On Sat, Apr 26, 2025 at 06:17:28PM +, Mathias Gibbens wrote:
> control: severity -1 minor
> control: tags -1 + wontfix
>
> Due to code changes/refactoring between LXD 5.0.4 and the snapshot of
> 5.0.2 in Debian, an unreasonable amount of work would be required to
> fix this minor issue. Lowe
On Thu, Apr 24, 2025 at 01:35:16PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: secur...@debian.org, Dylan Aïssi
>
> * CVE-2025-32776: out-of-bounds read
>
> Ta
On Wed, Apr 23, 2025 at 05:04:22PM -0500, Serge E. Hallyn wrote:
> On Tue, Apr 22, 2025 at 09:46:14PM +0200, Chris Hofstaedtler wrote:
> > * Serge E. Hallyn [250422 15:48]:
> > > On Mon, Apr 21, 2025 at 08:08:50PM +0200, Salvatore Bonaccorso wrote:
> > > > Thought this will not really be fixable i
On Tue, Apr 22, 2025 at 10:46:57PM +0200, Robin Gustafsson wrote:
> Hi Moritz,
>
> Thanks for the report.
>
> On 4/22/25 14:09, Moritz Mühlenhoff wrote:
> > [...]
> > The following vulnerability was published for php-laravel-framework.
> >
> > CVE-2025-2
Am Wed, May 29, 2024 at 10:26:24AM +0400 schrieb Yadd:
> On 5/29/24 00:40, Moritz Mühlenhoff wrote:
> > Source: node-ip
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vu
Am Thu, Oct 17, 2024 at 11:12:18AM +0200 schrieb Andreas Beckmann:
> Source: nvidia-graphics-drivers-tesla-470
> Version: 470.256.02-3
> Severity: normal
> Tags: sid trixie
>
> The upstream support for the Tesla 470 driver series has ended
> in 07/2024: https://docs.nvidia.com/datacenter/tesla/dri
Source: php-laravel-framework
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php-laravel-framework.
CVE-2025-27515[0]:
| Laravel is a web application framework. When using wildcard
| validation to validate a given file or i
Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kjäll:
> pprof was at some point needed for the gix stack, if they have moved
> away from using it then I agree that it's not needed in trixie.
>
> Will this bug be enought to block it, or do we need to do anything more?
If it's entirely
Source: lxd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lxd.
CVE-2024-6156[0]:
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2,
| could be bypassed if the client's certificate was present in the
| t
Source: mitmproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mitmproxy.
CVE-2025-23217[0]:
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for
| penetration testers and software developers and mitmweb i
Source: krb5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for krb5.
CVE-2025-3576[0]:
| A vulnerability in the MIT Kerberos implementation allows GSSAPI-
| protected messages using RC4-HMAC-MD5 to be spoofed due to
| weak
Source: nsis
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nsis.
Does also affect nsis as packaged in Debian, probably yes since it's
meant to provide installers which will then run on Windows?
CVE-2025-43715[0]:
| Nu
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
|
Source: node-tar-fs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-tar-fs.
CVE-2024-12905[0]:
| An Improper Link Resolution Before File Access ("Link Following")
| and Improper Limitation of a Pathname to a Restric
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2751[0]:
| A vulnerability has been found in Open Asset Import Library Assimp
| 5.4.3 and classified as problematic. This vulnerability affe
On Sat, Apr 05, 2025 at 04:55:37PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Apr 05, 2025 at 04:47:13PM +0200, Moritz Mühlenhoff wrote:
> > Am Mon, Mar 31, 2025 at 10:26:11PM -0300 schrieb Carlos Henrique Lima
> > Melara:
> > > Hi,
> > >
> &g
Am Mon, Mar 31, 2025 at 10:26:11PM -0300 schrieb Carlos Henrique Lima Melara:
> Hi,
>
> On Sat, Mar 22, 2025 at 11:08:18AM -0300, Carlos Henrique Lima Melara wrote:
> > I'm planning to fix [CVE-2025-27795] and [CVE-2025-27796] for Debian LTS
> > (disclaimer: it's a pro-bono upload as part of onboa
Am Tue, Apr 01, 2025 at 12:13:53AM +0300 schrieb Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: secur...@debian.org, Varnish Package Maintainers
>
>
> * CVE-2025-30346: HTTP/1
Source: 389-ds-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2025-2487[0]:
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs
| when issuing a Modify DN LDAP operation through th
Hi Thorsten,
> >Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
> >> This is a bit like the limited security support for binutils,
> >> I suppose. Could/should we document that in the same places?
> >
> >Sure thing, this sounds similar to what was done for Lilypond,
>
> Ah, okay
Source: gunicorn
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gunicorn.
CVE-2024-6827[0]:
| Gunicorn version 21.2.0 does not properly validate the value of the
| 'Transfer-Encoding' header as specified in the RFC stan
Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-flask-cors.
CVE-2024-6866[0]:
| corydolphin/flask-cors version 4.01 contains a vulnerability where
| the request path matching is case-i
Source: condor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for condor.
CVE-2025-30093[0]:
| HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x
| before 24.0.6, and 24.6.x before 24.6.1 allows authenticated
| att
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2752[0]:
| A vulnerability was found in Open Asset Import Library Assimp 5.4.3
| and classified as problematic. This issue affects the funct
Source: libstring-compare-constanttime-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
libstring-compare-constanttime-perl.
CVE-2024-13939[0]:
| String::Compare::ConstantTime for Perl through 0.321 is vulnerable
|
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2025-2849[0]:
| A vulnerability, which was classified as problematic, was found in
| UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_D
Source: libdata-entropy-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libdata-entropy-perl.
CVE-2025-1860[0]:
| Data::Entropy for Perl 0.007 and earlier use the rand() function as
| the default source of entropy,
Source: mbedtls
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for mbedtls.
CVE-2025-27809[0]:
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side,
| accepts servers that have trusted certificates for arbi
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2025-2750[0]:
| A vulnerability, which was classified as critical, was found in Open
| Asset Import Library Assimp 5.4.3. This affects the functi
On Sat, Mar 22, 2025 at 03:15:02PM +0100, Andreas Metzler wrote:
> On 2025-03-21 Moritz Mühlenhoff wrote:
> [...]
> > The following vulnerability was published for gnupg2.
>
> > CVE-2025-30258[0]:
> > | In GnuPG before 2.5.5, if a user chooses to import a certificate
Source: xmedcon
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for xmedcon.
CVE-2025-2581[0]:
| A vulnerability has been found in xmedcon 0.25.0 and classified as
| problematic. Affected by this vulnerability is the functio
Source: quickjs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for quickjs.
CVE-2024-13903[0]:
| A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has
| been declared as problematic. Affected by this vulnerabi
Source: libeddsa-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libeddsa-java.
CVE-2020-36843[0]:
| The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through
| 0.3.0 exhibits signature malleability and does
Source: libmatio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libmatio.
CVE-2025-2337[0]:
| A vulnerability, which was classified as critical, has been found in
| tbeu matio 1.5.28. This issue affects the function
Source: docker-buildx
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker-buildx.
CVE-2025-0495[0]:
| Buildx is a Docker CLI plugin that extends build capabilities using
| BuildKit. Cache backends support credentials
Source: gnupg2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gnupg2.
CVE-2025-30258[0]:
| In GnuPG before 2.5.5, if a user chooses to import a certificate
| with certain crafted subkey data that lacks a valid backsig o
On Thu, Mar 20, 2025 at 05:28:08PM +, Holger Levsen wrote:
> hi Santiago,
>
> On Thu, Mar 20, 2025 at 12:15:51PM -0300, Santiago Ruano Rincón wrote:
> > I would like to propose EOL'ing odoo in bullseye, because 14.0 has been
> > EOL'ed by upstream and the complexity of backporting patches seem
On Fri, Mar 14, 2025 at 10:12:36PM +0100, Ferenc Wágner wrote:
> Dear Security Team,
>
> Please review the following source debdiff:
Thanks, the debdiff looks good. Please build with -sa (since this is the
first upload on security-master for opensaml in bookworm-security)
and upload to security-m
retitle 1092183 RM: kanboard -- RoQA; unmaintained, RC-buggy, open security
issues
reassign 1092183 ftp.debian.org
severity 1092183 normal
thanks
Am Fri, Jan 03, 2025 at 07:29:44PM +0100 schrieb Helmut Grohne:
> Source: kanboard
> Version: 1.2.31+ds2-1
> Severity: important
>
> Hi,
>
> kanboard
On Sat, Mar 01, 2025 at 02:23:29PM +0100, Mike Gabriel wrote:
> Control: clone -1 -2
> Control: retitle -1 ofono CVE-2024-7538 CVE-2024-7539 CVE-2024-7540
> CVE-2024-7541 CVE-2024-7542 CVE-2024-7543 CVE-2024-7544 CVE-2024-7545
> CVE-2024-7546 CVE-2024-7547
> Control: retitle -2 ofono: CVE-2024-75
On Sat, Feb 08, 2025 at 01:36:39PM +0100, Andreas Metzler wrote:
> Control: found -1 4.19.0-1
>
> On 2025-02-07 Salvatore Bonaccorso wrote:
> [...]
> > CVE-2024-12133[0]:
> > | Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
>
>
> > If you fix the vulnerability please also
On Mon, Jan 27, 2025 at 11:33:14AM +0100, Chris Hofstaedtler wrote:
> * Moritz Mühlenhoff [250122 17:35]:
> > On Tue, Jan 21, 2025 at 04:04:22PM +0100, Chris Hofstaedtler wrote:
> > > On Mon, Jan 20, 2025 at 12:02:11PM +0100, Chris Hofstaedtler wrote:
> > >
Source: rust-gix-worktree-state
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-gix-worktree-state.
CVE-2025-22620[0]:
| gitoxide is an implementation of git written in Rust. Prior to
| 0.17.0, gix-worktree-state sp
Source: mysql-connector-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mysql-connector-python.
CVE-2025-21548[0]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supp
Source: ovn
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ovn.
CVE-2025-0650[0]:
| A flaw was found in the Open Virtual Network (OVN). Specially
| crafted UDP packets may bypass egress access control lists (ACLs) in
|
Source: qtconnectivity-opensource-src
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtconnectivity-opensource-src.
CVE-2025-23050[0]:
https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux
Patch for Qt
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-21555[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
Source: clamav
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for clamav.
CVE-2025-20128[0]:
| A vulnerability in the Object Linking and Embedding 2 (OLE2)
| decryption routine of ClamAV could allow an unauthenticated, remote
|
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
CVE-2025-21533[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported versions that
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for openjdk-8.
CVE-2025-21502[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
On Tue, Jan 21, 2025 at 04:04:22PM +0100, Chris Hofstaedtler wrote:
> On Mon, Jan 20, 2025 at 12:02:11PM +0100, Chris Hofstaedtler wrote:
> > Control: reopen 1083285
> > Control: fixed 1083285 pdns-recursor/5.0.9-1
> >
> > * Moritz Friedrich [250120 10:45]:
> > > Is there a reason why there is no
Source: redict
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redict.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: valkey
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for valkey.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: redis
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redis.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script t
On Mon, Dec 30, 2024 at 03:00:40PM +0100, Santiago Vila wrote:
> Hi.
>
> I've just made a team upload which fixes this in unstable.
>
> Is this the kind of security issue which deserves a DSA + upload for security,
> or should we handle this using stable-proposed-updates?
>
> (In the first case:
Source: libtheora
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libtheora.
CVE-2024-56431[0]:
| oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0
| 7180717 has an invalid negative left shift.
https://gi
On Wed, Dec 25, 2024 at 11:27:39AM +0100, Salvatore Bonaccorso wrote:
> Hi,
> > Since this vulnerability is moderate and depends on a misconfiguration of
> > Apache or a different application I do not intend to provide a patch version
> > for Stable. In addition, the fix was done by replacing the c
On Tue, Dec 10, 2024 at 10:25:50PM +, Rebecca N. Palmer wrote:
> On 09/12/2024 21:13, Salvatore Bonaccorso wrote:
> > But what happens if built with --without-libsoup, I guess then TLS
> > certificate validation is absent as well what are the consequences?
>
> When built --without-libsoup, the
On Mon, Dec 02, 2024 at 08:12:21AM +0100, Thomas Goirand wrote:
> On 12/1/24 17:31, Moritz Mühlenhoff wrote:
> > Source: neutron
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > Th
Source: symfony
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for symfony.
CVE-2024-36611[0]:
| In Symfony v7.07, a security vulnerability was identified in the
| FormLoginAuthenticator component, where it failed to adequa
Source: grave
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for grave.
CVE-2024-11403[0]:
| There exists an out of bounds read/write in LibJXL versions prior to
| commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPE
Source: libsoup2.4
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsoup2.4.
CVE-2024-52530[0]:
| GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
| configurations because '\0' characters at the end of
Source: tinyxml2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyxml2.
CVE-2024-50614[0]:
| TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16,
| that may lead to application exit, in tinyxml2.cpp
| XM
Source: golang-github-cli-go-gh-v2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-cli-go-gh-v2.
CVE-2024-53859[0]:
| go-gh is a Go module for interacting with the `gh` utility and the
| GitHub API from the
Source: tinyxml2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tinyxml2.
CVE-2024-50615[0]:
| TinyXML2 through 10.0.0 has a reachable assertion for
| UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp
|
Source: gh
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gh.
CVE-2024-53858[0]:
| The gh cli is GitHub’s official command line tool. A security
| vulnerability has been identified in the GitHub CLI that could leak
| au
Source: grpc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grpc.
CVE-2024-11407[0]:
| There exists a denial of service through Data corruption in gRPC-C++
| - gRPC-C++ servers with transmit zero copy enabled through th
Source: node-express
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-express.
CVE-2024-10491[0]:
| A vulnerability has been identified in the Express
| response.links function, allowing for arbitrary resource inject
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-21490[0]:
| This affects versions of the package angular from 1.3.0. A regular
| expression used to split the value of the ng-srcset
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-8373[0]:
| Improper sanitization of the value of the [srcset] attribute in
| HTML elements in AngularJS allows attackers to bypass
Source: angular.js
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for angular.js.
CVE-2024-8372[0]:
| Improper sanitization of the value of the '[srcset]' attribute in
| AngularJS allows attackers to bypass common image sou
Source: spip
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for spip.
CVE-2024-53620[0]:
| A cross-site scripting (XSS) vulnerability in the Article module of
| SPIP v4.3.3 allows authenticated attackers to execute arbitrar
Source: neutron
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for neutron.
CVE-2024-53916[0]:
| In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py
| can use an incorrect ID during policy enforcement. NOTE:
Source: spip
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for spip.
CVE-2024-53619[0]:
| An authenticated arbitrary file upload vulnerability in the
| Documents module of SPIP v4.3.3 allows attackers to execute
| arbitrar
Source: ganglia-web
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ganglia-web.
CVE-2024-52762[0]:
| A cross-site scripting (XSS) vulnerability in the component
| /master/header.php of Ganglia-web v3.73 to v3.76 allo
Source: kanboard
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for kanboard.
CVE-2024-51747[0]:
| Kanboard is project management software that focuses on the Kanban
| methodology. An authenticated Kanboard admin can read an
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2024-50613[0]:
| libsndfile through 1.2.2 has a reachable assertion, that may lead to
| application exit, in mpeg_l3_encode.c mpeg_l3_encode
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for radare2.
CVE-2024-48241[0]:
| An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to
| cause a denial of service via the __bf_div function.
h
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2024-50612[0]:
| libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote
| out-of-bounds read.
https://github.com/libsndfile/
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for emacs. This is no fix
and this is a long-standing issue, so mostly filing a bug for
transparency for now:
CVE-2024-53920[0]:
| In elisp-mode.el in GNU Emacs t
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2024-36464[0]:
| When exporting media types, the password is exported in the YAML in
| plain text. This appears to be a best practices type issue
Source: postgresql-16
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The recently fixed postgresql issues are addresed, but still open
in postgresql-16. I suppose the plan is to remove -16 in the mid
term, but in the interim filing a bug for the record.
CVE-2024-10
Source: php8.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for php8.2. I think
the plan is to switch to 8.3 for trixie, so 8.2 will probably
be removed at some point, but still filing a bug to keep track
of these issue
Am Wed, Feb 21, 2024 at 04:27:25PM +0100 schrieb Moritz Muehlenhoff:
> On Wed, Feb 21, 2024 at 04:15:17PM +0100, Matthias Klumpp wrote:
> > I'd read the "unaffected at 1.2.7" as version 1.2.7 and higher not
> > having the bug... But then again, on another page it said that the
> > respective patch
Am Wed, May 29, 2024 at 10:38:29AM +0200 schrieb PICCA Frederic-Emmanuel:
> Here the upstream point of view about the CVE.
>
> https://github.com/epics-base/epics-base/issues/405
>
> check with the security team, if their analyse is ok ?
Given that epics parser has evolved quite a bit, I'd say j
Am Mon, Sep 25, 2023 at 11:30:13PM +0200 schrieb Moritz Mühlenhoff:
> Source: djvulibre
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for djvulibre.
>
> CVE-2021-46310[0
All open Avahi security issues are fixed in upstream git:
CVE-2023-38473 (#1054880)
https://github.com/avahi/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797
CVE-2023-38472 (#1054879)
https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40
CVE-2023-38471 (#1054878)
ht
On Sun, Oct 27, 2024 at 11:21:00PM +0100, László Böszörményi (GCS) wrote:
> On Sun, Oct 27, 2024 at 11:17 PM Moritz Mühlenhoff wrote:
> > Am Sun, Oct 27, 2024 at 03:58:13PM +0100 schrieb László Böszörményi (GCS):
> > If we do an update anyway, we could also piggyback the straightfo
Am Sun, Oct 27, 2024 at 03:58:13PM +0100 schrieb László Böszörményi (GCS):
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: ntfs...@packages.debian.org
> Control: affects -1 + src:ntfs-3g
>
> [ Reason ]
severity 986801 grave
thanks
Am Wed, Jun 02, 2021 at 04:36:52PM +0200 schrieb Sebastian Pipping:
> Hi Debian,
>
>
> just a quick note that GNU Chess 6.2.8 is vulnerable too (and that I'm
> in touch with NVD to mark 8.2.8 as vulnerable in NVD).
>
> This is the patch for CVE-2021-30184 for both G
Am Mon, Apr 10, 2023 at 06:11:39PM +0200 schrieb Moritz Mühlenhoff:
> Source: python-cmarkgfm
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for python-cmarkgfm.
>
> CVE-2
Source: openrefine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openrefine.
CVE-2024-49760[0]:
| OpenRefine is a free, open source tool for working with messy data.
| The load-language command expects a `lang` paramete
Source: openrefine-butterfly
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for openrefine-butterfly.
CVE-2024-47883[0]:
| The OpenRefine fork of the MIT Simile Butterfly server is a modular
| web application framework. The But
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48423[0]:
| An issue in assimp v.5.4.3 allows a local attacker to execute
| arbitrary code via the CallbackToLogRedirector function within t
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48424[0]:
| A heap-buffer-overflow vulnerability has been identified in the
| OpenDDLParser::parseStructure function within the Assimp libra
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48426[0]:
| A segmentation fault (SEGV) was detected in the
| SortByPTypeProcess::Execute function in the Assimp library during
| fuzz testing w
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48425[0]:
| A segmentation fault (SEGV) was detected in the
| Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within
| the Ass
Source: pam
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for pam.
CVE-2024-10041[0]:
| A vulnerability was found in PAM. The secret information is stored
| in memory, where the attacker can trigger the victim program to
| ex
Source: botan
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for botan.
CVE-2024-50383[0]:
| Botan before 3.6.0, when certain GCC versions are used, has a
| compiler-induced secret-dependent operation in lib/utils/donna128.
Am Wed, Oct 23, 2024 at 07:23:23PM -0300 schrieb Santiago Ruano Rincón:
> El 22/10/24 a las 00:05, Bob Halley escribió:
> > This is a blast from the past; 2008 is a LONG time ago!
>
> Indeed! :-)
>
> > It should be fine, as of 1.7 since the entropy pool added then would help
> > with query id ra
1 - 100 of 1207 matches
Mail list logo
