<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "Menlo"), DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Markus Koschany pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78b42d555f70487165454315c3083193f4be629f">78b42d55</a></strong>

<div>

<span> by Markus Koschany </span> <i> at 2023-07-29T16:53:50+02:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2021-37819,libitext*-java: no-dsa for Buster

Minor issue

</pre>

</li>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/028d5267c4548d4abba1be9e84b346dc04c13082">028d5267</a></strong>

<div>

<span> by Markus Koschany </span> <i> at 2023-07-29T23:43:47+02:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

</pre>

</li>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07db09cd8072364cffed68601bd93a9bb1a9aefb">07db09cd</a></strong>

<div>

<span> by Markus Koschany </span> <i> at 2023-07-29T23:45:35+02:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2023-38633,librsvg: buster is not affected

The vulnerable code was introduced later. Upstream introduced the new logic to

decide wheter to allow loading files in

https://gitlab.gnome.org/GNOME/librsvg/-/commit/7534fd46a1e295fbc6ff9cfa199d29152b8542bf

which is not present in Buster and earlier versions. The POC triggers for

Bullseye and later versions.

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

1 changed file:

</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong style="font-weight: bold;">data/CVE/list</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #737278;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d596128628b2c497eca33b91ee0f41f72a0bf23...07db09cd8072364cffed68601bd93a9bb1a9aefb">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

</p>

</div>

</body>

</html>