Package: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
CVE-2025-53024[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). The supported version
Package: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-50077[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
Package: rlottie
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rlottie.
CVE-2025-0634[0]:
| Use After Free vulnerability in Samsung Open Source rLottie allows
| Remote Code Inclusion.This issue affects rLottie: V0.2.
h
Package: cpp-httplib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for cpp-httplib.
CVE-2025-52887[0]:
| cpp-httplib is a C++11 single-file header-only cross platform
| HTTP/HTTPS library. In version 0.21.0, when many http
Package: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for imagemagick.
CVE-2025-53014[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. Versions prior to 7.1
Package: jackrabbit
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jackrabbit.
CVE-2025-53689[0]:
| Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-
| core in Apache Jackrabbit < 2.23.2 due to usage of an
Package: podman
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for podman.
CVE-2025-6032[0]:
| A flaw was found in Podman. The podman machine init command fails to
| verify the TLS certificate when downloading the VM images fro
On Fri, Jun 20, 2025 at 10:40:38AM +0100, Simon McVittie wrote:
> On Wed, 18 Jun 2025 at 20:54:55 +0200, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for gdk-pixbuf.
> >
> > (Choosing RC level, since jmm is planning a DSA, so we should have
> > that fixed as well in tr
Am Tue, Jun 10, 2025 at 02:22:18PM +0200 schrieb Thomas Lange:
> >> From my PoV this could also be handled by
> > - tag #1106121 trixie-ignore
> Perfect. Who can/should set this tag? The package maintainer or only
> the release team?
It's up to the release team.
> > - update the packa
Am Tue, Jun 03, 2025 at 09:44:42AM +0200 schrieb Sebastian Ramacher:
> Hi
>
> On 2025-06-02 00:25:41 +0200, Lorenzo wrote:
> > On Thu, 22 May 2025 20:46:34 +0200 Sebastian Ramacher
> > wrote:
> > > Control: severity -1 serious
> >
> > Hi Sebastian,
> >
> > I'm a bit surprised about the timing o
Source: modsecurity-apache
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for modsecurity-apache.
CVE-2025-47947[0]:
| ModSecurity is an open source, cross platform web application
| firewall (WAF) engine for Apache, IIS and Ng
Source: gst-plugins-bad1.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2025-3887[0]:
| GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerab
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2025-30194[0]:
| When DNSdist is configured to provide DoH via the nghttp2 provider,
| an attacker can cause a denial of service by crafting a DoH
On Tue, Apr 22, 2025 at 10:46:57PM +0200, Robin Gustafsson wrote:
> Hi Moritz,
>
> Thanks for the report.
>
> On 4/22/25 14:09, Moritz Mühlenhoff wrote:
> > [...]
> > The following vulnerability was published for php-laravel-framework.
> >
> > CVE-2025-2
Am Thu, Oct 17, 2024 at 11:12:18AM +0200 schrieb Andreas Beckmann:
> Source: nvidia-graphics-drivers-tesla-470
> Version: 470.256.02-3
> Severity: normal
> Tags: sid trixie
>
> The upstream support for the Tesla 470 driver series has ended
> in 07/2024: https://docs.nvidia.com/datacenter/tesla/dri
Source: php-laravel-framework
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php-laravel-framework.
CVE-2025-27515[0]:
| Laravel is a web application framework. When using wildcard
| validation to validate a given file or i
Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kjäll:
> pprof was at some point needed for the gix stack, if they have moved
> away from using it then I agree that it's not needed in trixie.
>
> Will this bug be enought to block it, or do we need to do anything more?
If it's entirely
Source: mitmproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mitmproxy.
CVE-2025-23217[0]:
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for
| penetration testers and software developers and mitmweb i
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
|
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2025-2849[0]:
| A vulnerability, which was classified as problematic, was found in
| UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_D
Source: condor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for condor.
CVE-2025-30093[0]:
| HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x
| before 24.0.6, and 24.6.x before 24.6.1 allows authenticated
| att
Source: libeddsa-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libeddsa-java.
CVE-2020-36843[0]:
| The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through
| 0.3.0 exhibits signature malleability and does
On Fri, Mar 14, 2025 at 10:12:36PM +0100, Ferenc Wágner wrote:
> Dear Security Team,
>
> Please review the following source debdiff:
Thanks, the debdiff looks good. Please build with -sa (since this is the
first upload on security-master for opensaml in bookworm-security)
and upload to security-m
On Sat, Mar 01, 2025 at 02:23:29PM +0100, Mike Gabriel wrote:
> Control: clone -1 -2
> Control: retitle -1 ofono CVE-2024-7538 CVE-2024-7539 CVE-2024-7540
> CVE-2024-7541 CVE-2024-7542 CVE-2024-7543 CVE-2024-7544 CVE-2024-7545
> CVE-2024-7546 CVE-2024-7547
> Control: retitle -2 ofono: CVE-2024-75
Source: clamav
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for clamav.
CVE-2025-20128[0]:
| A vulnerability in the Object Linking and Embedding 2 (OLE2)
| decryption routine of ClamAV could allow an unauthenticated, remote
|
Source: mysql-connector-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mysql-connector-python.
CVE-2025-21548[0]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supp
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
CVE-2025-21533[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported versions that
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-21555[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
Source: redict
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redict.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: valkey
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for valkey.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script
Source: redis
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redis.
CVE-2024-46981[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated user may use a specially crafted Lua script t
On Mon, Dec 30, 2024 at 03:00:40PM +0100, Santiago Vila wrote:
> Hi.
>
> I've just made a team upload which fixes this in unstable.
>
> Is this the kind of security issue which deserves a DSA + upload for security,
> or should we handle this using stable-proposed-updates?
>
> (In the first case:
Source: kanboard
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for kanboard.
CVE-2024-51747[0]:
| Kanboard is project management software that focuses on the Kanban
| methodology. An authenticated Kanboard admin can read an
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2024-36464[0]:
| When exporting media types, the password is exported in the YAML in
| plain text. This appears to be a best practices type issue
Source: openrefine-butterfly
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for openrefine-butterfly.
CVE-2024-47883[0]:
| The OpenRefine fork of the MIT Simile Butterfly server is a modular
| web application framework. The But
Source: openrefine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openrefine.
CVE-2024-49760[0]:
| OpenRefine is a free, open source tool for working with messy data.
| The load-language command expects a `lang` paramete
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48426[0]:
| A segmentation fault (SEGV) was detected in the
| SortByPTypeProcess::Execute function in the Assimp library during
| fuzz testing w
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21208[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21247[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
|
Source: starlette
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for starlette.
CVE-2024-47874[0]:
| Starlette is an Asynchronous Server Gateway Interface (ASGI)
| framework/toolkit. Prior to version 0.40.0, Starlette treats
|
On Sat, Oct 12, 2024 at 04:14:14PM +0200, Yadd wrote:
> Hi,
>
> here is a debdiff for bookworm
Please upload to security-master, thanks!
Cheers,
Moritz
Source: node-dompurify
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-dompurify.
CVE-2024-47875[0]:
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for
| HTML, MathML and SVG. DOMpurify was vulnerabl
Source: redis
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redis.
CVE-2024-31227[0]:
| Redis is an open source, in-memory database that persists on disk.
| An authenticated with sufficient privileges may create a malfo
Source: libgsf
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libgsf.
CVE-2024-36474[0]:
| An integer overflow vulnerability exists in the Compound Document
| Binary File format parser of the GNOME Project G Structured F
Package: golang-github-hashicorp-go-getter
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for golang-github-hashicorp-go-getter.
CVE-2024-3817[0]:
| HashiCorp’s go-getter library is vulnerable to argument injection
| when execu
Source: dogtag-pki
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dogtag-pki.
CVE-2023-4727[0]:
| A flaw was found in dogtag-pki and pki-core. The token
| authentication scheme can be bypassed with a LDAP injection. By
| pa
Package: jupyter-notebook
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2024-43805[0]:
| jupyterlab is an extensible environment for interactive and
| reproducible computing, based on the Jupyter Note
Package: jupyterlab
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterlab.
CVE-2024-43805[0]:
| jupyterlab is an extensible environment for interactive and
| reproducible computing, based on the Jupyter Notebook Archite
Source: puma
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for puma.
CVE-2024-45614[0]:
| Puma is a Ruby/Rack web server built for parallelism. In affected
| versions clients could clobber values set by intermediate proxies
|
Source: pgpool2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2024-45624[0]:
| Exposure of sensitive information due to incompatible policies issue
| exists in Pgpool-II. If a database user accesses a query ca
On Thu, Aug 29, 2024 at 10:20:42PM +0200, Ana Guerrero Lopez wrote:
> On Thu, Aug 29, 2024 at 09:34:14PM +0200, Helmut Grohne wrote:
> > Hi Ana,
> >
> > On Thu, Aug 29, 2024 at 09:04:09PM +0200, Ana Guerrero Lopez wrote:
> > > In short, imdbpy should have been removed from the archive already and
Hi Yadd,
> here is a simple patch for this issue
The debdiff looks fine, but I don't believe this needs a
DSA, can you please submit this for the next point update
instead?
Cheers,
Moritz
Am Tue, Apr 30, 2024 at 06:04:34PM +0100 schrieb Steve McIntyre:
> Hi!
>
> On Tue, Dec 19, 2023 at 09:31:00AM +0100, Salvatore Bonaccorso wrote:
> >Source: python-asyncssh
> >Version: 2.10.1-2
> >Severity: important
> >Tags: security upstream
> >X-Debbugs-Cc: car...@debian.org, Debian Security Tea
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ofono.
CVE-2024-7537[0]:
| oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
| Vulnerability. This vulnerability allows local attackers to discl
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2024-22114[0]:
| User with no permission to any of the Hosts can access and view host
| count & other statistics through System Information Widget
Source: neatvnc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for neatvnc.
CVE-2024-42458[0]:
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly
| validate the security type.
https://www.openwall.com/lists/os
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2024-6873[0]:
| It is possible to crash or redirect the execution flow of the
| ClickHouse server process from an unauthenticated vector by s
Source: anki
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for anki.
CVE-2024-26020[0]:
| An arbitrary script execution vulnerability exists in the MPV
| functionality of Ankitects Anki 24.04. A specially crafted flashcard
Source: adminer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for adminer.
CVE-2023-45196[0]:
| Adminer and AdminerEvo allow an unauthenticated remote attacker to
| cause a denial of service by connecting to an attacker-con
Source: squid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squid.
CVE-2024-37894[0]:
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP,
| and more. Due to an Out-of-bounds Write error when assigning ESI
|
Source: smarty3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for smarty3.
CVE-2024-35226[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentation (HTML/CSS) from application logic. In affected
Source: smarty4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for smarty4.
CVE-2024-35226[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentation (HTML/CSS) from application logic. In affected
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-31948[0]:
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix
| SID attribute in a BGP UPDATE packet can cause the bgpd daemon to
|
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for zabbix.
CVE-2024-22120[0]:
| Zabbix server can perform command execution for configured scripts.
| After command is executed, audit entry is added to "Audit Log"
Source: python-aiosmtpd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-aiosmtpd.
CVE-2024-34083[0]:
| aiosmptd is a reimplementation of the Python stdlib smtpd.py based
| on asyncio. Prior to version 1.4.6, servers
Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> Hi Christoph Berg,
>
> On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote:
> >
> > Re: Leandro Cunha
> > > The
> > > next job would be to make it available through backports and I would
> > > choose to remove this package from sta
Source: python-pymysql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-pymysql.
We should also fix this in a DSA, could you prepare debdiffs for
bookworm-security and bullseye-security?
CVE-2024-36039[0]:
| PyMySQL t
Source: npgsql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for npgsql.
CVE-2024-32655[0]:
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()`
| method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tinyproxy.
CVE-2023-40533[0]:
| An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1
| while parsing HTTP requests. In certain configuratio
Source: jupyterhub
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterhub.
CVE-2024-28233[0]:
| JupyterHub is an open source multi-user server for Jupyter
| notebooks. By tricking a user into visiting a malicious subdoma
Source: gdcm
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gdcm.
These are fixed in 3.0.24:
CVE-2024-25569[0]:
| An out-of-bounds read vulnerability exists in the
| RAWCodec::DecodeBytes functionality of Mathieu Malate
Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with Synap
Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of ser
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
| lo
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21102[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that a
Source: sngrep
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sngrep.
CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted sequ
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
| scene
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-29195[0]:
| The azure-c-shared-utility is a C library for AMQP/MQTT
| communication to Azure Cloud Services. This librar
Source: request-tracker5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker5.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an attacke
Source: request-tracker4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker4.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an attacke
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
https://www.o
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
https://nodejs.org/en/blog/vulnerability
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: fontforge
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for fontforge.
CVE-2024-25081[0]:
| Splinefont in FontForge through 20230101 allows command injection
| via crafted filenames.
CVE-2024-25082[1]:
| Splinefont
Source: ruby-rack
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rack.
CVE-2024-26141[0]:
Reject Range headers which are too large
https://github.com/rack/rack/releases/tag/v2.2.8.1
https://github.com/rack/rack/comm
Source: pymatgen
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2024-23346[0]:
| Pymatgen (Python Materials Genomics) is an open-source Python
| library for materials analysis. A critical security vulnerabilit
Source: iwd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for iwd.
CVE-2023-52161[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
While this mentions a patch for wpasupplication, it's not obvious
if this was repor
Source: wpa
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for wpa.
CVE-2023-52160[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
If you fix the vulnerability
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-46809[0]:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-25110[0]:
| The UAMQP is a general purpose C library for AMQP 1.0. During a call
| to open_get_offered_capabilities, a m
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-0321[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.
https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893
Am Fri, Jan 05, 2024 at 12:08:54PM +0100 schrieb Chris Hofstaedtler:
> On Sun, Sep 03, 2023 at 08:26:00PM +0200, Moritz Mühlenhoff wrote:
> > severity 877016 serious
> > thanks
> >
> > Am Thu, Sep 28, 2017 at 06:51:30AM -0700 schrieb Mattia Dongili:
> > > On W
Source: ring
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pjsig, which is
bundled in ring:
CVE-2023-38703[0]:
| PJSIP is a free and open source multimedia communication library
| written in C with high level API in C, C++
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2023-37457[0]:
| Asterisk is an open source private branch exchange and telephony
| toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 an
Source: ruby-sidekiq
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in t
Source: lrzip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lrzip.
CVE-2023-39741[0]:
| lrzip v0.651 was discovered to contain a heap overflow via the
| libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.
Source: w3m
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for w3m.
CVE-2023-4255[0]:
| An out-of-bounds write issue has been discovered in the backspace
| handling of the checkType() function in etc.c within the W3M
| applicat
1 - 100 of 1050 matches
Mail list logo
