[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-33956 and CVE-2023-339{68,69,70} as no-dsa for bookworm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 683b192d by Salvatore Bonaccorso at 2023-06-13T06:46:05+02:00 Mark CVE-2023-33956 and CVE-2023-339{68,69,70} as no-dsa for bookworm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -766,18 +766,22 @@ CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versi NOT-FOR-US: hoppscotch CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard (Minor issue) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 NOTE: https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f (v1.2.30) CVE-2023-33969 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard (Minor issue) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 NOTE: https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c (v1.2.30) CVE-2023-33968 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard (Minor issue) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr NOTE: https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053 (v1.2.30) CVE-2023-33956 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard (Minor issue) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2 NOTE: https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd (v1.2.30) CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b192d83121b8eab6473ebdb674e952c48969e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b192d83121b8eab6473ebdb674e952c48969e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Marked CVE-2023-1055 (389-ds-base) as no-dsa for buster folloring decision for bullseye.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ba7b9288 by Ola Lundqvist at 2023-06-12T23:05:57+02:00 Marked CVE-2023-1055 (389-ds-base) as no-dsa for buster folloring decision for bullseye. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16226,6 +16226,7 @@ CVE-2023-1055 (A flaw was found in RHDS 11 and RHDS 12. While browsing entries L - 389-ds-base (bug #1034891) [bookworm] - 389-ds-base (Minor issue) [bullseye] - 389-ds-base (Minor issue) + [buster] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2173517 CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba7b9288b48b5e897f4be7bcd72a4b2c610c6564 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba7b9288b48b5e897f4be7bcd72a4b2c610c6564 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added libusrsctp to the packages to fix for buster.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: fdca6ddf by Ola Lundqvist at 2023-06-12T23:00:32+02:00 Added libusrsctp to the packages to fix for buster. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -89,6 +89,9 @@ libfastjson (Thorsten Alteholz) libreoffice (Abhijith PA) NOTE: 20230530: Added by Front-Desk (pochu) -- +libusrsctp + NOTE: 20230612: Added by Front-Desk (opal) +-- linux (Ben Hutchings) NOTE: 20230111: perma-added (bwh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdca6ddf4a5a1383c5e942919a2ac52e2721fe44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdca6ddf4a5a1383c5e942919a2ac52e2721fe44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-34246/ruby-doorkeeper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35df8652 by Salvatore Bonaccorso at 2023-06-12T22:32:14+02:00 Add CVE-2023-34246/ruby-doorkeeper - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46,7 +46,13 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an u CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) - TODO: check + [experimental] - ruby-doorkeeper 5.6.6-1 + - ruby-doorkeeper + NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w + NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/1589 + NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1646 + NOTE: Fixed by: https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907 (v5.6.6) + TODO: check ruby-doorkeeper-openid-connect CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) TODO: check CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35df8652acbbf93200522816d06fe34fcede968d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35df8652acbbf93200522816d06fe34fcede968d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-3192/froxlor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e6ea7da by Salvatore Bonaccorso at 2023-06-12T22:27:08+02:00 Add CVE-2023-3192/froxlor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -98,7 +98,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) NOT-FOR-US: WordPress plugin CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.) - TODO: check + - froxlor (bug #581792) CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3190 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6ea7da34a8ba8597327a0dd54c29aa72e1cba4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6ea7da34a8ba8597327a0dd54c29aa72e1cba4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 601583a2 by Salvatore Bonaccorso at 2023-06-12T22:26:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,50 +1,50 @@ CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...) - TODO: check + NOT-FOR-US: RoadFlow Visual Process Engine .NET Core Mvc CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...) - TODO: check + NOT-FOR-US: Chengdu VEC40G CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6) CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) - TODO: check + NOT-FOR-US: Asus CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...) TODO: check CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) - TODO: check + NOT-FOR-US: Asus CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...) - TODO: check + NOT-FOR-US: Youxun Electronic Equipment CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...) - TODO: check + NOT-FOR-US: Sourcecodester Service Provider Management System CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) - TODO: check + NOT-FOR-US: AMI BMC CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) TODO: check CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) @@ -52,11 +52,11 @@ CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along w CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) TODO: check CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-33624 REJECTED CVE-2023-33623 @@ -64,15 +64,15 @@ CVE-2023-33623 CVE-2023-33622 REJECTED CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: EyouCMS CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...) TODO: check CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-3159/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 33962e00 by Salvatore Bonaccorso at 2023-06-12T22:20:15+02:00 Add CVE-2023-3159/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,10 @@ CVE-2023-3208 (A vulnerability, which was classified as critical, has been found CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...) TODO: check CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...) - TODO: check + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6) CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...) TODO: check CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33962e0027c9bf7746ea4696ee163d1305a50cb6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33962e0027c9bf7746ea4696ee163d1305a50cb6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e10da981 by Salvatore Bonaccorso at 2023-06-12T22:14:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,13 +71,13 @@ CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ka CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...) TODO: check CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2398 (The Icegram Engage WordPress plugin before 3.1.12 does not escape a pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2362 (The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) @@ -13785,7 +13785,7 @@ CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does n CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-1323 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...) NOT-FOR-US: lmxcms CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as critic ...) @@ -25342,7 +25342,7 @@ CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices CVE-2023-0432 (The web configuration service of the affected device contains an authe ...) NOT-FOR-US: Delta Electronics CVE-2023-0431 (The File Away WordPress plugin through 3.9.9.0.1 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...) - yii (bug #597899) CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10da9816b88d7fca7192f2bf96fd13636a328f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10da9816b88d7fca7192f2bf96fd13636a328f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b14987f1 by security tracker role at 2023-06-12T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,83 @@ +CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...) + TODO: check +CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...) + TODO: check +CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...) + TODO: check +CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...) + TODO: check +CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...) + TODO: check +CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) + TODO: check +CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...) + TODO: check +CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) + TODO: check +CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...) + TODO: check +CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...) + TODO: check +CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...) + TODO: check +CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...) + TODO: check +CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...) + TODO: check +CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + TODO: check +CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...) + TODO: check +CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + TODO: check +CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) + TODO: check +CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + TODO: check +CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) + TODO: check +CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...) + TODO: check +CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + TODO: check +CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) + TODO: check +CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) + TODO: check +CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) + TODO: check +CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) + TODO: check +CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) + TODO: check +CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) + TODO: check +CVE-2023-33624 + REJECTED +CVE-2023-33623 + REJECTED +CVE-2023-33622 + REJECTED +CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).) + TODO: check +CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...) + TODO: check +CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...) + TODO: check +CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) + TODO: check +CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...) + TODO: check +CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape ...) + TODO: check +CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...) + TODO: check +CVE-2023-2398 (The Icegram Engage WordPress plugin before 3.1.12 does not escape a pa ...) + TODO: check +CVE-2023-2362 (The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress pl ...) + TODO: check CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) @@ -125,7 +205,7 @@ CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Manage NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-46165/syncthing
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac043dd7 by Salvatore Bonaccorso at 2023-06-12T21:58:18+02:00 Add Debian bug reference for CVE-2022-46165/syncthing - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38702,7 +38702,7 @@ CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubern CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...) NOT-FOR-US: Spring boot admins CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program. ...) - - syncthing + - syncthing (bug #1037432) NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h NOTE: https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238 (v1.23.5) CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac043dd731cee64288b26ed1ed49615b941c72e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac043dd731cee64288b26ed1ed49615b941c72e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46165/syncthing
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 566603a6 by Salvatore Bonaccorso at 2023-06-12T21:33:19+02:00 Add CVE-2022-46165/syncthing - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38702,7 +38702,9 @@ CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubern CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...) NOT-FOR-US: Spring boot admins CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program. ...) - TODO: check + - syncthing + NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h + NOTE: https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238 (v1.23.5) CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...) NOT-FOR-US: NodeBB CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/566603a6eab67919c4626a7ef412e6de7464 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/566603a6eab67919c4626a7ef412e6de7464 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-34104/node-webfont
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 661627bb by Salvatore Bonaccorso at 2023-06-12T21:00:40+02:00 Update information for CVE-2023-34104/node-webfont - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -514,9 +514,10 @@ CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.3 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...) NOT-FOR-US: taosdata/grafanaplugin CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...) - - node-webfont + - node-webfont (Vulnerable code not present) NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw - NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3) + NOTE: Introduced by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/a4bdced80369892ee413bf08e28b78795a2b0d5b (v4.1.3) + NOTE: Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3) CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...) NOT-FOR-US: Kiwi TCMS CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-2426,vim: Buster, not-affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bf72b36 by Markus Koschany at 2023-06-12T19:36:38+02:00 CVE-2023-2426,vim: Buster, not-affected The vulnerable code was introduced later - - - - - c57e728a by Markus Koschany at 2023-06-12T19:37:33+02:00 Reserve DLA-3453-1 for vim - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -3031,7 +3031,6 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior - vim (bug #1035955) [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) - [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532) CVE-2023-32216 @@ -3397,7 +3396,7 @@ CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - vim 2:9.0.1378-2 (bug #1035323) [bullseye] - vim (Minor issue) - [buster] - vim (Minor issue) + [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499) CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...) @@ -15012,7 +15011,6 @@ CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...) - vim 2:9.0.1378-1 [bullseye] - vim (Minor issue) - [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378) CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...) @@ -30051,7 +30049,6 @@ CVE-2023-22603 CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.) - vim 2:9.0.1378-1 (bug #1031875) [bullseye] - vim (Minor issue) - [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145) CVE-2023-0053 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...) @@ -39347,7 +39344,6 @@ CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...) - vim 2:9.0.1000-1 (bug #1027146) [bullseye] - vim (Minor issue) - [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Jun 2023] DLA-3453-1 vim - security update + {CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610} + [buster] - vim 2:8.1.0875-5+deb10u5 [12 Jun 2023] DLA-3452-1 thunderbird - security update {CVE-2023-34414 CVE-2023-34416} [buster] - thunderbird 1:102.12.0-1~deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd770997d1c66919f1ae1784ba67d2c6aa299ea8...c57e728a31ddd1fee96eadd13cc735a49169f1f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd770997d1c66919f1ae1784ba67d2c6aa299ea8...c57e728a31ddd1fee96eadd13cc735a49169f1f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim ffmpeg
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: bd770997 by Sylvain Beucler at 2023-06-12T17:33:55+02:00 dla: claim ffmpeg - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -43,7 +43,7 @@ erlang (Markus Koschany) NOTE: 20221119: Added by Front-Desk (ta) NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) -- -ffmpeg +ffmpeg (Sylvain Beucler) NOTE: 20230612: Added by jmm NOTE: 20230612: ffmpeg 4.1.11 has been released NOTE: 20230612: Debian follows the upstream point releases, most of the security fixes never get CVE IDs View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd770997d1c66919f1ae1784ba67d2c6aa299ea8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd770997d1c66919f1ae1784ba67d2c6aa299ea8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
RE: Higher ROI at The ProMat - MHI 2023
Hi I hope you are doing well. Have you had a chance to read my previous email ? Do you want me to get more informatation on the counts and costs? Best Regards, Cindy Jenkins From: Cindy Jenkins Sent: Friday, June 9, 2023 10:49 PM To: 'debian-security-tracker-commits@alioth-lists.debian.net' Subject: Higher ROI at The ProMat - MHI 2023 Hi I have been talking to people like you all day. Would you be interested in acquiring the attendees database from The ProMat - MHI 2023 ? Attendees are: End User / Purchaser of Material Handling and Logistics Equipment Systems ,Dealer ,Distributor ,Manufacturer's ,Representative ,Importer ,Exporter ,Systems Integrator Consultant And Many More... List comes with:- First Name, Last name, Company Name, Job Title, Phone Number, Email Address, Company Website, LinkedIn Profile etc..., Please let me know your interest? so that I can send you the number of contacts available and the Pricing for it. Warm Regards Cindy Jenkins ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add webkit2gtk and wpewebkit to list of package to hide for bugreporting
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57784e6c by Salvatore Bonaccorso at 2023-06-12T17:10:49+02:00 Add webkit2gtk and wpewebkit to list of package to hide for bugreporting - - - - - 1 changed file: - data/packages/ignored-debian-bug-packages Changes: = data/packages/ignored-debian-bug-packages = @@ -8,3 +8,5 @@ firefox firefox-esr thunderbird chromium +webkit2gtk +wpewebkit View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57784e6c75bbee9492cffdaba046596374d946cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57784e6c75bbee9492cffdaba046596374d946cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dav1d fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 27bbc461 by Moritz Muehlenhoff at 2023-06-12T16:08:56+02:00 dav1d fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2999,7 +2999,7 @@ CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3. NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...) [experimental] - dav1d 1.2.0-1 - - dav1d (bug #1035950) + - dav1d 1.2.1-2 (bug #1035950) NOTE: https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0) CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) NOT-FOR-US: Veritas InfoScale Operations Manager View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27bbc461e6a8acd309b41a26410ec5e2e1672d19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27bbc461e6a8acd309b41a26410ec5e2e1672d19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: da80a366 by Emilio Pozuelo Monfort at 2023-06-12T12:33:01+02:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -115,7 +115,8 @@ openimageio (gladk) -- openjdk-11 (Emilio) NOTE: 20230419: Added by Front-Desk (ola) - NOTE: 20230522: waiting for sid/bullseye update (pochu) + NOTE: 20230522: waiting for sid update (pochu) + NOTE: 20230612: sid updated, preparing backport (pochu) -- owslib (Adrian Bunk) NOTE: 20230514: Added by Front-Desk (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da80a3663c6c65081d5752faf54235c1b511c7ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da80a3663c6c65081d5752faf54235c1b511c7ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3452-1 for thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 17d519dc by Emilio Pozuelo Monfort at 2023-06-12T11:37:03+02:00 Reserve DLA-3452-1 for thunderbird - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Jun 2023] DLA-3452-1 thunderbird - security update + {CVE-2023-34414 CVE-2023-34416} + [buster] - thunderbird 1:102.12.0-1~deb10u1 [09 Jun 2023] DLA-3451-1 pypdf2 - security update {CVE-2022-24859} [buster] - pypdf2 1.26.0-2+deb10u1 = data/dla-needed.txt = @@ -195,9 +195,6 @@ samba (Lee Garrett) NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) -- -thunderbird (Emilio) - NOTE: 20230606: Added by pochu --- webkit2gtk (Emilio) NOTE: 20230512: Re-added (pochu) NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d519dcd4d21f0985504307b0027158f2abb04c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d519dcd4d21f0985504307b0027158f2abb04c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add ffmpeg to dla-needed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bb5d1e6e by Moritz Muehlenhoff at 2023-06-12T11:26:38+02:00 Add ffmpeg to dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -43,6 +43,13 @@ erlang (Markus Koschany) NOTE: 20221119: Added by Front-Desk (ta) NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) -- +ffmpeg + NOTE: 20230612: Added by jmm + NOTE: 20230612: ffmpeg 4.1.11 has been released + NOTE: 20230612: Debian follows the upstream point releases, most of the security fixes never get CVE IDs + NOTE: 20230612: Make sure to review if any of the open issues are fixed by the new release, otherwise + NOTE: 20230612: it's also fine to release these without any specific CVE ID reference +-- fusiondirectory (Abhijith PA) NOTE: 20221203: Added by Front-Desk (gladk) NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk). View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb5d1e6e6f88732f1146bb3aaf37a80ce1411ecf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb5d1e6e6f88732f1146bb3aaf37a80ce1411ecf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 334 gitlab CVEs fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bce75cd by Moritz Muehlenhoff at 2023-06-12T10:58:05+02:00 334 gitlab CVEs fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -258,7 +258,7 @@ CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account w CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...) - puppet (Specific to Puppet Enterprise) CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...) NOT-FOR-US: Pinterest Automatic plugin for WordPress CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...) @@ -660,7 +660,7 @@ CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...) - linux 5.19.6-1 NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2) @@ -3214,7 +3214,7 @@ CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligen CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...) NOT-FOR-US: answerdev/answer CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) NOT-FOR-US: jsreport CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) @@ -4650,9 +4650,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injecti CVE-2023-2200 RESERVED CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-30912 RESERVED CVE-2023-30911 @@ -4791,7 +4791,7 @@ CVE-2023-2183 (Grafana is an open-source platform for monitoring and observabili CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) @@ -5096,7 +5096,7 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...) NOT-FOR-US: INEA ME RTU firmware CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -5732,7 +5732,7 @@ CVE-2023-2071 CVE-2023-2070 RESERVED CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2068 RESERVED CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) @@ -5846,11 +5846,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0 CVE-2023-2016 RESERVED CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...) NOT-FOR-US: microweber CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 15.10.8+ds1-2 CVE-2023-2012 RESERVED CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...) @@ -6047,7 +6047,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due t NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2...@pku.edu.cn/ NOTE:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8fd7863 by Salvatore Bonaccorso at 2023-06-12T10:15:51+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35034 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35033 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) TODO: check CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fd7863ff489502937af67d89b89ed3c5af0ccb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fd7863ff489502937af67d89b89ed3c5af0ccb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bcb9fc47 by security tracker role at 2023-06-12T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) + TODO: check +CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + TODO: check +CVE-2023-35034 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + TODO: check +CVE-2023-35033 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + TODO: check +CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + TODO: check +CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + TODO: check +CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) + TODO: check +CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) + TODO: check CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.) TODO: check CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) @@ -18921,8 +18937,8 @@ CVE-2023-26135 RESERVED CVE-2023-26134 RESERVED -CVE-2023-26133 - RESERVED +CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...) + TODO: check CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...) TODO: check CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb9fc47660eeeaaea9ae2fd0431acda6429a5a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb9fc47660eeeaaea9ae2fd0431acda6429a5a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for some linux CVEs with unstable upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a3b0ab39 by Salvatore Bonaccorso at 2023-06-12T08:47:29+02:00 Track fixed version for some linux CVEs with unstable upload - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Managem CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) NOT-FOR-US: SourceCodester Performance Indicator System CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...) - - linux + - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1) CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) NOT-FOR-US: D-Link @@ -1087,7 +1087,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent' CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...) NOT-FOR-US: BMC Patrol CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...) - - linux + - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2) CVE-2023-34255 REJECTED @@ -1164,7 +1164,7 @@ CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...) NOT-FOR-US: ASUSTOR CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...) - - linux (unimportant) + - linux 6.3.7-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1) @@ -2761,13 +2761,13 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS pr CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-32254 - - linux + - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/ CVE-2023-32250 - - linux + - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) @@ -3371,7 +3371,7 @@ CVE-2015-10105 (A vulnerability, which was classified as critical, was found in CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-2430 [io_uring/msg_ring: fix missing lock on overflow for IOPOLL] - - linux + - linux 6.3.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d (6.2-rc5) CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) @@ -4026,7 +4026,7 @@ CVE-2023-24476 (An attacker with local access to the machine could record the tr CVE-2023-2270 RESERVED CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...) - - linux + - linux 6.3.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388 CVE-2023-2268 RESERVED @@ -4164,7 +4164,7 @@ CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux k NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.javamail.zim...@nod.at/ NOTE: Negligible security impact CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...) - - linux + - linux 6.3.7-1 NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+odyq85tzy1x+tkt-6ovbl6k...@mail.gmail.com/ CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...) - linux @@ -4788,7 +4788,7 @@ CVE-2023-2177 (A null pointer dereference issue was found in the sctp network pr NOTE: https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=k...@mail.gmail.com/T/ NOTE: https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19) CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/infiniba ...) - - linux + - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present)
[Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2023-2156/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c21cc66a by Salvatore Bonaccorso at 2023-06-12T08:32:49+02:00 Track upstream commit for CVE-2023-2156/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5000,6 +5000,7 @@ CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/ NOTE: https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death + NOTE: https://git.kernel.org/linus/a2f4c143d76b1a47c91ef9bc46907116b111da0b (6.4-rc6) CVE-2023-2155 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-2154 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c21cc66a16db3396cd7a5e027bbe7c45ac5928f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c21cc66a16db3396cd7a5e027bbe7c45ac5928f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits