[Git][security-tracker-team/security-tracker][master] 4 commits: Merge linux changes for bookworm 12.1
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 22 07:48:05 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ccb24134 by Salvatore Bonaccorso at 2023-07-19T22:03:00+02:00
Merge linux changes for bookworm 12.1
- - - - -
3cc8effa by Salvatore Bonaccorso at 2023-07-19T22:04:43+02:00
Merge changes for updates with CVEs via bookworm 12.1
- - - - -
0351c279 by Salvatore Bonaccorso at 2023-07-19T22:05:36+02:00
Merge changes for spip (with no CVEs) via bookworm 12.1
- - - - -
e8bbbe6f by Salvatore Bonaccorso at 2023-07-22T06:47:53+00:00
Merge branch 'bookworm-12.1' into 'master'
Merge changes accepted for bookworm 12.1 release
See merge request security-tracker-team/security-tracker!142
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2077,7 +2077,7 @@ CVE-2015-10119 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session]
- spip 4.1.11+dfsg-1
- [bookworm] - spip <no-dsa> (Minor issue)
+ [bookworm] - spip 4.1.9+dfsg-1+deb12u2
[bullseye] - spip <no-dsa> (Minor issue)
[buster] - spip <no-dsa> (Minor issue)
NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-4-SPIP-4-1-11.html
@@ -2558,10 +2558,12 @@ CVE-2021-46890 (Vulnerability of incomplete read and write permission verificati
CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...)
{DSA-5453-1}
- linux <unfixed>
+ [bookworm] - linux 6.1.38-1
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...)
{DSA-5453-1}
- linux <unfixed>
+ [bookworm] - linux 6.1.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -3295,7 +3297,7 @@ CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uplo
NOT-FOR-US: WordPress plugin
CVE-2023-2861 [9pfs: prevent opening special files]
- qemu 1:8.0.3+dfsg-1
- [bookworm] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
@@ -4478,7 +4480,7 @@ CVE-2023-34242 (Cilium is a networking, observability, and security solution wit
CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing system fo ...)
{DLA-3476-1}
- cups 2.4.2-5 (bug #1038885)
- [bookworm] - cups <no-dsa> (Minor issue; exploitable under specific conditions; can be fixed via point release)
+ [bookworm] - cups 2.4.2-3+deb12u1
[bullseye] - cups <no-dsa> (Minor issue; exploitable under specific conditions; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/4
NOTE: https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2
@@ -5220,7 +5222,7 @@ CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently
NOT-FOR-US: Thruk
CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...)
- cpdb-libs 1.2.0-3 (bug #1038253)
- [bookworm] - cpdb-libs <no-dsa> (Minor issue)
+ [bookworm] - cpdb-libs 1.2.0-2+deb12u1
NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
NOTE: 1.2.x version predate the upstream commit 3f66d47252d5 ("print_frontend: Use
@@ -5241,7 +5243,7 @@ CVE-2023-32749 (Pydio Cells allows users by default to create so-called external
CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...)
[experimental] - dbus 1.15.6-1
- dbus 1.14.8-1 (bug #1037151)
- [bookworm] - dbus <no-dsa> (Minor issue)
+ [bookworm] - dbus 1.14.8-1~deb12u1
[bullseye] - dbus <no-dsa> (Minor issue)
[buster] - dbus <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457
@@ -5638,7 +5640,7 @@ CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user ca
CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...)
{DLA-3492-1 DLA-3478-1}
- yajl 2.1.0-5 (bug #1039984)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
NOTE: https://github.com/lloyd/yajl/issues/250
NOTE: Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0)
@@ -6102,7 +6104,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0039]
CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...)
{DLA-3440-1}
- cups 2.4.2-4
- [bookworm] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
+ [bookworm] - cups 2.4.2-3+deb12u1
[bullseye] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
NOTE: https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e
@@ -6992,7 +6994,7 @@ CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions,
NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...)
- xerial-sqlite-jdbc 3.42.0.0+dfsg-1 (bug #1036706)
- [bookworm] - xerial-sqlite-jdbc <no-dsa> (Minor issue)
+ [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1
NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
NOTE: Fixed by: https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242 (3.41.2.2)
CVE-2023-32685 (Kanboard is project management software that focuses on the Kanban met ...)
@@ -8071,7 +8073,7 @@ CVE-2023-2454 (schema_element defeats protective search_path changes; It was fou
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=766e061404c2159dccebad4d19e496d8ced8b2c4 (REL_11_20)
CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...)
- texlive-bin 2022.20220321.62855-6 (bug #1036470)
- [bookworm] - texlive-bin <no-dsa> (Minor issue)
+ [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1
[bullseye] - texlive-bin <no-dsa> (Minor issue)
[buster] - texlive-bin <no-dsa> (Minor issue)
NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html
@@ -11148,7 +11150,7 @@ CVE-2022-48438 (In cp_dump driver, there is a possible out of bounds write due t
NOT-FOR-US: Unisoc
CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service (responder S ...)
- libreswan 4.11-1 (bug #1035542)
- [bookworm] - libreswan <no-dsa> (Minor issue; can be fixed via point release)
+ [bookworm] - libreswan 4.10-2+deb12u1
[bullseye] - libreswan <no-dsa> (Minor issue; can be fixed via point release)
[buster] - libreswan <no-dsa> (Minor issue)
NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt
@@ -15715,7 +15717,7 @@ CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...)
- tang 14-1 (bug #1038119)
- [bookworm] - tang <no-dsa> (Minor issue)
+ [bookworm] - tang 11-2+deb12u1
[bullseye] - tang <no-dsa> (Minor issue)
[buster] - tang <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
@@ -17537,7 +17539,7 @@ CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty
[bullseye] - smarty3 <no-dsa> (Minor issue)
[buster] - smarty3 <no-dsa> (Minor issue)
- smarty4 4.3.1-1 (bug #1033965)
- [bookworm] - smarty4 <no-dsa> (Minor issue)
+ [bookworm] - smarty4 4.3.0-1+deb12u1
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj
NOTE: https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72 (v4.3.1)
NOTE: https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad (v3.1.48)
@@ -18551,7 +18553,7 @@ CVE-2023-28155 (The Request package through 2.88.1 for Node.js allows a bypass o
NOTE: https://github.com/request/request/issues/3442
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
- [bookworm] - node-webpack <no-dsa> (Minor issue)
+ [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1
[bullseye] - node-webpack 4.43.0-6+deb11u1
[buster] - node-webpack <no-dsa> (Minor issue)
NOTE: https://github.com/webpack/webpack/pull/16500
@@ -24249,7 +24251,7 @@ CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerabl
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...)
{DLA-3488-1}
- node-tough-cookie 4.1.3+~4.0.2-1
- [bookworm] - node-tough-cookie <no-dsa> (Minor issue)
+ [bookworm] - node-tough-cookie 4.0.0-2+deb12u1
[bullseye] - node-tough-cookie <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
NOTE: https://github.com/salesforce/tough-cookie/issues/282
@@ -24270,7 +24272,7 @@ CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine;
NOT-FOR-US: github.com/xyproto/algernon/engine
CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
- cpp-httplib 0.11.4+ds-2 (bug #1037100)
- [bookworm] - cpp-httplib <no-dsa> (Minor issue)
+ [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1
NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
NOTE: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280
NOTE: https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4)
@@ -26410,11 +26412,11 @@ CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685)
- [bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
- [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
@@ -26428,17 +26430,17 @@ CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers 525.125.06-1 (bug #1039678)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685)
- [bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684)
- [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
@@ -26452,7 +26454,7 @@ CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1039679)
- nvidia-graphics-drivers 525.125.06-1 (bug #1039678)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468
@@ -28384,7 +28386,7 @@ CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versi
NOTE: Crash in CLI tool, no security impact
CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...)
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
- [bookworm] - node-undici <no-dsa> (Minor issue)
+ [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
NOTE: https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf (v5.19.1)
CVE-2023-24806
@@ -30933,7 +30935,7 @@ CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform:
NOT-FOR-US: Pimcore
CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...)
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
- [bookworm] - node-undici <no-dsa> (Minor issue)
+ [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1)
CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...)
@@ -31829,7 +31831,7 @@ CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not hav
NOT-FOR-US: WordPress plugin
CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...)
- qemu 1:8.0.2+dfsg-1 (bug #1029155)
- [bookworm] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151
@@ -76961,7 +76963,7 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
[bullseye] - lxml <no-dsa> (Minor issue)
[buster] - lxml <no-dsa> (Minor issue)
- libxml2 2.9.14+dfsg-1.3 (bug #1039991)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
+ [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1
[bullseye] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
@@ -107210,7 +107212,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
[buster] - ruby-yajl <no-dsa> (Minor issue)
[stretch] - ruby-yajl <no-dsa> (Minor issue)
- yajl 2.1.0-4 (bug #1040036)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
- burp <unfixed> (bug #1040146)
[bookworm] - burp <no-dsa> (Minor issue)
@@ -384987,7 +384989,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
[stretch] - ruby-yajl <no-dsa> (Minor issue)
[jessie] - ruby-yajl <no-dsa> (Minor issue)
- yajl 2.1.0-4 (bug #1040036)
- [bookworm] - yajl <no-dsa> (Minor issue)
+ [bookworm] - yajl 2.1.0-3+deb12u2
[bullseye] - yajl <no-dsa> (Minor issue)
- burp <unfixed> (bug #1040146)
[bookworm] - burp <no-dsa> (Minor issue)
=====================================
data/next-point-update.txt
=====================================
@@ -1,59 +1,3 @@
-CVE-2023-28154
- [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1
-CVE-2023-23936
- [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
-CVE-2023-24807
- [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
-CVE-2023-30570
- [bookworm] - libreswan 4.10-2+deb12u1
-CVE-2023-34969
- [bookworm] - dbus 1.14.8-1~deb12u1
-CVE-2023-32697
- [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1
-CVE-2023-32668
- [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1
-CVE-2023-32324
- [bookworm] - cups 2.4.2-3+deb12u1
-CVE-2023-34241
- [bookworm] - cups 2.4.2-3+deb12u1
-CVE-2023-34095
- [bookworm] - cpdb-libs 1.2.0-2+deb12u1
-CVE-2023-33460
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2017-16516
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2022-24795
- [bookworm] - yajl 2.1.0-3+deb12u2
-CVE-2023-28447
- [bookworm] - smarty4 4.3.0-1+deb12u1
-CVE-2023-26136
- [bookworm] - node-tough-cookie 4.0.0-2+deb12u1
-CVE-2023-1672
- [bookworm] - tang 11-2+deb12u1
-CVE-2023-25516
- [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
- [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
- [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
-CVE-2023-25515
- [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1
- [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1
- [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1
- [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1
-CVE-2022-2309
- [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1
-CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session]
- [bookworm] - spip 4.1.9+dfsg-1+deb12u2
-CVE-2023-0330
- [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
-CVE-2023-2861
- [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
-CVE-2023-31248
- [bookworm] - linux 6.1.38-1
-CVE-2023-35001
- [bookworm] - linux 6.1.38-1
-CVE-2023-26130
- [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1
CVE-2023-37365
[bookworm] - hnswlib 0.6.2-2+deb12u1
CVE-2023-26132
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1988b460f31623b75838f73caa9c7da3da5b0a51...e8bbbe6f8c77cd2a947fa1d4c30cf746d10a5e92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1988b460f31623b75838f73caa9c7da3da5b0a51...e8bbbe6f8c77cd2a947fa1d4c30cf746d10a5e92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230722/9b80cb00/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list