Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2025-30194[0]:
| When DNSdist is configured to provide DoH via the nghttp2 provider,
| an attacker can cause a denial of service by crafting a DoH
x this minor issue. Lowering severity and tagging with "wontfix" to
> reflect this.
Fair enough. I've marked it as ignored in the Security Tracker for trixie.
Cheers,
Moritz
2776: out-of-bounds read
>
> Tagged moreinfo, as question to the security team whether they want
> this in pu or as DSA.
pu is fine, thanks!
Cheers,
Moritz
Indeed. The question really is: what are we gonna do?
> >
> > Should there be some form of documentation update, like a README?
>
> Maybe debian changelog?
Or maybe simply add a note in the existing README.Debian?
Cheers,
Moritz
On Tue, Apr 22, 2025 at 10:46:57PM +0200, Robin Gustafsson wrote:
> Hi Moritz,
>
> Thanks for the report.
>
> On 4/22/25 14:09, Moritz Mühlenhoff wrote:
> > [...]
> > The following vulnerability was published for php-laravel-framework.
> >
> > CVE-2025-2
/news/1641086/accepted-musescore3-323dfsg2-18-source-into-unstable/
Cheers,
Moritz
Source: rust-pyo3
Version: 0.22.6-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2025-0020.html
https://github.com/PyO3/pyo3/issues/5005
instead.
Cheers,
Moritz
,
Moritz
,
Moritz
,
Moritz
,
Moritz
Am Wed, May 29, 2024 at 10:26:24AM +0400 schrieb Yadd:
> On 5/29/24 00:40, Moritz Mühlenhoff wrote:
> > Source: node-ip
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vu
.com/datacenter/tesla/drivers/
> It therefore shouldn't be released with trixie.
> The severity of this bug will be raised once we approach the freeze.
With the softfreeze having arrived, should we do that now?
Cheers,
Moritz
Source: php-laravel-framework
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php-laravel-framework.
CVE-2025-27515[0]:
| Laravel is a web application framework. When using wildcard
| validation to validate a given file or i
d, so that we can remove libitext1-java?
Cheers,
Moritz
If it's entirely unused, then rather file an RM bug against ftp.debian.org?
Cheers,
Moritz
Source: lxd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lxd.
CVE-2024-6156[0]:
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2,
| could be bypassed if the client's certificate was present in the
| t
Source: mitmproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mitmproxy.
CVE-2025-23217[0]:
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for
| penetration testers and software developers and mitmweb i
fixed
security issues (dating back for many years)) and there are no reverse deps
left.
Cheers,
Moritz
locks the removal of libelfin (remaining build dep
for it)
Cheers,
Moritz
Source: krb5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for krb5.
CVE-2025-3576[0]:
| A vulnerability in the MIT Kerberos implementation allows GSSAPI-
| protected messages using RC4-HMAC-MD5 to be spoofed due to
| weak
Source: nsis
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nsis.
Does also affect nsis as packaged in Debian, probably yes since it's
meant to provide installers which will then run on Windows?
CVE-2025-43715[0]:
| Nu
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
|
Source: node-tar-fs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-tar-fs.
CVE-2024-12905[0]:
| An Improper Link Resolution Before File Access ("Link Following")
| and Improper Limitation of a Pathname to a Restric
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2751[0]:
| A vulnerability has been found in Open Asset Import Library Assimp
| 5.4.3 and classified as problematic. This vulnerability affe
On Sat, Apr 05, 2025 at 04:55:37PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Apr 05, 2025 at 04:47:13PM +0200, Moritz Mühlenhoff wrote:
> > Am Mon, Mar 31, 2025 at 10:26:11PM -0300 schrieb Carlos Henrique Lima
> > Melara:
> > > Hi,
> > >
> &g
est.
>
> I also tested it in bookworm to see if it fixed the vulnerability and it
> indeed refuses to allocate resources to a very big jpeg-XL file
> (attached an example from the upstream).
Thanks! We can fix this via a DSA. Your debdiff looks good, please build
with -sa and upload to security-master.
Cheers,
Moritz
t; * CVE-2025-30346: HTTP/1 client-side desync vulnerability
>
> Tagged moreinfo, as question to the security team whether they want
> this in pu or as DSA.
Fixing this via the next point update is fine, thanks.
Cheers,
Moritz
Source: 389-ds-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2025-2487[0]:
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs
| when issuing a Modify DN LDAP operation through th
rogram and not as a remotely accessible service,
> so please take care.
> -snap-
This looks good to me!
In the light of yet another CVE being assigned for musescore
(https://www.cve.org/CVERecord?id=CVE-2024-44866),
could you please make uploads for musescore2 and musescore3
with this file added before the trixie freeze?
Thanks,
Moritz
Source: gunicorn
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gunicorn.
CVE-2024-6827[0]:
| Gunicorn version 21.2.0 does not properly validate the value of the
| 'Transfer-Encoding' header as specified in the RFC stan
Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-flask-cors.
CVE-2024-6866[0]:
| corydolphin/flask-cors version 4.01 contains a vulnerability where
| the request path matching is case-i
Source: condor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for condor.
CVE-2025-30093[0]:
| HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x
| before 24.0.6, and 24.6.x before 24.6.1 allows authenticated
| att
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2752[0]:
| A vulnerability was found in Open Asset Import Library Assimp 5.4.3
| and classified as problematic. This issue affects the funct
Source: libstring-compare-constanttime-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
libstring-compare-constanttime-perl.
CVE-2024-13939[0]:
| String::Compare::ConstantTime for Perl through 0.321 is vulnerable
|
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2025-2849[0]:
| A vulnerability, which was classified as problematic, was found in
| UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_D
Source: libdata-entropy-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libdata-entropy-perl.
CVE-2025-1860[0]:
| Data::Entropy for Perl 0.007 and earlier use the rand() function as
| the default source of entropy,
Source: mbedtls
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for mbedtls.
CVE-2025-27809[0]:
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side,
| accepts servers that have trusted certificates for arbi
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2750[0]:
| A vulnerability, which was classified as critical, was found in Open
| Asset Import Library Assimp 5.4.3. This affects the functi
On Sat, Mar 22, 2025 at 03:15:02PM +0100, Andreas Metzler wrote:
> On 2025-03-21 Moritz Mühlenhoff wrote:
> [...]
> > The following vulnerability was published for gnupg2.
>
> > CVE-2025-30258[0]:
> > | In GnuPG before 2.5.5, if a user chooses to import a certificate
Source: xmedcon
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for xmedcon.
CVE-2025-2581[0]:
| A vulnerability has been found in xmedcon 0.25.0 and classified as
| problematic. Affected by this vulnerability is the functio
Source: quickjs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for quickjs.
CVE-2024-13903[0]:
| A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has
| been declared as problematic. Affected by this vulnerabi
Source: libeddsa-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libeddsa-java.
CVE-2020-36843[0]:
| The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through
| 0.3.0 exhibits signature malleability and does
Source: libmatio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libmatio.
CVE-2025-2337[0]:
| A vulnerability, which was classified as critical, has been found in
| tbeu matio 1.5.28. This issue affects the function
Source: docker-buildx
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker-buildx.
CVE-2025-0495[0]:
| Buildx is a Docker CLI plugin that extends build capabilities using
| BuildKit. Cache backends support credentials
Source: gnupg2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gnupg2.
CVE-2025-30258[0]:
| In GnuPG before 2.5.5, if a user chooses to import a certificate
| with certain crafted subkey data that lacks a valid backsig o
rely at the discretion of the
Debian LTS team.
Cheers,
Moritz
security-master.
Cheers,
Moritz
.
There's a wide range of open security with unclear
status of what fixes what and popcon is marginal, so
it seems better to also remove it from stable.
Cheers,
Moritz
l? I
> note that removal is not final. The package can be reintroduced once
> someone puts up with the work and it meets basic quality standards.
No objections for two months, I'm reassigning to ftp.debian.org for
removal.
Cheers,
Moritz
upstream bug report:
https://github.com/zmanda/amanda/issues/275
Package: amanda-server
Version: 1:3.5.1-11+deb12u2aldebaran01
Severity: normal
Tags: patch upstream
Dear Maintainer,
We are testing the s3 device with Backblaze B2 service.
Backblaze uses the "AWS4" authentication mechanism.
We use this configuration fragment to configure the driver:
-
k on the above.
> * Please close #1078555 if you agree with my above reasonings.
> * Please downgrade severity of the new #-2 bug if you agree
> or follow-up on this mail.
The downgrade seems fine to me. For CVE-2024-7538 it seems likely, but
could you doublecheck with upstream just to be sure?
Cheers,
Moritz
pull request's commit patch to amanda 3.5.1-11+deb12u2 .
It solves the problem for me. Find the patch in the attachment.
Regards,
Moritz
--
aldebaran Programmierung & IT-Lösungen GmbH
Softwareentwicklung / Individualsoftware
mail:i...@aldebaran.de https://www.aldebaran.de
Tel:
> with 4.19.0 + the 2 patches.
Hi Andreas,
looks good, thanks! Please build with -sa and upload to security-master.
Cheers,
Moritz
Package: cfengine3
Version: 3.24.0-2
Severity: minor
X-Debbugs-Cc: i...@mtech.ovh
We should try to do some more cleanup in the package regarding all the files
that are only relevant for the enterprise edition.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy:
Package: cfengine3
Version: 3.24.0-2
Severity: minor
X-Debbugs-Cc: i...@mtech.ovh
The question was raised whether the dependency of the binary package on
libvirt0 is actually necessary.
Let's investigate that!
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy:
On Mon, Jan 27, 2025 at 11:33:14AM +0100, Chris Hofstaedtler wrote:
> * Moritz Mühlenhoff [250122 17:35]:
> > On Tue, Jan 21, 2025 at 04:04:22PM +0100, Chris Hofstaedtler wrote:
> > > On Mon, Jan 20, 2025 at 12:02:11PM +0100, Chris Hofstaedtler wrote:
> > >
Source: rust-gix-worktree-state
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-gix-worktree-state.
CVE-2025-22620[0]:
| gitoxide is an implementation of git written in Rust. Prior to
| 0.17.0, gix-worktree-state sp
Source: mysql-connector-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mysql-connector-python.
CVE-2025-21548[0]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supp
Source: ovn
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ovn.
CVE-2025-0650[0]:
| A flaw was found in the Open Virtual Network (OVN). Specially
| crafted UDP packets may bypass egress access control lists (ACLs) in
|
Source: qtconnectivity-opensource-src
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtconnectivity-opensource-src.
CVE-2025-23050[0]:
https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux
Patch for Qt
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-21555[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
Source: clamav
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for clamav.
CVE-2025-20128[0]:
| A vulnerability in the Object Linking and Embedding 2 (OLE2)
| decryption routine of ClamAV could allow an unauthenticated, remote
|
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
CVE-2025-21533[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported versions that
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for openjdk-8.
CVE-2025-21502[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
On Tue, Jan 21, 2025 at 04:04:22PM +0100, Chris Hofstaedtler wrote:
> On Mon, Jan 20, 2025 at 12:02:11PM +0100, Chris Hofstaedtler wrote:
> > Control: reopen 1083285
> > Control: fixed 1083285 pdns-recursor/5.0.9-1
> >
> > * Moritz Friedrich [250120 10:45]:
> >
Hi,
Is there a reason why there is no fix for this bug CVE-2024-25590 in Bookworm
for version 4.8.8 yet?
cheerful regards
Moritz
Package: xfsprogs
Version: 6.12.0-1
Severity: normal
Tags: upstream
Dear Maintainer,
Today I noticed that on an old external harddisk (using LUKS over the whole
volume with an xfs directly inside (no partition table)),
when running ls -l that that all attributes (permissions, etc) where listed a
Source: redict
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redict.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: valkey
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for valkey.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: redis
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redis.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script t
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: libe...@packages.debian.org
Control: affects -1 + src:libebml
User: release.debian@packages.debian.org
Usertags: pu
Fixes a minor security issues, tested with mkvtoolnix.
Cheers,
Moritz
diff -Nru libebml-1.4.4
available) to validate the
fixes.
Cheers,
Moritz
diff -Nru tiff-4.5.0/debian/changelog tiff-4.5.0/debian/changelog
--- tiff-4.5.0/debian/changelog 2023-11-23 09:06:18.0 +0100
+++ tiff-4.5.0/debian/changelog 2025-01-03 14:39:11.0 +0100
@@ -1,3 +1,15 @@
+tiff (4.5.0-6+deb12u2
.
Cheers,
Moritz
diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog
--- audiofile-0.3.6/debian/changelog2019-04-05 16:13:16.0 +0200
+++ audiofile-0.3.6/debian/changelog2025-01-01 17:42:41.0 +0100
@@ -1,3 +1,10 @@
+audiofile (0.3.6-5+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: gnuch...@packages.debian.org
Control: affects -1 + src:gnuchess
User: release.debian@packages.debian.org
Usertags: pu
Fix for low severity issue which doesn't warrant a DSA,
debdiff below.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: p...@packages.debian.org
Control: affects -1 + src:poco
User: release.debian@packages.debian.org
Usertags: pu
Fix for CVE-2023-52389 (which doesn't warrant a DSA),
debdiff below.
Cheers,
Moritz
diff -Nru
Control: tags -1 + patch
I have prepared a fix for this patch at
https://salsa.debian.org/python-team/packages/python-ewmh/-/merge_requests/2
Regards,
Moritz
acker/CVE-2024-54132
https://security-tracker.debian.org/tracker/CVE-2024-53858
If these affect 2.23 and can be sensibly backported it would be good
to also fix them along.
Cheers,
Moritz
Source: libtheora
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libtheora.
CVE-2024-56431[0]:
| oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0
| 7180717 has an invalid negative left shift.
https://gi
Source: rust-kvm-ioctls
Version: 0.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2024-0428.html
https://github.com/rust-vmm/kvm/pull/298
Cheers,
Moritz
ed in new
> > format.
>
> Thanks for the update. I think it would be good to make sure we get
> the change in trixie with the rebase to 9.0.
>
> FWIW, for bookworm we marked the issue no-dsa, but I guess we then can
> mark it as ignored.
Agreed, I've just marked it as ignored for Bookworm.
Cheers,
Moritz
Source: firehol
Version: 3.1.7+ds-5
Severity: normal
Tags: patch
Forwarded: https://salsa.debian.org/debian/firehol/-/merge_requests/5
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
Firehol fails to build reproducibly only because the docs PDFs contain
a PDF ID (see
https:/
ilt --without-libsoup, the web functionality is disabled entirely.
> (Implemented in providers/Makefile.am, WEB = no in build logs.)
Thanks, I've just pushed an update to the Debian Security Tracker.
Cheers,
Moritz
On Mon, Dec 02, 2024 at 08:12:21AM +0100, Thomas Goirand wrote:
> On 12/1/24 17:31, Moritz Mühlenhoff wrote:
> > Source: neutron
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > Th
Source: symfony
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for symfony.
CVE-2024-36611[0]:
| In Symfony v7.07, a security vulnerability was identified in the
| FormLoginAuthenticator component, where it failed to adequa
Source: grave
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for grave.
CVE-2024-11403[0]:
| There exists an out of bounds read/write in LibJXL versions prior to
| commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPE
Source: libsoup2.4
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsoup2.4.
CVE-2024-52530[0]:
| GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
| configurations because '\0' characters at the end of
Source: tinyxml2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyxml2.
CVE-2024-50614[0]:
| TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16,
| that may lead to application exit, in tinyxml2.cpp
| XM
Source: golang-github-cli-go-gh-v2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-cli-go-gh-v2.
CVE-2024-53859[0]:
| go-gh is a Go module for interacting with the `gh` utility and the
| GitHub API from the
Source: tinyxml2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyxml2.
CVE-2024-50615[0]:
| TinyXML2 through 10.0.0 has a reachable assertion for
| UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp
|
Source: gh
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gh.
CVE-2024-53858[0]:
| The gh cli is GitHub’s official command line tool. A security
| vulnerability has been identified in the GitHub CLI that could leak
| au
Source: grpc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grpc.
CVE-2024-11407[0]:
| There exists a denial of service through Data corruption in gRPC-C++
| - gRPC-C++ servers with transmit zero copy enabled through th
Source: node-express
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-express.
CVE-2024-10491[0]:
| A vulnerability has been identified in the Express
| response.links function, allowing for arbitrary resource inject
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-21490[0]:
| This affects versions of the package angular from 1.3.0. A regular
| expression used to split the value of the ng-srcset
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-8373[0]:
| Improper sanitization of the value of the [srcset] attribute in
| HTML elements in AngularJS allows attackers to bypass
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-8372[0]:
| Improper sanitization of the value of the '[srcset]' attribute in
| AngularJS allows attackers to bypass common image sou
Source: spip
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for spip.
CVE-2024-53620[0]:
| A cross-site scripting (XSS) vulnerability in the Article module of
| SPIP v4.3.3 allows authenticated attackers to execute arbitrar
Source: neutron
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for neutron.
CVE-2024-53916[0]:
| In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py
| can use an incorrect ID during policy enforcement. NOTE:
1 - 100 of 4429 matches
Mail list logo
