During the month of September 2024 and on behalf of Freexian, I worked on the following:
dovecot ------- Uploaded 1:2.3.13+dfsg1-2+deb11u2 and issued DLA-3860-1. https://lists.debian.org/msgid-search/?m=ztxjlvofwoqm2...@debian.org * CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) could become excessively CPU intensive. * CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message. Also, upload 1:2.3.4.1-5+deb10u8 resp. 1:2.2.27-3+deb9u8 to buster resp. stretch ELTS, and issued ELA-1175-1. (The uploads were done and DLA/ELA released in September, but backporting and testing was actually done during August.) nbconvert --------- Uploaded 5.6.1-3+deb11u1 and issued DLA-3863-1. https://lists.debian.org/msgid-search/?m=ztykf64x1rdah...@debian.org * CVE-2021-32862: When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server without tight Content-Security-Policy (e.g., nbviewer). gnutls28 -------- Uploaded 3.7.1-5+deb11u6 and issued DLA-3875-1. https://lists.debian.org/msgid-search/?m=ztjobhyxqnr7l...@debian.org * CVE-2024-28834 (Minerva attack): side-channel in the deterministic ECDSA. * CVE-2024-28835: certtool(1) crash when verifying a certificate chain with more than 16 certificates. * Memory leak in src/serv.c:listener_free() when a connected client disappears. * Segfault in lib/tls13/early_data.c:_gnutls13_recv_end_of_early_data(). * Potential segfault in lib/tls13/finished.c:_gnutls13_recv_finished(). expat ----- Uploaded 2.2.10-2+deb11u6 and issued DLA-3893-1. https://lists.debian.org/msgid-search/?m=zuuchntviiw9c...@debian.org * CVE-2023-52425: Denial of Service (resource consumption) when parsing a large token for which multiple buffer fills are needed. * CVE-2024-45490: xmlparse.c does not reject a negative length for XML_ParseBuffer(), which may cause memory corruption or code execution. * CVE-2024-45491: Integer overflow for nDefaultAtts on 32-bit platforms. * CVE-2024-45492: Integer overflow for m_groupSize on 32-bit platforms. * Run upstream test suite at build time. Also, uploaded 2.2.6-2+deb10u8 resp. 2.2.0-2+deb9u9 resp. 2.1.0-6+deb8u12 to buster resp. stretch resp. jessie ELTS with fixes for CVE-2024-4549[0-2], and issued ELA-1190-1. opensc ------ Worked on fixes for: * CVE-2021-34193 (stack overflow) * CVE-2021-42778 (heap double free) * CVE-2021-42779 (heap use after free) * CVE-2021-42780 (use after return) * CVE-2021-42781 (heap buffer overflow) * CVE-2021-42782 (stack buffer overflow) * CVE-2023-2977 (buffer overrun) * CVE-2023-5992 (encryption padding removal is not side-channel resistant) * CVE-2023-40660 (potential PIN bypass) But did not upload yet. Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
