date:20230917

[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-43090/gnome-shell

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
29454058 by Salvatore Bonaccorso at 2023-09-18T07:28:36+02:00
Update information on CVE-2023-43090/gnome-shell

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -45,10 +45,13 @@ CVE-2023-43091 [Code injection via service.json file]
NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
 (v45.rc)
 CVE-2023-43090 [Screenshot tool allows viewing open windows when session is 
locked]
- gnome-shell 44.5-1 (bug #1052067)
+   [bullseye] - gnome-shell  (Vulnerable code introduced in 
42.beta)
+   [buster] - gnome-shell  (Vulnerable code introduced in 
42.beta)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
-   NOTE: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
-   NOTE: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
+   NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
+   NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
+   NOTE: Introduced around: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c
 CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for 
WordPre ...)
NOT-FOR-US: Horizontal scrolling announcement for WordPress plugin for 
WordPress
 CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is 
vulnerable to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/294540589d1330e46f32066dfdb3404a4f330cc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/294540589d1330e46f32066dfdb3404a4f330cc3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

2023-09-17 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2b2424b6 by Moritz Muehlenhoff at 2023-09-17T23:22:36+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -23,9 +23,11 @@ cinder/oldstable
 --
 flac/oldstable (jmm)
 --
-gnome-shell
+gnome-shell (jmm)
   Maintainer preparing updates
 --
+gpac/oldstable (jmm)
+--
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports
 --
@@ -33,6 +35,8 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions
 --
+lldpd
+--
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2424b6f08917cb6c499f9462923571f817680c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2424b6f08917cb6c499f9462923571f817680c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65f3ff83 by Salvatore Bonaccorso at 2023-09-17T22:15:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2023-5028 (A vulnerability, which was classified as problematic, has been 
found i ...)
-   TODO: check
+   NOT-FOR-US: China Unicom TEWA-800G
 CVE-2023-5027 (A vulnerability classified as critical was found in 
SourceCodester Sim ...)
-   TODO: check
+   NOT-FOR-US: SourceCodester Simple Membership System
 CVE-2023-5026 (A vulnerability classified as problematic has been found in 
Tongda OA  ...)
-   TODO: check
+   NOT-FOR-US: Tongda OA
 CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been 
declared ...)
NOT-FOR-US: KOHA
 CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been 
classified a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65f3ff838dd87101a05d205a8496b917900ca2e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65f3ff838dd87101a05d205a8496b917900ca2e7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
00b50173 by security tracker role at 2023-09-17T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,9 @@
+CVE-2023-5028 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2023-5027 (A vulnerability classified as critical was found in 
SourceCodester Sim ...)
+   TODO: check
+CVE-2023-5026 (A vulnerability classified as problematic has been found in 
Tongda OA  ...)
+   TODO: check
 CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been 
declared ...)
NOT-FOR-US: KOHA
 CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been 
classified a ...)
@@ -759,7 +765,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs 
in Google Chrome on A
- chromium 117.0.5938.62-1
[buster] - chromium  (see DSA 5046)
 CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 
116.0.5845.187  ...)
-   {DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3568-1}
+   {DSA-5497-2 DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3569-1 DLA-3568-1}
- chromium 117.0.5938.62-1 (unimportant)
[buster] - chromium  (see DSA 5046)
- firefox 117.0.1-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00b50173dd42fc5d0b2ede1882ffe81f25b31717

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00b50173dd42fc5d0b2ede1882ffe81f25b31717
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-29390/libjpeg-turbo

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d395e245 by Salvatore Bonaccorso at 2023-09-17T22:01:13+02:00
Update information for CVE-2021-29390/libjpeg-turbo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -174021,9 +174021,12 @@ CVE-2021-29392
 CVE-2021-29391
RESERVED
 CVE-2021-29390 (libjpeg-turbo version 2.0.90 has a heap-based buffer over-read 
(2 byte ...)
-   - libjpeg-turbo 
+   - libjpeg-turbo  (Vulnerable code not in a Debian 
released version)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943797
-   TODO: check, no sensible information and RHBZ#1943797 is restricted
+   NOTE: Context: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724
+   NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476
+   NOTE: Introduced by: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/42825b68d570fb07fe820ac62ad91017e61e9a25
 (2.0.90)
+   NOTE: Fixed by: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469
 (2.1.0)
 CVE-2021-29389
RESERVED
 CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in 
SourceCodester Bu ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d395e24584aa1245fbd47ef38909abcb805932ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d395e24584aa1245fbd47ef38909abcb805932ed
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add gnome-shell to dsa-needed list

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
13586562 by Salvatore Bonaccorso at 2023-09-17T20:43:19+02:00
Add gnome-shell to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -23,6 +23,9 @@ cinder/oldstable
 --
 flac/oldstable (jmm)
 --
+gnome-shell
+  Maintainer preparing updates
+--
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/135865629979fc2ba2d51b189b887001dc44b11a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/135865629979fc2ba2d51b189b887001dc44b11a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixes via unstable for CVE-2023-43090/gnome-shell

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b057534 by Salvatore Bonaccorso at 2023-09-17T20:40:18+02:00
Add fixes via unstable for CVE-2023-43090/gnome-shell

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -38,7 +38,7 @@ CVE-2023-43091 [Code injection via service.json file]
NOTE: Introduced with merge: 
https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha)
NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
 (v45.rc)
 CVE-2023-43090 [Screenshot tool allows viewing open windows when session is 
locked]
-   - gnome-shell  (bug #1052067)
+   - gnome-shell 44.5-1 (bug #1052067)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
NOTE: 
https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b0575346dbc4fa044e0632773677f60f2623da1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b0575346dbc4fa044e0632773677f60f2623da1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add entry for DSA 5497-2/libwebp in bullseye

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fdcfa143 by Salvatore Bonaccorso at 2023-09-17T20:37:27+02:00
Add entry for DSA 5497-2/libwebp in bullseye

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[13 Sep 2023] DSA-5497-2 libwebp - security update
+   {CVE-2023-4863}
+   [bullseye] - libwebp 0.6.1-2.1+deb11u2
 [15 Sep 2023] DSA-5498-1 thunderbird - security update
{CVE-2023-4863}
[bullseye] - thunderbird 1:102.15.1-1~deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcfa143a9feeb6d3804f51626c1badbfd8bb2bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcfa143a9feeb6d3804f51626c1badbfd8bb2bf
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] take flac

2023-09-17 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ffe4cba3 by Moritz Muehlenhoff at 2023-09-17T19:54:33+02:00
take flac

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -21,13 +21,11 @@ chromium (jmm)
 --
 cinder/oldstable
 --
-flac/oldstable
+flac/oldstable (jmm)
 --
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports
 --
-libwebp/oldstable (jmm)
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe4cba3b47d3af04bc73751f3fdc7f027a1b85c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe4cba3b47d3af04bc73751f3fdc7f027a1b85c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note

2023-09-17 Thread Thorsten Alteholz (@alteholz)



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a09a96cc by Thorsten Alteholz at 2023-09-17T19:39:24+02:00
update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -52,6 +52,7 @@ dogecoin
 --
 elfutils (Thorsten Alteholz)
   NOTE: 20230903: Added by Front-Desk (gladk)
+  NOTE: 20230917: testing package
 --
 exempi
   NOTE: 20230907: Added by Front-Desk (lamby)
@@ -61,6 +62,7 @@ exiv2
 --
 file (Thorsten Alteholz)
   NOTE: 20230901: Added by Front-Desk (gladk)
+  NOTE: 20230917: testing package
 --
 firmware-nonfree
   NOTE: 20230820: Added by Front-Desk (ta)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09a96cc32d49e72d0a2158b58788e8965b3e44a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09a96cc32d49e72d0a2158b58788e8965b3e44a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-42464/netatalk

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b6c48934 by Salvatore Bonaccorso at 2023-09-17T15:28:37+02:00
Add CVE-2023-42464/netatalk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7870,6 +7870,9 @@ CVE-2023-34968 (A path disclosure vulnerability was found 
in Samba. As part of t
{DSA-5477-1}
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html
+CVE-2023-42464
+   - netatalk  (bug #1052087)
+   NOTE: https://github.com/Netatalk/netatalk/issues/486
 CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC 
service ...)
{DSA-5477-1}
- samba 2:4.18.5+dfsg-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c4893452c9cf74bee953b701eddf95d88007f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c4893452c9cf74bee953b701eddf95d88007f9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-24904/viagee

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
207a3662 by Salvatore Bonaccorso at 2023-09-17T13:30:18+02:00
Track fixed version for CVE-2020-24904/viagee

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -217056,12 +217056,13 @@ CVE-2020-24906
 CVE-2020-24905
RESERVED
 CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail 
version 2.5 ...)
-   - viagee  (bug #1051726)
+   - viagee 3.7-1 (bug #1051726)
[bookworm] - viagee  (Minor issue)
- gnome-gmail 
[bullseye] - gnome-gmail  (Minor issue)
[buster] - gnome-gmail  (Minor issue)
NOTE: https://github.com/davesteele/gnome-gmail/issues/84
+   NOTE: 
https://github.com/davesteele/viagee/commit/c961b7431018976abc9c964ce594b371fb84183e
 CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected 
cross-site scri ...)
NOT-FOR-US: Cute Editor for ASP.NET
 CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site 
scripting (XS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/207a36626dd28abf3bfbd40144efdc4f06b02b91

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/207a36626dd28abf3bfbd40144efdc4f06b02b91
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3569-1 for thunderbird

2023-09-17 Thread Emilio Pozuelo Monfort (@pochu)



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
043bf358 by Emilio Pozuelo Monfort at 2023-09-17T11:41:51+02:00
Reserve DLA-3569-1 for thunderbird

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[17 Sep 2023] DLA-3569-1 thunderbird - security update
+   {CVE-2023-4863}
+   [buster] - thunderbird 1:102.15.1-1~deb10u1
 [16 Sep 2023] DLA-3568-1 firefox-esr - security update
{CVE-2023-4863}
[buster] - firefox-esr 102.15.1esr-1~deb10u1


=
data/dla-needed.txt
=
@@ -220,9 +220,6 @@ suricata
   NOTE: 20230714: Still reviewing+testing CVEs. (bunk)
   NOTE: 20230731: Still reviewing+testing CVEs. (bunk)
 --
-thunderbird (Emilio)
-  NOTE: 20230915: Added by Front-Desk (pochu)
---
 tiff (gladk)
   NOTE: 20230826: Added by Front-Desk (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/043bf35861920ff907500669900281997f5e75c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/043bf35861920ff907500669900281997f5e75c1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f40e3872 by Salvatore Bonaccorso at 2023-09-17T11:24:55+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -228772,7 +228772,7 @@ CVE-2020-19561
 CVE-2020-19560
RESERVED
 CVE-2020-19559 (An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a 
remote at ...)
-   TODO: check
+   NOT-FOR-US: Diebold Aglis XFS for Opteva
 CVE-2020-19558
RESERVED
 CVE-2020-19557
@@ -229298,17 +229298,17 @@ CVE-2020-19325
 CVE-2020-19324
RESERVED
 CVE-2020-19323 (An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 
2.06beta ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2020-19322
RESERVED
 CVE-2020-19321
RESERVED
 CVE-2020-19320 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta 
via the ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2020-19319 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta 
via the ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2020-19318 (Buffer Overflow vulnerability in D-Link DIR-605L, hardware 
version AX, ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2020-19317
RESERVED
 CVE-2020-19316 (OS Command injection vulnerability in function link in 
Filesystem.php  ...)
@@ -287975,9 +287975,9 @@ CVE-2019-16473
 CVE-2019-16472
RESERVED
 CVE-2019-16471 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are 
affected  ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2019-16470 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are 
affected  ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 
6.0 hav ...)
NOT-FOR-US: Adobe Experience Manager
 CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 
6.0 hav ...)
@@ -315447,7 +315447,7 @@ CVE-2019-7821 (Adobe Acrobat and Reader versions 
2019.010.20100 and earlier, 201
 CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)
NOT-FOR-US: Adobe
 CVE-2019-7819 (Adobe Acrobat Reader versions 2019.010.20098 and earlier are 
affected  ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)
NOT-FOR-US: Adobe
 CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f40e3872704a188fc3602486e693528b67c75b67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f40e3872704a188fc3602486e693528b67c75b67
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41900/jetty9

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4fc75054 by Salvatore Bonaccorso at 2023-09-17T11:11:25+02:00
Add CVE-2023-41900/jetty9

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -56,7 +56,10 @@ CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 
v.1.0.1.705 allows a remote
 CVE-2023-41901
REJECTED
 CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 
9.4.21 t ...)
-   TODO: check
+   - jetty9 
+   NOTE: 
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
+   NOTE: https://github.com/eclipse/jetty.project/pull/9528 (10.0.16, 
11.0.16)
+   NOTE: https://github.com/eclipse/jetty.project/pull/9660 (9.4.52)
 CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file 
upload vuln ...)
NOT-FOR-US: Gradio
 CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a 
local at ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc75054a925710d587c8448dbc1797fcd9e8dbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc75054a925710d587c8448dbc1797fcd9e8dbd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41887/openrefine

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9e5c7ac2 by Salvatore Bonaccorso at 2023-09-17T11:06:46+02:00
Add CVE-2023-41887/openrefine

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -148,7 +148,9 @@ CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site 
Request Forgery (CSRF
 CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 
1.18.0, SHI ...)
NOT-FOR-US: SHIRASAGI
 CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
-   TODO: check
+   - openrefine 3.7.5-1
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511
 (3.7.5)
 CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
- openrefine 3.7.5-1
NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5c7ac2a5b42423198cb612a8a324a9f884a665

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5c7ac2a5b42423198cb612a8a324a9f884a665
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41886/openrefine

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
293ea5b8 by Salvatore Bonaccorso at 2023-09-17T11:04:52+02:00
Add CVE-2023-41886/openrefine

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -150,7 +150,10 @@ CVE-2023-41889 (SHIRASAGI is a Content Management System. 
Prior to version 1.18.
 CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
TODO: check
 CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
-   TODO: check
+   - openrefine 3.7.5-1
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d
 (master)
+   NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511
 (3.7.5)
 CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime 
versions fr ...)
NOT-FOR-US: Wasmtime
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a 
cross-site  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/293ea5b8f4f1f65b29207da4409fd86318f58a7b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/293ea5b8f4f1f65b29207da4409fd86318f58a7b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-40167/jetty9

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63ca9038 by Salvatore Bonaccorso at 2023-09-17T10:59:09+02:00
Add CVE-2023-40167/jetty9

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -192,7 +192,8 @@ CVE-2023-40868 (Cross Site Request Forgery vulnerability in 
mooSocial MooSocial
 CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
NOT-FOR-US: Discourse
 CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to 
versions ...)
-   TODO: check
+   - jetty9 
+   NOTE: 
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
 CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
- freeswitch  (bug #389591)
 CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63ca90385cd8d57872fb06ef5f40c59b00ee519b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63ca90385cd8d57872fb06ef5f40c59b00ee519b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Adjust source package name for CVE-2023-2604{8,9} and track fixed version via experimental

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
49598ed3 by Salvatore Bonaccorso at 2023-09-17T10:55:36+02:00
Adjust source package name for CVE-2023-2604{8,9} and track fixed version via 
experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -32481,12 +32481,14 @@ CVE-2023-26051 (Saleor is a headless, GraphQL 
commerce platform delivering perso
 CVE-2023-26050
RESERVED
 CVE-2023-26049 (Jetty is a java based web server and servlet engine. 
Nonstandard cooki ...)
-   - jetty 
+   [experimental] - jetty9 9.4.51-1
+   - jetty9 
NOTE: 
https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
NOTE: https://github.com/eclipse/jetty.project/pull/9339
NOTE: https://github.com/eclipse/jetty.project/pull/9352
 CVE-2023-26048 (Jetty is a java based web server and servlet engine. In 
affected versi ...)
-   - jetty 
+   [experimental] - jetty9 9.4.51-1
+   - jetty9 
NOTE: 
https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
NOTE: https://github.com/eclipse/jetty.project/issues/9076
NOTE: https://github.com/eclipse/jetty.project/pull/9344



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49598ed373ad7e01cf3b0a35a80b271c4d422743

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49598ed373ad7e01cf3b0a35a80b271c4d422743
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4075a7d1 by Salvatore Bonaccorso at 2023-09-17T10:48:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -17,17 +17,17 @@ CVE-2023-5018 (A vulnerability classified as critical has 
been found in SourceCo
 CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been 
rated as c ...)
NOT-FOR-US: lmxcms
 CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has 
been decl ...)
-   TODO: check
+   NOT-FOR-US: spider-flow
 CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified 
as pro ...)
NOT-FOR-US: UCMS
 CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 
1.0 and  ...)
NOT-FOR-US: Sakshi2610 Food Ordering Website
 CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and 
classified as p ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2023-5012 (A vulnerability, which was classified as problematic, was found 
in Top ...)
-   TODO: check
+   NOT-FOR-US: Topaz OFD
 CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 
and earl ...)
-   TODO: check
+   NOT-FOR-US: Revive Adserver
 CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to 
Server- ...)
NOT-FOR-US: Dropbox Folder Share plugin for WordPress
 CVE-2023-43091 [Code injection via service.json file]
@@ -66,7 +66,7 @@ CVE-2023-41157 (Multiple stored cross-site scripting (XSS) 
vulnerabilities in Us
 CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin 
Control Panel  ...)
NOT-FOR-US: vBulletin
 CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser 
before v2.23 ...)
-   TODO: check
+   NOT-FOR-US: FileBrowser
 CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
NOT-FOR-US: Microsoft
 CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
@@ -144,7 +144,7 @@ CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote 
attacker to execute arb
 CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App 
v.4.4.0 allow ...)
NOT-FOR-US: Teller Web App
 CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery 
(CSRF).)
-   TODO: check
+   NOT-FOR-US: Grocy
 CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 
1.18.0, SHI ...)
NOT-FOR-US: SHIRASAGI
 CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
@@ -152,7 +152,7 @@ CVE-2023-41887 (OpenRefine is a powerful free, open source 
tool for working with
 CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
TODO: check
 CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime 
versions fr ...)
-   TODO: check
+   NOT-FOR-US: Wasmtime
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a 
cross-site  ...)
NOT-FOR-US: Froala Editor
 CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
@@ -212,7 +212,7 @@ CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was 
discovered to contain a SQL in
 CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to 
contain ...)
NOT-FOR-US: D-LINK
 CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script 
v.3.6 all ...)
-   TODO: check
+   NOT-FOR-US: Super Store Finder PHP Script
 CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a 
remote auth ...)
NOT-FOR-US: Vtiger CRM
 CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
@@ -226,11 +226,11 @@ CVE-2023-37281 (Contiki-NG is an operating system for 
internet-of-things devices
 CVE-2023-37263 (Strapi is the an open-source headless content management 
system. Prior ...)
NOT-FOR-US: Strapi
 CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. Long  ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. It ha ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. Built ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository 
for the ...)
TODO: check
 CVE-2023-36472 (Strapi is the an open-source headless content management 
system. Prior ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4075a7d10df2fb7175c2c4bed53f5cde3d35ca55

-- 
View

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2f374d67 by Salvatore Bonaccorso at 2023-09-17T10:19:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,27 +1,27 @@
 CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been 
declared ...)
-   TODO: check
+   NOT-FOR-US: KOHA
 CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been 
classified a ...)
-   TODO: check
+   NOT-FOR-US: Planno
 CVE-2023-5023 (A vulnerability was found in Tongda OA 2017 and classified as 
critical ...)
-   TODO: check
+   NOT-FOR-US: Tongda OA
 CVE-2023-5022 (A vulnerability has been found in DedeCMS up to 5.7.100 and 
classified ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2023-5021 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
-   TODO: check
+   NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-5020 (A vulnerability, which was classified as critical, has been 
found in 0 ...)
-   TODO: check
+   NOT-FOR-US: 07FLY CRM
 CVE-2023-5019 (A vulnerability classified as critical was found in Tongda OA. 
This vu ...)
-   TODO: check
+   NOT-FOR-US: Tongda OA
 CVE-2023-5018 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
-   TODO: check
+   NOT-FOR-US: SourceCodester Lost and Found Information System
 CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been 
rated as c ...)
-   TODO: check
+   NOT-FOR-US: lmxcms
 CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has 
been decl ...)
TODO: check
 CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified 
as pro ...)
-   TODO: check
+   NOT-FOR-US: UCMS
 CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 
1.0 and  ...)
-   TODO: check
+   NOT-FOR-US: Sakshi2610 Food Ordering Website
 CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and 
classified as p ...)
TODO: check
 CVE-2023-5012 (A vulnerability, which was classified as problematic, was found 
in Top ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f374d670416164751118c3fdbcce54464f60d0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f374d670416164751118c3fdbcce54464f60d0b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
37b3c7ac by security tracker role at 2023-09-17T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been 
declared ...)
+   TODO: check
+CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been 
classified a ...)
+   TODO: check
+CVE-2023-5023 (A vulnerability was found in Tongda OA 2017 and classified as 
critical ...)
+   TODO: check
+CVE-2023-5022 (A vulnerability has been found in DedeCMS up to 5.7.100 and 
classified ...)
+   TODO: check
+CVE-2023-5021 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
+   TODO: check
+CVE-2023-5020 (A vulnerability, which was classified as critical, has been 
found in 0 ...)
+   TODO: check
+CVE-2023-5019 (A vulnerability classified as critical was found in Tongda OA. 
This vu ...)
+   TODO: check
+CVE-2023-5018 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+   TODO: check
+CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been 
rated as c ...)
+   TODO: check
+CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has 
been decl ...)
+   TODO: check
+CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified 
as pro ...)
+   TODO: check
+CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 
1.0 and  ...)
+   TODO: check
+CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and 
classified as p ...)
+   TODO: check
+CVE-2023-5012 (A vulnerability, which was classified as problematic, was found 
in Top ...)
+   TODO: check
+CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 
and earl ...)
+   TODO: check
 CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to 
Server- ...)
NOT-FOR-US: Dropbox Folder Share plugin for WordPress
 CVE-2023-43091 [Code injection via service.json file]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b3c7acee8449e407a2dfecefc55261a472858a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b3c7acee8449e407a2dfecefc55261a472858a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-42503

2023-09-17 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
33830f7b by Salvatore Bonaccorso at 2023-09-17T08:51:54+02:00
Track fixed version via unstable for CVE-2023-42503

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -270,7 +270,7 @@ CVE-2023-4814 (A Privilege escalation vulnerability exists 
in Trellix Windows DL
 CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be 
run by de ...)
NOT-FOR-US: PaperCut
 CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption 
vulnerabi ...)
-   - libcommons-compress-java  (bug #1052065)
+   - libcommons-compress-java 1.24.0-1 (bug #1052065)
[bullseye] - libcommons-compress-java  (Vulnerable code 
introduced later)
[buster] - libcommons-compress-java  (Vulnerable code 
introduced later)
NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33830f7b21433a5cbb69450f177e184d4b193dcc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33830f7b21433a5cbb69450f177e184d4b193dcc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-43090/gnome-shell

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-29390/libjpeg-turbo

[Git][security-tracker-team/security-tracker][master] Add gnome-shell to dsa-needed list

[Git][security-tracker-team/security-tracker][master] Add fixes via unstable for CVE-2023-43090/gnome-shell

[Git][security-tracker-team/security-tracker][master] Add entry for DSA 5497-2/libwebp in bullseye

[Git][security-tracker-team/security-tracker][master] take flac

[Git][security-tracker-team/security-tracker][master] update note

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-42464/netatalk

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-24904/viagee

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3569-1 for thunderbird

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41900/jetty9

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41887/openrefine

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41886/openrefine

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-40167/jetty9

[Git][security-tracker-team/security-tracker][master] Adjust source package name for CVE-2023-2604{8,9} and track fixed version via experimental

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-42503

23 matches

Site Navigation

Mail list logo

Footer information