[Git][security-tracker-team/security-tracker][master] 6 commits: Remove bullseye entries for snort (removed)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 29 10:46:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fada6a1a by Salvatore Bonaccorso at 2024-06-28T23:23:33+02:00
Remove bullseye entries for snort (removed)
- - - - -
7f900ed5 by Salvatore Bonaccorso at 2024-06-28T23:23:33+02:00
Drop bullseye entries for salt (removed)
- - - - -
bcc96133 by Salvatore Bonaccorso at 2024-06-28T23:23:33+02:00
Drop bullseye entries for phppgadmin (removed)
- - - - -
46af6628 by Salvatore Bonaccorso at 2024-06-28T23:24:10+02:00
Merge fix for ngircd via bullseye 11.10
- - - - -
3611e0f2 by Salvatore Bonaccorso at 2024-06-28T23:25:46+02:00
Merge changes for updates with CVEs via bullseye 11.10
- - - - -
5eccc647 by Salvatore Bonaccorso at 2024-06-29T09:46:06+00:00
Merge branch 'bullseye-11.10' into 'master'
Merge changes accepted for bullseye 11.10 release
See merge request security-tracker-team/security-tracker!181
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -480,11 +480,9 @@ CVE-2024-23765 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devic
NOT-FOR-US: HMS Anybus X-Gateway AB7832-F
CVE-2024-22232 (A specially crafted url can be created which leads to a directory trav ...)
- salt <removed>
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory traversal ...)
- salt <removed>
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...)
NOT-FOR-US: Intrado 911 Emergency Gateway
@@ -6040,7 +6038,7 @@ CVE-2024-5742 (A vulnerability was found in GNU Nano that allows a possible priv
{DLA-3831-1}
- nano 8.0-1
[bookworm] - nano 7.2-1+deb12u1
- [bullseye] - nano <no-dsa> (Minor issue)
+ [bullseye] - nano 5.4-2+deb11u3
NOTE: Introduced by: https://git.savannah.gnu.org/cgit/nano.git/commit/?id=123110c5dc3e0d8c60a4ff0121056e301f503706 (v2.1.99pre2)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2 (v8.0)
CVE-2024-5770 (The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerab ...)
@@ -6074,7 +6072,7 @@ CVE-2023-49223 (Precor touchscreen console P62, P80, and P82 could allow a remot
CVE-2024-0092 (NVIDIA GPU Driver for Windows and Linux contains a vulnerability where ...)
- nvidia-graphics-drivers 535.183.01-1 (bug #1072792)
[bookworm] - nvidia-graphics-drivers 535.183.01-1~deb12u1
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.256.02-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1072793)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1072794)
@@ -6089,7 +6087,7 @@ CVE-2024-0092 (NVIDIA GPU Driver for Windows and Linux contains a vulnerability
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.256.02-1 (bug #1072798)
[bookworm] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb12u1
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1
- nvidia-graphics-drivers-tesla <unfixed> (bug #1072799)
[bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules 535.183.01-1 (bug #1072800)
@@ -6102,7 +6100,7 @@ CVE-2024-0091 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
CVE-2024-0090 (NVIDIA GPU driver for Windows and Linux contains a vulnerability where ...)
- nvidia-graphics-drivers 535.183.01-1 (bug #1072792)
[bookworm] - nvidia-graphics-drivers 535.183.01-1~deb12u1
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.256.02-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1072793)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1072794)
@@ -6117,7 +6115,7 @@ CVE-2024-0090 (NVIDIA GPU driver for Windows and Linux contains a vulnerability
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.256.02-1 (bug #1072798)
[bookworm] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb12u1
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1
- nvidia-graphics-drivers-tesla <unfixed> (bug #1072799)
[bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules 535.183.01-1 (bug #1072800)
@@ -13296,7 +13294,7 @@ CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows
CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...)
- python-aiosmtpd 1.4.6-1 (bug #1072119)
[bookworm] - python-aiosmtpd 1.4.3-1.1+deb12u1
- [bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
+ [bullseye] - python-aiosmtpd 1.2.2-1+deb11u1
[buster] - python-aiosmtpd <postponed> (Minor issue)
NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8
NOTE: https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda (v1.4.6)
@@ -14659,28 +14657,28 @@ CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA
CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software before ...)
- intel-microcode 3.20240514.1
[bookworm] - intel-microcode 3.20240514.1~deb12u1
- [bullseye] - intel-microcode <no-dsa> (Minor issue; can be fixed in point release)
+ [bullseye] - intel-microcode 3.20240514.1~deb11u1
[buster] - intel-microcode <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
CVE-2023-45745 (Improper input validation in some Intel(R) TDX module software before ...)
- intel-microcode 3.20240514.1
[bookworm] - intel-microcode 3.20240514.1~deb12u1
- [bullseye] - intel-microcode <no-dsa> (Minor issue; can be fixed in point release)
+ [bullseye] - intel-microcode 3.20240514.1~deb11u1
[buster] - intel-microcode <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
CVE-2023-46103 (Sequence of processor instructions leads to unexpected behavior in Int ...)
- intel-microcode 3.20240514.1
[bookworm] - intel-microcode 3.20240514.1~deb12u1
- [bullseye] - intel-microcode <no-dsa> (Minor issue; can be fixed in point release)
+ [bullseye] - intel-microcode 3.20240514.1~deb11u1
[buster] - intel-microcode <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
CVE-2023-45733 (Hardware logic contains race conditions in some Intel(R) Processors ma ...)
- intel-microcode 3.20240514.1
[bookworm] - intel-microcode 3.20240514.1~deb12u1
- [bullseye] - intel-microcode <no-dsa> (Minor issue; can be fixed in point release)
+ [bullseye] - intel-microcode 3.20240514.1~deb11u1
[buster] - intel-microcode <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514
@@ -21883,7 +21881,7 @@ CVE-2023-52723 (In KDE libksieve before 23.03.80, kmanagesieve/session.cpp place
{DLA-3809-1}
- libkf5ksieve 4:22.12.3-2 (bug #1069163)
[bookworm] - libkf5ksieve 4:22.12.3-1+deb12u1
- [bullseye] - libkf5ksieve <no-dsa> (Minor issue, will be fixed via ospu)
+ [bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2024/04/25/1
NOTE: Fixed by: https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1 (v23.03.80)
CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...)
@@ -25882,7 +25880,7 @@ CVE-2023-38511 (iTop is an IT service management platform. Dashboard editor : c
CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection]
- ngircd 27~rc1-1
[bookworm] - ngircd 26.1-1+deb12u1
- [bullseye] - ngircd <no-dsa> (Minor issue, will be fixed via point update)
+ [bullseye] - ngircd 26.1-1+deb11u1
[buster] - ngircd <postponed> (Minor issue, follow bullseye point update)
NOTE: https://github.com/ngircd/ngircd/issues/120
NOTE: https://github.com/ngircd/ngircd/commit/817937b218c4b57515f54216ebc936cd69df0aae (rel-27-rc1)
@@ -26088,7 +26086,7 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu
{DLA-3811-1}
- python-idna 3.6-2.1 (bug #1069127)
[bookworm] - python-idna 3.3-1+deb12u1
- [bullseye] - python-idna <no-dsa> (Minor issue)
+ [bullseye] - python-idna 2.10-1+deb11u1
NOTE: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779
NOTE: Fixed by: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (v3.7)
@@ -32071,7 +32069,7 @@ CVE-2024-2379 (libcurl skips the certificate verification for a QUIC connection
CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2 server push ...)
- curl 8.7.1-1
[bookworm] - curl 7.88.1-10+deb12u6
- [bullseye] - curl <no-dsa> (Minor issue)
+ [bullseye] - curl 7.74.0-1.3+deb11u12
[buster] - curl <postponed> (Minor issue; can be fixed in next update)
NOTE: https://curl.se/docs/CVE-2024-2398.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ea7134ac874a66107e54ff93657ac565cf2ec4aa (curl-7_44_0)
@@ -33855,7 +33853,7 @@ CVE-2023-51444 (GeoServer is an open source software server written in Java that
CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...)
- jose 13-1 (bug #1067457)
[bookworm] - jose 11-2+deb12u1
- [bullseye] - jose <no-dsa> (Minor issue)
+ [bullseye] - jose 10-3+deb11u1
[buster] - jose <postponed> (DoS via a large p2c value but still appears minor; similar to CVE-2023-50966)
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md
NOTE: https://github.com/latchset/jose/issues/151
@@ -34990,7 +34988,7 @@ CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 throu
{DLA-3774-1}
- gross 1.0.2-4.1 (bug #1067115)
[bookworm] - gross 1.0.2-4.1~deb12u1
- [bullseye] - gross <no-dsa> (Minor issue)
+ [bullseye] - gross 1.0.2-4.1~deb11u1
NOTE: https://codeberg.org/bizdelnick/gross/commit/6403985fc1060e7aacea96e60535e1e7b0f6f193 (master)
NOTE: https://codeberg.org/bizdelnick/gross/commit/3f5508cce2c49d216b163eb7b38ea72d5162c76e (1.0.4)
NOTE: https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
@@ -35523,7 +35521,7 @@ CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template conf
CVE-2024-28054 (Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its ...)
- amavisd-new 1:2.13.0-5
[bookworm] - amavisd-new 1:2.13.0-3+deb12u1
- [bullseye] - amavisd-new <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - amavisd-new 1:2.11.1-5+deb11u1
[buster] - amavisd-new <postponed> (Minor issue; new configuration to spam-tag some broken e-mails; follow point release)
NOTE: https://gitlab.com/amavis/amavis/commit/78c4b7076ebf1d711629a95860aae1bc0db5277a (v2.13.1)
NOTE: https://gitlab.com/amavis/amavis/commit/d921bc5208ce5b4e8f3e387a1d4e1f8fa4e85008 (v2.13.1)
@@ -36148,7 +36146,7 @@ CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and
CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...)
- python-aiosmtpd 1.4.6-1 (bug #1066820)
[bookworm] - python-aiosmtpd 1.4.3-1.1+deb12u1
- [bullseye] - python-aiosmtpd <no-dsa> (Minor issue)
+ [bullseye] - python-aiosmtpd 1.2.2-1+deb11u1
[buster] - python-aiosmtpd <postponed> (Minor issue)
NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5)
@@ -36495,35 +36493,35 @@ CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Int
{DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
- [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
+ [bullseye] - intel-microcode 3.20240312.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...)
{DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
- [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
+ [bullseye] - intel-microcode 3.20240312.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...)
{DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
- [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
+ [bullseye] - intel-microcode 3.20240312.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...)
{DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
- [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
+ [bullseye] - intel-microcode 3.20240312.1~deb11u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-28746 (Information exposure through microarchitectural state after transient ...)
{DSA-5681-1 DLA-3842-1 DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
- [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
+ [bullseye] - intel-microcode 3.20240312.1~deb11u1
- linux 6.7.9-2
[bookworm] - linux 6.1.82-1
- xen <unfixed>
@@ -39276,7 +39274,7 @@ CVE-2024-0074 (NVIDIA GPU Display Driver for Linux contains a vulnerability wher
[experimental] - nvidia-graphics-drivers 535.161.07-1
- nvidia-graphics-drivers <unfixed> (bug #1064983)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.239.06-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
@@ -39291,7 +39289,7 @@ CVE-2024-0074 (NVIDIA GPU Display Driver for Linux contains a vulnerability wher
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.239.06-1 (bug #1064989)
[bookworm] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb12u1
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1
- nvidia-graphics-drivers-tesla <unfixed> (bug #1064990)
[bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1064991)
@@ -39321,7 +39319,7 @@ CVE-2024-0078 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
[experimental] - nvidia-graphics-drivers 535.161.07-1
- nvidia-graphics-drivers <unfixed> (bug #1064983)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.239.06-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
@@ -39336,7 +39334,7 @@ CVE-2024-0078 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.239.06-1 (bug #1064989)
[bookworm] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb12u1
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1
- nvidia-graphics-drivers-tesla <unfixed> (bug #1064990)
[bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1064991)
@@ -40420,10 +40418,10 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
{DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib 1.0.20-1+deb12u2
- [bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+ [bullseye] - phpseclib 1.0.19-3+deb11u2
- php-phpseclib 2.0.47-1
[bookworm] - php-phpseclib 2.0.42-1+deb12u2
- [bullseye] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+ [bullseye] - php-phpseclib 2.0.30-2+deb11u2
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
@@ -40431,10 +40429,10 @@ CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
{DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib 1.0.20-1+deb12u2
- [bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+ [bullseye] - phpseclib 1.0.19-3+deb11u2
- php-phpseclib 2.0.47-1
[bookworm] - php-phpseclib 2.0.42-1+deb12u2
- [bullseye] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+ [bullseye] - php-phpseclib 2.0.30-2+deb11u2
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
NOTE: https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
@@ -42777,7 +42775,7 @@ CVE-2023-52160 (The implementation of PEAP in wpa_supplicant through 2.10 allows
{DLA-3743-1}
- wpa 2:2.10-21.1 (bug #1064061)
[bookworm] - wpa 2:2.10-12+deb12u1
- [bullseye] - wpa <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - wpa 2:2.9.0-21+deb11u1
NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042362.html
@@ -42795,7 +42793,7 @@ CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt before
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.10+dfsg-7 (bug #1064053)
[bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
[buster] - qtbase-opensource-src <not-affected> (Vulnerable code not present)
- qtbase-opensource-src-gles 5.15.10+dfsg-5 (bug #1064054)
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -43468,7 +43466,7 @@ CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and
{DLA-3751-1}
- libapache2-mod-auth-openidc 2.4.15.7-1 (bug #1064183)
[bookworm] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
- [bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2)
CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...)
@@ -44283,7 +44281,7 @@ CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug
NOT-FOR-US: Bento4
CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in the fun ...)
- imlib2 1.10.0-2
- [bullseye] - imlib2 <no-dsa> (Minor issue)
+ [bullseye] - imlib2 1.7.1-2+deb11u1
[buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/712
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
@@ -44291,7 +44289,7 @@ CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in t
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 ...)
- imlib2 1.10.0-2
- [bullseye] - imlib2 <no-dsa> (Minor issue)
+ [bullseye] - imlib2 1.7.1-2+deb11u1
[buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/711
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
@@ -44299,7 +44297,7 @@ CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of imlib2 ...)
- imlib2 1.10.0-2
- [bullseye] - imlib2 <no-dsa> (Minor issue)
+ [bullseye] - imlib2 1.7.1-2+deb11u1
[buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/709
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
@@ -44527,7 +44525,7 @@ CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify
[experimental] - libjwt 1.17.0-1
- libjwt 1.17.0-2 (bug #1063534)
[bookworm] - libjwt 1.10.2-1+deb12u1
- [bullseye] - libjwt <no-dsa> (Minor issue)
+ [bullseye] - libjwt 1.10.2-1+deb11u1
NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md
NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf (v1.17.0)
NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6 (v1.17.0)
@@ -47059,7 +47057,7 @@ CVE-2024-0918 (A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and class
CVE-2022-48622 (In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows ...)
- gdk-pixbuf 2.42.12+dfsg-1 (bug #1071265)
[bookworm] - gdk-pixbuf 2.42.10+dfsg-1+deb12u1
- [bullseye] - gdk-pixbuf <postponed> (Revisit once fixed upstream)
+ [bullseye] - gdk-pixbuf 2.42.2+dfsg-1+deb11u2
[buster] - gdk-pixbuf <postponed> (Minor issue, recheck when fixed upstream)
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/00c071dd11f723ca608608eef45cb1aa98da89cc (2.42.12)
@@ -49048,7 +49046,7 @@ CVE-2024-0569 (A vulnerability classified as problematic has been found in Totol
CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL ...)
- gnutls28 3.8.3-1 (bug #1061045)
[bookworm] - gnutls28 3.7.9-2+deb12u2
- [bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point release)
+ [bullseye] - gnutls28 3.7.1-5+deb11u5
[buster] - gnutls28 <not-affected> (Vulnerabity introduced in 3.7)
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1521
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09
@@ -49064,7 +49062,7 @@ CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malfor
{DLA-3740-1}
- gnutls28 3.8.3-1 (bug #1061046)
[bookworm] - gnutls28 3.7.9-2+deb12u2
- [bullseye] - gnutls28 <no-dsa> (Minor issue; will be fixed in point release)
+ [bullseye] - gnutls28 3.7.1-5+deb11u5
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1522
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e (3.8.3)
@@ -53161,7 +53159,7 @@ CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt before
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.10+dfsg-6 (bug #1060694)
[bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u2
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qtbase-opensource-src-gles 5.15.10+dfsg-4 (bug #1060695)
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -53230,7 +53228,7 @@ CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configu
{DLA-3829-1}
- sendmail 8.18.1-1 (bug #1059386)
[bookworm] - sendmail 8.17.1.9-2+deb12u1
- [bullseye] - sendmail <no-dsa> (Minor issue)
+ [bullseye] - sendmail 8.15.2-22+deb11u1
NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5
@@ -63291,7 +63289,6 @@ CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack
NOT-FOR-US: JHipster generator-jhipster
CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
- salt <removed> (bug #1055179)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...)
@@ -69695,7 +69692,7 @@ CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting
NOT-FOR-US: Ansible Automation Hub
CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...)
- galera-4 26.4.13-1
- [bullseye] - galera-4 <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - galera-4 26.4.18-0+deb11u1
- galera-3 <not-affected> (vulnerable code not backported to galera-3)
NOTE: https://jira.mariadb.org/browse/MDEV-25068
NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8)
@@ -70418,7 +70415,6 @@ CVE-2023-40930 (An issue in the directory /system/bin/blkid of Skyworth v3.0 all
CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...)
{DLA-3644-1}
- phppgadmin 7.14.7+dfsg-1 (bug #1053004)
- [bullseye] - phppgadmin <ignored> (Package is broken and will be removed)
NOTE: https://github.com/phppgadmin/phppgadmin/issues/174
NOTE: https://github.com/hestiacp/phppgadmin/pull/4
CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...)
@@ -77968,7 +77964,7 @@ CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.10+dfsg-3
[bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u1
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qt4-x11 <removed>
NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027
@@ -79737,7 +79733,7 @@ CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10,
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.10+dfsg-3 (bug #1041105)
[bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u1
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qt4-x11 <removed>
NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader-1
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/488960
@@ -81659,7 +81655,7 @@ CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG docu
CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
{DLA-3497-1}
- pypdf2 1.27.9-1
- [bullseye] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 1.26.0-4+deb11u1
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
NOTE: https://github.com/py-pdf/pypdf/issues/582
NOTE: https://github.com/py-pdf/pypdf/pull/808
@@ -84677,7 +84673,7 @@ CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
[bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u1
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles 5.15.10+dfsg-2
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -85683,7 +85679,6 @@ CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlie
[bullseye] - python-tornado <no-dsa> (Minor issue)
[buster] - python-tornado <no-dsa> (Minor issue)
- salt <removed> (bug #1059297)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2)
CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...)
@@ -86026,7 +86021,7 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2
- qt6-base 6.4.2+dfsg-10 (bug #1036848)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-11
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qtbase-opensource-src-gles 5.15.10+dfsg-2
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -86197,7 +86192,7 @@ CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
{DLA-3805-1 DLA-3539-1}
- qt6-base 6.4.2+dfsg-8
- qtbase-opensource-src 5.15.8+dfsg-10
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -86210,7 +86205,7 @@ CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9,
{DLA-3805-1}
- qt6-base 6.4.2+dfsg-9
- qtbase-opensource-src 5.15.8+dfsg-10
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.)
@@ -97641,7 +97636,7 @@ CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performa
{DLA-3373-1}
- json-smart 2.2-3 (bug #1033474)
[bookworm] - json-smart 2.2-2+deb12u1
- [bullseye] - json-smart <no-dsa> (Minor issue)
+ [bullseye] - json-smart 2.2-2+deb11u1
NOTE: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
NOTE: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9)
CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has ...)
@@ -100237,7 +100232,7 @@ CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Manage
CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...)
{DLA-3374-1}
- libmicrohttpd 0.9.75-6
- [bullseye] - libmicrohttpd <no-dsa> (Minor issue)
+ [bullseye] - libmicrohttpd 0.9.72-2+deb11u1
NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76)
NOTE: https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
CVE-2023-27370 (NETGEAR RAX30 Device Configuration Cleartext Storage Information Discl ...)
@@ -108236,7 +108231,7 @@ CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation
CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string when t ...)
{DLA-3805-1}
- qtbase-opensource-src 5.15.8+dfsg-3 (bug #1031872)
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
- qt6-base 6.4.2+dfsg-7 (bug #1031871)
- qtbase-opensource-src-gles <not-affected> (GLES build only ships libqt5gui5, not the DB modules, see #1031873)
NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
@@ -129304,12 +129299,10 @@ CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerabil
NOT-FOR-US: VMware
CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...)
- salt <removed> (bug #1051504)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/
CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...)
- salt <removed> (bug #1051504)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/
NOTE: https://github.com/saltstack/salt/issues/64061
@@ -137599,7 +137592,7 @@ CVE-2022-42266 (NVIDIA GPU Display Driver for Windows contains a vulnerability i
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2022-42265 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-graphics-drivers 515.86.01-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <not-affected> (Only affects R515)
+ [bullseye] - nvidia-graphics-drivers 470.239.06-1
[buster] - nvidia-graphics-drivers <not-affected> (Only affects R515)
CVE-2022-42264 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
@@ -146938,7 +146931,7 @@ CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0
CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...)
{DLA-3180-1}
- python-scciclient 0.12.3-2 (bug #1018213)
- [bullseye] - python-scciclient <no-dsa> (Minor issue)
+ [bullseye] - python-scciclient 0.8.0-2+deb11u1
NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O container ...)
- cri-o <itp> (bug #979702)
@@ -173310,7 +173303,6 @@ CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does not
NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
- snort <unfixed> (bug #1009820)
- [bullseye] - snort <no-dsa> (Minor issue)
[buster] - snort <no-dsa> (Minor issue)
[stretch] - snort <no-dsa> (Minor issue)
CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
@@ -185635,7 +185627,7 @@ CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonA
CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
- qt6-base 6.2.4+dfsg-4
- qtbase-opensource-src 5.15.2+dfsg-15
- [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
[buster] - qtbase-opensource-src <ignored> (Breaks existing behaviour and upstream also skipped from 5.12 branch)
[stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
- qtbase-opensource-src-gles 5.15.4+dfsg-2
@@ -186885,7 +186877,7 @@ CVE-2022-24860 (Databasir is a team-oriented relational database model document
CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
{DLA-3451-1 DLA-3039-1}
- pypdf2 1.27.9-1 (bug #1009879)
- [bullseye] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 1.26.0-4+deb11u1
NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
NOTE: https://github.com/py-pdf/PyPDF2/issues/329
NOTE: https://github.com/py-pdf/PyPDF2/pull/740
@@ -193941,7 +193933,6 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...)
- salt <removed> (bug #1013872)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/
NOTE: Fixed by: https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8 (v3004.2)
@@ -194009,7 +194000,6 @@ CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerab
NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c
CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
- salt 3004.1+dfsg-1 (bug #1008945)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/
CVE-2022-22940
@@ -194022,17 +194012,14 @@ CVE-2022-22937
RESERVED
CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
- salt 3004.1+dfsg-1 (bug #1008945)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/
CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
- salt 3004.1+dfsg-1 (bug #1008945)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/
CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
- salt 3004.1+dfsg-1 (bug #1008945)
- [bullseye] - salt <ignored> (Scheduled for removal)
[buster] - salt <end-of-life> (EOL in buster LTS)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/
CVE-2022-22933
@@ -194590,7 +194577,7 @@ CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client
NOT-FOR-US: Formpipe Lasernet
CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...)
- python-dnslib 0.9.18-1
- [bullseye] - python-dnslib <no-dsa> (Minor issue)
+ [bullseye] - python-dnslib 0.9.14-1+deb11u1
[buster] - python-dnslib <no-dsa> (Minor issue)
NOTE: https://github.com/paulc/dnslib/issues/30
NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba
@@ -226949,7 +226936,7 @@ CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows at
[bullseye] - allegro4.4 <no-dsa> (Minor issue)
[buster] - allegro4.4 <no-dsa> (Minor issue)
- allegro5 2:5.2.8.0-1
- [bullseye] - allegro5 <no-dsa> (Minor issue)
+ [bullseye] - allegro5 2:5.2.6.0-3+deb11u1
[buster] - allegro5 <no-dsa> (Minor issue)
NOTE: https://github.com/liballeg/allegro5/issues/1251
NOTE: https://github.com/liballeg/allegro5/pull/1253
@@ -239322,6 +239309,7 @@ CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONPa
{DLA-3373-1}
- json-smart <unfixed> (unimportant)
[bookworm] - json-smart 2.2-2+deb12u1
+ [bullseye] - json-smart 2.2-2+deb11u1
NOTE: https://github.com/netplex/json-smart-v2/issues/67
NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
NOTE: Security impact disputed by upstream
@@ -294502,7 +294490,7 @@ CVE-2020-22219 (Buffer Overflow vulnerability in function bitwriter_grow_ in fla
CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in libssh2 1.1 ...)
{DLA-3559-1}
- libssh2 1.10.0-2
- [bullseye] - libssh2 <no-dsa> (Minor issue)
+ [bullseye] - libssh2 1.9.0-2+deb11u1
NOTE: https://github.com/libssh2/libssh2/pull/476
NOTE: https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 (libssh2-1.10.0)
CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via ...)
@@ -377964,7 +377952,6 @@ CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions befo
NOTE: https://github.com/dojo/dojox/pull/315
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
- phppgadmin 7.14.7+dfsg-1 (bug #953945)
- [bullseye] - phppgadmin <no-dsa> (Minor issue)
[buster] - phppgadmin <no-dsa> (Minor issue)
[stretch] - phppgadmin <no-dsa> (Minor issue)
[jessie] - phppgadmin <no-dsa> (Minor issue)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,123 +1,3 @@
-CVE-2023-5157
- [bullseye] - galera-4 26.4.18-0+deb11u1
-CVE-2022-2996
- [bullseye] - python-scciclient 0.8.0-2+deb11u1
-CVE-2022-24859
- [bullseye] - pypdf2 1.26.0-4+deb11u1
-CVE-2023-36810
- [bullseye] - pypdf2 1.26.0-4+deb11u1
-CVE-2020-22218
- [bullseye] - libssh2 1.9.0-2+deb11u1
-CVE-2022-22846
- [bullseye] - python-dnslib 0.9.14-1+deb11u1
-CVE-2024-25189
- [bullseye] - libjwt 1.10.2-1+deb11u1
-CVE-2024-0567
- [bullseye] - gnutls28 3.7.1-5+deb11u5
-CVE-2024-0553
- [bullseye] - gnutls28 3.7.1-5+deb11u5
-CVE-2024-27354
- [bullseye] - php-phpseclib 2.0.30-2+deb11u2
- [bullseye] - phpseclib 1.0.19-3+deb11u2
-CVE-2024-27355
- [bullseye] - php-phpseclib 2.0.30-2+deb11u2
- [bullseye] - phpseclib 1.0.19-3+deb11u2
-CVE-2024-0074
- [bullseye] - nvidia-graphics-drivers 470.239.06-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1
-CVE-2024-0078
- [bullseye] - nvidia-graphics-drivers 470.239.06-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1
-CVE-2022-42265
- [bullseye] - nvidia-graphics-drivers 470.239.06-1
-CVE-2021-36489
- [bullseye] - allegro5 2:5.2.6.0-3+deb11u1
-CVE-2023-27371
- [bullseye] - libmicrohttpd 0.9.72-2+deb11u1
-CVE-2023-52159
- [bullseye] - gross 1.0.2-4.1~deb11u1
-CVE-2023-39368
- [bullseye] - intel-microcode 3.20240312.1~deb11u1
-CVE-2023-38575
- [bullseye] - intel-microcode 3.20240312.1~deb11u1
-CVE-2023-28746
- [bullseye] - intel-microcode 3.20240312.1~deb11u1
-CVE-2023-22655
- [bullseye] - intel-microcode 3.20240312.1~deb11u1
-CVE-2023-43490
- [bullseye] - intel-microcode 3.20240312.1~deb11u1
-CVE-2024-28054
- [bullseye] - amavisd-new 1:2.11.1-5+deb11u1
-CVE-2024-25447
- [bullseye] - imlib2 1.7.1-2+deb11u1
-CVE-2024-25448
- [bullseye] - imlib2 1.7.1-2+deb11u1
-CVE-2024-25450
- [bullseye] - imlib2 1.7.1-2+deb11u1
-CVE-2021-31684
- [bullseye] - json-smart 2.2-2+deb11u1
-CVE-2023-1370
- [bullseye] - json-smart 2.2-2+deb11u1
-CVE-2024-2398
- [bullseye] - curl 7.74.0-1.3+deb11u12
-CVE-2024-24814
- [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4
-CVE-2023-52723
- [bullseye] - libkf5ksieve 4:20.08.3-1+deb11u1
-CVE-2024-25580
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-32763
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2022-25255
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-24607
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-32762
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-51714
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-38197
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-37369
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-34410
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-33285
- [bullseye] - qtbase-opensource-src 5.15.2+dfsg-9+deb11u1
-CVE-2023-52160
- [bullseye] - wpa 2:2.9.0-21+deb11u1
-CVE-2023-47855
- [bullseye] - intel-microcode 3.20240514.1~deb11u1
-CVE-2023-45745
- [bullseye] - intel-microcode 3.20240514.1~deb11u1
-CVE-2023-46103
- [bullseye] - intel-microcode 3.20240514.1~deb11u1
-CVE-2023-45733
- [bullseye] - intel-microcode 3.20240514.1~deb11u1
-CVE-2024-0090
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1
-CVE-2024-0092
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1
-CVE-2024-3651
- [bullseye] - python-idna 2.10-1+deb11u1
-CVE-2024-27305
- [bullseye] - python-aiosmtpd 1.2.2-1+deb11u1
-CVE-2024-34083
- [bullseye] - python-aiosmtpd 1.2.2-1+deb11u1
-CVE-2024-5742
- [bullseye] - nano 5.4-2+deb11u3
-CVE-2023-51765
- [bullseye] - sendmail 8.15.2-22+deb11u1
-CVE-2024-0090
- [bullseye] - nvidia-graphics-drivers 470.256.02-1
-CVE-2024-0092
- [bullseye] - nvidia-graphics-drivers 470.256.02-1
-CVE-2022-48622
- [bullseye] - gdk-pixbuf 2.42.2+dfsg-1+deb11u2
-CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection]
- [bullseye] - ngircd 26.1-1+deb11u1
-CVE-2023-50967
- [bullseye] - jose 10-3+deb11u1
CVE-2024-31755
[bullseye] - cjson 1.7.14-1+deb11u1
CVE-2023-50471
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/420491ea7cd06e746ee003bab1379b2886b8e8f5...5eccc64724ab36a9501791cfe44c7d358d065682
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/420491ea7cd06e746ee003bab1379b2886b8e8f5...5eccc64724ab36a9501791cfe44c7d358d065682
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240629/b581b54f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list