[Git][security-tracker-team/security-tracker][master] 4 commits: Drop bullseye entries for python-matrix-nio (removed from bullseye)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 29 09:44:33 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95028b53 by Salvatore Bonaccorso at 2023-04-28T21:43:01+02:00
Drop bullseye entries for python-matrix-nio (removed from bullseye)
- - - - -
f06bc39d by Salvatore Bonaccorso at 2023-04-28T21:43:02+02:00
Merge linux changes for bullseye 11.7
- - - - -
ecb07b37 by Salvatore Bonaccorso at 2023-04-28T21:43:04+02:00
Merge changes for updates via bullseye 11.7
- - - - -
5fa9ab06 by Salvatore Bonaccorso at 2023-04-29T08:44:15+00:00
Merge branch 'bullseye-11.7' into 'master'
Merge changes accepted for bullseye 11.7 release
See merge request security-tracker-team/security-tracker!133
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1235,6 +1235,7 @@ CVE-2023-2195
RESERVED
CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...)
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4)
CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...)
- mattermost-server <itp> (bug #823556)
@@ -1521,6 +1522,7 @@ CVE-2023-2163
RESERVED
CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_creat ...)
- linux 6.1.11-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
CVE-2023-2161
RESERVED
@@ -1806,6 +1808,7 @@ CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before
- libressl <itp> (bug #754513)
CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
- linux 6.1.25-1 (unimportant)
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/06615d11cc78162dfd5116efb71f29eb29502d37 (6.3-rc4)
NOTE: CONFIG_CHARGER_DA9150 not enabled in Debian.
CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASUSTOR D ...)
@@ -2626,6 +2629,7 @@ CVE-2023-30501
RESERVED
CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
CVE-2023-1995
@@ -2713,11 +2717,13 @@ CVE-2023-30470
RESERVED
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3)
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
NOTE: enabled in Debian
CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...)
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)
CVE-2023-1988 (A vulnerability was found in SourceCodester Online Computer and Laptop ...)
NOT-FOR-US: SourceCodester Online Computer and Laptop Store
@@ -2803,6 +2809,7 @@ CVE-2023-30457
RESERVED
CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...)
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3)
CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service attac ...)
NOT-FOR-US: ebankIT
@@ -5333,6 +5340,7 @@ CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Faturamatik Bircard
CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...)
- linux 5.17.3-1
+ [bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=08681391b84da27133deefaaddefd0acfa90c2be
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=da24142b1ef9fd5d36b76e36bab328a5b27523e8
@@ -5615,6 +5623,7 @@ CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It
CVE-2023-1859
RESERVED
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/
CVE-2023-1858 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
@@ -5624,6 +5633,7 @@ CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Manage
NOT-FOR-US: SourceCodester Air Cargo Management System
CVE-2023-1855 (A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon ...)
- linux 6.1.20-2
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 (6.3-rc3)
CVE-2023-1854 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
@@ -5748,6 +5758,7 @@ CVE-2023-1830
RESERVED
CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
NOTE: https://git.kernel.org/linus/8c710f75256bb3cf05ac7b1672c82b92c43f3d28 (6.3-rc1)
CVE-2023-1828
@@ -6775,6 +6786,7 @@ CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed ha
NOT-FOR-US: Sophos
CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...)
- linux 6.1.20-2
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
CVE-2023-1669
RESERVED
@@ -7008,7 +7020,7 @@ CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verificati
NOT-FOR-US: AMI
CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...)
- lemonldap-ng 2.16.1+ds-1
- [bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+ [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4
[buster] - lemonldap-ng <no-dsa> (Minor issue)
CVE-2023-28861
RESERVED
@@ -7333,6 +7345,7 @@ CVE-2023-1612 (A vulnerability, which was classified as critical, was found in R
NOT-FOR-US: Rebuild
CVE-2023-1611 (A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree ...)
- linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/
CVE-2023-1610 (A vulnerability, which was classified as critical, has been found in R ...)
NOT-FOR-US: Rebuild
@@ -7883,6 +7896,7 @@ CVE-2023-1514
RESERVED
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...)
- linux 6.1.15-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2)
CVE-2023-1512
RESERVED
@@ -8490,7 +8504,7 @@ CVE-2019-25126
RESERVED
CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...)
- linux 6.1.20-1
- [bullseye] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in Debian)
+ [bullseye] - linux 5.10.178-1
[buster] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in Debian)
NOTE: https://git.kernel.org/linus/49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
CVE-2023-28449
@@ -8896,6 +8910,7 @@ CVE-2023-28329 (Insufficient validation of profile field availability condition
- moodle <removed>
CVE-2023-28328 (A NULL pointer dereference flaw was found in the az6027 driver in driv ...)
- linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/0ed554fd769a19ea8464bb83e9ac201002ef74ad (6.2-rc1)
CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol in net/ ...)
- linux 6.1.4-1
@@ -9467,7 +9482,7 @@ CVE-2023-28155 (The Request package through 2.88.1 for Node.js allows a bypass o
NOTE: https://github.com/request/request/issues/3442
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
- [bullseye] - node-webpack <no-dsa> (Minor issue)
+ [bullseye] - node-webpack 4.43.0-6+deb11u1
[buster] - node-webpack <no-dsa> (Minor issue)
NOTE: https://github.com/webpack/webpack/pull/16500
NOTE: Merge commit: https://github.com/webpack/webpack/commit/4b4ca3bb53f36a5b8fc6bc1bd976ed7af161bd80 (v5.76.0)
@@ -9698,12 +9713,12 @@ CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In
NOT-FOR-US: discordrb
CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033098)
- [bullseye] - flatpak <no-dsa> (Minor issue)
+ [bullseye] - flatpak 1.10.8-0+deb11u1
[buster] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033099)
- [bullseye] - flatpak <no-dsa> (Minor issue)
+ [bullseye] - flatpak 1.10.8-0+deb11u1
[buster] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
@@ -10100,6 +10115,7 @@ CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Stand
NOT-FOR-US: WordPress plugin
CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...)
- linux 6.1.15-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
NOTE: https://git.kernel.org/linus/ee059170b1f7e94e55fa6cadee544e176a6e59c2 (6.2)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
@@ -11880,6 +11896,7 @@ CVE-2023-1119
RESERVED
CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17
NOTE: https://www.openwall.com/lists/oss-security/2023/03/02/1
CVE-2023-1117 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -12246,17 +12263,21 @@ CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/run
- mattermost-server <itp> (bug #823556)
CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4
CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...)
- linux 6.1.12-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d
CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff
NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5
@@ -12267,10 +12288,12 @@ CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incor
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6
CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...)
- linux 6.1.11-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f
NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1
CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s human in ...)
- linux 6.1.11-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -13916,6 +13939,7 @@ CVE-2015-10086 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
- linux 6.1.15-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2)
CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in ...)
- linux <unfixed> (unimportant)
@@ -14683,7 +14707,7 @@ CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable
CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...)
{DLA-3343-1}
- mono 6.8.0.105+dfsg-3.3 (bug #972146)
- [bullseye] - mono <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
CVE-2023-26293 (A vulnerability has been identified in TIA Portal V15 (All versions), ...)
NOT-FOR-US: TIA Portal V15
@@ -16881,7 +16905,7 @@ CVE-2023-0757
CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist is missi ...)
{DLA-3323-1}
- c-ares 1.18.1-2 (bug #1031525)
- [bullseye] - c-ares <no-dsa> (Minor issue)
+ [bullseye] - c-ares 1.17.1-1+deb11u2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168631
NOTE: https://github.com/c-ares/c-ares/pull/497
NOTE: https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d (cares-1_19_0)
@@ -18082,7 +18106,7 @@ CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP D
NOT-FOR-US: HP
CVE-2023-25173 (containerd is an open source container runtime. A bug was found in con ...)
- containerd 1.6.18~ds1-1
- [bullseye] - containerd <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - containerd 1.4.13~ds1-1~deb11u4
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
CVE-2023-25172 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
@@ -18128,7 +18152,7 @@ CVE-2023-25154 (Misskey is an open source, decentralized social media platform.
NOT-FOR-US: Misskey
CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...)
- containerd 1.6.18~ds1-1
- [bullseye] - containerd <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - containerd 1.4.13~ds1-1~deb11u4
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...)
NOT-FOR-US: Wings
@@ -18496,6 +18520,7 @@ CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3,
NOT-FOR-US: TYPO3 extension
CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...)
- linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...)
@@ -20242,16 +20267,19 @@ CVE-2023-0462
- foreman <itp> (bug #663101)
CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...)
- linux 6.1.7-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...)
NOT-FOR-US: YouTube Embedded 1.2 SDK
CVE-2023-0459
RESERVED
- linux 6.1.15-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
NOTE: https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (6.3-rc1)
CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Kernel o ...)
- linux 6.1.8-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
NOTE: https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5)
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
@@ -22903,6 +22931,7 @@ CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur b
NOT-FOR-US: Lexmark
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
- linux 6.1.11-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...)
- eternal-terminal <itp> (bug #861635)
@@ -24269,6 +24298,7 @@ CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets
NOTE: https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1)
CVE-2023-23004 (In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c m ...)
- linux 5.19.6-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/15342f930ebebcfe36f2415049736a77d7d2e045 (5.19-rc1)
CVE-2023-23003 (In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check ...)
- linux 5.16.7-1
@@ -24292,6 +24322,7 @@ CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c
NOTE: https://git.kernel.org/linus/b52fe2dbb3e655eb1483000adfab68a219549e13
CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/c24968734abfed81c8f93dc5f44a7b7a9aecadfa (6.0-rc1)
NOTE: https://git.kernel.org/linus/64b88afbd92fbf434759d1896a7cf705e1c00e79 (6.0-rc1)
CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterp ...)
@@ -24491,12 +24522,12 @@ CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24504,18 +24535,18 @@ CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24523,7 +24554,7 @@ CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
NOT-FOR-US: NVIDIA vGPU software
@@ -24536,12 +24567,12 @@ CVE-2023-0195 (NVIDIA GPU Display Driver for Windows contains a vulnerability in
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24549,18 +24580,18 @@ CVE-2023-0195 (NVIDIA GPU Display Driver for Windows contains a vulnerability in
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0194 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24568,7 +24599,7 @@ CVE-2023-0194 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...)
- nvidia-cuda-toolkit <unfixed> (bug #1032668)
@@ -24581,12 +24612,12 @@ CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24594,18 +24625,18 @@ CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24613,18 +24644,18 @@ CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0189 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24632,18 +24663,18 @@ CVE-2023-0189 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0188 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24651,18 +24682,18 @@ CVE-2023-0188 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0187 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
@@ -24670,12 +24701,12 @@ CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24683,18 +24714,18 @@ CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24702,7 +24733,7 @@ CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0183 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
@@ -24716,22 +24747,22 @@ CVE-2023-0181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a kern ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
- nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1033777)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1033776)
@@ -24739,7 +24770,7 @@ CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1033775)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers 525.105.17-1 (bug #1033774)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.182.03-1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...)
{DSA-5324-1 DLA-3349-1}
@@ -25092,7 +25123,7 @@ CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <
- check-mk <removed>
CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...)
- libxpm 1:3.5.12-1.1
- [bullseye] - libxpm <no-dsa> (Minor issue)
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
[buster] - libxpm <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15)
@@ -25143,13 +25174,13 @@ CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-W
NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
- libxpm 1:3.5.12-1.1
- [bullseye] - libxpm <no-dsa> (Minor issue)
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
[buster] - libxpm <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15)
CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...)
- libxpm 1:3.5.12-1.1
- [bullseye] - libxpm <no-dsa> (Minor issue)
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
[buster] - libxpm <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb287c0030c9913b046643 (libXpm-3.5.15)
@@ -25229,7 +25260,7 @@ CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It
CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea ...)
{DLA-3290-1}
- libzen 0.4.39-1
- [bullseye] - libzen <no-dsa> (Minor issue)
+ [bullseye] - libzen 0.4.38-1+deb11u1
NOTE: https://github.com/MediaArea/ZenLib/pull/119
NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39)
CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...)
@@ -25576,7 +25607,7 @@ CVE-2023-22743 (Git for Windows is the Windows port of the revision control syst
CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...)
{DLA-3340-1}
- libgit2 1.5.1+ds-1 (bug #1029368)
- [bullseye] - libgit2 <no-dsa> (Minor issue)
+ [bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u1
[buster] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea (v1.4.5)
NOTE: https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 (v1.5.1)
@@ -26107,6 +26138,7 @@ CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in Gi
NOT-FOR-US: lirantal/daloradius
CVE-2023-0045 (The current implementation of the prctl syscall does not issue an IBPB ...)
- linux 6.1.7-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
NOTE: https://git.kernel.org/linus/a664ec9158eeddd75121d39c9a0758016097fa96 (6.2-rc3)
@@ -27733,7 +27765,7 @@ CVE-2019-25084 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: Hide Files on GitHub Chrome extension
CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may al ...)
- lxc 1:5.0.2-1
- [bullseye] - lxc <no-dsa> (Minor issue)
+ [bullseye] - lxc 1:4.0.6-2+deb11u2
[buster] - lxc <postponed> (Minor issue, minor information leak)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157281
NOTE: https://github.com/MaherAzzouzi/CVE-2022-47952
@@ -32160,7 +32192,7 @@ CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declare
NOT-FOR-US: RainyGao DocSys
CVE-2022-4415 (A vulnerability was found in systemd. This security flaw can cause a l ...)
- systemd 252.4-1 (bug #1026831)
- [bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - systemd 247.3-7+deb11u2
[buster] - systemd <ignored> (Optional feature; disabled by default)
NOTE: Preparation (main branch commit only): https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
NOTE: Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
@@ -32435,6 +32467,7 @@ CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not prop
NOT-FOR-US: WordPress plugin
CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
- linux 6.1.8-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
NOTE: https://git.kernel.org/linus/d18dcfe9860e842f394e37ba01ca9440ab2178f4 (6.2-rc5)
CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
@@ -32443,6 +32476,7 @@ CVE-2022-4380
RESERVED
CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/n ...)
- linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/14/3
NOTE: https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/
@@ -34754,6 +34788,7 @@ CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem
NOT-FOR-US: Drag and Drop XBlock
CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build exporters. P ...)
- golang-github-prometheus-exporter-toolkit 0.8.2-1 (bug #1025127)
+ [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1
NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2)
@@ -35607,6 +35642,7 @@ CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in S
NOT-FOR-US: Red Hat Satellite server
CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...)
- linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t
NOTE: https://git.kernel.org/linus/b68777d54fac21fc833ec26ea1a2a84f975ab035 (6.1-rc6)
NOTE: https://git.kernel.org/linus/af295e854a4e3813ffbdef26dbb6a4d6226c3ea1 (6.1-rc7)
@@ -40196,7 +40232,7 @@ CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not s
NOT-FOR-US: WordPress plugin
CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
- systemd 251.3-1
- [bullseye] - systemd <no-dsa> (Minor issue)
+ [bullseye] - systemd 247.3-7+deb11u2
[buster] - systemd <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327
NOTE: https://github.com/systemd/systemd/issues/23928
@@ -43459,7 +43495,7 @@ CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco N
CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...)
{DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
- [bullseye] - clamav <no-dsa> (clamav is updated via -updates)
+ [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
CVE-2023-20051 (A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet D ...)
NOT-FOR-US: Cisco
@@ -43502,7 +43538,7 @@ CVE-2023-20033
CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...)
{DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
- [bullseye] - clamav <no-dsa> (clamav is updated via -updates)
+ [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8
CVE-2023-20031
@@ -43695,6 +43731,7 @@ CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side
NOT-FOR-US: Web Stories plugin for WordPress
CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Intel GVT ...)
- linux 6.1.7-1
+ [bullseye] - linux 5.10.178-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...)
@@ -47871,6 +47908,7 @@ CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user
NOT-FOR-US: WordPress plugin
CVE-2022-3424 (A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU dri ...)
- linux 6.1.4-1 (unimportant)
+ [bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/
NOTE: https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
NOTE: SGI_GRU not enabled in any Debian kernel
@@ -52786,7 +52824,7 @@ CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat Ansib
CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
{DLA-3371-1}
- unbound 1.16.3-1
- [bullseye] - unbound <no-dsa> (Minor issue)
+ [bullseye] - unbound 1.13.1-1+deb11u1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3)
CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...)
@@ -56109,7 +56147,6 @@ CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible wi
NOT-FOR-US: Matrix iOS SDK
CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according to sa ...)
- python-matrix-nio 0.20.0-1
- [bullseye] - python-matrix-nio <ignored> (Doesn't work with current Matrix servers, to be removed from stable)
NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh
NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0)
CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...)
@@ -57619,7 +57656,7 @@ CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable
CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
{DLA-3132-1}
- snakeyaml 1.31-1
- [bullseye] - snakeyaml <no-dsa> (Minor issue)
+ [bullseye] - snakeyaml 1.28-1+deb11u1
NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
NOTE: Fixed by https://bitbucket.org/snakeyaml/snakeyaml/commits/f3ab4e0f54c37ddb10f00b71d04187bb0ef1799c (snakeyaml-1.31)
@@ -57627,14 +57664,14 @@ CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be vulnerable
CVE-2022-38750 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
{DLA-3132-1}
- snakeyaml 1.31-1
- [bullseye] - snakeyaml <no-dsa> (Minor issue)
+ [bullseye] - snakeyaml 1.28-1+deb11u1
NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
NOTE: Test case: https://bitbucket.org/snakeyaml/snakeyaml/commits/a8a072311547574274036f4a1b91a751b397a055 (snakeyaml-1.31)
CVE-2022-38749 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
{DLA-3132-1}
- snakeyaml 1.31-1
- [bullseye] - snakeyaml <no-dsa> (Minor issue)
+ [bullseye] - snakeyaml 1.28-1+deb11u1
NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
NOTE: Also fixed by the patch for CVE-2022-25857.
@@ -57646,7 +57683,7 @@ CVE-2022-38746
RESERVED
CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...)
- libreoffice 1:7.3.1-1
- [bullseye] - libreoffice <no-dsa> (Minor issue)
+ [bullseye] - libreoffice 1:7.0.4-4+deb11u6
[buster] - libreoffice <no-dsa> (Minor issue)
NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745
@@ -58677,7 +58714,7 @@ CVE-2022-38102
CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
- [bullseye] - intel-microcode <no-dsa> (Minor issue)
+ [bullseye] - intel-microcode 3.20230214.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-38084
@@ -59355,7 +59392,7 @@ CVE-2022-38224
RESERVED
CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...)
- w3m 0.5.3+git20230121-1 (bug #1019599)
- [bullseye] - w3m <no-dsa> (Minor issue)
+ [bullseye] - w3m 0.5.3+git20210102-6+deb11u1
[buster] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/242
NOTE: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa
@@ -62540,7 +62577,7 @@ CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to in
NOT-FOR-US: Ahsay AhsayCBS
CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...)
- erlang 1:24.3.4.5+dfsg-1 (bug #1024632)
- [bullseye] - erlang <no-dsa> (Minor issue)
+ [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1
[buster] - erlang <no-dsa> (Minor issue)
NOTE: https://erlangforums.com/t/otp-25-1-released/1854
NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15)
@@ -64237,7 +64274,7 @@ CVE-2022-34657
CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
- [bullseye] - intel-microcode <no-dsa> (Minor issue)
+ [bullseye] - intel-microcode 3.20230214.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...)
@@ -68302,7 +68339,7 @@ CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before ver
CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
- [bullseye] - intel-microcode <no-dsa> (Minor issue)
+ [bullseye] - intel-microcode 3.20230214.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-33197
@@ -69782,6 +69819,7 @@ CVE-2022-2197 (By using a specific credential string, an attacker with network a
NOT-FOR-US: Exemys
CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...)
- linux 6.1.15-1
+ [bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
CVE-2022-2195
@@ -80040,13 +80078,13 @@ CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro
CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...)
{DLA-3371-1}
- unbound 1.16.2-1 (bug #1016493)
- [bullseye] - unbound <no-dsa> (Minor issue)
+ [bullseye] - unbound 1.13.1-1+deb11u1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...)
{DLA-3371-1}
- unbound 1.16.2-1 (bug #1016493)
- [bullseye] - unbound <no-dsa> (Minor issue)
+ [bullseye] - unbound 1.13.1-1+deb11u1
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -83874,7 +83912,7 @@ CVE-2022-29459
CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...)
{DLA-3167-1}
- ncurses 6.3+20220423-1 (bug #1009870)
- [bullseye] - ncurses <no-dsa> (Minor issue)
+ [bullseye] - ncurses 6.2+20201114-2+deb11u1
[stretch] - ncurses <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
@@ -85905,7 +85943,7 @@ CVE-2022-28738 (A double free was found in the Regexp compiler in Ruby 3.x befor
CVE-2022-28737
RESERVED
- shim 15.6-1
- [bullseye] - shim <no-dsa> (Fix via point update)
+ [bullseye] - shim 15.6-1~deb11u1
[buster] - shim <no-dsa> (Fix via point update)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
NOTE: https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 (15.6)
@@ -86369,7 +86407,7 @@ CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows
- libpod 3.4.7+ds1-1
[bullseye] - libpod <no-dsa> (Minor issue)
- golang-github-containers-psgo 1.7.1+ds1-1 (bug #1020907)
- [bullseye] - golang-github-containers-psgo <no-dsa> (Minor issue)
+ [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368
NOTE: https://github.com/containers/psgo/pull/92
NOTE: https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2)
@@ -89278,11 +89316,11 @@ CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly st
NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...)
- crun 1.5+dfsg-1 (bug #1009881)
- [bullseye] - crun <no-dsa> (Minor issue)
+ [bullseye] - crun 0.17+dfsg-1+deb11u1
NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4)
CVE-2022-27649 (A flaw was found in Podman, where containers were started incorrectly ...)
- libpod 3.4.6+ds1-1 (bug #1020906)
- [bullseye] - libpod <no-dsa> (Minor issue)
+ [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2
NOTE: https://github.com/containers/podman/releases/tag/v4.0.3
NOTE: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main)
NOTE: https://github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13 (v4.0.3)
@@ -94081,7 +94119,7 @@ CVE-2022-25902
RESERVED
CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...)
- node-cookiejar 2.1.4+~2.1.2-1
- [bullseye] - node-cookiejar <no-dsa> (Minor issue)
+ [bullseye] - node-cookiejar 2.1.2-1+deb11u1
[buster] - node-cookiejar <postponed> (Minor issue, ReDoS)
NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
NOTE: https://github.com/bmeck/node-cookiejar/pull/39
@@ -94178,7 +94216,7 @@ CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 ar
CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...)
{DLA-3132-1}
- snakeyaml 1.31-1 (bug #1019218)
- [bullseye] - snakeyaml <no-dsa> (Minor issue)
+ [bullseye] - snakeyaml 1.28-1+deb11u1
NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525
NOTE: https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360
@@ -94388,7 +94426,7 @@ CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
{DLA-3193-2}
- joblib 1.2.0-1 (bug #1020820)
- [bullseye] - joblib <no-dsa> (Minor issue)
+ [bullseye] - joblib 0.17.0-4+deb11u1
NOTE: https://github.com/joblib/joblib/issues/1128
NOTE: https://github.com/joblib/joblib/pull/1321
NOTE: Better fix: https://github.com/joblib/joblib/pull/1327
@@ -97233,13 +97271,13 @@ CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developm
NOT-FOR-US: Tuleap
CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
- [bullseye] - symfony <no-dsa> (Minor issue)
+ [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
[buster] - symfony <postponed> (Minor issue, no rdeps for Session/php-symfony-security)
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
- [bullseye] - symfony <no-dsa> (Minor issue)
+ [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
[buster] - symfony <postponed> (Minor issue, no rdeps for HttpCache.php/php-symfony-http-kernel)
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
NOTE: https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
@@ -98869,7 +98907,7 @@ CVE-2022-21795
CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
{DLA-3379-1}
- intel-microcode 3.20220809.1
- [bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
+ [bullseye] - intel-microcode 3.20230214.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software ...)
@@ -102177,7 +102215,7 @@ CVE-2022-23528
RESERVED
CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
- libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444)
- [bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 (v2.4.12.2)
@@ -103084,7 +103122,7 @@ CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability
CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
{DLA-3378-1}
- duktape 2.7.0-1
- [bullseye] - duktape <no-dsa> (Minor issue)
+ [bullseye] - duktape 2.5.0-2+deb11u1
NOTE: https://github.com/svaarala/duktape/issues/2448
NOTE: https://github.com/svaarala/duktape/pull/2451
NOTE: https://github.com/svaarala/duktape/commit/fc75060165a011ff5ec43bfebea0c37a3d1baca1
@@ -105445,7 +105483,7 @@ CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...)
{DLA-3269-1}
- libapreq2 2.17-1 (bug #1018191)
- [bullseye] - libapreq2 <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - libapreq2 2.13-7+deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3
CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
NOT-FOR-US: Schneider Electric
@@ -116193,7 +116231,7 @@ CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During
CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
- [bullseye] - intel-microcode <no-dsa> (Minor issue)
+ [bullseye] - intel-microcode 3.20230214.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...)
@@ -134511,40 +134549,40 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (relevant IPTC parsing added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
NOTE: https://github.com/Exiv2/exiv2/pull/1788
CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
NOTE: https://github.com/Exiv2/exiv2/pull/1778
CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
NOTE: https://github.com/Exiv2/exiv2/pull/1769
CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (Jp2Image::encodeJp2Header added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
NOTE: https://github.com/Exiv2/exiv2/pull/1752
CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (Jp2Image::printStructure added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
NOTE: https://github.com/Exiv2/exiv2/pull/1759
@@ -134553,13 +134591,13 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (resolveLens0x8ff added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (resolveLens0x319 added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
@@ -142414,14 +142452,14 @@ CVE-2021-34336
RESERVED
CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1 (bug #992707)
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (resolveLens0xffff added in 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1 (bug #992706)
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -146259,7 +146297,7 @@ CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for t
CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1 (bug #992705)
- [bullseye] - exiv2 <ignored> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
NOTE: https://github.com/Exiv2/exiv2/pull/1739
@@ -154222,7 +154260,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
{DSA-4958-1 DLA-2750-1}
- exiv2 0.27.5-1 (bug #986888)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
NOTE: https://github.com/Exiv2/exiv2/issues/1522
NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
@@ -155001,7 +155039,7 @@ CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect t
NOT-FOR-US: fastify-csrf
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 0.27.5-1 (bug #988481)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (webpimage support added 0.26)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
NOTE: https://github.com/Exiv2/exiv2/pull/1627
@@ -155361,7 +155399,7 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
{DSA-4958-1 DLA-2750-1}
- exiv2 0.27.5-1 (bug #987736)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/Exiv2/exiv2/pull/1587
NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
@@ -155377,7 +155415,7 @@ CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi
NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2)
CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1 (bug #987450)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (Jp2Image::encodeJp2Header added in 0.26)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
@@ -155400,14 +155438,14 @@ CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of
NOT-FOR-US: Discord-Recon
CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1 (bug #988242)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 0.27.5-1 (bug #988241)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[buster] - exiv2 <not-affected> (webp support introduced in 0.27)
[stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
@@ -155431,7 +155469,7 @@ CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime servi
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
{DLA-3265-1}
- exiv2 0.27.5-1 (bug #987277)
- [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [bullseye] - exiv2 0.27.3-3+deb11u2
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
NOTE: https://github.com/Exiv2/exiv2/issues/1530
@@ -155949,7 +155987,7 @@ CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an
CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
{DLA-3047-1}
- avahi 0.8-7 (bug #984938)
- [bullseye] - avahi <no-dsa> (Minor issue)
+ [bullseye] - avahi 0.8-5+deb11u2
[buster] - avahi <no-dsa> (Minor issue)
NOTE: https://github.com/lathiat/avahi/pull/330
NOTE: https://github.com/lathiat/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b
@@ -170347,7 +170385,7 @@ CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buf
NOT-FOR-US: Node dns-packet
CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
- flask-security 5.0.2-1 (bug #1021279)
- [bullseye] - flask-security <no-dsa> (Minor issue)
+ [bullseye] - flask-security 4.0.0-1+deb11u1
[buster] - flask-security <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
NOTE: https://github.com/Flask-Middleware/flask-security/issues/724
=====================================
data/next-point-update.txt
=====================================
@@ -1,264 +1,3 @@
-CVE-2022-37026
- [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1
-CVE-2022-28737
- [bullseye] - shim 15.6-1~deb11u1
-CVE-2022-46146
- [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2
-CVE-2022-23527
- [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
-CVE-2022-4415
- [bullseye] - systemd 247.3-7+deb11u2
-CVE-2022-3821
- [bullseye] - systemd 247.3-7+deb11u2
-CVE-2022-1227
- [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1
-CVE-2021-3468
- [bullseye] - avahi 0.8-5+deb11u2
-CVE-2021-3482
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29458
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29463
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29464
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29470
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29473
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29623
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-32815
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-34334
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-34335
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37615
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37616
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37618
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37619
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37620
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37621
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37622
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37623
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2022-47952
- [bullseye] - lxc 1:4.0.6-2+deb11u2
-CVE-2022-22728
- [bullseye] - libapreq2 2.13-7+deb11u1
-CVE-2022-38223
- [bullseye] - w3m 0.5.3+git20210102-6+deb11u1
-CVE-2022-4883
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2022-44617
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2022-46285
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2020-36646
- [bullseye] - libzen 0.4.38-1+deb11u1
-CVE-2022-24895
- [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
-CVE-2022-24894
- [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
-CVE-2022-29458
- [bullseye] - ncurses 6.2+20201114-2+deb11u1
-CVE-2021-23385
- [bullseye] - flask-security 4.0.0-1+deb11u1
-CVE-2022-27650
- [bullseye] - crun 0.17+dfsg-1+deb11u1
-CVE-2023-20032
- [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
-CVE-2023-20052
- [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
-CVE-2023-25153
- [bullseye] - containerd 1.4.13~ds1-1~deb11u4
-CVE-2023-25173
- [bullseye] - containerd 1.4.13~ds1-1~deb11u4
-CVE-2022-4904
- [bullseye] - c-ares 1.17.1-1+deb11u2
-CVE-2023-26314
- [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1
-CVE-2022-25857
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38749
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38750
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38751
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2023-22742
- [bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u1
-CVE-2022-25901
- [bullseye] - node-cookiejar 2.1.2-1+deb11u1
-CVE-2023-28154
- [bullseye] - node-webpack 4.43.0-6+deb11u1
-CVE-2022-21216
- [bullseye] - intel-microcode 3.20230214.1~deb11u1
-CVE-2022-21233
- [bullseye] - intel-microcode 3.20230214.1~deb11u1
-CVE-2022-33196
- [bullseye] - intel-microcode 3.20230214.1~deb11u1
-CVE-2022-33972
- [bullseye] - intel-microcode 3.20230214.1~deb11u1
-CVE-2022-38090
- [bullseye] - intel-microcode 3.20230214.1~deb11u1
-CVE-2023-28100
- [bullseye] - flatpak 1.10.8-0+deb11u1
-CVE-2023-28101
- [bullseye] - flatpak 1.10.8-0+deb11u1
-CVE-2023-28862
- [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4
-CVE-2022-21797
- [bullseye] - joblib 0.17.0-4+deb11u1
-CVE-2022-38745
- [bullseye] - libreoffice 1:7.0.4-4+deb11u6
-CVE-2021-46322
- [bullseye] - duktape 2.5.0-2+deb11u1
-CVE-2022-3204
- [bullseye] - unbound 1.13.1-1+deb11u1
-CVE-2022-30698
- [bullseye] - unbound 1.13.1-1+deb11u1
-CVE-2022-30699
- [bullseye] - unbound 1.13.1-1+deb11u1
-CVE-2023-0184
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0189
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0181
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0180
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0185
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0187
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
-CVE-2023-0198
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0199
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0188
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0190
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0194
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0195
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2023-0191
- [bullseye] - nvidia-graphics-drivers 470.182.03-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1
-CVE-2022-27649
- [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2
-CVE-2022-2196
- [bullseye] - linux 5.10.178-1
-CVE-2022-3424
- [bullseye] - linux 5.10.178-1
-CVE-2022-3707
- [bullseye] - linux 5.10.178-1
-CVE-2022-4129
- [bullseye] - linux 5.10.178-1
-CVE-2022-4379
- [bullseye] - linux 5.10.178-1
-CVE-2022-4382
- [bullseye] - linux 5.10.178-1
-CVE-2023-0045
- [bullseye] - linux 5.10.178-1
-CVE-2023-0458
- [bullseye] - linux 5.10.178-1
-CVE-2023-0459
- [bullseye] - linux 5.10.178-1
-CVE-2023-0461
- [bullseye] - linux 5.10.178-1
-CVE-2023-1073
- [bullseye] - linux 5.10.178-1
-CVE-2023-1074
- [bullseye] - linux 5.10.178-1
-CVE-2023-1076
- [bullseye] - linux 5.10.178-1
-CVE-2023-1077
- [bullseye] - linux 5.10.178-1
-CVE-2023-1078
- [bullseye] - linux 5.10.178-1
-CVE-2023-1079
- [bullseye] - linux 5.10.178-1
-CVE-2023-1118
- [bullseye] - linux 5.10.178-1
-CVE-2023-1281
- [bullseye] - linux 5.10.178-1
-CVE-2023-1513
- [bullseye] - linux 5.10.178-1
-CVE-2023-1611
- [bullseye] - linux 5.10.178-1
-CVE-2023-1670
- [bullseye] - linux 5.10.178-1
-CVE-2023-1829
- [bullseye] - linux 5.10.178-1
-CVE-2023-1855
- [bullseye] - linux 5.10.178-1
-CVE-2023-1859
- [bullseye] - linux 5.10.178-1
-CVE-2023-1872
- [bullseye] - linux 5.10.178-1
-CVE-2023-1989
- [bullseye] - linux 5.10.178-1
-CVE-2023-1990
- [bullseye] - linux 5.10.178-1
-CVE-2023-1998
- [bullseye] - linux 5.10.178-1
-CVE-2023-2162
- [bullseye] - linux 5.10.178-1
-CVE-2023-2194
- [bullseye] - linux 5.10.178-1
-CVE-2023-22998
- [bullseye] - linux 5.10.178-1
-CVE-2023-23004
- [bullseye] - linux 5.10.178-1
-CVE-2023-23559
- [bullseye] - linux 5.10.178-1
-CVE-2023-25012
- [bullseye] - linux 5.10.178-1
-CVE-2023-26545
- [bullseye] - linux 5.10.178-1
-CVE-2023-28328
- [bullseye] - linux 5.10.178-1
-CVE-2023-28466
- [bullseye] - linux 5.10.178-1
-CVE-2023-30456
- [bullseye] - linux 5.10.178-1
-CVE-2023-30772
- [bullseye] - linux 5.10.178-1
CVE-2022-3650
[bullseye] - ceph 14.2.21-1+deb11u1
CVE-2021-32718
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297f349e61d3a432d503348d16af08b40f7965d9...5fa9ab068570dadd3932a866ce588c4abb4a5358
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297f349e61d3a432d503348d16af08b40f7965d9...5fa9ab068570dadd3932a866ce588c4abb4a5358
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/3eb93149/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list