Desk (ta) -- -openjdk-11 +openjdk-11 (Emilio) NOTE: 20230419: Added by Front-Desk (ola) NOTE: 20230522: waiting for sid update (pochu) NOTE: 20230612: sid updated, preparing backport (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad9731c314ad7ef4cb80af96b172142aca30760 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad9731c314ad7ef4cb80af96b172142aca30760 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 33364e18 by Emilio Pozuelo Monfort at 2023-08-29T11:33:55+02:00 lts: take firefox-esr and thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,6 +54,9 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- +firefox-esr (Emilio) + NOTE: 20230829: Added by pochu +-- firmware-nonfree NOTE: 20230820: Added by Front-Desk (ta) -- @@ -227,6 +230,9 @@ suricata (Adrian Bunk) NOTE: 20230714: Still reviewing+testing CVEs. (bunk) NOTE: 20230731: Still reviewing+testing CVEs. (bunk) -- +thunderbird (Emilio) + NOTE: 20230829: Added by pochu +-- tiff NOTE: 20230826: Added by Front-Desk (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33364e18f290dcea4378342c07d5fc05aa44e266 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33364e18f290dcea4378342c07d5fc05aa44e266 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41360/frr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae0b868b by Salvatore Bonaccorso at 2023-08-29T11:19:44+02:00 Add CVE-2023-41360/frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,11 @@ CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c do NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) - TODO: check + - frr + NOTE: https://github.com/FRRouting/frr/pull/14245 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702 + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14249 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7 CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) TODO: check CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae0b868be95c77e22dbb0448f47ce57839e8af10 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae0b868be95c77e22dbb0448f47ce57839e8af10 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41361/frr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b0fcd6c by Salvatore Bonaccorso at 2023-08-29T11:06:56+02:00 Add CVE-2023-41361/frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,11 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) TODO: check CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) - TODO: check + - frr + NOTE: https://github.com/FRRouting/frr/pull/14241 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 + NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) TODO: check CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0fcd6c7a1e64e7f05663f96aaa3b3bfe85f50f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0fcd6c7a1e64e7f05663f96aaa3b3bfe85f50f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] indent spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1adb4c6b by Moritz Mühlenhoff at 2023-08-29T10:36:02+02:00 indent spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -29,3 +29,5 @@ CVE-2023-3446 [bookworm] - openssl 3.0.10-1~deb12u1 CVE-2023-3817 [bookworm] - openssl 3.0.10-1~deb12u1 +CVE-2023-40305 + [bookworm] - indent 2.2.12-4+deb12u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1adb4c6bc1927ab5fff953a4482227cf6de17549 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1adb4c6bc1927ab5fff953a4482227cf6de17549 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4711f028 by security tracker role at 2023-08-29T08:14:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,46 @@ -CVE-2023-4569 [information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c] +CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) + TODO: check +CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) + TODO: check +CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) + TODO: check +CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) + TODO: check +CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) + TODO: check +CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) + TODO: check +CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) + TODO: check +CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) + TODO: check +CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) + TODO: check +CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + TODO: check +CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + TODO: check +CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + TODO: check +CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) + TODO: check +CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) + TODO: check +CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) + TODO: check +CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...) + TODO: check +CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...) + TODO: check +CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...) + TODO: check +CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) + TODO: check +CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53 ...) + TODO: check +CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...) + TODO: check +CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...) - linux NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction] @@ -16158,8 +16200,8 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1) NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d -CVE-2023-1995 - RESERVED +CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Serv ...) + TODO: check CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 @@ -215713,8 +215755,8 @@ CVE-2020-24167 RESERVED CVE-2020-24166 RESERVED -CVE-2020-24165 - RESERVED +CVE-2020-24165 (An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local ...) + TODO: check CVE-2020-24164 (A deserialization flaw is present in Taoensso Nippy before 2.14.2. In ...) NOT-FOR-US: Taoensso Nippy CVE-2020-24163 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711f02843be38d738c1de82f1693e363e436d0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711f02843be38d738c1de82f1693e363e436d0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21469
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06c9072b by Salvatore Bonaccorso at 2023-08-29T09:56:05+02:00 Add CVE-2020-21469 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -221650,7 +221650,13 @@ CVE-2020-21471 CVE-2020-21470 RESERVED CVE-2020-21469 (An issue was discovered in PostgreSQL 12.2 allows attackers to cause a ...) - TODO: check + - postgresql-13 (Fixed before initial upload to Debian) + - postgresql-11 + [buster] - postgresql-11 11.10-0+deb10u1 + NOTE: https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com + NOTE: Fixed by: https://github.com/postgres/postgres/commit/9abb2bfc046070b22e3be28173a0736da31cab5a (REL_13_BETA1) + NOTE: Fixed by: https://github.com/postgres/postgres/commit/8b53dbada4a6a9e5f16548ca2c4d17cff55933d8 (REL_12_5) + NOTE: Fixed by: https://github.com/postgres/postgres/commit/85834023a95e16d1d3fe73b0608e1608573753c3 (REL_11_10) CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...) - redis (unimportant) NOTE: https://github.com/redis/redis/issues/6633 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9072bf9f034f7b36c9375509dbae443a5f9df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06c9072bf9f034f7b36c9375509dbae443a5f9df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark two hdf5 issues as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bb3099c by Salvatore Bonaccorso at 2023-08-29T09:20:12+02:00 Mark two hdf5 issues as unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -227909,8 +227909,9 @@ CVE-2020-18496 CVE-2020-18495 RESERVED CVE-2020-18494 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) - - hdf5 + - hdf5 (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul12 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-18493 RESERVED CVE-2020-18492 @@ -228451,8 +228452,9 @@ CVE-2020-18234 CVE-2020-18233 RESERVED CVE-2020-18232 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) - - hdf5 + - hdf5 (unimportant) NOTE: https://github.com/winson2004aa/PAAFS/tree/master/vul2 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-18231 RESERVED CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bb3099c8b1f74c18c0b6b8709e051066f0b15f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bb3099c8b1f74c18c0b6b8709e051066f0b15f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4569/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bdc27e8b by Salvatore Bonaccorso at 2023-08-29T08:47:44+02:00 Add CVE-2023-4569/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-4569 [information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c] + - linux + NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction] - linux NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pa...@netfilter.org/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdc27e8b515b764810ef99ceeab46e7fe73a31c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdc27e8b515b764810ef99ceeab46e7fe73a31c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4563/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67451971 by Salvatore Bonaccorso at 2023-08-29T08:38:20+02:00 Add CVE-2023-4563/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction] + - linux + NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pa...@netfilter.org/ + NOTE: https://lore.kernel.org/netdev/20230815223011.7019-1...@strlen.de/ CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...) NOT-FOR-US: SmartNode SN200 (aka SN200) CVE-2023-40846 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674519714448b96fce3b98b2e70c6d91f26848dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674519714448b96fce3b98b2e70c6d91f26848dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits