[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-38473 CVE-2023-38472 CVE-2023-38471 CVE-2023-38470...
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d45a939 by Thorsten Alteholz at 2023-10-12T23:25:19+02:00 mark CVE-2023-38473 CVE-2023-38472 CVE-2023-38471 CVE-2023-38470 CVE-2023-38469 as postponed minor issue for Buster - - - - - 3cfa0e18 by Thorsten Alteholz at 2023-10-12T23:31:27+02:00 mark CVE-2023-43643 as no-dsa for Buster - - - - - 3a46a423 by Thorsten Alteholz at 2023-10-12T23:35:33+02:00 mark CVE-2023-3430 as no-dsa for Buster - - - - - 3f7ebff2 by Thorsten Alteholz at 2023-10-12T23:40:05+02:00 mark CVE-2023-42822 as no-dsa for Buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1061,6 +1061,7 @@ CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansin - libowasp-antisamy-java [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 NOTE: https://github.com/nahsra/antisamy/commit/05c52b98bb845b8175b8406bd2f391ce334a05d6 (v1.7.4) CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open source ...) @@ -1445,6 +1446,7 @@ CVE-2023-3430 - openimageio 2.4.13.0+dfsg-1 [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3840 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) @@ -1452,24 +1454,28 @@ CVE-2023-38473 - avahi [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/451 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38472 - avahi [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/452 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38471 - avahi [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/453 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38470 - avahi [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/454 NOTE: https://github.com/lathiat/avahi/pull/457 NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c @@ -2762,6 +2768,7 @@ CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to - xrdp (bug #1053284) [bookworm] - xrdp (Minor issue) [bullseye] - xrdp (Minor issue) + [buster] - xrdp (Minor issue) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9...3f7ebff2301fccdae2bdc202e3767c221f4e3388 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9...3f7ebff2301fccdae2bdc202e3767c221f4e3388 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-5522-2 tomcat9
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f3250a1 by Markus Koschany at 2023-10-12T22:27:42+02:00 Reserve DSA-5522-2 tomcat9 - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,5 @@ +[12 Oct 2023] DSA-5522-2 tomcat9 - regression update + [bullseye] - tomcat9 9.0.43-2~deb11u8 [12 Oct 2023] DSA-5527-1 webkit2gtk - security update {CVE-2023-39928 CVE-2023-41074 CVE-2023-41993} [bullseye] - webkit2gtk 2.42.1-1~deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3250a15b606a2885c8c9a4832248fb2b5ca0c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 801a8384 by security tracker role at 2023-10-12T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,69 @@ +CVE-2023-5562 (An unsafe default configuration in KNIME Analytics Platform before 5.2 ...) + TODO: check +CVE-2023-5556 (Cross-site Scripting (XSS) - Reflected in GitHub repository structuriz ...) + TODO: check +CVE-2023- (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms p ...) + TODO: check +CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...) + TODO: check +CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...) + TODO: check +CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...) + TODO: check +CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) + TODO: check +CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...) + TODO: check +CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...) + TODO: check +CVE-2023-45106 (Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram ...) + TODO: check +CVE-2023-45103 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Per ...) + TODO: check +CVE-2023-45102 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Mana ...) + TODO: check +CVE-2023-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact F ...) + TODO: check +CVE-2023-45063 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content W ...) + TODO: check +CVE-2023-45060 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Intera ...) + TODO: check +CVE-2023-45058 (Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short ...) + TODO: check +CVE-2023-45052 (Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map ...) + TODO: check +CVE-2023-45048 (Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof ...) + TODO: check +CVE-2023-45047 (Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc Le ...) + TODO: check +CVE-2023-45011 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Pow ...) + TODO: check +CVE-2023-44998 (Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy H ...) + TODO: check +CVE-2023-43149 (SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) th ...) + TODO: check +CVE-2023-43148 (SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability ...) + TODO: check +CVE-2023-43147 (PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Reque ...) + TODO: check +CVE-2023-41131 (Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Da ...) + TODO: check +CVE-2023-37637 + REJECTED +CVE-2023-32634 (An authentication bypass vulnerability exists in the CiRpcServerThread ...) + TODO: check +CVE-2023-32275 (An information disclosure vulnerability exists in the CtEnumCa() funct ...) + TODO: check +CVE-2023-32124 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publi ...) + TODO: check +CVE-2023-31192 (An information disclosure vulnerability exists in the ClientConnect() ...) + TODO: check +CVE-2023-27516 (An authentication bypass vulnerability exists in the CiRpcAccepted() f ...) + TODO: check CVE-2023-36839 NOT-FOR-US: Juniper CVE-2023-44204 @@ -260,45 +326,59 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and imm - golang-1.11 NOTE: https://github.com/golang/go/issues/63417 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...) + {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...) + {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...) + {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) + {DSA-5526-1} - chromium 118.0.5993.70-1
[Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5527-1
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: 1860b20b by Alberto Garcia at 2023-10-12T21:26:17+02:00 webkit2gtk DSA-5527-1 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[12 Oct 2023] DSA-5527-1 webkit2gtk - security update + {CVE-2023-39928 CVE-2023-41074 CVE-2023-41993} + [bullseye] - webkit2gtk 2.42.1-1~deb11u1 + [bookworm] - webkit2gtk 2.42.1-1~deb12u1 [12 Oct 2023] DSA-5526-1 chromium - security update {CVE-2023-5218 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5481 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487} [bookworm] - chromium 118.0.5993.70-1~deb12u1 = data/dsa-needed.txt = @@ -86,8 +86,6 @@ tiff (aron) -- trafficserver -- -webkit2gtk --- wpewebkit/oldstable -- xen (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1860b20bf256456c2d1e942b6de43b0b6d6e8af5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1860b20bf256456c2d1e942b6de43b0b6d6e8af5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a785e757 by Moritz Muehlenhoff at 2023-10-12T20:40:44+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,9 +69,9 @@ CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...) - TODO: check + NOT-FOR-US: Tencent CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) - TODO: check + NOT-FOR-US: Android CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) TODO: check CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) @@ -86,7 +86,7 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) NOTE: https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d NOTE: Crash in CLI tool, no security impact CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...) - TODO: check + NOT-FOR-US: KernelSU CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) TODO: check CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...) @@ -28880,7 +28880,7 @@ CVE-2023-28636 (GLPI is a free asset and IT management software package. Startin - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28635 (vantage6 is privacy preserving federated learning infrastructure. Prio ...) - TODO: check + NOT-FOR-US: vantage6 CVE-2023-28634 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone @@ -35701,7 +35701,7 @@ CVE-2023-26372 (Adobe Dimension version 3.4.8 (and earlier) is affected by an ou CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...) NOT-FOR-US: Adobe CVE-2023-26368 @@ -43187,7 +43187,7 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 CVE-2023-23930 (vantage6 is privacy preserving federated learning infrastructure. Vers ...) - TODO: check + NOT-FOR-US: vantage6 CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...) NOT-FOR-US: vantage6 CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a785e7573a5574888c9af2888d69a7b14f5ffe04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a785e7573a5574888c9af2888d69a7b14f5ffe04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cac14769 by Moritz Mühlenhoff at 2023-10-12T19:26:15+02:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[12 Oct 2023] DSA-5526-1 chromium - security update + {CVE-2023-5218 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5481 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487} + [bookworm] - chromium 118.0.5993.70-1~deb12u1 [11 Oct 2023] DSA-5525-1 samba - security update {CVE-2023-3961 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670} [bookworm] - samba 2:4.17.12+dfsg-0+deb12u1 = data/dsa-needed.txt = @@ -17,8 +17,6 @@ audiofile -- cacti -- -chromium (jmm) --- cinder/oldstable -- gpac/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac1476915470dc0c8f9f1bf43588eda8ec48977 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cac1476915470dc0c8f9f1bf43588eda8ec48977 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 27b679c3 by Moritz Muehlenhoff at 2023-10-12T11:59:01+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2023-36839 + NOT-FOR-US: Juniper +CVE-2023-44204 + NOT-FOR-US: Juniper +CVE-2023-44182 + NOT-FOR-US: Juniper +CVE-2023-44203 + NOT-FOR-US: Juniper +CVE-2023-44202 + NOT-FOR-US: Juniper +CVE-2023-44198 + NOT-FOR-US: Juniper +CVE-2023-44197 + NOT-FOR-US: Juniper +CVE-2023-44196 + NOT-FOR-US: Juniper +CVE-2023-44195 + NOT-FOR-US: Juniper +CVE-2023-44201 + NOT-FOR-US: Juniper +CVE-2023-44199 + NOT-FOR-US: Juniper +CVE-2023-44184 + NOT-FOR-US: Juniper +CVE-2023-44181 + NOT-FOR-US: Juniper +CVE-2023-44191 + NOT-FOR-US: Juniper +CVE-2023-44192 + NOT-FOR-US: Juniper +CVE-2023-44175 + NOT-FOR-US: Juniper +CVE-2023-44178 + NOT-FOR-US: Juniper +CVE-2023-44177 + NOT-FOR-US: Juniper +CVE-2023-44176 + NOT-FOR-US: Juniper +CVE-2023-36841 + NOT-FOR-US: Juniper +CVE-2023-36843 + NOT-FOR-US: Juniper +CVE-2023-44194 + NOT-FOR-US: Juniper +CVE-2023-44193 + NOT-FOR-US: Juniper +CVE-2023-44183 + NOT-FOR-US: Juniper +CVE-2023-44185 + NOT-FOR-US: Juniper CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site ...) @@ -7,13 +57,13 @@ CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WA CVE-2023-44793 REJECTED CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...) - TODO: check + NOT-FOR-US: Juniper CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation of Junipe ...) - TODO: check + NOT-FOR-US: Juniper CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) - TODO: check + NOT-FOR-US: Juniper CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...) - TODO: check + NOT-FOR-US: Juniper CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) TODO: check CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) @@ -50,7 +100,7 @@ CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04 and CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...) NOT-FOR-US: Koha CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability in AS PAT ...) - TODO: check + NOT-FOR-US: Juniper CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel module.Succ ...) NOT-FOR-US: Huawei CVE-2023-44118 (Vulnerability of undefined permissions in the MeeTime module.Successfu ...) @@ -49173,6 +49223,7 @@ CVE-2023-22393 (An Improper Check for Unusual or Exceptional Conditions vulnerab NOT-FOR-US: Juniper CVE-2023-22392 RESERVED + NOT-FOR-US: Juniper CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in Juniper ...) NOT-FOR-US: Juniper CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitialized po ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b679c352cc65d09637001b3bb91ce103e1b099 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b679c352cc65d09637001b3bb91ce103e1b099 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ff82ea26 by Moritz Muehlenhoff at 2023-10-12T11:16:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WAF) for ...) - TODO: check + NOT-FOR-US: NAXSI CVE-2023-44793 REJECTED CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...) @@ -17,7 +17,7 @@ CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) TODO: check CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) - TODO: check + NOT-FOR-US: Thecosy IceCMS CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...) TODO: check CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff82ea26e068da2ba965fc5ff8241ba37dd51210 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff82ea26e068da2ba965fc5ff8241ba37dd51210 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3616-1 for org-mode
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7752e8da by Chris Lamb at 2023-10-12T09:40:48+01:00 Reserve DLA-3616-1 for org-mode - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -28964,7 +28964,6 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 [experimental] - org-mode 9.6.6+dfsg-1~exp1 - org-mode 9.5.2+dfsh-5 (bug #1033341) [bullseye] - org-mode 9.4.0+dfsg-1+deb11u1 - [buster] - org-mode (Minor issue) - emacs 1:28.2+1-14 (bug #1033342) [bullseye] - emacs (Minor issue) NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Oct 2023] DLA-3616-1 org-mode - security update + {CVE-2023-28617} + [buster] - org-mode 9.1.14+dfsg-3+deb10u1 [12 Oct 2023] DLA-3615-1 libcue - security update {CVE-2023-43641} [buster] - libcue 2.2.1-2+deb10u1 = data/dla-needed.txt = @@ -153,10 +153,6 @@ opendkim NOTE: 20230821: Added by Front-Desk (ta) NOTE: 20231006: Unfixed upstream as of today. (spwhitton) -- -org-mode (Chris Lamb) - NOTE: 20231007: Added by Front-Desk (Beuc) - NOTE: 20231007: Cf. Debian 11.8 point release and DLA-3416-1 (Beuc/front-desk) --- osslsigncode NOTE: 20230925: Added by Front-Desk (apo) NOTE: 20230925: Maybe a new upstream release should just do the trick here. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752e8dabf530c7fcc2c60448c46c4ad394ba9b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752e8dabf530c7fcc2c60448c46c4ad394ba9b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 162b0be9 by security tracker role at 2023-10-12T08:11:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WAF) for ...) + TODO: check +CVE-2023-44793 + REJECTED +CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...) + TODO: check +CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation of Junipe ...) + TODO: check +CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) + TODO: check +CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...) + TODO: check +CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) + TODO: check +CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) + TODO: check +CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...) + TODO: check +CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) + TODO: check +CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) + TODO: check +CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) + TODO: check +CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) + TODO: check +CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...) + TODO: check CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) - vim (unimportant) NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f @@ -170,53 +202,53 @@ CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment Scheduler NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) NOT-FOR-US: PHPJabbers Appointment Scheduler -CVE-2023-39325 +CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and immediate ...) - golang-1.21 1.21.3-1 - golang-1.20 1.20.10-1 - golang-1.19 - golang-1.15 - golang-1.11 NOTE: https://github.com/golang/go/issues/63417 -CVE-2023-5473 +CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5486 +CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5477 +CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5478 +CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5485 +CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5479 +CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome prior ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5476 +CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to 118.0.5993.7 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5474 +CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 al ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5475 +CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior to 118 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5481 +CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5483 +CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior to 118. ...) - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) -CVE-2023-5484 +CVE-2023-5484 (Inappropriate implementation in Navigation in