<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Helmut Grohne pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker" style="color: #1068bf;">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4c2566e5ff7fbb12aa80730d49c7085ac77466" style="color: #1068bf;">5d4c2566</a></strong>

<div>

<span> by Helmut Grohne </span> <i> at 2022-12-06T15:13:31+01:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-21797 still affects joblib in buster

The update to joblib included two fixes. The first attempt was

restricting variables for eval and the second one did away with eval.

While unstable has the second iteration, buster got the eval version and

that one is still vulnerable. Exploit:

eval("[x for x in 42 .__class__.__mro__[1].__subclasses__() if x.__name__ == 'BuiltinImporter'][0]().load_module('os').system('id')", {"__builtins__": {}}, {})

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

2 changed files:

</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3" style="color: #1068bf;">

data/CVE/list

</a>

</li>

<li class="file-stats">

<a href="#c6cd61c8ef8efbfbfd18815b1aad9ff25179adb9" style="color: #1068bf;">

data/DLA/list

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4c2566e5ff7fbb12aa80730d49c7085ac77466#4716ef5aa8f2742228ba3b3633215c8b808565e3" style="color: #1068bf;"><strong style="font-weight: bold;">data/CVE/list</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

No preview for this file type

<br>

</li>

<li id="c6cd61c8ef8efbfbfd18815b1aad9ff25179adb9">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4c2566e5ff7fbb12aa80730d49c7085ac77466#c6cd61c8ef8efbfbfd18815b1aad9ff25179adb9" style="color: #1068bf;"><strong style="font-weight: bold;">data/DLA/list</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="97" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="97" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match" style="color: rgba(0,0,0,0.3); padding: inherit;" bgcolor="#fafafa">@@ -97,7 +97,6 @@</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="97" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

97

</td>

<td class="new_line diff-line-num" data-linenumber="97" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

97

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC97" class="line" lang="plaintext">     {CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651}</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="98" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

98

</td>

<td class="new_line diff-line-num" data-linenumber="98" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

98

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC98" class="line" lang="plaintext">     [buster] - asterisk 1:16.28.0~dfsg-0+deb10u1</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="99" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

99

</td>

<td class="new_line diff-line-num" data-linenumber="99" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

99

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC99" class="line" lang="plaintext">[17 Nov 2022] DLA-3193-1 joblib - security update</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="100" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

100

</td>

<td class="new_line diff-line-num old" data-linenumber="100" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC100" class="line" lang="plaintext">    {CVE-2022-21797}</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="101" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

101

</td>

<td class="new_line diff-line-num" data-linenumber="100" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

100

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC100" class="line" lang="plaintext">    [buster] - joblib 0.13.0-2+deb10u1</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

102

</td>

<td class="new_line diff-line-num" data-linenumber="101" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

101

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC101" class="line" lang="plaintext">[17 Nov 2022] DLA-3192-1 lava - security update</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="103" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

103

</td>

<td class="new_line diff-line-num" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

102

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC102" class="line" lang="plaintext">    {CVE-2022-42902}</span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4c2566e5ff7fbb12aa80730d49c7085ac77466" style="color: #1068bf;">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org" style="color: #1068bf;">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link" style="color: #1068bf;">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link" style="color: #1068bf;">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4c2566e5ff7fbb12aa80730d49c7085ac77466"}}</script>

</p>

</div>

</body>

</html>