Bugs tagged security at version -- Debian Bug report logs

#326971 [i|HSu| ] [imview] imview: Loading image causes stack smash?
Reported by: Justin Pryzby <justinpryzby@users.sourceforge.net>; Date: Tue, 6 Sep 2005 22:33:04 UTC; Severity: important; Tags: help, security, upstream; Found in version imview/1.1.8-1; Filed 17 years and 302 days ago; Modified 17 years and 175 days ago;
#403557 [i|S| ] [xscreensaver] xscreensaver does not lock when there are network problems
Reported by: Thomas Prokosch <7nrmi1s02@sneakemail.com>; Date: Sun, 17 Dec 2006 23:03:02 UTC; Severity: important; Tags: security; Found in version xscreensaver/4.24-5; Filed 16 years and 200 days ago; Modified 16 years and 192 days ago;
#476419 [i|S| ] [libpcre3] libpcre3: stack overflow via certain regular expressions
Reported by: Kai Szymanski <k.szymanski@mediaclipping.de>; Date: Wed, 16 Apr 2008 16:00:01 UTC; Severity: important; Tags: security; Found in versions pcre3/7.4-1, pcre3/6.7+7.4-3; Filed 15 years and 79 days ago; Modified 15 years and 72 days ago;
#491809 [i|S| ] [libc6] DNS stub resolver could be hardened.
Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>; Date: Tue, 22 Jul 2008 00:18:01 UTC; Severity: important; Tags: security; Found in versions glibc/2.7-12, glibc/2.3.6.ds1-13; Filed 14 years and 348 days ago; Modified 12 years and 151 days ago;
#511515 [i|S| ] [m2crypto] m2crypto: openssl return values.
Reported by: Kurt Roeckx <kurt@roeckx.be>; Date: Sun, 11 Jan 2009 19:18:01 UTC; Severity: important; Tags: security; Filed 14 years and 174 days ago; Modified 14 years and 156 days ago;
#555808 [i|S| ] [libpcre3] libpcre3: segfault on matching certain regexes with large input
Reported by: Nico Golde <nion@debian.org>; Date: Wed, 11 Nov 2009 21:03:02 UTC; Severity: important; Tags: security; Found in version pcre3/7.8-2; Filed 13 years and 235 days ago; Modified 13 years and 235 days ago;
#566326 [i|S| ] [libsqlite3-0] xulrunner-1.9: iceweasel "clear private data" leaves traces on disk due to linkage to system libsqlite3 instead of embedded copy
Reported by: Lionel Elie Mamane <lionel@mamane.lu>; Date: Fri, 22 Jan 2010 22:27:01 UTC; Severity: important; Tags: security; Filed 13 years and 163 days ago; Modified 4 years and 321 days ago;
#595750 [i|S| ] [nodm] nodm: allows all local users (and not just NODM_USER) to connect to (and eavesdrop, screenshot, etc.) the X server
Reported by: Timo Juhani Lindfors <timo.lindfors@iki.fi>; Date: Mon, 6 Sep 2010 12:27:01 UTC; Severity: important; Tags: security; Found in version nodm/0.7-1; Filed 12 years and 301 days ago; Modified 12 years and 301 days ago;
#604960 [i|S|=] [src:gerbera] mediatomb-common: Mediatomb does not want listen on particular interface or ip address
Reported by: Aladdin <rimvydas@rimvydas.info>; Date: Thu, 25 Nov 2010 19:00:01 UTC; Severity: important; Tags: security; Merged with 693301; Found in version mediatomb/0.12.1-4; Filed 12 years and 221 days ago; Modified 5 years and 223 days ago;
#609987 [i|S| ] [dsniff] dsniff: DoS in pcanywhere decoder
Reported by: Hilko Bengen <bengen@debian.org>; Date: Fri, 14 Jan 2011 16:33:01 UTC; Severity: important; Tags: security; Found in version dsniff/2.4b1+debian-18; Filed 12 years and 171 days ago; Modified 12 years and 171 days ago;
#626112 [i|S| ] [openssh-server] openssh-server: ssh doesn't log some failed authentications to auth.log anymore
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sun, 8 May 2011 22:18:01 UTC; Severity: important; Tags: security; Found in version openssh/1:5.8p1-4; Filed 12 years and 57 days ago; Modified 11 years and 336 days ago;
#634259 [i|S| ] [gnome-session] gnome-session: stop-multiple-users dialog fails to clear screen
Reported by: Adam Borowski <kilobyte@angband.pl>; Date: Mon, 18 Jul 2011 09:27:02 UTC; Severity: important; Tags: security; Found in version gnome-session/2.30.2-3; Filed 11 years and 351 days ago; Modified 9 years and 56 days ago;
#637858 [i|S| ] [wizznic] wizznic: calls home without user permission
Reported by: Paul Wise <pabs@debian.org>; Date: Mon, 15 Aug 2011 08:39:02 UTC; Severity: important; Tags: security; Found in version wizznic/0.9.2-preview2+dfsg-1; Filed 11 years and 323 days ago; Modified 1 year and 282 days ago;
#650425 [i|S| ] [rpcbind] Please add options to set the port range for nfs clients
Reported by: Goswin von Brederlow <goswin-v-b@web.de>; Date: Tue, 29 Nov 2011 17:39:01 UTC; Severity: important; Tags: security; Filed 11 years and 217 days ago; Modified 5 years and 333 days ago;
#655044 [i|S| ] [src:glib2.0] glib2.0: ghashtable vulnerable to oCert-2011-003 DOS attacks
Reported by: John Lightsey <lightsey@debian.org>; Date: Sun, 8 Jan 2012 01:30:01 UTC; Severity: important; Tags: security; Filed 11 years and 178 days ago; Modified 11 years and 177 days ago;
#666891 [i|S| ] [libpam-mount] libpam-mount: pam mounted home directories not unmounted on logout (and mounted twice)
Reported by: josh <jbuhl_nospam@gmx.net>; Date: Mon, 2 Apr 2012 08:21:01 UTC; Severity: important; Tags: security; Found in versions libpam-mount/2.14~git+d1d6f871-1, libpam-mount/2.14-1.1; Filed 11 years and 92 days ago; Modified 8 years and 34 days ago;
#678340 [i|S|=☣] [gnome-settings-daemon] gnome-packagekit: Update information is not refreshed
Reported by: nodiscc <nodiscc@gmail.com>; Date: Wed, 20 Jun 2012 22:27:05 UTC; Severity: important; Tags: security; Merged with 702241; Found in versions gnome-settings-daemon/3.14.2-1, gnome-settings-daemon/3.14.2-3; Filed 11 years and 13 days ago; Modified 4 years and 140 days ago;
#694658 [i|S| ] [links2] SSL certificate handling should be documented better
Reported by: ll lavander <lavander.sys@hotmail.com>; Date: Wed, 28 Nov 2012 18:54:02 UTC; Severity: important; Tags: security; Found in version links2/2.7-1; Filed 10 years and 217 days ago; Modified 5 years and 126 days ago;
#700158 [i|S| ] [src:ganglia] ganglia: CVE-2013-0275 and CVE-2013-1770: several XSS flaws
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 9 Feb 2013 08:09:02 UTC; Severity: important; Tags: security, wheezy-ignore; Found in version ganglia/3.3.8-1; Filed 10 years and 144 days ago; Modified 10 years and 86 days ago;
#701151 [i|S| ] [pyrad] pyrad: CVE-2013-0342: CreateID() creates serialized packet IDs for RADIUS
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 22 Feb 2013 06:21:01 UTC; Severity: important; Tags: security; Found in versions 2.0-2, 1.2-1; Filed 10 years and 131 days ago; Modified 1 year and 171 days ago;
#712503 [i|S|☺] [isc-dhcp-server] dhcpd is listening on random port for all interfaces
Reported by: skirpichev@gmail.com; Date: Sun, 16 Jun 2013 14:45:01 UTC; Severity: important; Tags: security; Found in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u6, isc-dhcp-server/4.3.5-3+deb9u1, isc-dhcp/4.3.1-6+deb8u2, isc-dhcp/4.3.5-3.1; Fixed in version isc-dhcp/4.3.3-2; Filed 10 years and 17 days ago; Modified 2 years and 100 days ago;
#726578 [i|S| ] [pwgen] pwgen: Multiple vulnerabilities in passwords generation
Reported by: Yves-Alexis Perez <corsac@debian.org>; Date: Wed, 16 Oct 2013 20:06:02 UTC; Severity: important; Tags: security; Filed 9 years and 260 days ago; Modified 7 years and 246 days ago;
#742922 [i|S| ] [xorg-server] xorg-server: CVE-2013-6424
Reported by: Michael Gilbert <mgilbert@debian.org>; Date: Sat, 29 Mar 2014 00:21:02 UTC; Severity: important; Tags: security; Found in version 2:1.15.0-2; Filed 9 years and 97 days ago; Modified 9 years and 96 days ago;
#744197 [i|S| ] [ecryptfs-utils] ecryptfs-utils: unix_chkpwd should not be used
Reported by: Raphael Geissert <geissert@debian.org>; Date: Fri, 11 Apr 2014 09:45:01 UTC; Severity: important; Tags: security; Found in version ecryptfs-utils/103-3; Filed 9 years and 83 days ago; Modified 9 years and 83 days ago;
#746802 [i|S| ] [xscreensaver] xscreensaver: Popup messages visible in spite of locked screen
Reported by: Rafał Grzeszczuk <cliffy-@hotmail.com>; Date: Sat, 3 May 2014 18:36:01 UTC; Severity: important; Tags: security; Found in version xscreensaver/5.26-1; Filed 9 years and 61 days ago; Modified 20 days ago;
#754945 [i|S| ] [recode] recode: A possible buffer overflow when the input filename is too long
Reported by: Bernard Ladenthin <bernard.ladenthin@gmail.com>; Date: Wed, 16 Jul 2014 09:39:01 UTC; Severity: important; Tags: security; Found in versions recode/3.6-20, recode/3.6-23; Filed 8 years and 352 days ago; Modified 2 years and 300 days ago;
#756450 [i|S| ] [ecryptfs-utils] ecryptfs-utils: home dir still readable by sudo after user logs out
Reported by: Jerome Pinguet <jerome@jerome.cc>; Date: Tue, 29 Jul 2014 22:09:02 UTC; Severity: important; Tags: security; Found in version ecryptfs-utils/99-1; Filed 8 years and 339 days ago; Modified 8 years and 309 days ago;
#761600 [i|S| ] [src:openssh] sshd.pam: reads env variables from user file
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Sun, 14 Sep 2014 21:48:10 UTC; Severity: important; Tags: security; Found in version openssh/1:6.6p1-7; Filed 8 years and 292 days ago; Modified 8 years and 292 days ago;
#765632 [i|S|=] [openssh-client] openssh-client: Debian shouldn't deviate in hardcoded default values, especially not ForwardX11Trusted
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Thu, 16 Oct 2014 18:51:02 UTC; Severity: important; Tags: security; Merged with 787002, 803318; Found in versions openssh/1:6.7p1-5, 1:3.8p1-2, openssh/1:6.7p1-2; Filed 8 years and 260 days ago; Modified 7 years and 247 days ago;
#768656 [i|S| ] [konversation] Buffer overflow while trying to send a file as base64 with /query
Reported by: "lcellier@lycee-joliverie.fr" <lcellier@lycee-joliverie.fr>; Date: Sun, 9 Nov 2014 01:27:02 UTC; Severity: important; Tags: security; Found in version konversation/1.5-1; Filed 8 years and 237 days ago; Modified 8 years and 45 days ago;
#772473 [i|S| ] [xbindkeys-config] xbindkeys-config: CVE-2014-9513: Insecure use of temporary files
Reported by: Steve Kemp <steve@steve.org.uk>; Date: Sun, 7 Dec 2014 15:36:02 UTC; Severity: important; Tags: security; Found in version xbindkeys-config/0.1.3-2; Filed 8 years and 208 days ago; Modified 8 years and 179 days ago;
#773752 [i|Su| ] [gdm3] gdm3: GDM3 pollutes system logs with user session output under systemd
Reported by: Colomban Wendling <lists.ban@herbesfolles.org>; Date: Mon, 22 Dec 2014 22:03:07 UTC; Severity: important; Tags: security, upstream; Found in versions gdm3/3.14.1-3, gdm3/3.14.1-7; Filed 8 years and 193 days ago; Modified 8 years and 70 days ago;
#776424 [i|S| ] [src:kgb-bot] kgb-bot: CVE-2015-1554: can be crashed by some network traffic
Reported by: Joey Hess <id@joeyh.name>; Date: Tue, 27 Jan 2015 22:03:07 UTC; Severity: important; Tags: security; Found in version kgb-bot/1.33-2; Filed 8 years and 157 days ago; Modified 4 years and 151 days ago;
#778814 [i|S| ] [dmg2img] dmg2img: invalid read, segmentation fault at dmg2img.c:390
Reported by: Henri Salo <henri@nerv.fi>; Date: Fri, 20 Feb 2015 08:48:06 UTC; Severity: important; Tags: security; Found in versions dmg2img/1.6.5-1, dmg2img/1.6.2-2; Filed 8 years and 133 days ago; Modified 8 years and 133 days ago;
#778819 [i|S| ] [dmg2img] dmg2img: ADC decompress segmentation fault at adc.c:66
Reported by: Henri Salo <henri@nerv.fi>; Date: Fri, 20 Feb 2015 10:15:02 UTC; Severity: important; Tags: security; Found in versions dmg2img/1.6.5-1, dmg2img/1.6.2-2; Filed 8 years and 133 days ago; Modified 8 years and 133 days ago;
#778829 [i|S| ] [dmg2img] dmg2img: denial of service issue
Reported by: Henri Salo <henri@nerv.fi>; Date: Fri, 20 Feb 2015 12:00:02 UTC; Severity: important; Tags: security; Found in versions dmg2img/1.6.5-1, dmg2img/1.6.2-2; Filed 8 years and 133 days ago; Modified 8 years and 133 days ago;
#778863 [i|S| ] [keepass2] keepass2: 'enter master key on secure desktop' non-functional
Reported by: jnqnfe <jnqnfe@gmail.com>; Date: Fri, 20 Feb 2015 20:09:02 UTC; Severity: important; Tags: security; Found in version keepass2/2.28+dfsg-1; Filed 8 years and 133 days ago; Modified 8 years and 109 days ago;
#778878 [i|S| ] [apt] apt (and /etc/cron.daily/apt as well) don't notify about failed package updates
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sat, 21 Feb 2015 00:39:02 UTC; Severity: important; Tags: security; Found in versions apt/1.0.9.6, apt/1.4.6; Filed 8 years and 133 days ago; Modified 5 years and 347 days ago;
#779069 [i|S| ] [openssh-server] openssh-server: no way to disable unix domain socket/streamlocal forwarding from authorized_keys
Reported by: Paul Wise <pabs@debian.org>; Date: Tue, 24 Feb 2015 03:51:01 UTC; Severity: important; Tags: security; Found in version openssh/1:6.7p1-3; Filed 8 years and 129 days ago; Modified 1 year and 282 days ago;
#781367 [i|S|=] [bash] bash may set a PATH including "." under certain circumstances
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sat, 28 Mar 2015 07:00:02 UTC; Severity: important; Tags: security; Merged with 991959; Found in versions bash/4.3-12, bash/5.1-3; Filed 8 years and 97 days ago; Modified 1 year and 329 days ago;
#788634 [i|S| ] [debian-installer] debian-installer: Accepting a preseed URL from DHCP allows attacker to hijack installation
Reported by: Aliz Hammond <randomdude@gmail.com>; Date: Sat, 13 Jun 2015 15:42:02 UTC; Severity: important; Tags: d-i, security; Filed 8 years and 20 days ago; Modified 7 years and 364 days ago;
#789401 [i|S| ] [pbuilder] pbuilder: chroot's /tmp accessible to users when bootstrapping
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Sat, 20 Jun 2015 15:03:08 UTC; Severity: important; Tags: security; Filed 8 years and 13 days ago; Modified 298 days ago;
#793974 [i|S| ] [src:linphone] src:linphone: should use SP800-90 compliant DRBG, not libsrtp crypto_get_random()
Reported by: Jonas Smedegaard <dr@jones.dk>; Date: Wed, 29 Jul 2015 13:45:06 UTC; Severity: important; Tags: security; Filed 7 years and 339 days ago; Modified 7 years and 339 days ago;
#795958 [i|S| ] [src:lynx] lynx-cur: certificate revocation checking is buggy
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Tue, 18 Aug 2015 11:33:02 UTC; Severity: important; Tags: security; Found in version lynx/2.8.9dev6-3; Filed 7 years and 319 days ago; Modified 66 days ago;
#801530 [i|S| ] [openssh-client] openssh-client: Segfault on malformed keys - possible security impact
Reported by: Steve Kemp <steve@steve.org.uk>; Date: Sun, 11 Oct 2015 18:57:02 UTC; Severity: important; Tags: security; Found in version openssh/1:6.7p1-5; Filed 7 years and 265 days ago; Modified 6 years and 178 days ago;
#808730 [i|S| ] [stalin] stalin: CVE-2015-8697: Insecure use of temporary files
Reported by: Steve Kemp <steve@steve.org.uk>; Date: Tue, 22 Dec 2015 10:42:01 UTC; Severity: important; Tags: security; Found in version stalin/0.11-5; Filed 7 years and 193 days ago; Modified 7 years and 163 days ago;
#812512 [i|Su|=] [src:policykit-1] policykit-1: CVE-2016-2568: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl
Reported by: up201407890@alunos.dcc.fc.up.pt; Date: Sun, 24 Jan 2016 15:12:02 UTC; Severity: important; Tags: security, upstream; Merged with 816062; Found in version policykit-1/0.105-14.1; Filed 7 years and 160 days ago; Modified 2 years and 18 days ago;
#813157 [i|Su| ] [git] git: please default fsckobjects to true in transfer, fetch, and receive
Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>; Date: Fri, 29 Jan 2016 23:45:01 UTC; Severity: important; Tags: security, upstream; Filed 7 years and 155 days ago; Modified 6 years and 158 days ago;
#815442 [i|S| ] [src:stun] stun: seeds RNG from TSC clock?
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Sun, 21 Feb 2016 16:03:02 UTC; Severity: important; Tags: security; Found in version stun/0.97~dfsg-2.1; Filed 7 years and 132 days ago; Modified 7 years and 132 days ago;
#816320 [i|Su| ] [src:coreutils] coreutils: CVE-2016-2781: nonpriv session can escape to the parent session by using the TIOCSTI ioctl
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 29 Feb 2016 19:48:01 UTC; Severity: important; Tags: security, upstream; Found in version coreutils/8.13-1; Filed 7 years and 124 days ago; Modified 7 years and 8 days ago;
#819847 [i|S| ] [gnome-packagekit] Network connection not detected; prevents installing updates
Reported by: Ben Hutchings <ben@decadent.org.uk>; Date: Sun, 3 Apr 2016 00:54:01 UTC; Severity: important; Tags: security; Found in version gnome-packagekit/3.14.0-1; Filed 7 years and 91 days ago; Modified 6 years and 236 days ago;
#825123 [i|S| ] [debarchiver] debarchiver: release files generated by debarchiver use weak digest algos in signatures
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Mon, 23 May 2016 20:03:05 UTC; Severity: important; Tags: security; Found in version debarchiver/0.10.5; Filed 7 years and 40 days ago; Modified 7 years and 26 days ago;
#826239 [i|S| ] [yrmcds] yrmcds: doesn't start at all, temp dir race
Reported by: Rhonda D'Vine <rhonda@strg.at>; Date: Fri, 3 Jun 2016 15:00:02 UTC; Severity: important; Tags: security; Found in version yrmcds/1.0.4-6; Filed 7 years and 29 days ago; Modified 7 years and 29 days ago;
#833485 [i|USu| ] [imagemagick] CVE-2016-6520: imagemagick: buffer overflow
Reported by: Henri Salo <henri@nerv.fi>; Date: Fri, 5 Aug 2016 02:21:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version imagemagick/8:6.8.9.9-7.2; Filed 6 years and 331 days ago; Modified 6 years and 295 days ago;
#834233 [i|Su| ] [src:389-ds-base] 389-ds-base: CVE-2016-5416: ACI readable by anonymous user
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 13 Aug 2016 15:48:01 UTC; Severity: important; Tags: security, upstream; Found in version 389-ds-base/1.3.3.5-4; Filed 6 years and 323 days ago; Modified 1 year and 106 days ago;
#835386 [i|HSu| ] [src:cracklib2] cracklib2: Buffer overflow processing long words
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 25 Aug 2016 06:39:01 UTC; Severity: important; Tags: help, security, upstream; Found in version cracklib2/2.9.2-1; Filed 6 years and 311 days ago; Modified 4 years and 338 days ago;
#836303 [i|S| ] [samhain] samhain: gpg short key usage
Reported by: Henri Salo <henri@nerv.fi>; Date: Thu, 1 Sep 2016 12:36:01 UTC; Severity: important; Tags: security; Found in version samhain/4.1.4-2; Filed 6 years and 304 days ago; Modified 6 years and 304 days ago;
#842400 [i|S| ] [lxdm] lxdm allows user to retain control over X11 session after logout
Reported by: Julien Puydt <julien.puydt@laposte.net>; Date: Fri, 28 Oct 2016 07:51:01 UTC; Severity: important; Tags: security; Found in version lxdm/0.5.3-1; Filed 6 years and 247 days ago; Modified 6 years and 247 days ago;
#844523 [i|S| ] [xserver-xorg-core] Debian xserver freeze
Reported by: Carmelo C <carmelo.debian@gmail.com>; Date: Wed, 16 Nov 2016 14:33:02 UTC; Severity: important; Tags: security; Found in versions xorg-server/2:1.16.4-1, xorg/1:7.7+7; Filed 6 years and 228 days ago; Modified 6 years and 14 days ago;
#844584 [i|S| ] [isc-dhcp-client] dhclient should perform additional validity checks
Reported by: Anton Ivanov <anton.ivanov@kot-begemot.co.uk>; Date: Thu, 17 Nov 2016 08:33:01 UTC; Severity: important; Tags: security; Found in versions isc-dhcp/4.3.1-6, isc-dhcp/4.3.1-6+deb8u2; Filed 6 years and 227 days ago; Modified 6 years and 103 days ago;
#847837 [i|Su| ] [src:bluez] bluez: CVE-2016-9797 CVE-2016-9798 CVE-2016-9799 CVE-2016-9800 CVE-2016-9801 CVE-2016-9802 CVE-2016-9803 CVE-2016-9804 CVE-2016-9917 CVE-2016-9918
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 12 Dec 2016 08:33:01 UTC; Severity: important; Tags: security, upstream; Found in version bluez/5.43-1; Filed 6 years and 202 days ago; Modified 5 years and 275 days ago;
#854264 [i|S| ] [src:grub2] grub: Bootloader password with special chars does not work hashed by pbkdf2
Reported by: Andreas Sperber <andreas@sperbernest.de>; Date: Sun, 5 Feb 2017 16:18:02 UTC; Severity: important; Tags: security; Filed 6 years and 147 days ago; Modified 5 years and 137 days ago;
#864992 [i|S| ] [network-manager-openvpn] does not apply a pushed redirect-gateway
Reported by: Erwan David <erwan@rail.eu.org>; Date: Sun, 18 Jun 2017 13:15:01 UTC; Severity: important; Tags: security; Found in version network-manager-openvpn/1.2.8-2; Filed 6 years and 14 days ago; Modified 6 years and 14 days ago;
#866769 [i|HSu| ] [keepassx] keepassx fails to clear KDE clipboard history, leaving passwords visible
Reported by: Henrik Størner <henrik@hswn.dk>; Date: Sat, 1 Jul 2017 15:27:01 UTC; Severity: important; Tags: help, security, upstream; Found in version keepassx/2.0.3-1; Filed 6 years and 1 day ago; Modified 5 years and 351 days ago;
#867493 [i|S| ] [libjgroups-java] CVE-2016-2141
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 6 Jul 2017 20:45:02 UTC; Severity: important; Tags: security; Filed 5 years and 361 days ago; Modified 5 years and 361 days ago;
#869803 [i|Su| ] [src:sipcrack] sipcrack: CVE-2017-11654 CVE-2017-11655
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 26 Jul 2017 15:21:02 UTC; Severity: important; Tags: security, upstream; Found in version sipcrack/0.2-2; Filed 5 years and 341 days ago; Modified 5 years and 341 days ago;
#870529 [i|S| ] [squeezelite] squeezelite: please do not run as root
Reported by: René Wagner <rw@nelianur.org>; Date: Wed, 2 Aug 2017 20:24:01 UTC; Severity: important; Tags: security; Found in version squeezelite/1.6.4-1; Filed 5 years and 334 days ago; Modified 3 years and 304 days ago;
#870608 [i|Su| ] [src:libao] CVE-2017-11548
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 3 Aug 2017 11:15:01 UTC; Severity: important; Tags: security, upstream; Found in version libao/1.2.0-1; Filed 5 years and 333 days ago; Modified 4 years and 117 days ago;
#871495 [i|Su| ] [minidjvu] minidjvu multiple vulnerabilities
Reported by: Henri Salo <henri@nerv.fi>; Date: Tue, 8 Aug 2017 14:03:02 UTC; Severity: important; Tags: security, upstream; Found in version minidjvu/0.8.svn.2010.05.06+dfsg-5; Filed 5 years and 328 days ago; Modified 5 years and 328 days ago;
#875335 [i|S| ] [src:lp-solve] predictable /tmp file vulnerability while building lp-solve
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Sun, 10 Sep 2017 18:57:02 UTC; Severity: important; Tags: security; Found in version lp-solve/5.5.0.15-4; Filed 5 years and 295 days ago; Modified 5 years and 295 days ago;
#878138 [i|Su| ] [muttprint] muttprint: still vulnerable to symlink attack (race condition)
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Tue, 10 Oct 2017 11:21:06 UTC; Severity: important; Tags: security, upstream; Found in version muttprint/0.73-8; Filed 5 years and 265 days ago; Modified 5 years and 265 days ago;
#881130 [i|S| ] [vorbis-tools] vorbis-tools: use uninitialized local value as a pointer running oggenc
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 05:33:02 UTC; Severity: important; Tags: security; Found in version vorbis-tools/1.4.0-10; Filed 5 years and 236 days ago; Modified 5 years and 236 days ago;
#881132 [i|S| ] [src:sox] bs1770gain: stack buffer overflow while running bs1770gain
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 05:36:02 UTC; Severity: important; Tags: security; Found in version sox/14.4.1-5; Filed 5 years and 236 days ago; Modified 67 days ago;
#881133 [i|S| ] [x264] x264: out of bound read while running x264
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 05:45:02 UTC; Severity: important; Tags: security; Found in versions x264/2:0.148.2795+gitaaa9aa8-1, x264/2:0.148.2748+git97eaef2-1; Filed 5 years and 236 days ago; Modified 5 years and 210 days ago;
#886024 [i|S|☣] [dh-elpa] dh-elpa: make maintainer scripts more robust
Reported by: dirk@computer42.org (H.-Dirk Schmitt); Date: Mon, 1 Jan 2018 18:54:07 UTC; Severity: important; Tags: security; Filed 5 years and 182 days ago; Modified 5 years and 159 days ago;
#889905 [i|S| ] [xfce4-notifyd] xfce4-notifyd: privacy-invasive logging of notification content
Reported by: Sergio Gelato <Sergio.Gelato@astro.su.se>; Date: Thu, 8 Feb 2018 16:15:02 UTC; Severity: important; Tags: security; Found in version xfce4-notifyd/0.3.4-1; Filed 5 years and 144 days ago; Modified 5 years and 143 days ago;
#896879 [i|S| ] [postfix] postfix: race condition on cp in /etc/network/if-*.d/postfix scripts
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Wed, 25 Apr 2018 09:24:01 UTC; Severity: important; Tags: security; Found in version postfix/3.3.0-1; Filed 5 years and 68 days ago; Modified 5 years and 68 days ago;
#898894 [i|S| ] [ypserv] rpc.yppasswdd: remote DoS in password_ok()
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 17 May 2018 07:57:05 UTC; Severity: important; Tags: security; Filed 5 years and 46 days ago; Modified 2 years and 158 days ago;
#902187 [i|S| ] [src:sleuthkit] CVE-2018-11737 CVE-2018-11738 CVE-2018-11739 CVE-2018-11740
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 23 Jun 2018 08:54:02 UTC; Severity: important; Tags: security; Filed 5 years and 9 days ago; Modified 3 years and 152 days ago;
#902783 [i|S| ] [jabberd2] CVE-2017-18226
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 30 Jun 2018 20:45:02 UTC; Severity: important; Tags: security; Found in version jabberd2/2.4.0-1; Filed 5 years and 2 days ago; Modified 5 years ago;
#914044 [i|S| ] [src:tuxpaint] HOME=/tmp kbuildsycoca5 is bad
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Sun, 18 Nov 2018 19:21:01 UTC; Severity: important; Tags: security; Found in version tuxpaint/1:0.9.23-1; Filed 4 years and 226 days ago; Modified 2 years and 139 days ago;
#914799 [i|S| ] [dbus] dbus: Privacy violations: Logs detailed commands and parameters
Reported by: Helge Kreutzmann <debian@helgefjell.de>; Date: Tue, 27 Nov 2018 13:27:02 UTC; Severity: important; Tags: security; Found in versions dbus/1.12.10-1, dbus/1.12.20-3; Filed 4 years and 217 days ago; Modified 1 year and 147 days ago;
#914941 [i|S| ] [src:http-parser] http-parser: CVE-2018-12121
Reported by: Jérémy Lal <kapouer@melix.org>; Date: Wed, 28 Nov 2018 22:15:02 UTC; Severity: important; Tags: security; Filed 4 years and 216 days ago; Modified 3 years and 346 days ago;
#918813 [i|Su| ] [gnome-disk-utility] [gnome-disk-utility] gnome-disks store passwords in cleartext for automounting encrypted partitions
Reported by: Jean-Louis Biasini <jl.biasini@laposte.net>; Date: Wed, 9 Jan 2019 15:00:05 UTC; Severity: important; Tags: security, upstream; Found in version gnome-disk-utility/3.22.1-1; Filed 4 years and 174 days ago; Modified 4 years and 174 days ago;
#919236 [i|HS| ] [freeradius] Inappropriately broad default CA for EAP configuration
Reported by: Sam Hartman <hartmans@debian.org>; Date: Sun, 13 Jan 2019 22:39:01 UTC; Severity: important; Tags: help, security; Found in version freeradius/3.0.17+dfsg-1; Filed 4 years and 170 days ago; Modified 3 years and 76 days ago;
#920361 [i|Su| ] [cairo-dock-core] cairo-dock-core: uses DES encryption for password storage
Reported by: zack+debian.bugs@owlfolio.org; Date: Thu, 24 Jan 2019 18:09:02 UTC; Severity: important; Tags: security, upstream; Found in version cairo-dock/3.4.1-3; Filed 4 years and 159 days ago; Modified 194 days ago;
#922607 [i|S| ] [r-other-x4r] r-other-x4r: embeds code copy of gsoap
Reported by: Emilio Pozuelo Monfort <pochu@debian.org>; Date: Mon, 18 Feb 2019 11:24:01 UTC; Severity: important; Tags: security; Found in version r-other-x4r/1.0.1+git20150806.c6bd9bd-1; Filed 4 years and 134 days ago; Modified 4 years and 134 days ago;
#923583 [i|Su| ] [src:wordpress] wordpress: CVE-2019-8943
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 2 Mar 2019 13:15:04 UTC; Severity: important; Tags: security, upstream; Found in version wordpress/5.0.3+dfsg1-1; Filed 4 years and 122 days ago; Modified 4 years and 77 days ago;
#927936 [i|Su| ] [src:c3p0] c3p0: CVE-2019-5427
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 25 Apr 2019 07:21:02 UTC; Severity: important; Tags: security, upstream; Found in versions c3p0/0.9.1.2-10, c3p0/0.9.1.2-9+deb9u1, c3p0/0.9.1.2-9; Filed 4 years and 68 days ago; Modified 4 years and 68 days ago;
#928441 [i|S| ] [src:db5.3] db5.3 ships an unregistered, embedded copy of sqlite3
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Sat, 4 May 2019 18:30:02 UTC; Severity: important; Tags: security; Found in version db5.3/5.3.28+dfsg1-0.6; Filed 4 years and 59 days ago; Modified 1 year and 48 days ago;
#930660 [i|S| ] [libapache-sessionx-perl] libapache-sessionx-perl: poor source of entropy for session id generation
Reported by: Raphael Geissert <geissert@debian.org>; Date: Mon, 17 Jun 2019 20:48:06 UTC; Severity: important; Tags: security; Found in version libapache-sessionx-perl/2.01-5; Filed 4 years and 15 days ago; Modified 4 years and 15 days ago;
#930662 [i|S| ] [libauth-googleauth-perl] libauth-googleauth-perl: poor source of entropy for secret generation
Reported by: Raphael Geissert <geissert@debian.org>; Date: Mon, 17 Jun 2019 20:57:02 UTC; Severity: important; Tags: security; Found in version libauth-googleauth-perl/1.02-1; Filed 4 years and 15 days ago; Modified 4 years and 15 days ago;
#930916 [i|S| ] [gkrellweather] gkrellweather: GrabWeather uses http instead of https
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Sat, 22 Jun 2019 13:12:02 UTC; Severity: important; Tags: security; Found in version gkrellweather/2.0.8-2.1; Filed 4 years and 10 days ago; Modified 4 years and 10 days ago;
#931309 [i|S| ] [libgig] libgig: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)
Reported by: Sylvain Beucler <beuc@beuc.net>; Date: Mon, 1 Jul 2019 12:36:04 UTC; Severity: important; Tags: security; Filed 4 years and 1 day ago; Modified 3 years and 234 days ago;
#941300 [i|S| ] [finish-install] finish-install: write additional random seed to location for systemd systemd-random-seed.service
Reported by: Paul Wise <pabs@debian.org>; Date: Sat, 28 Sep 2019 09:24:02 UTC; Severity: important; Tags: security; Found in versions finish-install/2.56, finish-install/2.101, finish-install/2.100, finish-install/2.81; Filed 3 years and 277 days ago; Modified 3 years and 273 days ago;
#943565 [i|Su| ] [src:libapache-poi-java] libapache-poi-java: CVE-2019-12415
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 26 Oct 2019 15:06:02 UTC; Severity: important; Tags: security, upstream; Found in version libapache-poi-java/4.0.1-1; Filed 3 years and 249 days ago; Modified 3 years and 249 days ago;
#945126 [i|S| ] [wget] wget --use-askpass exposes password to terminal
Reported by: martin f krafft <madduck@debian.org>; Date: Wed, 20 Nov 2019 09:21:01 UTC; Severity: important; Tags: security; Found in version wget/1.20.3-1; Filed 3 years and 224 days ago; Modified 3 years and 224 days ago;
#947325 [i|S|☺] [snapd] snapd: strict confinement is not enabled
Reported by: Mattia Monga <monga@debian.org>; Date: Tue, 24 Dec 2019 17:39:02 UTC; Severity: important; Tags: security; Found in version snapd/2.42.1-1; Fixed in version snapd/2.49-1+deb11u1; Filed 3 years and 190 days ago; Modified 192 days ago;
#947945 [i|Su| ] [src:shiro] shiro: CVE-2019-12422
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 2 Jan 2020 15:36:01 UTC; Severity: important; Tags: security, upstream; Found in versions shiro/1.3.2-4, shiro/1.3.2-1; Filed 3 years and 181 days ago; Modified 3 years and 181 days ago;
#948956 [i|S| ] [php-xdebug] php-xdebug: Memory Corruption vulnerability in Xdebug versions 2.5.5 and prior
Reported by: Mario Goljak <mgoljak@srce.hr>; Date: Wed, 15 Jan 2020 10:18:01 UTC; Severity: important; Tags: security; Found in version xdebug/2.5.0-1; Filed 3 years and 168 days ago; Modified 3 years and 168 days ago;
#956045 [i|Su| ] [gnome-keyring] gnome-keyring: several cryptographic vulnerabilities
Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>; Date: Mon, 6 Apr 2020 16:18:01 UTC; Severity: important; Tags: security, upstream; Found in version gnome-keyring/3.36.0-1; Filed 3 years and 86 days ago; Modified 3 years and 81 days ago;
#960064 [i|Su| ] [ruby-mail] ruby-mail: DoS on excessive or deeply nested parts
Reported by: Ruby mail user <nightmare@bogomips.org>; Date: Fri, 8 May 2020 22:18:02 UTC; Severity: important; Tags: security, upstream; Filed 3 years and 54 days ago; Modified 3 years and 54 days ago;
#964300 [i|Su| ] [liboggz2] liboggz2: Segmentation Fault in dirac_parse_info()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:39:01 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#964301 [i|Su| ] [liboggz2] liboggz2: Segmentation Fault (write) in auto_calc_theora()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:42:02 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#964302 [i|Su| ] [liboggz2] liboggz2: Segmentation Fault in oggz_comment_cmp()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:45:02 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#964303 [i|Su| ] [liboggz2] liboggz2: Segmentation Fault (heap buffer overflow) in oggz_comments_decode()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:51:02 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#964304 [i|Su| ] [liboggz2] liboggz2: Segmentation Fault (read) in auto_calc_theora()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:51:04 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#964306 [i|Su| ] [liboggz2] liboggz2: FPE Arithmetic Exception in oggz_metric_default_linear()
Reported by: Rafael Dutra <rafael.dutra@cispa.saarland>; Date: Sun, 5 Jul 2020 10:57:01 UTC; Severity: important; Tags: security, upstream; Found in version liboggz/1.1.1-7; Filed 2 years and 361 days ago; Modified 2 years and 361 days ago;
#965154 [i|Su| ] [maxima] maxima: insecure use of /tmp
Reported by: Evgeny Kapun <abacabadabacaba@gmail.com>; Date: Thu, 16 Jul 2020 22:09:02 UTC; Severity: important; Tags: security, upstream; Found in versions maxima/5.43.2-3, maxima/5.42.1-1; Filed 2 years and 350 days ago; Modified 2 years and 305 days ago;
#965983 [i|S| ] [src:python-cmarkgfm] CVE-2020-5238
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 21 Jul 2020 19:33:01 UTC; Severity: important; Tags: security; Filed 2 years and 345 days ago; Modified 2 years and 345 days ago;
#968820 [i|Su| ] [qemu] qemu: CVE-2020-24352: OOB read/write in ati-vga device emulation in ati_2d_blt()
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 21 Aug 2020 18:15:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 314 days ago; Modified 1 year and 126 days ago;
#968850 [i|Su| ] [src:software-properties] software-properties: CVE-2020-15709
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 22 Aug 2020 11:15:03 UTC; Severity: important; Tags: security, upstream; Found in versions software-properties/0.96.20.2-2, software-properties/0.96.20.2-1, software-properties/0.96.20.2-2.1; Filed 2 years and 313 days ago; Modified 2 years and 56 days ago;
#969159 [i|S|♙] [darktable] darktable: embeds photoswipe
Reported by: David Bremner <bremner@debian.org>; Date: Fri, 28 Aug 2020 11:09:01 UTC; Severity: important; Tags: security; Found in version darktable/3.2.1-2; Fix blocked by 891978: RFP: photoswipe -- JavaScript image gallery for mobile and desktop, modular, framework independent; Filed 2 years and 307 days ago; Modified 2 years and 307 days ago;
#969839 [i|Su| ] [src:rust-failure] rust-failure: CVE-2020-25575: type confusion when downcasting, which is an undefined behavior
Reported by: Alexander Kjäll <alexander.kjall@gmail.com>; Date: Tue, 8 Sep 2020 10:15:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 296 days ago; Modified 2 years and 207 days ago;
#972034 [i|S| ] [src:intellij-community-idea] Multiple security issues affecting intellij-community-idea?
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sun, 11 Oct 2020 17:06:01 UTC; Severity: important; Tags: security; Filed 2 years and 263 days ago; Modified 2 years and 263 days ago;
#973969 [i|S| ] [src:gramadoir] gramadoir: please rebuild with dh_elpa 2.x
Reported by: David Bremner <bremner@debian.org>; Date: Sun, 8 Nov 2020 13:03:02 UTC; Severity: important; Tags: security; Found in version gramadoir/0.7-4; Filed 2 years and 235 days ago; Modified 2 years and 207 days ago;
#980876 [i|S| ] [dash] dash: Document -- option particularly with sh -c and security implication
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Sat, 23 Jan 2021 16:06:02 UTC; Severity: important; Tags: security; Found in version dash/0.5.11+git20200708+dd9ef66-5; Filed 2 years and 159 days ago; Modified 2 years and 158 days ago;
#983267 [i|Su| ] [src:steghide] steghide: CVE-2021-27211
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 21 Feb 2021 20:21:02 UTC; Severity: important; Tags: security, upstream; Found in versions steghide/0.5.1-15, steghide/0.5.1-13; Filed 2 years and 130 days ago; Modified 2 years and 130 days ago;
#984446 [i|Su| ] [src:newlib] CVE-2021-3420
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Wed, 3 Mar 2021 19:15:01 UTC; Severity: important; Tags: security, upstream; Found in version newlib/3.3.0-1; Filed 2 years and 120 days ago; Modified 2 years and 120 days ago;
#986326 [i|S| ] [src:linux] linux-image-5.10.0-5-armmp-lpae: LTP causes kernel crash
Reported by: Ryutaroh Matsumoto <ryutaroh@ict.e.titech.ac.jp>; Date: Sat, 3 Apr 2021 09:12:02 UTC; Severity: important; Tags: security; Found in versions linux/5.10.24-1, linux/5.10.26-1; Filed 2 years and 89 days ago; Modified 2 years and 78 days ago;
#987284 [i|Su| ] [gradle] CVE-2021-29428 CVE-2021-29429
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 20 Apr 2021 19:09:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 72 days ago; Modified 2 years and 72 days ago;
#987326 [i|Su|☺] [src:pupnp-1.8] pupnp-1.8: CVE-2021-29462
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 21 Apr 2021 19:03:01 UTC; Severity: important; Tags: security, upstream; Found in version pupnp-1.8/1:1.8.4-2; Fixed in version pupnp/1:1.14.16-1; Done: Sebastian Ramacher <sramacher@debian.org>; Filed 2 years and 71 days ago; Modified 43 days ago;
#988728 [i|S| ] [src:shiro] CVE-2020-17523 CVE-2020-17510 CVE-2020-11989
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 18 May 2021 18:39:02 UTC; Severity: important; Tags: security; Filed 2 years and 44 days ago; Modified 2 years and 44 days ago;
#988730 [i|S| ] [lxc-templates] CVE-2017-18641
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 18 May 2021 18:48:02 UTC; Severity: important; Tags: security; Filed 2 years and 44 days ago; Modified 2 years and 44 days ago;
#988733 [i|S| ] [ruby-twitter-stream] CVE-2020-24392
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 18 May 2021 18:51:04 UTC; Severity: important; Tags: security; Filed 2 years and 44 days ago; Modified 2 years and 44 days ago;
#988946 [i|Su| ] [libhibernate-validator-java] CVE-2020-10693
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 21 May 2021 19:42:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 41 days ago; Modified 2 years and 41 days ago;
#988948 [i|Su| ] [src:thrift] CVE-2019-11939
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 21 May 2021 19:51:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 41 days ago; Modified 93 days ago;
#989364 [i|S| ] [scilab] scilab: Multiple security issues in ezxml
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 1 Jun 2021 19:57:11 UTC; Severity: important; Tags: security; Filed 2 years and 30 days ago; Modified 2 years and 30 days ago;
#989375 [i|Su| ] [src:courier] courier: CVE-2021-38084
Reported by: Sysadmin HTL Leonding <debbtsreports@htl-leonding.ac.at>; Date: Wed, 2 Jun 2021 07:03:02 UTC; Severity: important; Tags: security, upstream; Found in versions courier/1.0.16-3, courier/1.0.6-1; Filed 2 years and 29 days ago; Modified 1 year and 331 days ago;
#990543 [i|Su| ] [src:rpm] rpm: CVE-2021-35937 CVE-2021-35938 CVE-2021-35939
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 1 Jul 2021 15:45:01 UTC; Severity: important; Tags: security, upstream; Filed 2 years ago; Modified 2 years ago;
#990793 [i|Su| ] [src:kubernetes] kubernetes: CVE-2020-8554 CVE-2020-8562 CVE-2021-25735 CVE-2021-25737
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 7 Jul 2021 15:48:02 UTC; Severity: important; Tags: security, upstream; Filed 1 year and 359 days ago; Modified 1 year and 359 days ago;
#991329 [i|USu| ] [src:vsftpd] vsftpd: CVE-2021-3618
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 20 Jul 2021 20:24:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions vsftpd/3.0.3-12, vsftpd/3.0.3-13; Filed 1 year and 346 days ago; Modified 1 year and 345 days ago;
#991527 [i|Su| ] [src:libpdfbox-java] libpdfbox-java: CVE-2021-31811 CVE-2021-31812
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 26 Jul 2021 20:45:02 UTC; Severity: important; Tags: security, upstream; Found in version libpdfbox-java/1:1.8.16-2; Filed 1 year and 340 days ago; Modified 1 year and 340 days ago;
#991723 [i|Su| ] [sylpheed] sylpheed: CVE-2021-37746
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jul 2021 20:33:01 UTC; Severity: important; Tags: security, upstream; Found in versions sylpheed/3.7.0-4, sylpheed/3.7.0-8; Filed 1 year and 336 days ago; Modified 1 year and 332 days ago;
#993375 [i|Su| ] [gtkpod] gtkpod: CVE-2021-37231 - stack-buffer overflow in embedded AtomicParsley code, APar_readX
Reported by: Neil Williams <codehelp@debian.org>; Date: Tue, 31 Aug 2021 14:21:01 UTC; Severity: important; Tags: security, upstream; Found in version gtkpod/2.1.5-8; Filed 1 year and 304 days ago; Modified 1 year and 303 days ago;
#993746 [i|USu| ] [src:postorius] python3-django-postorius: CVE-2021-40347 New upstream to fix security bug
Reported by: Peter Chubb <peter.chubb@unsw.edu.au>; Date: Sun, 5 Sep 2021 21:33:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions postorius/1.2.4-1, postorius/1.3.4-2; Filed 1 year and 299 days ago; Modified 1 year and 295 days ago;
#1000198 [i|S| ] [openssh-server] openssh-server: insecure algorithms reported by ssh-audit
Reported by: Martin-Éric Racine <martin-eric.racine@iki.fi>; Date: Fri, 19 Nov 2021 13:30:01 UTC; Severity: important; Tags: security; Found in version openssh/1:8.7p1-2; Filed 1 year and 224 days ago; Modified 270 days ago;
#1000580 [i|S| ] [node-uuid] node-uuid: Update dependency from deprecated node-babel-eslint to @babel/eslint-parser
Reported by: yadd@debian.org; Date: Thu, 25 Nov 2021 11:27:02 UTC; Severity: important; Tags: security; Filed 1 year and 218 days ago; Modified 1 year and 218 days ago;
#1000581 [i|S| ] [node-katex] node-katex: Update dependency from deprecated node-babel-eslint to @babel/eslint-parser
Reported by: yadd@debian.org; Date: Thu, 25 Nov 2021 11:36:05 UTC; Severity: important; Tags: security; Filed 1 year and 218 days ago; Modified 1 year and 218 days ago;
#1000582 [i|S| ] [node-yarnpkg] node-yarnpkg: Update dependency from deprecated node-babel-eslint to @babel/eslint-parser
Reported by: yadd@debian.org; Date: Thu, 25 Nov 2021 11:36:07 UTC; Severity: important; Tags: security; Filed 1 year and 218 days ago; Modified 1 year and 218 days ago;
#1001037 [i|Su| ] [src:kotlin] kotlin: CVE-2020-29582
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 2 Dec 2021 21:54:02 UTC; Severity: important; Tags: security, upstream; Found in version kotlin/1.3.31+~1.0.1+~0.11.12-1; Filed 1 year and 211 days ago; Modified 1 year and 211 days ago;
#1002008 [i|S| ] [rsync] rsync: integer overflow in rsync
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Mon, 20 Dec 2021 09:45:01 UTC; Severity: important; Tags: security; Found in version rsync/3.2.3-8; Filed 1 year and 193 days ago; Modified 1 year and 193 days ago;
#1002739 [i|S| ] [giftrans] giftrans: CVE-2021-45972: Stack based buffer overflow in the giftrans function
Reported by: Kolja Grassmann <koljagrassmann@mailbox.org>; Date: Tue, 28 Dec 2021 16:18:01 UTC; Severity: important; Tags: security; Found in version giftrans/1.12.2-19; Filed 1 year and 185 days ago; Modified 1 year and 180 days ago;
#1006406 [i|Su| ] [src:bluez] BlueMirror mesh attacks - CVE-2020-26556, CVE-2020-26557, CVE-2020-26559, CVE-2020-26560
Reported by: Ben Hutchings <ben@decadent.org.uk>; Date: Fri, 25 Feb 2022 02:30:01 UTC; Severity: important; Tags: security, upstream; Filed 1 year and 126 days ago; Modified 1 year and 126 days ago;
#1006633 [i|S|☺] [procmail] procmail is unmaintained upstream
Reported by: Antoine Beaupre <anarcat@debian.org>; Date: Tue, 1 Mar 2022 02:15:02 UTC; Severity: important; Tags: security; Found in version procmail/3.22-26; Fixed in version procmail/3.24-1; Done: Santiago Vila <sanvila@debian.org>; Filed 1 year and 122 days ago; Modified 177 days ago;
#1007240 [i|S| ] [gnome-boxes] gnome-boxes: disk image is world-readable by default
Reported by: Ansgar <ansgar@43-1.org>; Date: Mon, 14 Mar 2022 12:27:02 UTC; Severity: important; Tags: security; Found in version gnome-boxes/42~beta-1; Filed 1 year and 109 days ago; Modified 1 year and 109 days ago;
#1007243 [i|S| ] [src:kotlin] kotlin: CVE-2022-24329 - not possible to lock dependencies for Multiplatform Gradle Projects
Reported by: Neil Williams <codehelp@debian.org>; Date: Mon, 14 Mar 2022 14:33:02 UTC; Severity: important; Tags: security; Found in version kotlin/1.3.31+~1.0.1+~0.11.12-2; Filed 1 year and 109 days ago; Modified 1 year and 109 days ago;
#1010154 [i|S| ] [src:libowasp-antisamy-java] libowasp-antisamy-java: CVE-2022-28366 + CVE-2022-28367
Reported by: Neil Williams <codehelp@debian.org>; Date: Mon, 25 Apr 2022 12:42:01 UTC; Severity: important; Tags: security; Found in version libowasp-antisamy-java/1.5.3+dfsg-1.1; Filed 1 year and 67 days ago; Modified 1 year and 66 days ago;
#1010693 [i|Su| ] [src:netty] netty: CVE-2022-24823
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 7 May 2022 14:57:01 UTC; Severity: important; Tags: security, upstream; Found in version netty/1:4.1.48-4; Filed 1 year and 55 days ago; Modified 1 year and 55 days ago;
#1010748 [i|S| ] [src:uclibc] uclibc: CVE-2021-27419 - integer overflow in both malloc and memalign implementations
Reported by: Neil Williams <codehelp@debian.org>; Date: Mon, 9 May 2022 08:18:01 UTC; Severity: important; Tags: security; Found in version uclibc/1.0.35-1; Filed 1 year and 53 days ago; Modified 1 year and 53 days ago;
#1011741 [i|Su| ] [src:golang-github-hashicorp-go-getter] golang-github-hashicorp-go-getter: Multiple Vulnerabilities In go-getter library (CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323)
Reported by: Neil Williams <codehelp@debian.org>; Date: Thu, 26 May 2022 07:57:02 UTC; Severity: important; Tags: security, upstream; Found in version golang-github-hashicorp-go-getter/1.4.1-1; Filed 1 year and 36 days ago; Modified 1 year and 36 days ago;
#1013279 [i|S| ] [src:cookiecutter] cookiecutter: CVE-2022-24065
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Jun 2022 15:03:01 UTC; Severity: important; Tags: security; Filed 1 year and 11 days ago; Modified 106 days ago;
#1013416 [i|S| ] [lintian] lintian: broken embedded-library
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Thu, 23 Jun 2022 08:45:01 UTC; Severity: important; Tags: security; Found in version lintian/2.115.1; Filed 1 year and 8 days ago; Modified 1 year and 8 days ago;
#1014122 [i|Su| ] [src:libelfin] libelfin: CVE-2020-24821 CVE-2020-24822 CVE-2020-24823 CVE-2020-24824 CVE-2020-24825 CVE-2020-24826 CVE-2020-24827
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 30 Jun 2022 14:42:01 UTC; Severity: important; Tags: security, upstream; Filed 1 year and 1 day ago; Modified 1 year and 1 day ago;
#1014389 [i|S| ] [src:mapcache] mapcache: CVE-2022-30045 incorrect memory handling leading to a heap out-of-bounds read
Reported by: Neil Williams <codehelp@debian.org>; Date: Tue, 5 Jul 2022 09:18:02 UTC; Severity: important; Tags: security; Found in version mapcache/1.12.1-1; Filed 361 days ago; Modified 360 days ago;
#1014390 [i|S| ] [src:navit] navit: CVE-2022-30045 incorrect memory handling in ezml support leading to a heap out-of-bounds read
Reported by: Neil Williams <codehelp@debian.org>; Date: Tue, 5 Jul 2022 09:21:02 UTC; Severity: important; Tags: security; Found in version navit/0.5.0+dfsg.1-2; Filed 361 days ago; Modified 361 days ago;
#1014391 [i|S| ] [src:scilab] scilab: CVE-2022-30045 incorrect memory handling in ezml support leading to a heap out-of-bounds read
Reported by: Neil Williams <codehelp@debian.org>; Date: Tue, 5 Jul 2022 09:21:04 UTC; Severity: important; Tags: security; Found in version scilab/6.1.1+dfsg2-3; Filed 361 days ago; Modified 270 days ago;
#1014469 [i|S| ] [src:libsixel] libsixel: CVE-2021-46700
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 6 Jul 2022 15:21:04 UTC; Severity: important; Tags: security; Filed 360 days ago; Modified 360 days ago;
#1014531 [i|Su| ] [src:libstb] libstb: CVE-2022-28041 CVE-2022-28042
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 15:45:04 UTC; Severity: important; Tags: security, upstream; Filed 359 days ago; Modified 358 days ago;
#1014532 [i|Su| ] [src:libstb] libstb: CVE-2021-42715 CVE-2021-42716
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 15:45:06 UTC; Severity: important; Tags: security, upstream; Filed 359 days ago; Modified 358 days ago;
#1014709 [i|Su| ] [src:jakarta-jmeter] jakarta-jmeter: CVE-2018-1287 CVE-2019-0187
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 10 Jul 2022 17:21:01 UTC; Severity: important; Tags: security, upstream; Filed 356 days ago; Modified 356 days ago;
#1014710 [i|Su| ] [src:gegl] gegl: CVE-2018-10111 CVE-2018-10112
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 10 Jul 2022 17:21:04 UTC; Severity: important; Tags: security, upstream; Found in version gegl/0.3.34-1; Filed 356 days ago; Modified 354 days ago;
#1014721 [i|S| ] [src:ansible] ansible: CVE-2021-3447
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 10 Jul 2022 20:27:02 UTC; Severity: important; Tags: security; Filed 356 days ago; Modified 356 days ago;
#1014764 [i|Su|☺] [src:guestfs-tools] guestfs-tools: CVE-2022-2211
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 17:51:02 UTC; Severity: important; Tags: security, upstream; Found in version guestfs-tools/1.48.2-1; Fixed in versions guestfs-tools/1.48.3-4, guestfs-tools/1.48.2-1+deb12u1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 355 days ago; Modified 28 days ago;
#1014777 [i|Su| ] [src:libgig] libgig: CVE-2021-32294
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 19:24:01 UTC; Severity: important; Tags: security, upstream; Filed 355 days ago; Modified 355 days ago;
#1014778 [i|Su| ] [src:gradle] gradle: CVE-2021-32751
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 19:27:01 UTC; Severity: important; Tags: security, upstream; Filed 355 days ago; Modified 355 days ago;
#1014779 [i|Su| ] [src:angular.js] angular.js: CVE-2022-25844
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 19:27:04 UTC; Severity: important; Tags: security, upstream; Filed 355 days ago; Modified 38 days ago;
#1014819 [i|Su| ] [src:shiro] shiro: CVE-2021-41303
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 12 Jul 2022 14:36:01 UTC; Severity: important; Tags: security, upstream; Filed 354 days ago; Modified 354 days ago;
#1014820 [i|Su| ] [src:shiro] shiro: CVE-2022-32532
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 12 Jul 2022 14:36:04 UTC; Severity: important; Tags: security, upstream; Filed 354 days ago; Modified 354 days ago;
#1014857 [i|Su| ] [src:ansible] ansible: CVE-2021-3533
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 13 Jul 2022 09:33:04 UTC; Severity: important; Tags: security, upstream; Filed 353 days ago; Modified 353 days ago;
#1014981 [i|Su| ] [src:libowasp-antisamy-java] libowasp-antisamy-java: CVE-2016-10006 CVE-2017-14735 CVE-2021-35043
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 15 Jul 2022 15:57:01 UTC; Severity: important; Tags: security, upstream; Filed 351 days ago; Modified 351 days ago;
#1014983 [i|Su| ] [resteasy3.0] resteasy3.0: CVE-2020-25633
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 15 Jul 2022 16:03:04 UTC; Severity: important; Tags: security, upstream; Filed 351 days ago; Modified 351 days ago;
#1015217 [i|Su| ] [src:ckeditor3] ckeditor3: CVE-2014-5191 CVE-2018-17960 CVE-2021-26271 CVE-2021-33829 CVE-2021-37695 CVE-2021-41165 CVE-2022-24728 CVE-2022-24729
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 17 Jul 2022 20:00:02 UTC; Severity: important; Tags: security, upstream; Filed 349 days ago; Modified 335 days ago;
#1016072 [i|S| ] [src:unhide] unhide: build static binaries
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Tue, 26 Jul 2022 11:51:01 UTC; Severity: important; Tags: security; Found in version unhide/20210124-2; Filed 340 days ago; Modified 340 days ago;
#1016441 [i|Su| ] [src:kubernetes] kubernetes: CVE-2021-25743
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 31 Jul 2022 19:27:02 UTC; Severity: important; Tags: security, upstream; Filed 335 days ago; Modified 335 days ago;
#1016682 [i|S| ] [ocsinventory-reports] ocsinventory-reports: asks user to remove files form /usr/share/ocsinventory-reports/ocsreports
Reported by: Ansgar <ansgar@debian.org>; Date: Fri, 5 Aug 2022 07:33:01 UTC; Severity: important; Tags: security; Found in version ocsinventory-server/2.8.1+dfsg1-1; Filed 330 days ago; Modified 330 days ago;
#1016889 [i|S|=] [subversion] subversion: Regression for #570271: permissions issue on nested working copies
Reported by: Jon Daley <debian@jon.limedaley.com>; Date: Tue, 9 Aug 2022 06:45:02 UTC; Severity: important; Tags: security; Merged with 1022711; Found in versions subversion/1.14.2-3, subversion/1.14.1-3+deb11u1; Filed 326 days ago; Modified 248 days ago;
#1016975 [i|Su| ] [src:libxerces2-java] libxerces2-java: CVE-2022-23437
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 10 Aug 2022 20:12:01 UTC; Severity: important; Tags: security, upstream; Filed 325 days ago; Modified 324 days ago;
#1020713 [i|S| ] [initramfs-tools] initramfs-tools: RESUME=auto probably a security hole
Reported by: Christoph Anton Mitterer <calestyo@scientia.org>; Date: Sun, 25 Sep 2022 18:09:01 UTC; Severity: important; Tags: security; Found in version initramfs-tools/0.142; Filed 279 days ago; Modified 279 days ago;
#1021141 [i|Su| ] [src:imagemagick] imagemagick: CVE-2022-3213
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 2 Oct 2022 18:15:12 UTC; Severity: important; Tags: security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.3; Filed 272 days ago; Modified 146 days ago;
#1021671 [i|Su| ] [src:shiro] shiro: CVE-2022-40664
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 12 Oct 2022 17:48:02 UTC; Severity: important; Tags: security, upstream; Filed 262 days ago; Modified 262 days ago;
#1021738 [i|Su| ] [src:man2html] man2html: CVE-2021-40647 CVE-2021-40648
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 13 Oct 2022 19:18:02 UTC; Severity: important; Tags: security, upstream; Filed 261 days ago; Modified 261 days ago;
#1021740 [i|Su| ] [src:openvswitch] openvswitch: CVE-2019-25076
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 13 Oct 2022 19:21:04 UTC; Severity: important; Tags: security, upstream; Filed 261 days ago; Modified 261 days ago;
#1024022 [i|Su| ] [src:qemu] qemu: CVE-2022-3872: off-by-one read/write issue in SDHCI emulation (sdhci_read_dataport & sdhci_write_datapor)
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 13 Nov 2022 19:39:06 UTC; Severity: important; Tags: security, upstream; Filed 230 days ago; Modified 35 days ago;
#1025489 [i|Su| ] [src:rxvt-unicode] rxvt-unicode: CVE-2022-4170
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 5 Dec 2022 18:30:01 UTC; Severity: important; Tags: security, upstream; Found in version rxvt-unicode/9.30-2; Filed 208 days ago; Modified 208 days ago;
#1027150 [i|Su| ] [src:neutron] neutron: CVE-2022-3277
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 17:48:01 UTC; Severity: important; Tags: security, upstream; Filed 185 days ago; Modified 185 days ago;
#1027154 [i|Su| ] [src:puppet-module-puppetlabs-mysql] puppet-module-puppetlabs-mysql: CVE-2022-3276
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 18:03:02 UTC; Severity: important; Tags: security, upstream; Filed 185 days ago; Modified 185 days ago;
#1027160 [i|Su| ] [src:xdg-utils] xdg-utils: CVE-2022-4055
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 18:51:05 UTC; Severity: important; Tags: security, upstream; Filed 185 days ago; Modified 185 days ago;
#1028212 [i|S| ] [prometheus-node-exporter-collectors] prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades
Reported by: Eric Estievenart <steve+deb@tecwec.eu>; Date: Sun, 8 Jan 2023 15:45:04 UTC; Severity: important; Tags: security; Found in version prometheus-node-exporter-collectors/0.0~git20221011.8f6be63-1; Filed 174 days ago; Modified 174 days ago;
#1029095 [i|S| ] [libselinux1] libselinux: claim /run/setrans directory
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Tue, 17 Jan 2023 16:45:04 UTC; Severity: important; Tags: security; Found in version libselinux/3.1-3; Filed 165 days ago; Modified 165 days ago;
#1030612 [i|Su| ] [src:harfbuzz] harfbuzz: CVE-2023-25193
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 5 Feb 2023 16:33:04 UTC; Severity: important; Tags: security, upstream; Found in version harfbuzz/6.0.0+dfsg-3; Filed 146 days ago; Modified 125 days ago;
#1031301 [i|Su| ] [src:node-http-server] node-http-server: CVE-2021-23797
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 14 Feb 2023 19:00:01 UTC; Severity: important; Tags: security, upstream; Filed 137 days ago; Modified 137 days ago;
#1031726 [i|Su| ] [src:hdf5] hdf5: CVE-2022-26061 CVE-2022-25972 CVE-2022-25942
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 21 Feb 2023 15:09:04 UTC; Severity: important; Tags: security, upstream; Filed 130 days ago; Modified 20 days ago;
#1031729 [i|Su| ] [src:resteasy3.0] resteasy3.0: CVE-2023-0482
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 21 Feb 2023 15:09:11 UTC; Severity: important; Tags: security, upstream; Filed 130 days ago; Modified 130 days ago;
#1031869 [i|Su| ] [src:nethack] nethack: CVE-2023-24809
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 24 Feb 2023 16:03:01 UTC; Severity: important; Tags: security, upstream; Filed 127 days ago; Modified 127 days ago;
#1032100 [i|Su| ] [src:golang-github-hashicorp-go-getter] golang-github-hashicorp-go-getter: CVE-2023-0475
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 22:09:04 UTC; Severity: important; Tags: security, upstream; Filed 124 days ago; Modified 123 days ago;
#1032609 [i|S| ] [zathura] zathura: immediate segmentation fault on some PDF file
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Fri, 10 Mar 2023 01:27:02 UTC; Severity: important; Tags: security; Found in version zathura/0.5.2-1; Filed 114 days ago; Modified 113 days ago;
#1032664 [i|Su| ] [src:mootools] mootools: CVE-2021-32821
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:03:02 UTC; Severity: important; Tags: security, upstream; Filed 113 days ago; Modified 113 days ago;
#1032666 [i|Su| ] [src:freeimage] freeimage: CVE-2021-33367
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:03:06 UTC; Severity: important; Tags: security, upstream; Filed 113 days ago; Modified 113 days ago;
#1033110 [i|Su| ] [src:cmark-gfm] cmark-gfm: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 17 Mar 2023 13:54:04 UTC; Severity: important; Tags: security, upstream; Filed 106 days ago; Modified 106 days ago;
#1033111 [i|Su| ] [src:python-cmarkgfm] python-cmarkgfm: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 17 Mar 2023 13:57:01 UTC; Severity: important; Tags: security, upstream; Filed 106 days ago; Modified 106 days ago;
#1033112 [i|Su| ] [src:r-cran-commonmark] r-cran-commonmark: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 17 Mar 2023 13:57:04 UTC; Severity: important; Tags: security, upstream; Filed 106 days ago; Modified 106 days ago;
#1033113 [i|Su| ] [src:ruby-commonmarker] ruby-commonmarker: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 17 Mar 2023 14:00:01 UTC; Severity: important; Tags: security, upstream; Filed 106 days ago; Modified 106 days ago;
#1033251 [i|Su| ] [src:wordpress] wordpress: CVE-2022-3590
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:09:02 UTC; Severity: important; Tags: security, upstream; Found in version wordpress/6.1.1+dfsg1-1; Filed 103 days ago; Modified 102 days ago;
#1033254 [i|Su| ] [src:imagemagick] imagemagick: CVE-2023-1289
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:09:09 UTC; Severity: important; Tags: security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.6; Filed 103 days ago; Modified 103 days ago;
#1033474 [i|Su| ] [src:json-smart] json-smart: CVE-2023-1370
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 25 Mar 2023 16:54:02 UTC; Severity: important; Tags: security, upstream; Found in version json-smart/2.2-2; Filed 98 days ago; Modified 98 days ago;
#1033754 [i|Su| ] [src:python-redis] python-redis: CVE-2023-28858
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 31 Mar 2023 18:51:02 UTC; Severity: important; Tags: security, upstream; Found in version python-redis/4.3.4-3; Filed 92 days ago; Modified 92 days ago;
#1033848 [i|Su| ] [src:hotspot] hotspot: CVE-2023-28144
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 2 Apr 2023 19:06:01 UTC; Severity: important; Tags: security, upstream; Found in version hotspot/1.3.0-2; Filed 90 days ago; Modified 90 days ago;
#1034150 [i|Su|☺] [src:openimageio] openimageio: CVE-2023-24473 CVE-2023-22845
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 10 Apr 2023 12:21:05 UTC; Severity: important; Tags: security, upstream; Found in version openimageio/2.4.7.1+dfsg-2; Fixed in version openimageio/2.4.9.0+dfsg-1; Filed 82 days ago; Modified 82 days ago;
#1034151 [i|Su|☺] [src:openimageio] openimageio: CVE-2023-24472
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 10 Apr 2023 12:21:08 UTC; Severity: important; Tags: security, upstream; Found in version openimageio/2.4.7.1+dfsg-2; Fixed in version openimageio/2.4.9.0+dfsg-1; Filed 82 days ago; Modified 82 days ago;
#1034171 [i|Su| ] [src:cmark-gfm] cmark-gfm: CVE-2023-26485 CVE-2023-24824
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 16:15:02 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034172 [i|Su| ] [src:python-cmarkgfm] python-cmarkgfm: CVE-2023-26485 CVE-2023-24824
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 16:15:04 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034173 [i|Su| ] [src:r-cran-commonmark] r-cran-commonmark: CVE-2023-26485 CVE-2023-24824
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 16:15:07 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034174 [i|Su| ] [src:ruby-commonmarker] ruby-commonmarker: CVE-2023-26485 CVE-2023-24824
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 16:15:09 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034178 [i|Su| ] [src:opensmtpd] opensmtpd: CVE-2023-29323
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:39:02 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034183 [i|Su| ] [src:stellarium] stellarium: CVE-2023-28371
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:45:01 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034372 [i|Su|☺] [src:ncurses] ncurses: CVE-2023-29491
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 13 Apr 2023 18:42:02 UTC; Severity: important; Tags: security, upstream; Found in versions ncurses/6.4-2, ncurses/6.2+20201114-2; Fixed in version ncurses/6.4+20230603-1; Done: Sven Joachim <svenjoac@gmx.de>; Filed 79 days ago; Modified 16 days ago;
#1034373 [i|Su| ] [src:imagemagick] imagemagick: CVE-2023-1906
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 13 Apr 2023 18:45:02 UTC; Severity: important; Tags: security, upstream; Filed 79 days ago; Modified 79 days ago;
#1034481 [i|Su| ] [src:ckeditor] ckeditor: CVE-2023-28439
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 16 Apr 2023 14:03:02 UTC; Severity: important; Tags: security, upstream; Found in version ckeditor/4.19.1+dfsg-1; Filed 76 days ago; Modified 76 days ago;
#1034615 [i|Su| ] [src:sqlparse] sqlparse: CVE-2023-30608
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 19 Apr 2023 19:27:06 UTC; Severity: important; Tags: security, upstream; Found in version sqlparse/0.4.2-1; Filed 73 days ago; Modified 73 days ago;
#1034793 [i|Su| ] [src:nvidia-cuda-toolkit] nvidia-cuda-toolkit: CVE-2023-25510, CVE-2023-25511, CVE-2023-25514
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Mon, 24 Apr 2023 15:30:02 UTC; Severity: important; Tags: security, upstream; Found in version nvidia-cuda-toolkit/4.0.13-1; Filed 68 days ago; Modified 68 days ago;
#1034799 [i|Su| ] [src:nvidia-cuda-toolkit] nvidia-cuda-toolkit: CVE-2023-25510 CVE-2023-25511 CVE-2023-25512 CVE-2023-25513 CVE-2023-25514
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 17:27:04 UTC; Severity: important; Tags: security, upstream; Filed 68 days ago; Modified 68 days ago;
#1034838 [i|S| ] [src:hdf5] hdf5: CVE-2019-8396 CVE-2019-8398
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 18:48:09 UTC; Severity: important; Tags: security; Filed 67 days ago; Modified 67 days ago;
#1034840 [i|Su| ] [src:etcd] etcd: CVE-2021-28235
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 18:57:02 UTC; Severity: important; Tags: security, upstream; Filed 67 days ago; Modified 67 days ago;
#1034887 [i|Su| ] [src:python-cmarkgfm] python-cmarkgfm: CVE-2022-39209
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 26 Apr 2023 17:39:04 UTC; Severity: important; Tags: security, upstream; Filed 66 days ago; Modified 66 days ago;
#1034888 [i|Su| ] [src:ruby-commonmarker] ruby-commonmarker: CVE-2022-39209
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 26 Apr 2023 17:39:07 UTC; Severity: important; Tags: security, upstream; Filed 66 days ago; Modified 66 days ago;
#1034891 [i|Su| ] [src:389-ds-base] 389-ds-base: CVE-2023-1055
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 26 Apr 2023 17:45:04 UTC; Severity: important; Tags: security, upstream; Filed 66 days ago; Modified 66 days ago;
#1035498 [i|Su| ] [src:golang-github-gin-gonic-gin] golang-github-gin-gonic-gin: CVE-2023-26125
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 4 May 2023 09:00:01 UTC; Severity: important; Tags: security, upstream; Found in version golang-github-gin-gonic-gin/1.8.1-1; Filed 58 days ago; Modified 58 days ago;
#1035934 [i|Su| ] [src:in-toto] in-toto: CVE-2023-32076
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 12:12:02 UTC; Severity: important; Tags: security, upstream; Found in version in-toto/1.3.1-1; Filed 51 days ago; Modified 51 days ago;
#1035935 [i|Su| ] [src:libpodofo] libpodofo: CVE-2023-31555 CVE-2023-31556 CVE-2023-31568
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 12:12:23 UTC; Severity: important; Tags: security, upstream; Filed 51 days ago; Modified 48 days ago;
#1035952 [i|Su| ] [src:apache-jena] apache-jena: CVE-2023-22665
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:45:04 UTC; Severity: important; Tags: security, upstream; Filed 51 days ago; Modified 51 days ago;
#1035955 [i|Su|☺] [src:vim] vim: CVE-2023-2610
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:45:19 UTC; Severity: important; Tags: security, upstream; Fixed in version vim/2:9.0.1658-1; Done: James McCoy <jamessan@debian.org>; Filed 51 days ago;
#1036278 [i|Su| ] [src:libpodofo] libpodofo: CVE-2023-31566 CVE-2023-31567
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 18 May 2023 13:21:01 UTC; Severity: important; Tags: security, upstream; Filed 44 days ago; Modified 44 days ago;
#1036284 [i|Su| ] [src:civicrm] civicrm: CVE-2023-28115
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 18 May 2023 13:27:02 UTC; Severity: important; Tags: security, upstream; Filed 44 days ago; Modified 44 days ago;
#1036470 [i|Su|☺] [src:texlive-bin] texlive-bin: CVE-2023-32668
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 21 May 2023 19:09:05 UTC; Severity: important; Tags: security, upstream; Found in version texlive-bin/2022.20220321.62855-5; Fixed in versions texlive-bin/2022.20220321.62855-6, texlive-bin/2022.20220321.62855-5.1+deb12u1; Done: Hilmar Preusse <hille42@web.de>; Filed 41 days ago;
#1036476 [i|Su| ] [src:imagemagick] imagemagick: CVE-2023-2157
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 21 May 2023 20:15:01 UTC; Severity: important; Tags: security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.6; Filed 41 days ago; Modified 41 days ago;
#1036655 [i|S| ] [pinentry-curses] pinentry-curses: leaks keystrokes to the shell
Reported by: Martin-Éric Racine <martin-eric.racine@iki.fi>; Date: Tue, 23 May 2023 20:54:01 UTC; Severity: important; Tags: security; Found in version pinentry/1.2.1-1; Filed 39 days ago; Modified 39 days ago;
#1036693 [i|Su| ] [src:requests] requests: CVE-2023-32681: Unintended leak of Proxy-Authorization header
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 24 May 2023 12:39:06 UTC; Severity: important; Tags: security, upstream; Found in versions requests/2.21.0-1, requests/2.25.1+dfsg-2, requests/2.28.1+dfsg-1; Filed 38 days ago; Modified 38 days ago;
#1036694 [i|Su| ] [src:angular.js] angular.js: CVE-2022-25869 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 12:45:01 UTC; Severity: important; Tags: security, upstream; Filed 38 days ago; Modified 38 days ago;
#1036695 [i|Su| ] [src:civicrm] civicrm: CVE-2023-25440
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 12:51:02 UTC; Severity: important; Tags: security, upstream; Filed 38 days ago; Modified 38 days ago;
#1037090 [i|Su|☺] [src:imagemagick] imagemagick: CVE-2021-3610
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 4 Jun 2023 12:57:02 UTC; Severity: important; Tags: security, upstream; Found in versions imagemagick/8:6.9.11.60+dfsg-1, imagemagick/8:6.9.11.60+dfsg-1.6; Fixed in version imagemagick/8:6.9.12.20+dfsg1-1; Filed 27 days ago; Modified 27 days ago;
#1037100 [i|Su| ] [src:cpp-httplib] cpp-httplib: CVE-2023-26130
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 4 Jun 2023 19:15:01 UTC; Severity: important; Tags: security, upstream; Found in version cpp-httplib/0.11.4+ds-1; Filed 27 days ago; Modified 19 days ago;
#1037208 [i|Su| ] [src:renderdoc] renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Jun 2023 19:00:01 UTC; Severity: important; Tags: security, upstream; Found in version renderdoc/1.24+dfsg-1; Filed 24 days ago; Modified 24 days ago;
#1038119 [i|Su|☺] [src:tang] tang: CVE-2023-1672
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 15 Jun 2023 15:57:01 UTC; Severity: important; Tags: security, upstream; Found in version tang/11-2; Fixed in version tang/14-1; Done: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Filed 16 days ago; Modified 16 days ago;
#1038251 [i|Su| ] [src:hoteldruid] hoteldruid: CVE-2023-33817 CVE-2023-34537
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 16 Jun 2023 18:57:06 UTC; Severity: important; Tags: security, upstream; Found in version hoteldruid/3.0.5-1; Filed 15 days ago; Modified 15 days ago;
#1038408 [i|Su| ] [src:ruby3.1] ruby3.1: CVE-2023-28755 CVE-2023-28756
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 17 Jun 2023 19:48:01 UTC; Severity: important; Tags: security, upstream; Found in version ruby3.1/3.1.2-7; Filed 14 days ago; Modified 14 days ago;
#1038947 [i|Su| ] [src:netty] netty: CVE-2023-34462
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 23 Jun 2023 15:06:01 UTC; Severity: important; Tags: security, upstream; Found in version netty/1:4.1.48-7; Filed 8 days ago; Modified 8 days ago;
#1039438 [i|S|♙] [src:enigma] "enigma: Contains an outdated lua copy and is unmaintained"
Reported by: Bastien Roucariès <rouca@debian.org>; Date: Sun, 25 Jun 2023 22:42:02 UTC; Severity: important; Tags: security; Fix blocked by 902855: O: enigma -- A game where you control a marble with;
#1039989 [i|Su| ] [src:plantuml] plantuml: CVE-2022-1231
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jun 2023 17:15:05 UTC; Severity: important; Tags: security, upstream; Found in version plantuml/1:1.2020.2+ds-1;
#1039990 [i|Su| ] [src:nodejs] nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jun 2023 17:21:02 UTC; Severity: important; Tags: security, upstream; Found in version nodejs/18.13.0+dfsg1-1;
#1039999 [i|Su| ] [src:plantuml] plantuml: CVE-2023-3431
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jun 2023 19:27:01 UTC; Severity: important; Tags: security, upstream; Found in version plantuml/1:1.2020.2+ds-1;
#1040000 [i|Su| ] [src:plantuml] plantuml: CVE-2023-3432
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jun 2023 19:30:02 UTC; Severity: important; Tags: security, upstream; Found in version plantuml/1:1.2020.2+ds-1;
#1040036 [i|Su| ] [src:yajl] yajl: CVE-2017-16516 CVE-2022-24795
Reported by: Tobias Frost <tobi@debian.org>; Date: Sat, 1 Jul 2023 11:06:02 UTC; Severity: important; Tags: security, upstream;
#1040050 [i|Su| ] [src:bouncycastle] bouncycastle: CVE-2023-33201: potential blind LDAP injection attack using a self-signed certificate
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 1 Jul 2023 19:03:02 UTC; Severity: important; Tags: security, upstream; Found in version bouncycastle/1.72-2;

Outstanding bugs -- Important bugs; More information needed (5 bugs)

#580923 [i|MS| ] [gnome-screensaver] a locked gnome-screensaver can be circumvented by inserting a pluggable media
Reported by: Soeren Sonnenburg <sonne@debian.org>; Date: Sun, 9 May 2010 21:15:02 UTC; Severity: important; Tags: moreinfo, security; Found in version gnome-screensaver/2.30.0-1; Filed 13 years and 56 days ago; Modified 13 years and 31 days ago;
#629623 [i|MS| ] [gosa] 'new global config option "don't reuse user IDs that have been used once already"
Reported by: Klaus Ade Johnstad <klaus@skolelinux.no>; Date: Wed, 8 Jun 2011 08:09:01 UTC; Severity: important; Tags: moreinfo, security; Filed 12 years and 26 days ago; Modified 4 years and 274 days ago;
#816897 [i|MS| ] [sbuild] sbuild --build-dep-resolver=aptitude will install packages from untrusted sources
Reported by: Ansgar Burchardt <ansgar@debian.org>; Date: Sun, 6 Mar 2016 12:27:06 UTC; Severity: important; Tags: moreinfo, security; Found in version sbuild/0.68.0-1; Filed 7 years and 118 days ago; Modified 7 years and 55 days ago;
#844285 [i|MSR| ] [pidgin] pidgin: steals (warps) mouse cursor (not just focus) when new message comes in [SEC=UNCLASSIFIED]
Reported by: Tim Connors <reportbug@rather.puzzling.org>; Date: Mon, 14 Nov 2016 01:33:01 UTC; Severity: important; Tags: moreinfo, security, unreproducible; Found in versions pidgin/2.11.0-0+deb8u1, pidgin/2.10.11-1; Filed 6 years and 231 days ago; Modified 6 years and 24 days ago;
#1005974 [i|MSu| ] [src:sqlite3] sqlite3: CVE-2021-45346 memory leak vulnerability in SQLite
Reported by: Neil Williams <codehelp@debian.org>; Date: Fri, 18 Feb 2022 14:18:01 UTC; Severity: important; Tags: moreinfo, security, upstream; Found in version sqlite3/3.37.2-2; Filed 1 year and 133 days ago; Modified 1 year and 132 days ago;

Outstanding bugs -- Important bugs; Will Not Fix (2 bugs)

#382511 [i|Su☹|=] [libwmf] libwmf has vulnerable libgd2 copy; only used for writing, so not affected
Reported by: Martin Pitt <martin.pitt@ubuntu.com>; Date: Fri, 11 Aug 2006 15:18:19 UTC; Severity: important; Tags: security, upstream, wontfix; Merged with 635328, 751499; Found in versions 0.2.8.4-8, 0.2.8.4-2, 0.2.8.4-10.3; Filed 16 years and 328 days ago; Modified 3 years and 88 days ago;
#745837 [i|S☹| ] [curl] curl should check certificate revocation status by default
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Fri, 25 Apr 2014 17:57:01 UTC; Severity: important; Tags: security, wontfix; Found in version curl/7.36.0-1; Filed 9 years and 69 days ago; Modified 8 years and 59 days ago;

Outstanding bugs -- Normal bugs; Patch Available (19 bugs)

#410949 [n|+S| ] [poppassd] poppassd: restrictions ignored with pam_cracklib
Reported by: Matej Vela <vela@debian.org>; Date: Wed, 14 Feb 2007 21:18:02 UTC; Severity: normal; Tags: patch, security; Found in version poppassd/1.8.5-3.1; Filed 16 years and 141 days ago; Modified 16 years and 141 days ago;
#635109 [n|+S| ] [xauth] xauth: needs cookie handling warnings in man page
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Fri, 22 Jul 2011 19:06:02 UTC; Severity: normal; Tags: patch, security; Found in version xauth/1:1.0.6-1; Filed 11 years and 347 days ago; Modified 11 years and 347 days ago;
#801263 [n|+S| ] [lsyncd] [lsyncd] direct mode allows injecting unauthorized filesystem operations
Reported by: Marcin Szewczyk <Marcin.Szewczyk@wodny.org>; Date: Wed, 7 Oct 2015 23:03:02 UTC; Severity: normal; Tags: patch, security; Found in version lsyncd/2.1.5-2; Filed 7 years and 269 days ago; Modified 7 years and 204 days ago;
#879670 [n|+S| ] [spamassassin] spamd: use full hardening flags
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Tue, 24 Oct 2017 08:21:02 UTC; Severity: normal; Tags: patch, security; Found in version spamassassin/3.4.1-8; Filed 5 years and 251 days ago; Modified 5 years and 251 days ago;
#985597 [n|+S| ] [freeplane] freeplane has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Sat, 20 Mar 2021 15:00:01 UTC; Severity: normal; Tags: patch, security; Found in version freeplane/1.7.10-1; Filed 2 years and 103 days ago; Modified 2 years and 103 days ago;
#985598 [n|+S| ] [gnumeric] gnumeric has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Sat, 20 Mar 2021 15:03:02 UTC; Severity: normal; Tags: patch, security; Found in version gnumeric/1.12.48-1; Filed 2 years and 103 days ago; Modified 2 years and 103 days ago;
#985599 [n|+S| ] [gthumb] gthumb has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Sat, 20 Mar 2021 15:09:02 UTC; Severity: normal; Tags: patch, security; Found in version gthumb/3:3.11.2-0.1; Filed 2 years and 103 days ago; Modified 2 years and 103 days ago;
#985601 [n|+S| ] [latexdraw] latexdraw has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Sat, 20 Mar 2021 15:15:02 UTC; Severity: normal; Tags: patch, security; Found in version latexdraw/3.3.8+ds1-1; Filed 2 years and 103 days ago; Modified 2 years and 103 days ago;
#987403 [n|+S| ] [fbi] fbi has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 10:36:02 UTC; Severity: normal; Tags: patch, security; Found in version fbi/2.10-4; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987405 [n|+S|☺] [most] most has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 10:45:01 UTC; Severity: normal; Tags: patch, security; Found in version most/5.0.0a-4; Fixed in version most/5.2.0-1; Done: Benjamin Mako Hill <mako@debian.org>; Filed 2 years and 69 days ago;
#987406 [n|+S| ] [planner] planner has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 10:48:02 UTC; Severity: normal; Tags: patch, security; Found in version planner/0.14.6-9; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987407 [n|+S| ] [ttyrec] ttyrec has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 10:51:02 UTC; Severity: normal; Tags: patch, security; Found in version ttyrec/1.0.8-5.1; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987414 [n|+S| ] [qgo] qgo has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 14:30:02 UTC; Severity: normal; Tags: patch, security; Found in version qgo/2.1~git-20180413-1; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987421 [n|+S| ] [alsaplayer-daemon] alsaplayer-{daemon,gtk,text,xosd} has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 17:09:03 UTC; Severity: normal; Tags: patch, security; Found in version alsaplayer/0.99.81-2; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987691 [n|+S|☺] [imagemagick] imagemagick has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Tue, 27 Apr 2021 21:33:02 UTC; Severity: normal; Tags: patch, security; Found in version imagemagick/8:6.9.11.60+dfsg-1.3; Fixed in version imagemagick/8:6.9.12.20+dfsg1-1; Done: Bastien Roucariès <rouca@debian.org>; Filed 2 years and 65 days ago; Modified 1 year and 301 days ago;
#987692 [n|+S| ] [smpeg-plaympeg] smpeg-plaympeg has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Tue, 27 Apr 2021 21:39:01 UTC; Severity: normal; Tags: patch, security; Found in version smpeg/0.4.5+cvs20030824-9; Filed 2 years and 65 days ago; Modified 2 years and 65 days ago;
#1012179 [n|+S| ] [libxmltok] CVE-2021-46143: Integer overflow in expat can be found on libxmltok
Reported by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>; Date: Tue, 31 May 2022 14:42:02 UTC; Severity: normal; Tags: patch, security; Found in version 1.2-4; Filed 1 year and 31 days ago; Modified 1 year and 30 days ago;
#1032015 [n|+S| ] [src:xorg-server] xserver-org-core: enable full hardening flags
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Sun, 26 Feb 2023 16:24:02 UTC; Severity: normal; Tags: patch, security; Found in version xorg-server/2:21.1.7-1; Filed 125 days ago; Modified 87 days ago;
#1032018 [n|+S| ] [src:accountsservice] accounts-daemon: enable full hardening flags
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Sun, 26 Feb 2023 16:27:05 UTC; Severity: normal; Tags: patch, security; Found in version accountsservice/22.08.8-6; Filed 125 days ago; Modified 125 days ago;

Outstanding bugs -- Normal bugs; Confirmed (1 bug)

#700014 [n|S| ] [keepassx] keepassx: If file changed file is not locked on timeout
Reported by: James <james@jarofgreen.co.uk>; Date: Thu, 7 Feb 2013 12:21:01 UTC; Severity: normal; Tags: confirmed, security; Found in version keepassx/0.4.3-2; Filed 10 years and 146 days ago; Modified 7 years and 174 days ago;

Outstanding bugs -- Normal bugs; Unclassified (113 bugs)

#75344 [n|Su| ] [xauth] xbase-clients: [xauth] needs to way to identify and remove stale xauth cookies
Reported by: Colin Phipps <cphipps@doomworld.com>; Date: Sun, 22 Oct 2000 18:03:31 UTC; Severity: normal; Tags: security, upstream; Filed 22 years and 257 days ago; Modified 12 years and 121 days ago;
#102612 [n|S| ] [xlassie] xlassie shouldn't echo the password to the screen
Reported by: "Darren/Torin/Who Ever..." <torin@daft.com>; Date: Wed, 27 Jun 2001 22:03:01 UTC; Severity: normal; Tags: security; Found in version 1.7-2; Filed 22 years and 9 days ago; Modified 22 years and 8 days ago;
#144386 [n|S| ] [cricket] cricket: collect-subtrees should place its lockfiles somewhere other than /tmp
Reported by: Matt Zimmerman <mdz@debian.org>; Date: Wed, 24 Apr 2002 16:48:04 UTC; Severity: normal; Tags: security; Found in version 1.0.3-11; Filed 21 years and 73 days ago; Modified 20 years and 102 days ago;
#215070 [n|S| ] [src:courier] should edit imapd.cnf before auto generate imapd.pem
Reported by: Takuo KITAME <kitame@northeye.org>; Date: Fri, 10 Oct 2003 06:03:01 UTC; Severity: normal; Tags: security; Filed 19 years and 269 days ago; Modified 67 days ago;
#296547 [n|S| ] [ssh] ssh: [CAN-2004-1653] default configuration for OpenSSH enables AllowTcpForwarding
Reported by: Micah Anderson <micah@riseup.net>; Date: Wed, 23 Feb 2005 06:48:02 UTC; Severity: normal; Tags: security; Found in version 1:3.8.1p1-8.sarge.4; Filed 18 years and 132 days ago; Modified 16 years and 284 days ago;
#322699 [n|S| ] [src:fprobe] fprobe-ng: Possible DoS attack due to weak hash function
Reported by: Florian Weimer <fw@deneb.enyo.de>; Date: Fri, 12 Aug 2005 09:33:04 UTC; Severity: normal; Tags: security; Filed 17 years and 327 days ago; Modified 66 days ago;
#349251 [n|S| ] [libx11-6] CVE-2006-0197: XClientMessageEvent struct issue on 64 bit
Reported by: Joey Hess <joeyh@debian.org>; Date: Sat, 21 Jan 2006 20:48:10 UTC; Severity: normal; Tags: security; Filed 17 years and 165 days ago; Modified 10 years and 319 days ago;
#370432 [n|S| ] [src:thunderbird] thunderbird: [CVE-2006-0836] Address Book Import Remote DoS Vulnerability
Reported by: SALVETTI Djoume <djoume@taket.org>; Date: Mon, 5 Jun 2006 09:03:21 UTC; Severity: normal; Tags: security; Filed 17 years and 30 days ago; Modified 66 days ago;
#461075 [n|S| ] [src:uw-imap] uw-imapd: world-writable tmp files
Reported by: Justin Pryzby <jpryzby+d@quoininc.com>; Date: Wed, 16 Jan 2008 13:48:04 UTC; Severity: normal; Tags: security; Found in version uw-imap/7:2007~dfsg-1; Filed 15 years and 170 days ago; Modified 7 years and 15 days ago;
#481565 [n|S|=] [locales] locales: locale-gen fails when a file named UTF-8 is in current directory.
Reported by: Morita Sho <morita-pub-en-debian@inz.sakura.ne.jp>; Date: Sat, 17 May 2008 03:27:01 UTC; Severity: normal; Tags: security; Merged with 839759; Found in versions glibc/2.24-3, glibc/2.7-11; Filed 15 years and 48 days ago; Modified 6 years and 270 days ago;
#481860 [n|S| ] [openssh-server] openssh-server upgrade didn't remove all compromised keys from /etc/ssh
Reported by: Vincent Lefevre <vincent@vinc17.org>; Date: Mon, 19 May 2008 02:30:01 UTC; Severity: normal; Tags: security; Found in version openssh/1:4.7p1-10; Filed 15 years and 46 days ago; Modified 15 years and 29 days ago;
#497825 [n|Su| ] [gpgv] gpgv should return non-zero exitcode on expired keys
Reported by: martin f krafft <madduck@debian.org>; Date: Sat, 14 Jul 2007 11:30:01 UTC; Severity: normal; Tags: security, upstream; Filed 15 years and 356 days ago; Modified 5 years and 132 days ago;
#512425 [n|S| ] [buildd.debian.org] Authentication of logs files.
Reported by: Kurt Roeckx <kurt@roeckx.be>; Date: Tue, 20 Jan 2009 18:18:01 UTC; Severity: normal; Tags: security; Filed 14 years and 165 days ago; Modified 13 years and 200 days ago;
#528250 [n|S| ] [hex-a-hop] [hex-a-hop] stack-based buffer overflow via crafted save-game
Reported by: Nico Golde <nion@debian.org>; Date: Mon, 11 May 2009 17:45:01 UTC; Severity: normal; Tags: security; Filed 14 years and 54 days ago; Modified 14 years and 54 days ago;
#531315 [n|S| ] [unhide] aptitude seems to use hidden processes, rendering HIDS systems like unhide nearly useless
Reported by: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>; Date: Sun, 31 May 2009 14:09:02 UTC; Severity: normal; Tags: security; Filed 14 years and 34 days ago; Modified 10 years and 36 days ago;
#532521 [n|S| ] [w3m] predictable random number generator used in web browsers
Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>; Date: Tue, 9 Jun 2009 19:18:01 UTC; Severity: normal; Tags: security; Filed 14 years and 25 days ago; Modified 14 years and 9 days ago;
#539163 [n|S| ] [libpam-runtime] Only enabling profiles with no auth leaves system wide open
Reported by: Sam Hartman <hartmans@debian.org>; Date: Wed, 29 Jul 2009 14:30:01 UTC; Severity: normal; Tags: security; Found in version pam/1.0.1-6; Filed 13 years and 340 days ago; Modified 13 years and 160 days ago;
#556272 [n|S| ] [epiphany-browser] epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Sun, 15 Nov 2009 06:42:01 UTC; Severity: normal; Tags: security; Found in version epiphany-browser/2.29.1-2; Filed 13 years and 231 days ago; Modified 13 years and 131 days ago;
#560872 [n|S| ] [epiphany-browser] epiphany-browser: remote info disclosure via css
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Sat, 12 Dec 2009 22:30:08 UTC; Severity: normal; Tags: security; Found in version epiphany-browser/2.29.3-1; Filed 13 years and 204 days ago; Modified 13 years and 131 days ago;
#638185 [n|S| ] [secure-delete] secure-delete: sfill does not wipe more than the max. file size supported by the underlying filesystem
Reported by: intrigeri@debian.org; Date: Wed, 17 Aug 2011 14:24:02 UTC; Severity: normal; Tags: security; Found in version secure-delete/3.1-5; Filed 11 years and 321 days ago; Modified 6 years and 159 days ago;
#648508 [n|S| ] [chmlib] Embedded code copies of libmspack
Reported by: Josselin Mouette <joss@debian.org>; Date: Sat, 12 Nov 2011 12:55:01 UTC; Severity: normal; Tags: security; Filed 11 years and 234 days ago; Modified 11 years and 31 days ago;
#658692 [n|S| ] [apt-listchanges] [php5-common]
Reported by: Jürg Hofmann <juerg.hofmann@postbox.ch>; Date: Sun, 5 Feb 2012 10:27:02 UTC; Severity: normal; Tags: security; Filed 11 years and 149 days ago; Modified 11 years and 149 days ago;
#675557 [n|S| ] [convlit] Embedded code copies of libmspack
Reported by: Josselin Mouette <joss@debian.org>; Date: Sat, 12 Nov 2011 12:55:01 UTC; Severity: normal; Tags: security; Filed 11 years and 234 days ago; Modified 11 years and 31 days ago;
#677186 [n|S| ] [gnome-shell] gnome-shell: It's possible to turn off wifi networking using keyboard fn when session locked
Reported by: Arturo Borrero Gonzalez <cer.inet@linuxmail.org>; Date: Tue, 12 Jun 2012 07:54:05 UTC; Severity: normal; Tags: security; Found in version gnome-shell/3.2.2.1-4; Filed 11 years and 21 days ago; Modified 9 years and 105 days ago;
#687166 [n|S| ] [ntp] ntp: NTP security vulnerability because not using authentication by default
Reported by: none <anotst01@fastmail.fm>; Date: Mon, 10 Sep 2012 13:39:01 UTC; Severity: normal; Tags: security; Found in version 1:4.2.6.p3+dfsg-1ubuntu3.1; Filed 10 years and 296 days ago; Modified 10 years and 287 days ago;
#691275 [n|S| ] [cron] cron: symlink races in crontab
Reported by: Jann Horn <jannhorn@googlemail.com>; Date: Tue, 23 Oct 2012 19:30:01 UTC; Severity: normal; Tags: security; Found in version cron/3.0pl1-124; Filed 10 years and 253 days ago; Modified 10 years and 251 days ago;
#692783 [n|S| ] [libc6] libc6: fcloseall() doesn't close any streams
Reported by: Piotr Engelking <inkerman42@gmail.com>; Date: Thu, 8 Nov 2012 19:12:02 UTC; Severity: normal; Tags: security; Found in version eglibc/2.13-36; Filed 10 years and 237 days ago; Modified 10 years and 237 days ago;
#716396 [n|S|=] [pvm-dev] [Mayhem] Bug report on pvm-dev: trcsort crashes with exit status 139
Reported by: Alexandre Rebert <alexandre@cmu.edu>; Date: Wed, 10 Jul 2013 20:12:54 UTC; Severity: normal; Tags: security; Merged with 729277; Found in version pvm/3.4.5-12.5; Filed 9 years and 358 days ago; Modified 9 years and 234 days ago;
#724287 [n|S| ] [rt4-extension-jsgantt] rt4-extension-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Reported by: Jonas Smedegaard <dr@jones.dk>; Date: Mon, 23 Sep 2013 12:00:01 UTC; Severity: normal; Tags: security; Filed 9 years and 283 days ago; Modified 3 years and 174 days ago;
#725655 [n|S| ] [pass] should protect the list of accounts
Reported by: Joey Hess <joeyh@debian.org>; Date: Mon, 7 Oct 2013 02:15:02 UTC; Severity: normal; Tags: security; Found in version password-store/1.4.2-1; Filed 9 years and 269 days ago; Modified 9 years and 269 days ago;
#739047 [n|Su| ] [webfs] Bad Permissions check for linking files
Reported by: Narcis Garcia <debianbugs@actiu.net>; Date: Sat, 15 Feb 2014 12:33:01 UTC; Severity: normal; Tags: security, upstream; Found in version webfs/1.21+ds1-8.1; Filed 9 years and 138 days ago; Modified 9 years and 138 days ago;
#740257 [n|S| ] [evolution] evolution: Evolution takes over host name from backup file
Reported by: Masei1202 <masei1202@freenet.de>; Date: Thu, 27 Feb 2014 14:57:01 UTC; Severity: normal; Tags: security; Found in version evolution/3.4.4-3; Filed 9 years and 126 days ago; Modified 9 years and 126 days ago;
#748354 [n|S| ] [keyutils] keyutils: key timeout have reset after udev starts
Reported by: Dmitriy Matrosov <sgf.dma@gmail.com>; Date: Fri, 16 May 2014 14:15:01 UTC; Severity: normal; Tags: security; Found in version keyutils/1.5.6-1; Filed 9 years and 48 days ago; Modified 9 years and 38 days ago;
#763423 [n|S| ] [kphotoalbum] kphotoalbum: Android support is great - but it has *no security*
Reported by: Mark Eichin <eichin@thok.org>; Date: Tue, 30 Sep 2014 06:42:02 UTC; Severity: normal; Tags: security; Found in version kphotoalbum/4.5-1; Filed 8 years and 276 days ago; Modified 8 years and 238 days ago;
#771375 [n|S| ] [nvi] nvi: insecure use of /var/tmp
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Fri, 28 Nov 2014 22:21:02 UTC; Severity: normal; Tags: security; Found in version nvi/1.81.6-11; Filed 8 years and 217 days ago; Modified 8 years and 209 days ago;
#781056 [n|S| ] [bash] bash: undocumented deviation from upstream behaviour
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Mon, 23 Mar 2015 21:15:02 UTC; Severity: normal; Tags: security; Found in version bash/4.3-12; Filed 8 years and 102 days ago; Modified 8 years and 102 days ago;
#788698 [n|S| ] [liblwp-protocol-https-perl] liblwp-protocol-https-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables verification that hostname matches CN/subjectAltName
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Sun, 14 Jun 2015 11:12:02 UTC; Severity: normal; Tags: security; Found in version liblwp-protocol-https-perl/6.06-2; Filed 8 years and 19 days ago; Modified 7 years and 272 days ago;
#795908 [n|S| ] [cdimage.debian.org] Missing hashes for firmware-8.1.0-amd64-i386-netinst.iso
Reported by: Hendrik Weimer <hendrik@enyo.de>; Date: Mon, 17 Aug 2015 19:48:02 UTC; Severity: normal; Tags: security; Filed 7 years and 320 days ago; Modified 7 years and 320 days ago;
#796476 [n|S| ] [release.debian.org] ftp.debian.org: valid-until for stable
Reported by: Raphael Geissert <geissert@debian.org>; Date: Fri, 21 Aug 2015 23:33:02 UTC; Severity: normal; Tags: security; Filed 7 years and 316 days ago; Modified 5 years and 309 days ago;
#798552 [n|S| ] [gdm3] gdm3: password can be unmasked even after "submitting" the credentials
Reported by: Raphael Geissert <geissert@debian.org>; Date: Thu, 10 Sep 2015 13:36:02 UTC; Severity: normal; Tags: security; Found in version gdm3/3.14.1-7; Filed 7 years and 296 days ago; Modified 7 years and 296 days ago;
#810216 [n|S|=] [certbot] letsencrypt: fails to run as unprivileged user
Reported by: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>; Date: Thu, 7 Jan 2016 10:39:02 UTC; Severity: normal; Tags: security; Merged with 819107, 845459, 859209, 893738, 902620; Found in versions python-certbot/0.8.1-2, python-certbot/0.8.1-2~bpo8+1, python-certbot/0.10.2-1; Filed 7 years and 177 days ago; Modified 5 years and 1 day ago;
#811308 [n|S|☺☣] [imagemagick] Multiple minor security issues
Reported by: Vincent Fourmond <fourmond@debian.org>; Date: Sun, 17 Jan 2016 20:33:01 UTC; Severity: normal; Tags: security; Found in versions imagemagick/8:6.8.9.9-7, imagemagick/8:6.8.9.9-5; Fixed in version imagemagick/8:6.7.7.10-5+deb7u4; Filed 7 years and 167 days ago; Modified 4 years and 255 days ago;
#820519 [n|S| ] [sitecopy] sitecopy: fails to accept SSL certificates issued by a CA (Let's Encrypt)
Reported by: "Francesco Poli \(wintermute\)" <invernomuto@paranoici.org>; Date: Sat, 9 Apr 2016 11:42:01 UTC; Severity: normal; Tags: security; Found in version sitecopy/1:0.16.6-7; Filed 7 years and 84 days ago; Modified 5 years and 296 days ago;
#825124 [n|S| ] [debarchiver] debarchiver: allow to configure which crypto algos are accepted for uploads
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Mon, 23 May 2016 20:09:01 UTC; Severity: normal; Tags: security; Found in version debarchiver/0.10.5; Filed 7 years and 40 days ago; Modified 7 years and 24 days ago;
#827395 [n|Su| ] [firefox-esr] firefox-esr: Firefox-esr privacy invading defaults load beacons on 1st run
Reported by: Ann Onymous <tempp2002-deb@yahoo.com>; Date: Wed, 15 Jun 2016 18:03:01 UTC; Severity: normal; Tags: security, upstream; Found in versions firefox-esr/45.2.0esr-1, firefox/49.0-4, firefox-esr/45.2.0esr-1~deb8u1; Filed 7 years and 17 days ago; Modified 5 years and 269 days ago;
#830941 [n|S| ] [src:icingaweb2] icingaweb2: don't mangle around in the Apache configs
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Wed, 13 Jul 2016 03:36:28 UTC; Severity: normal; Tags: security; Found in version icingaweb2/2.3.4-1; Filed 6 years and 354 days ago; Modified 6 years and 349 days ago;
#854344 [n|S| ] [lightdm] Screensaver lock can be skipped using lightdm autologin
Reported by: Ivar Smolin <okul@linux.ee>; Date: Mon, 6 Feb 2017 09:36:02 UTC; Severity: normal; Tags: security; Found in version lightdm/1.18.3-1; Filed 6 years and 146 days ago; Modified 6 years and 112 days ago;
#862899 [n|Su| ] [rsync] rsync: insufficient escaping/quoting of arguments
Reported by: Thorsten Glaser <tg@mirbsd.de>; Date: Thu, 18 May 2017 11:21:01 UTC; Severity: normal; Tags: security, upstream; Found in versions rsync/3.1.1-3, rsync/3.1.2-2; Filed 6 years and 45 days ago; Modified 5 years and 71 days ago;
#863317 [n|S| ] [apt] apt: susceptible to replay attacks
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Thu, 25 May 2017 11:48:01 UTC; Severity: normal; Tags: security; Found in versions apt/1.0.9.8.4, apt/1.0.9.8; Filed 6 years and 38 days ago; Modified 6 years and 30 days ago;
#866670 [n|S| ] [ca-certificates] ca-certificates: update-ca-certificates -f does not pass removed certs to hooks
Reported by: Stephen Byrne <stephen@sbyrne.net>; Date: Fri, 30 Jun 2017 18:39:01 UTC; Severity: normal; Tags: security; Found in version 20170531+nmu1; Filed 6 years and 2 days ago; Modified 3 years and 231 days ago;
#867520 [n|S| ] [arj] arj: directory traversal via two symlinks
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Fri, 7 Jul 2017 00:45:02 UTC; Severity: normal; Tags: security; Found in version arj/3.10.22-15; Filed 5 years and 361 days ago; Modified 5 years and 361 days ago;
#868730 [n|S| ] [rkhunter] rkhunter: /var/lib/rkhunter/tmp shouldn't be world-readable
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Tue, 18 Jul 2017 01:39:03 UTC; Severity: normal; Tags: security; Found in version rkhunter/1.4.4-2; Filed 5 years and 350 days ago; Modified 5 years and 350 days ago;
#875311 [n|Su| ] [src:gedit] gedit: CVE-2017-14108: CPU consumption via crafted file
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 10 Sep 2017 15:27:01 UTC; Severity: normal; Tags: security, upstream; Found in versions gedit/3.22.1-1, gedit/3.14.0-3; Filed 5 years and 295 days ago; Modified 5 years and 36 days ago;
#878012 [n|S| ] [nautilus] nautilus: path traversal via directory symlink
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Sun, 8 Oct 2017 14:51:05 UTC; Severity: normal; Tags: security; Found in version nautilus/3.26.0-1; Filed 5 years and 267 days ago; Modified 5 years and 267 days ago;
#878269 [n|S| ] [ark] ark: path traversal via directory symlink
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Wed, 11 Oct 2017 22:06:01 UTC; Severity: normal; Tags: security; Found in version ark/4:16.08.3-2; Filed 5 years and 264 days ago; Modified 5 years and 264 days ago;
#880877 [n|S| ] [reportbug] reportbug: leak user private information in the SMTP log
Reported by: borissh1983+bugs@gmail.com; Date: Sun, 5 Nov 2017 10:27:02 UTC; Severity: normal; Tags: security; Found in versions reportbug/7.1.7, reportbug/7.10.3+deb11u1; Filed 5 years and 239 days ago; Modified 341 days ago;
#881131 [n|S| ] [src:sox] bs1770gain: divide by zero while running bs1770gain
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 05:33:05 UTC; Severity: normal; Tags: security; Found in version sox/14.4.1-5; Filed 5 years and 236 days ago; Modified 67 days ago;
#882223 [n|S| ] [glibc-doc-reference] Document security problems with system.3 and popen.3 (argument injection)
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>; Date: Mon, 20 Nov 2017 11:33:02 UTC; Severity: normal; Tags: security; Filed 5 years and 224 days ago; Modified 5 years and 223 days ago;
#886776 [n|S| ] [genisoimage] genisoimage: Buffer Overflow found in isoinfo executable
Reported by: Julian Jackson <julian@relativ.it>; Date: Tue, 9 Jan 2018 20:12:02 UTC; Severity: normal; Tags: security; Found in version cdrkit/9:1.1.11-3; Filed 5 years and 174 days ago; Modified 4 years and 340 days ago;
#889680 [n|Su| ] [src:git] git: CVE-2018-1000021: client prints server sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 5 Feb 2018 19:39:02 UTC; Severity: normal; Tags: security, upstream; Found in version git/1:2.15.1-1; Filed 5 years and 147 days ago; Modified 5 years and 115 days ago;
#895950 [n|Su| ] [src:freeipa] freeipa: CVE-2017-12169: Password hash disclosure via 'System: Read Stage Users' permission
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 17 Apr 2018 18:57:01 UTC; Severity: normal; Tags: security, upstream; Found in version freeipa/4.3.1-1; Filed 5 years and 76 days ago; Modified 5 years and 76 days ago;
#903196 [n|Su| ] [src:zip] zip: CVE-2018-13410
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 7 Jul 2018 12:21:01 UTC; Severity: normal; Tags: security, upstream; Found in version zip/3.0-11; Filed 4 years and 360 days ago; Modified 4 years and 360 days ago;
#907503 [n|Su| ] [src:openssh] openssh: CVE-2018-15919: user enumeration via auth2-gss.c
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 28 Aug 2018 20:09:02 UTC; Severity: normal; Tags: security, upstream; Found in version openssh/1:6.7p1-1; Filed 4 years and 308 days ago; Modified 4 years and 308 days ago;
#911432 [n|S| ] [posh] posh-0.13.2 massive memory leak / segfault
Reported by: "orbea@fredslev.dk" <orbea@fredslev.dk>; Date: Sat, 20 Oct 2018 04:09:01 UTC; Severity: normal; Tags: security; Found in version posh/0.13.2; Filed 4 years and 255 days ago; Modified 4 years and 198 days ago;
#911834 [n|S| ] [mate-screensaver] mate-screensaver does not lock the screen
Reported by: Kairat Kevin <kevin.kairat@stadt.koblenz.de>; Date: Thu, 25 Oct 2018 09:42:01 UTC; Severity: normal; Tags: security; Found in version 1.16.1; Filed 4 years and 250 days ago; Modified 4 years and 250 days ago;
#917573 [n|Su| ] [src:libxsmm] libxsmm: CVE-2018-20543
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 28 Dec 2018 20:15:01 UTC; Severity: normal; Tags: security, upstream; Found in version libxsmm/1.9-1; Filed 4 years and 186 days ago; Modified 4 years and 186 days ago;
#919526 [n|Su| ] [catdoc] CVE-2018-20451 CVE-2018-20453
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Wed, 16 Jan 2019 22:06:02 UTC; Severity: normal; Tags: security, upstream; Found in version catdoc/1:0.95-4.1; Filed 4 years and 167 days ago; Modified 4 years and 164 days ago;
#924717 [n|S| ] [corekeeper] corekeeper: no way to disable core dumping
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Sat, 16 Mar 2019 10:12:02 UTC; Severity: normal; Tags: security; Found in version corekeeper/1.6; Filed 4 years and 108 days ago; Modified 4 years and 67 days ago;
#929266 [n|Su| ] [axis] axis: CVE-2019-0227
Reported by: Sylvain Beucler <beuc@beuc.net>; Date: Mon, 20 May 2019 10:33:01 UTC; Severity: normal; Tags: security, upstream; Filed 4 years and 43 days ago; Modified 4 years and 39 days ago;
#931524 [n|S|☣] [ftp.debian.org] security.debian.org: bullseye security updates may be silently skipped on systems using apt pinning
Reported by: Piotr Engelking <inkerman42@gmail.com>; Date: Sun, 7 Jul 2019 08:06:02 UTC; Severity: normal; Tags: security; Filed 3 years and 360 days ago; Modified 2 years and 357 days ago;
#942008 [n|S| ] [fwupd] fwupd: uses SHA-1 for integrity
Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>; Date: Tue, 8 Oct 2019 23:15:02 UTC; Severity: normal; Tags: security; Found in version fwupd/1.3.2-1; Filed 3 years and 267 days ago; Modified 3 years and 173 days ago;
#943358 [n|S| ] [synaptic] synaptic: Synaptic 0.84.8 installs packets with "depends on" absent packages
Reported by: Сергей Фёдоров <serfyod0vr@yandex.ru>; Date: Wed, 23 Oct 2019 20:06:02 UTC; Severity: normal; Tags: security; Found in version synaptic/0.84.8; Filed 3 years and 252 days ago; Modified 3 years and 251 days ago;
#945283 [n|S| ] [apt] users should check whether they get same packages as all other users get
Reported by: dinar qurbanov <qdinar@gmail.com>; Date: Fri, 22 Nov 2019 12:21:05 UTC; Severity: normal; Tags: security; Found in version apt/1.8.2; Filed 3 years and 222 days ago; Modified 3 years and 217 days ago;
#950295 [n|S| ] [gnome-keyring] gnome-keyring: uses MD5
Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>; Date: Fri, 31 Jan 2020 04:03:02 UTC; Severity: normal; Tags: security; Found in version gnome-keyring/3.34.0-1; Filed 3 years and 152 days ago; Modified 3 years and 152 days ago;
#953098 [n|S| ] [xscreensaver] xscreensaver: Crashes with XIO: fatal IO error
Reported by: Jens Holzkämper <jens.holzkaemper@zbmath.org>; Date: Wed, 4 Mar 2020 13:21:02 UTC; Severity: normal; Tags: security; Found in version xscreensaver/5.42+dfsg1-1; Filed 3 years and 119 days ago; Modified 2 years and 263 days ago;
#958216 [n|S| ] [thunderbird] thunderbird: digital pkcs7 s/mime signature is not recognized
Reported by: Björn <deleo@gmx.de>; Date: Sun, 19 Apr 2020 19:39:07 UTC; Severity: normal; Tags: security; Found in version thunderbird/1:68.5.0-1; Filed 3 years and 73 days ago; Modified 3 years and 72 days ago;
#958998 [n|Su| ] [src:duo-unix] CVE-2020-12135 in embedded bson
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 27 Apr 2020 21:12:01 UTC; Severity: normal; Tags: security, upstream; Filed 3 years and 65 days ago; Modified 3 years and 64 days ago;
#972692 [n|S| ] [dvipng] dvipng: Security - Floating point exception
Reported by: Antoine Cervoise <debian@antoine-cervoise.fr>; Date: Thu, 22 Oct 2020 16:09:02 UTC; Severity: normal; Tags: security; Found in version dvipng/1.15-1.1; Filed 2 years and 252 days ago; Modified 229 days ago;
#979678 [n|Su| ] [qemu] qemu: CVE-2020-35503: NULL pointer dereference issue in megasas-gen2 host bus adapter
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 9 Jan 2021 23:00:01 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:5.2+dfsg-3; Filed 2 years and 173 days ago; Modified 1 year and 126 days ago;
#980345 [n|S| ] [mailcap] run-mailcap: shell command injection vulnerability
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Sun, 17 Jan 2021 22:48:02 UTC; Severity: normal; Tags: security; Found in version mailcap/3.68; Filed 2 years and 165 days ago; Modified 2 years and 165 days ago;
#982953 [n|S| ] [openshot-qt] openshot-qt has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Wed, 17 Feb 2021 10:12:02 UTC; Severity: normal; Tags: security; Found in version openshot-qt/2.5.1+dfsg1-1; Filed 2 years and 134 days ago; Modified 2 years and 134 days ago;
#984451 [n|Su| ] [qemu] qemu: CVE-2021-20255: stack overflow via an infinite recursion in eepro100 i8255x device
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Wed, 3 Mar 2021 19:21:06 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:5.2+dfsg-6; Filed 2 years and 120 days ago; Modified 1 year and 126 days ago;
#987416 [n|S| ] [tenace] tenace has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 14:36:14 UTC; Severity: normal; Tags: security; Found in version tenace/0.16-2; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987424 [n|S| ] [mgetty-viewfax] mgetty-viewfax has mailcap entries with quoted %-escapes
Reported by: Marriott NZ <marriott99@gmx.com>; Date: Fri, 23 Apr 2021 17:21:01 UTC; Severity: normal; Tags: security; Found in version mgetty/1.2.1-1.1; Filed 2 years and 69 days ago; Modified 2 years and 69 days ago;
#987952 [n|S| ] [apg] apg: security concerns in apg
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sun, 2 May 2021 15:33:05 UTC; Severity: normal; Tags: security; Found in version apg/2.2.3.dfsg.1-5; Filed 2 years and 60 days ago; Modified 2 years and 55 days ago;
#999899 [n|S| ] [debian-goodies] dman: bad signal handling leads to insecure use of /tmp
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Thu, 18 Nov 2021 08:30:02 UTC; Severity: normal; Tags: security; Found in version debian-goodies/0.87; Filed 1 year and 225 days ago; Modified 1 year and 225 days ago;
#1002797 [n|S| ] [initramfs-tools] initramfs-tools: UMASK option doesn't catch all cases
Reported by: Christoph Anton Mitterer <calestyo@scientia.org>; Date: Tue, 28 Dec 2021 23:39:01 UTC; Severity: normal; Tags: security; Found in version initramfs-tools/0.140; Filed 1 year and 185 days ago; Modified 1 year and 185 days ago;
#1003032 [n|S| ] [debootstrap] debootstrap: harden signature checking
Reported by: Philippe Cerfon <philcerf@gmail.com>; Date: Sun, 2 Jan 2022 23:15:04 UTC; Severity: normal; Tags: security; Found in version debootstrap/1.0.126+nmu1; Filed 1 year and 180 days ago; Modified 1 year and 180 days ago;
#1003973 [n|S| ] [src:tasksel] Should we pull in fwupd by default for most systems?
Reported by: Steve McIntyre <steve@einval.com>; Date: Tue, 18 Jan 2022 19:15:02 UTC; Severity: normal; Tags: security; Filed 1 year and 164 days ago; Modified 1 year and 164 days ago;
#1010718 [n|S| ] [portsentry] After installed portsentry doesn't create automatically portsentry.history
Reported by: Michel Gabriel Ramirez Fournier <michelgrf@gmail.com>; Date: Sun, 8 May 2022 08:15:02 UTC; Severity: normal; Tags: security; Found in version portsentry/1.2-14; Filed 1 year and 54 days ago; Modified 1 year and 54 days ago;
#1014468 [n|Su| ] [src:edk2] edk2: CVE-2021-38576 CVE-2021-38578
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 6 Jul 2022 15:21:02 UTC; Severity: normal; Tags: security, upstream; Filed 360 days ago; Modified 212 days ago;
#1014722 [n|S| ] [src:ansible] ansible: CVE-2021-3532
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 10 Jul 2022 20:30:02 UTC; Severity: normal; Tags: security; Filed 356 days ago; Modified 356 days ago;
#1014767 [n|Su| ] [src:qemu] qemu: CVE-2021-3735: ahci: deadlock issue leads to denial of service
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 18:03:01 UTC; Severity: normal; Tags: security, upstream; Filed 355 days ago; Modified 35 days ago;
#1014783 [n|Su| ] [src:faust] faust: CVE-2021-41736 CVE-2021-41737
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 19:54:01 UTC; Severity: normal; Tags: security, upstream; Filed 355 days ago; Modified 355 days ago;
#1014858 [n|Su| ] [src:libpodofo] libpodofo: CVE-2020-18971
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 13 Jul 2022 10:03:01 UTC; Severity: normal; Tags: security, upstream; Filed 353 days ago; Modified 353 days ago;
#1023945 [n|S| ] [ca-certificates] ca-certificates: Trustcor root certificate should be removed
Reported by: "H.-Dirk Schmitt" <dirk@computer42.org>; Date: Sat, 12 Nov 2022 20:36:02 UTC; Severity: normal; Tags: security; Found in version ca-certificates/20210119; Filed 231 days ago; Modified 206 days ago;
#1024149 [n|Su|☣] [src:linux] linux-image-amd64: 32-bit mmap() puts large files at non-random address
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 15 Nov 2022 15:21:07 UTC; Severity: normal; Tags: security, upstream; Found in versions linux/5.18-1~exp1, linux/6.0.8-1; Filed 228 days ago; Modified 168 days ago;
#1025845 [n|S| ] [src:linux] linux: please enable CONFIG_KFENCE
Reported by: Christian Göttsche <cgzones@googlemail.com>; Date: Sat, 10 Dec 2022 13:18:01 UTC; Severity: normal; Tags: security; Found in version linux/6.0.12-1; Filed 203 days ago; Modified 203 days ago;
#1026030 [n|S| ] [python3-debianbts] python3-debianbts: doesn't verify server's TLS cert
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 13 Dec 2022 14:30:01 UTC; Severity: normal; Tags: security; Found in version python-debianbts/4.0.1; Filed 200 days ago; Modified 200 days ago;
#1026908 [n|S| ] [poppler-utils] pdfdetach: directory traversal
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Fri, 23 Dec 2022 18:33:01 UTC; Severity: normal; Tags: security; Found in version poppler/22.08.0-2.1; Filed 190 days ago; Modified 190 days ago;
#1027472 [n|S| ] [src:ledgersmb] ledgersmb: upstram says 1.6 is unsupported and insecure. Newer upstream version 1.10 available
Reported by: Tobias Frost <tobi@debian.org>; Date: Sun, 1 Jan 2023 11:51:01 UTC; Severity: normal; Tags: security; Filed 181 days ago; Modified 180 days ago;
#1027833 [n|S| ] [user-mode-linux] user-mode-linux: hostfs directory traversal
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 3 Jan 2023 21:33:02 UTC; Severity: normal; Tags: security; Found in version user-mode-linux/6.0um1; Filed 179 days ago; Modified 144 days ago;
#1028409 [n|S| ] [vim] vim: insecure use of /var/tmp when editing .gz files
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 10 Jan 2023 18:03:02 UTC; Severity: normal; Tags: security; Found in version vim/2:9.0.1000-3; Filed 172 days ago; Modified 169 days ago;
#1029039 [n|Su| ] [src:shiro] shiro: CVE-2023-22602
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 16 Jan 2023 19:36:01 UTC; Severity: normal; Tags: security, upstream; Filed 166 days ago; Modified 166 days ago;
#1031938 [n|S| ] [debian-goodies] debmany: dialog option injection
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Sat, 25 Feb 2023 16:54:01 UTC; Severity: normal; Tags: security; Found in version debian-goodies/0.88.1; Filed 126 days ago; Modified 126 days ago;
#1032029 [n|S| ] [mosquitto] mosquitto ignores ip address for websocket listeners
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Sun, 26 Feb 2023 19:39:01 UTC; Severity: normal; Tags: security; Found in version mosquitto/2.0.11-1; Filed 125 days ago; Modified 108 days ago;
#1032668 [n|Su| ] [src:nvidia-cuda-toolkit] nvidia-cuda-toolkit: CVE-2023-0193 CVE-2023-0196
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:03:11 UTC; Severity: normal; Tags: security, upstream; Found in version nvidia-cuda-toolkit/4.0.13-1; Filed 113 days ago; Modified 68 days ago;
#1032669 [n|Su| ] [src:wabt] wabt: CVE-2023-27115 CVE-2023-27116 CVE-2023-27117 CVE-2023-27119
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:06:01 UTC; Severity: normal; Tags: security, upstream; Filed 113 days ago; Modified 113 days ago;
#1033367 [n|S| ] [kea-ctrl-agent] kea-ctrl-agent: Unrestricted default RESTful interface on 127.0.0.1:8000
Reported by: Paride Legovini <paride@debian.org>; Date: Thu, 23 Mar 2023 18:03:01 UTC; Severity: normal; Tags: security; Found in version isc-kea/2.2.0-5; Filed 100 days ago; Modified 100 days ago;
#1034155 [n|Su| ] [src:ippsample] ippsample: CVE-2023-28428
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 10 Apr 2023 12:42:01 UTC; Severity: normal; Tags: security, upstream; Found in version ippsample/0.0~git20220607.72f89b3-1; Filed 82 days ago; Modified 82 days ago;
#1034805 [n|Su| ] [src:fis-gtm] fis-gtm: CVE-2021-44496 CVE-2021-44504
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 21:03:02 UTC; Severity: normal; Tags: security, upstream; Filed 68 days ago; Modified 67 days ago;
#1036283 [n|Su| ] [src:jruby] jruby: CVE-2023-28755 CVE-2023-28756
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 18 May 2023 13:24:06 UTC; Severity: normal; Tags: security, upstream; Filed 44 days ago; Modified 44 days ago;
#1036703 [n|Su| ] [src:teeworlds] teeworlds: CVE-2023-31517 CVE-2023-31518
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 13:54:05 UTC; Severity: normal; Tags: security, upstream; Filed 38 days ago; Modified 38 days ago;

Outstanding bugs -- Normal bugs; More information needed (6 bugs)

#314645 [n|MSR| ] [ssh] /usr/sbin/sshd: time delay of password check proves account existence to attackers
Reported by: Greg Webster <greg@intouch.ca>; Date: Fri, 17 Jun 2005 16:18:05 UTC; Severity: normal; Tags: moreinfo, security, unreproducible; Found in version 1:3.8.1p1-8.sarge.4; Filed 18 years and 18 days ago; Modified 17 years and 186 days ago;
#591581 [n|MS|=] [src:linux] r8169: Changing MTU reopens DoS vulnerability (CVE-2009-4537)
Reported by: Ben Hutchings <ben@decadent.org.uk>; Date: Thu, 7 Jan 2010 19:06:01 UTC; Severity: normal; Tags: moreinfo, security; Merged with 592184; Filed 13 years and 178 days ago; Modified 2 years and 54 days ago;
#703822 [n|MSu| ] [rar] rar: I'm getting "stack smashing detected" errors
Reported by: Jasen Betts <jasen@xnet.co.nz>; Date: Sun, 24 Mar 2013 09:48:02 UTC; Severity: normal; Tags: moreinfo, security, upstream; Found in version rar/2:3.9.3-1; Filed 10 years and 101 days ago; Modified 1 year and 281 days ago;
#760029 [n|MS| ] [src:systemd] systemd: doesn't initialise RANDOM_SEED upon installation
Reported by: Raphael Geissert <geissert@debian.org>; Date: Sun, 31 Aug 2014 04:00:01 UTC; Severity: normal; Tags: moreinfo, security; Found in version systemd/208-8; Filed 8 years and 306 days ago; Modified 7 years and 135 days ago;
#884923 [n|MSu| ] [src:abiword] abiword: CVE-2017-17529
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 21 Dec 2017 12:57:02 UTC; Severity: normal; Tags: moreinfo, security, upstream; Found in version abiword/3.0.2-5; Filed 5 years and 193 days ago; Modified 4 years and 179 days ago;
#1022781 [n|MSR| ] [xautolock] Unable to lock an existing session
Reported by: martin f krafft <madduck@debian.org>; Date: Tue, 25 Oct 2022 18:36:01 UTC; Severity: normal; Tags: moreinfo, security, unreproducible; Found in version xautolock/1:2.2-7; Filed 249 days ago; Modified 222 days ago;

Outstanding bugs -- Normal bugs; Will Not Fix (2 bugs)

#744921 [n|Su☹| ] [spamassassin] spamassassin: Daily cron script wants to set a shared library world writable
Reported by: Roger Dover <roger@fbo2.mooo.com>; Date: Wed, 16 Apr 2014 09:39:02 UTC; Severity: normal; Tags: security, upstream, wontfix; Found in version spamassassin/3.3.2-5; Filed 9 years and 78 days ago; Modified 8 years and 263 days ago;
#1012547 [n|S☹| ] [src:linux] linux: disable user namespaces per default
Reported by: Philippe Cerfon <philcerf@gmail.com>; Date: Thu, 9 Jun 2022 00:00:01 UTC; Severity: normal; Tags: security, wontfix; Found in version linux/5.17.11-1; Filed 1 year and 23 days ago; Modified 248 days ago;

Outstanding bugs -- Minor bugs; Unclassified (10 bugs)

#535882 [m|S| ] [swish++] swish++: insecure temp files handling
Reported by: Raphael Geissert <atomo64@gmail.com>; Date: Sun, 5 Jul 2009 19:03:08 UTC; Severity: minor; Tags: security; Found in version swish++/6.1.5-2; Filed 13 years and 364 days ago; Modified 4 years and 300 days ago;
#563398 [m|S| ] [pbuilder] SECURITY: Host user 1234 can tamper with build chroot
Reported by: "Steinar H. Gunderson" <sesse@debian.org>; Date: Wed, 27 Jun 2007 09:00:18 UTC; Severity: minor; Tags: security; Found in version pbuilder/0.170; Filed 16 years and 8 days ago; Modified 7 years and 273 days ago;
#679973 [m|S| ] [xscreensaver-data] xscreensaver-data: disable hacks that reveal the desktop
Reported by: Sven Ulland <sveniu@opera.com>; Date: Mon, 2 Jul 2012 19:12:01 UTC; Severity: minor; Tags: security; Found in versions xscreensaver/5.15-3, xscreensaver/5.26-1; Filed 11 years and 1 day ago; Modified 8 years and 310 days ago;
#696621 [m|S| ] [printer-driver-foo2zjs] hipercdecode: strange 50MiB variable in bss segment
Reported by: Steven Chamberlain <steven@pyro.eu.org>; Date: Mon, 24 Dec 2012 03:39:02 UTC; Severity: minor; Tags: security; Found in version foo2zjs/20120510dfsg0-1; Filed 10 years and 191 days ago; Modified 10 years and 191 days ago;
#744799 [m|S| ] [elinks] elinks follows HTTP redirects to file:// URLs
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Mon, 14 Apr 2014 20:12:02 UTC; Severity: minor; Tags: security; Found in version elinks/0.12~pre6-4; Filed 9 years and 80 days ago; Modified 9 years and 61 days ago;
#858678 [m|USu| ] [src:pcre3] pcre3: CVE-2017-7245
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 25 Mar 2017 07:21:02 UTC; Severity: minor; Tags: fixed-upstream, security, upstream; Found in versions pcre3/2:8.39-2.1, pcre3/2:8.39-3; Filed 6 years and 99 days ago; Modified 6 years and 96 days ago;
#858679 [m|USu| ] [src:pcre3] pcre3: CVE-2017-7246
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 25 Mar 2017 07:21:05 UTC; Severity: minor; Tags: fixed-upstream, security, upstream; Found in versions pcre3/2:8.39-2.1, pcre3/2:8.39-3; Filed 6 years and 99 days ago; Modified 6 years and 96 days ago;
#871931 [m|Su| ] [src:libvpx] libvpx: CVE-2017-0641
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 12 Aug 2017 17:03:01 UTC; Severity: minor; Tags: security, upstream; Found in versions libvpx/1.3.0-3, libvpx/1.6.1-3; Filed 5 years and 324 days ago; Modified 5 years and 324 days ago;
#876896 [m|S|♙] [dput] dput: please have rsync not change permissions (-p)
Reported by: Ansgar Burchardt <ansgar@debian.org>; Date: Tue, 26 Sep 2017 18:42:01 UTC; Severity: minor; Tags: security; Found in version dput/0.12.1; Fix blocked by 888631: dput: Allow override of remote ‘chmod’ operation; Filed 5 years and 279 days ago; Modified 3 years and 169 days ago;
#994455 [m|Su| ] [golang-github-containers-common] golang-github-containers-common: secomp.json may be a config file
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Thu, 16 Sep 2021 08:39:02 UTC; Severity: minor; Tags: security, upstream; Filed 1 year and 288 days ago; Modified 1 year and 288 days ago;

Outstanding bugs -- Minor bugs; More information needed (1 bug)

#508867 [m|MS| ] [libxau6] libxau6: ESTALE on nfs mounts
Reported by: Tim Connors <reportbug@rather.puzzling.org>; Date: Tue, 16 Dec 2008 04:15:02 UTC; Severity: minor; Tags: moreinfo, security; Found in version libxau/1:1.0.3-3; Filed 14 years and 200 days ago; Modified 9 years and 163 days ago;

Outstanding bugs -- Minor bugs; Will Not Fix (1 bug)

#845204 [m|U+S☹| ] [src:imagemagick] CVE-2016-8678: Q64 version heap-based buffer overflow in IsPixelMonochrome
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>; Date: Mon, 21 Nov 2016 12:48:02 UTC; Severity: minor; Tags: fixed-upstream, patch, security, wontfix; Found in versions imagemagick/8:6.7.7.10-5+deb7u7, imagemagick/8:6.7.7.10-5, imagemagick/8:6.9.6.2+dfsg-2, imagemagick/8:6.7.7.10-4, imagemagick/8:6.8.9.9-5+deb8u5; Filed 6 years and 223 days ago; Modified 5 years and 354 days ago;

Outstanding bugs -- Wishlist items; Patch Available (4 bugs)

#178454 [w|+S| ] [at] at: please give at its own group/user
Reported by: Robert Bihlmeyer <robbe@orcus.priv.at>; Date: Sun, 26 Jan 2003 11:33:13 UTC; Severity: wishlist; Tags: patch, security; Found in version 3.1.8-11; Filed 20 years and 161 days ago; Modified 7 years and 353 days ago;
#662960 [w|+S| ] [ssmtp] ssmtp doesn't validate server TLS certificates
Reported by: "W. Trevor King" <wking@drexel.edu>; Date: Wed, 7 Mar 2012 16:09:02 UTC; Severity: wishlist; Tags: patch, security; Found in versions ssmtp/2.64-5, ssmtp/2.64-8; Filed 11 years and 118 days ago; Modified 4 years and 77 days ago;
#775449 [w|+S| ] [debootstrap] Provide sha size param instead of using environmental variable
Reported by: jnqnfe <jnqnfe@gmail.com>; Date: Thu, 15 Jan 2015 19:57:06 UTC; Severity: wishlist; Tags: patch, security; Filed 8 years and 169 days ago; Modified 5 years and 87 days ago;
#1033648 [w|+S| ] [minidlna] minidlna: support socket activation
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Wed, 29 Mar 2023 10:45:09 UTC; Severity: wishlist; Tags: patch, security; Found in version minidlna/1.3.0+dfsg-2.2; Filed 94 days ago; Modified 94 days ago;

Outstanding bugs -- Wishlist items; Confirmed (1 bug)

#358651 [w|S| ] [grub] grub: please install initial menu.lst with file permissions 600
Reported by: Ross Boylan <ross@biostat.ucsf.edu>; Date: Thu, 23 Mar 2006 18:18:07 UTC; Severity: wishlist; Tags: confirmed, security; Found in version grub/0.97-5; Filed 17 years and 104 days ago; Modified 15 years and 201 days ago;

Outstanding bugs -- Wishlist items; Unclassified (17 bugs)

#496401 [w|S| ] [postfix] please make debug code use safe tempfiles
Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>; Date: Sun, 24 Aug 2008 18:10:52 UTC; Severity: wishlist; Tags: security; Filed 14 years and 314 days ago; Modified 14 years and 312 days ago;
#545322 [w|S| ] [analog] mask user:password URL strings
Reported by: jidanni@jidanni.org; Date: Sun, 6 Sep 2009 13:36:02 UTC; Severity: wishlist; Tags: security; Filed 13 years and 301 days ago; Modified 13 years and 298 days ago;
#599916 [w|S| ] [src:linux] please set limits so that users cant kill the system
Reported by: Holger Levsen <holger@layer-acht.org>; Date: Tue, 12 Oct 2010 11:27:01 UTC; Severity: wishlist; Tags: security; Filed 12 years and 265 days ago; Modified 9 years and 358 days ago;
#679828 [w|S| ] [libc6] libc6: No easy way of enabling DNSSEC validation aka RES_USE_DNSSEC
Reported by: Matthew Grant <matthewgrant5@gmail.com>; Date: Sun, 1 Jul 2012 21:57:02 UTC; Severity: wishlist; Tags: security; Found in version eglibc/2.13-34; Filed 11 years and 2 days ago; Modified 10 years and 105 days ago;
#718225 [w|S| ] [live-build] live-build should authenticate files it downloads
Reported by: Evgeny Kapun <abacabadabacaba@gmail.com>; Date: Sun, 28 Jul 2013 23:45:01 UTC; Severity: wishlist; Tags: security; Found in version 1.0.6-2; Filed 9 years and 340 days ago; Modified 6 years and 215 days ago;
#777546 [w|S| ] [apache2] Please don't grant localhost unconditional access to mod_status
Reported by: Jean-Michel Nirgal Vourgère <jmv_deb@nirgal.com>; Date: Mon, 9 Feb 2015 16:39:02 UTC; Severity: wishlist; Tags: security; Found in version apache2/2.4.10-9; Filed 8 years and 144 days ago; Modified 1 year and 203 days ago;
#778873 [w|S| ] [apt] apt: make /etc/cron.daily/apt (and it's options) runnable more than daily
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sat, 21 Feb 2015 00:09:02 UTC; Severity: wishlist; Tags: security; Found in version apt/1.0.9.6; Filed 8 years and 133 days ago; Modified 5 years and 105 days ago;
#788816 [w|S| ] [kannel] /etc/kannel/kannel.conf usually contains passwords, should not be world-readable
Reported by: Kalle Niemitalo <kalle.niemitalo@procomp.fi>; Date: Mon, 15 Jun 2015 10:45:02 UTC; Severity: wishlist; Tags: security; Found in version kannel/1.4.3-2; Filed 8 years and 18 days ago; Modified 8 years and 18 days ago;
#792639 [w|S|=] [apt-listbugs] apt-listbugs: should use https to access bug tracking system
Reported by: Michael Gold <michael@bitplane.org>; Date: Fri, 17 Jul 2015 00:57:02 UTC; Severity: wishlist; Tags: security; Merged with 856844, 933252; Found in versions apt-listbugs/0.1.16, apt-listbugs/0.1.23, apt-listbugs/0.1.35; Filed 7 years and 352 days ago; Modified 240 days ago;
#809705 [w|S| ] [general] general: let people use non-free software but opt-out of non-open software
Reported by: Philippe Cerfon <philcerf@gmail.com>; Date: Sun, 3 Jan 2016 06:27:01 UTC; Severity: wishlist; Tags: security; Filed 7 years and 181 days ago; Modified 7 years and 175 days ago;
#829752 [w|S| ] [netfilter-persistent] netfilter-persistent systemd service does not lock the network if netfilter-persistent wrapper is failing at system bootup
Reported by: Patrick Schleizer <adrelanos@riseup.net>; Date: Tue, 5 Jul 2016 18:51:02 UTC; Severity: wishlist; Tags: security; Found in version iptables-persistent/1.0.4; Filed 6 years and 362 days ago; Modified 6 years and 282 days ago;
#831787 [w|S| ] [icingaweb2-common] icingaweb2-common: please don't unconditionally re-add www-data to icingaweb2 on upgrades
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Tue, 19 Jul 2016 12:57:01 UTC; Severity: wishlist; Tags: security; Filed 6 years and 348 days ago; Modified 6 years and 348 days ago;
#867601 [w|S| ] [src:slim] slim: should no longer run the Xorg server as root
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 7 Jul 2017 17:27:02 UTC; Severity: wishlist; Tags: security; Found in version slim/1.3.6-5.1; Filed 5 years and 360 days ago; Modified 5 years and 360 days ago;
#968755 [w|S| ] [network-manager] network-manager: Privacy settings should again be enabled by default
Reported by: thefoo <thefoo@foo.fo>; Date: Thu, 20 Aug 2020 22:33:01 UTC; Severity: wishlist; Tags: ipv6, security; Found in version network-manager/1.26.2-1; Filed 2 years and 315 days ago; Modified 2 years and 269 days ago;
#978642 [w|S|♙] [cryptsetup-initramfs] Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks from Initial Ramdisk (initramfs-tools or dracut)
Reported by: Patrick Schleizer <adrelanos@riseup.net>; Date: Tue, 29 Dec 2020 15:57:01 UTC; Severity: wishlist; Tags: security; Fix blocked by 778849: Support restoring initrd on shutdown and pivoting into it; Filed 2 years and 184 days ago; Modified 2 years and 184 days ago;
#995479 [w|S| ] [src:vte2.91] vte2.91: consider disabling/removing OSC7
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Fri, 1 Oct 2021 19:45:05 UTC; Severity: wishlist; Tags: security; Found in version vte2.91/0.64.2-3; Filed 1 year and 273 days ago; Modified 1 year and 273 days ago;
#1003033 [w|S| ] [src:cowdancer] cowdancer: harden package verification
Reported by: Philippe Cerfon <philcerf@gmail.com>; Date: Sun, 2 Jan 2022 23:45:02 UTC; Severity: wishlist; Tags: security; Found in version cowdancer/0.89; Filed 1 year and 180 days ago; Modified 1 year and 180 days ago;

Outstanding bugs -- Wishlist items; More information needed (2 bugs)

#816436 [w|MS| ] [glibc] glibc hardening patch
Reported by: bancfc@openmailbox.org; Date: Tue, 1 Mar 2016 20:15:01 UTC; Severity: wishlist; Tags: moreinfo, security; Found in version 2.21-9; Filed 7 years and 123 days ago; Modified 7 years and 123 days ago;
#918914 [w|MS|=] [dpkg-dev] dpkg-buildflags: Please add -fstack-clash-protection to default flags
Reported by: Harlan Lieberman-Berg <hlieberman@debian.org>; Date: Thu, 10 Jan 2019 14:45:01 UTC; Severity: wishlist; Tags: moreinfo, security; Merged with 1023562; Found in versions dpkg/1.21.9, dpkg/1.19.2; Filed 4 years and 173 days ago; Modified 9 days ago;

Outstanding bugs -- Wishlist items; Will Not Fix (1 bug)

#682704 [w|Su☹| ] [libpcap0.8] written dumps shouldn't be world-readable by default
Reported by: Michael Stummvoll <Michael@stummi.org>; Date: Tue, 24 Jul 2012 19:39:04 UTC; Severity: wishlist; Tags: security, upstream, wontfix; Filed 10 years and 344 days ago; Modified 10 years and 343 days ago;

Forwarded bugs -- Grave functionality bugs (4 bugs)

#961298 [G|USu|↝] [src:jodd] jodd: CVE-2018-21234: Potential vulnerability in JSON deserialization
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 22 May 2020 20:54:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version jodd/3.8.6-1; Forwarded to https://github.com/oblac/jodd/issues/628; Filed 3 years and 40 days ago; Modified 2 years and 42 days ago;
#1036061 [G|USu|↝] [src:frr] frr: CVE-2023-31489
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 14 May 2023 19:45:02 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version frr/8.4.2-1; Forwarded to https://github.com/FRRouting/frr/issues/13098; Filed 48 days ago; Modified 18 days ago;
#1036062 [G|USu|↝] [src:frr] frr: CVE-2023-31490
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 14 May 2023 19:51:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version frr/8.4.2-1; Forwarded to https://github.com/FRRouting/frr/issues/13099; Filed 48 days ago; Modified 18 days ago;
#1037322 [G|USu|↝] [amqp-tools] amqp-tools: CVE-2023-35789: Process leaks authentication data
Reported by: Christian Kastner <ckk@debian.org>; Date: Sun, 11 Jun 2023 10:33:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in versions librabbitmq/0.9.0-0.2, librabbitmq/0.11.0-1; Forwarded to https://github.com/alanxz/rabbitmq-c/issues/575; Filed 20 days ago; Modified 14 days ago;

Forwarded bugs -- Important bugs (153 bugs)

#290435 [i|S|↝] [tar] rmt filename support makes tar vulnerable to "phishing" attacks
Reported by: Joey Hess <joeyh@debian.org>; Date: Fri, 14 Jan 2005 04:48:21 UTC; Severity: important; Tags: security; Found in version 1.14-2; Forwarded to bug-tar@gnu.org; Filed 18 years and 172 days ago; Modified 4 years and 148 days ago;
#302790 [i|Su☹|↝] [hdup] Directory ownership gets lost
Reported by: FX <gentoo@sbcglobal.net>; Date: Sat, 2 Apr 2005 23:03:03 UTC; Severity: important; Tags: security, upstream, wontfix; Forwarded to miek@miek.nl; Filed 18 years and 94 days ago; Modified 16 years and 245 days ago;
#475502 [i|US|↝] [gnome-keyring] gnome-keyring doesn't respect "ssh-add -c"
Reported by: Peter Makholm <peter@makholm.net>; Date: Fri, 11 Apr 2008 08:09:02 UTC; Severity: important; Tags: fixed-upstream, security; Found in version gnome-keyring/2.22.0-2; Forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=525574; Filed 15 years and 84 days ago; Modified 3 years and 186 days ago;
#516916 [i|Su|↝] [libxml2] xsltproc: External entity problems for directory names containing spaces
Reported by: Julien LANGLOIS <julien@ulteo.com>; Date: Tue, 24 Feb 2009 13:30:01 UTC; Severity: important; Tags: security, upstream; Found in versions libxml2/2.9.4+dfsg1-2.2, libxml2/2.9.10+dfsg-6.7; Forwarded to https://gitlab.gnome.org/GNOME/libxml2/-/issues/287; Filed 14 years and 130 days ago; Modified 1 year and 359 days ago;
#550436 [i|Su|↝] [wget] wget: forks libntlm
Reported by: Michael S Gilbert <michael.s.gilbert@gmail.com>; Date: Sat, 10 Oct 2009 04:00:01 UTC; Severity: important; Tags: confirmed, security, upstream; Found in version wget/1.12-1; Forwarded to https://savannah.gnu.org/bugs/index.php?29504; Filed 13 years and 267 days ago; Modified 13 years and 83 days ago;
#561748 [i|S|↝] [src:proftpd-dfsg] proftpd-dfsg: embeds libtool
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Sun, 20 Dec 2009 03:39:05 UTC; Severity: important; Tags: security; Forwarded to https://github.com/proftpd/proftpd/issues/394; Filed 13 years and 196 days ago; Modified 6 years and 148 days ago;
#593120 [i|S|↝] [rkhunter] security of files copied by rkhunter
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sun, 15 Aug 2010 16:09:01 UTC; Severity: important; Tags: security; Found in version rkhunter/1.3.6-4; Forwarded to https://sourceforge.net/p/rkhunter/bugs/121/; Filed 12 years and 323 days ago; Modified 8 years and 258 days ago;
#684259 [i|US|↝] [network-manager] network-manager: CVE-2012-1096
Reported by: Moritz Muehlenhoff <jmm@inutil.org>; Date: Wed, 8 Aug 2012 06:03:01 UTC; Severity: important; Tags: fixed-upstream, security; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=793329; Filed 10 years and 329 days ago; Modified 2 years and 231 days ago;
#696868 [i|USu|↝] [wordpress] wordpress: CVE-2012-5868: wp-login.php session termination failure
Reported by: Henri Salo <henri@nerv.fi>; Date: Fri, 28 Dec 2012 14:45:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version wordpress/3.4.2+dfsg-1; Forwarded to https://core.trac.wordpress.org/ticket/20276; Filed 10 years and 187 days ago; Modified 20 days ago;
#718949 [i|H+Su|=↝] [libdata-uuid-perl] libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Aug 2013 06:06:01 UTC; Severity: important; Tags: help, patch, security, upstream; Merged with 718950; Found in version libdata-uuid-perl/1.219-1; Forwarded to https://github.com/rjbs/Data-UUID/issues/5; Filed 9 years and 330 days ago; Modified 3 years and 96 days ago;
#737206 [i|S|↝] [9base] /usr/lib/plan9/bin/rc: CVE-2014-1935: insecure use of /tmp
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Fri, 31 Jan 2014 11:06:01 UTC; Severity: important; Tags: security; Found in version 9base/1:6-6; Forwarded to rsc@swtch.com, anselm@garbe.us, 9trouble@plan9.bell-labs.com, 9fans@9fans.net; Filed 9 years and 153 days ago; Modified 8 years and 212 days ago;
#747428 [i|Su|↝] [kodi] [xbmc] passwords are stored in plain xml file
Reported by: Adrien Grellier <perso@adrieng.fr>; Date: Thu, 8 May 2014 15:12:01 UTC; Severity: important; Tags: confirmed, security, upstream; Found in version kodi/14.0+dfsg1-1; Forwarded to http://trac.xbmc.org/ticket/15198; Filed 9 years and 56 days ago; Modified 7 years and 318 days ago;
#749293 [i|USu|↝] [evolution] evolution discloses email contacts to gravatar
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Mon, 26 May 2014 02:03:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version evolution/3.12.2-1; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=730743; Filed 9 years and 38 days ago; Modified 9 years and 35 days ago;
#778261 [i|Su☹|↝] [byzanz] byzanz: CVE-2015-2785: Buffer overflow in GIF encoder
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 12 Feb 2015 22:18:02 UTC; Severity: important; Tags: security, upstream, wontfix; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=749674; Filed 8 years and 141 days ago; Modified 4 years and 362 days ago;
#783579 [i|USu|↝] [epiphany-browser] epiphany-browser: leaks DNS queries when used with Tor
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Tue, 28 Apr 2015 04:27:10 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version epiphany-browser/3.14.1-1; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=750249; Filed 8 years and 66 days ago; Modified 8 years and 25 days ago;
#792580 [i|HSu☹|=↝] [chromium] chromium: Chromium calls home even in incognito mode with safe browsing turned off
Reported by: Martina Ferrari <tina@debian.org>; Date: Thu, 16 Jul 2015 13:03:02 UTC; Severity: important; Tags: confirmed, help, security, upstream, wontfix; Merged with 820361; Found in versions chromium-browser/49.0.2623.108-1, chromium-browser/43.0.2357.130-1, chromium-browser/47.0.2526.80-1~deb8u1; Forwarded to http://crbug.com/795526; Filed 7 years and 352 days ago; Modified 307 days ago;
#795399 [i|Su|↝] [src:freeipa] freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 13 Aug 2015 17:36:01 UTC; Severity: important; Tags: security, upstream; Found in version freeipa/4.0.5-5; Forwarded to https://fedorahosted.org/freeipa/ticket/5153; Filed 7 years and 324 days ago; Modified 4 years and 277 days ago;
#796342 [i|S|↝] [src:haskell-tls] CVE-2013-0169
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 21 Aug 2015 12:27:01 UTC; Severity: important; Tags: security; Forwarded to https://github.com/vincenthz/hs-tls/issues/117; Filed 7 years and 316 days ago; Modified 7 years and 309 days ago;
#805454 [i|Su|↝] [libtool] libtoolize behavior depends on parent directories
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Wed, 18 Nov 2015 11:27:01 UTC; Severity: important; Tags: security, upstream; Found in version libtool/2.4.2-1.11; Forwarded to http://debbugs.gnu.org/cgi/bugreport.cgi?bug=21951; Filed 7 years and 227 days ago; Modified 6 years and 330 days ago;
#844731 [i|Su☹|↝] [src:dokuwiki] dokuwiki: CVE-2016-7964
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 18 Nov 2016 14:03:02 UTC; Severity: important; Tags: security, upstream, wontfix; Found in version dokuwiki/0.0.20160626.a-1; Forwarded to https://github.com/splitbrain/dokuwiki/issues/1708; Filed 6 years and 226 days ago; Modified 1 year and 102 days ago;
#849432 [i|USu|↝] [src:gdm3] gdm3: CVE-2016-1000002: Information leak before screen lock
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 27 Dec 2016 05:12:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version gdm3/3.14.1-7; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=753678; Filed 6 years and 187 days ago; Modified 1 year and 361 days ago;
#854453 [i|S|=↝] [apng2gif] apng2gif: Stack overflow because of improper input parameter sanitization
Reported by: Dileep Kumar Jallepalli <dileep.chinu@gmail.com>; Date: Tue, 7 Feb 2017 11:12:02 UTC; Severity: important; Tags: security; Merged with 935912; Found in version apng2gif/1.7-1; Forwarded to https://sourceforge.net/p/apng2gif/discussion/main/thread/3865668fec/; Filed 6 years and 145 days ago; Modified 1 year and 310 days ago;
#859796 [i|USu|↝] [src:libxslt] libxslt: CVE-2015-9019
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 7 Apr 2017 13:18:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libxslt/1.1.28-2; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=758400; Filed 6 years and 86 days ago; Modified 1 year and 361 days ago;
#869927 [i|UMSu|↝] [src:libjpeg-turbo] libjpeg-turbo: CVE-2017-9614: invalid memory access in the fill_input_buffer function
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 27 Jul 2017 17:06:01 UTC; Severity: important; Tags: fixed-upstream, moreinfo, security, upstream; Found in version libjpeg-turbo/1:1.3.1-12; Forwarded to https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167; Filed 5 years and 340 days ago; Modified 1 year and 247 days ago;
#870264 [i|Su|↝] [src:cairo] cairo: CVE-2017-7475: NULL pointer dereference with a crafted font file
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 31 Jul 2017 12:24:02 UTC; Severity: important; Tags: security, upstream; Found in version cairo/1.14.10-1; Forwarded to https://gitlab.freedesktop.org/cairo/cairo/issues/80; Filed 5 years and 336 days ago; Modified 4 years and 309 days ago;
#873076 [i|Su|↝] [silversearcher-ag] silversearcher-ag: Crashes when reading a truncated file
Reported by: Sam Hocevar <sho@debian.org>; Date: Thu, 24 Aug 2017 10:03:04 UTC; Severity: important; Tags: security, upstream; Found in version silversearcher-ag/2.0.0-1; Forwarded to https://github.com/ggreer/the_silver_searcher/issues/1144; Filed 5 years and 312 days ago; Modified 2 years and 310 days ago;
#873256 [i|Su☹|↝] [src:nss] nss: CVE-2017-11695: heap-buffer-overflow (write of size 8) in alloc_segs
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Aug 2017 20:51:01 UTC; Severity: important; Tags: security, upstream, wontfix; Found in version nss/2:3.26-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1360782; Filed 5 years and 311 days ago; Modified 3 years and 209 days ago;
#873257 [i|Su☹|↝] [src:nss] nss: CVE-2017-11696: heap-buffer-overflow (write of size 65544) in __hash_open
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Aug 2017 20:54:01 UTC; Severity: important; Tags: security, upstream, wontfix; Found in version nss/2:3.26-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1360778; Filed 5 years and 311 days ago; Modified 3 years and 209 days ago;
#873258 [i|Su☹|↝] [src:nss] nss: CVE-2017-11697: Floating Point Exception in __hash_open (hash.c:229)
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Aug 2017 20:54:04 UTC; Severity: important; Tags: security, upstream, wontfix; Found in version nss/2:3.26-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1360900; Filed 5 years and 311 days ago; Modified 3 years and 209 days ago;
#873259 [i|Su☹|↝] [src:nss] nss: CVE-2017-11698: heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704)
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Aug 2017 20:54:06 UTC; Severity: important; Tags: security, upstream, wontfix; Found in version nss/2:3.26-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1360779; Filed 5 years and 311 days ago; Modified 3 years and 209 days ago;
#873587 [i|USu|↝] [src:fontforge] fontforge: CVE-2017-11570
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 24 Jul 2017 20:21:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version fontforge/20120731.b-5; Forwarded to https://github.com/fontforge/fontforge/issues/3097; Filed 5 years and 343 days ago; Modified 3 years and 130 days ago;
#875415 [i|Su|↝] [src:libreoffice] predictable /tmp file vulnerability while building libreoffice
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Mon, 11 Sep 2017 08:57:20 UTC; Severity: important; Tags: security, upstream; Found in version libreoffice/1:5.4.0-1; Forwarded to https://lists.freedesktop.org/archives/libreoffice/2017-August/078249.html; Filed 5 years and 294 days ago; Modified 5 years and 294 days ago;
#875947 [i|Su|↝] [src:python-scrapy] python-scrapy: CVE-2017-14158
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 16 Sep 2017 12:30:02 UTC; Severity: important; Tags: security, upstream; Found in version python-scrapy/1.4.0-1; Forwarded to https://github.com/scrapy/scrapy/issues/482; Filed 5 years and 289 days ago; Modified 5 years and 289 days ago;
#877767 [i|Su|↝] [kodi] kodi: supports insecure download of non-free addons
Reported by: Jonas Smedegaard <dr@jones.dk>; Date: Tue, 3 Oct 2017 20:51:05 UTC; Severity: important; Tags: security, upstream; Found in version kodi/2:17.3+dfsg1-2; Forwarded to https://trac.kodi.tv/ticket/16809; Filed 5 years and 272 days ago; Modified 2 years and 180 days ago;
#885579 [i|USu|☺↝] [src:tiff] tiff: CVE-2017-17942: heap-buffer-overflow in PackBitsEncode function
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 28 Dec 2017 10:12:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions tiff/4.0.8-1, tiff/4.0.9-2; Fixed in version 4.0.6-3; Forwarded to https://gitlab.com/libtiff/libtiff/issues/120; Done: Moritz Muehlenhoff <jmm@inutil.org>; Filed 5 years and 186 days ago; Modified 2 years and 84 days ago;
#892557 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2018-8002
Reported by: Luciano Bello <luciano@debian.org>; Date: Sat, 10 Mar 2018 05:33:02 UTC; Severity: important; Tags: security, upstream; Found in version libpodofo/0.9.5-1; Forwarded to https://sourceforge.net/p/podofo/tickets/15; Filed 5 years and 114 days ago; Modified 5 years and 114 days ago;
#896018 [i|U+Su|↝] [src:imagemagick] imagemagick: CVE-2018-10177: Infinite loop in ReadOneMNGImage
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 18 Apr 2018 18:51:04 UTC; Severity: important; Tags: fixed-upstream, patch, security, upstream; Found in version imagemagick/8:6.8.9.9-5; Forwarded to https://github.com/ImageMagick/ImageMagick/issues/1095; Filed 5 years and 75 days ago; Modified 5 years and 32 days ago;
#897259 [i|USu|↝] [src:jakarta-jmeter] CVE-2018-1297
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 30 Apr 2018 22:39:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version jakarta-jmeter/2.13-2; Forwarded to https://bz.apache.org/bugzilla/show_bug.cgi?id=62039; Filed 5 years and 63 days ago; Modified 4 years and 330 days ago;
#898359 [i|Su☹|☺↝] [src:tiff] tiff: CVE-2018-10779: TIFFWriteScanline in tif_write.c has a heap-based buffer over-read
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 10 May 2018 19:06:02 UTC; Severity: important; Tags: security, upstream, wontfix; Found in versions tiff/4.0.3-12.3, tiff/4.0.9-1; Fixed in version 4.0.6-3; Forwarded to http://bugzilla.maptools.org/show_bug.cgi?id=2788; Done: Moritz Muehlenhoff <jmm@inutil.org>; Filed 5 years and 53 days ago; Modified 2 years and 84 days ago;
#902719 [i|USu|↝] [triplea] CVE-2018-1000546
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 29 Jun 2018 21:06:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version triplea/1.9.0.0.7062-1; Forwarded to https://github.com/triplea-game/triplea/issues/3442; Filed 5 years and 3 days ago; Modified 4 years and 176 days ago;
#903248 [i|USu|↝] [src:google-perftools] google-perftools: CVE-2018-13420
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 8 Jul 2018 08:39:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version google-perftools/2.7-1; Forwarded to https://github.com/gperftools/gperftools/issues/1013; Filed 4 years and 359 days ago; Modified 4 years and 355 days ago;
#912977 [i|S|↝] [iptables] iptables: nftables layer breaks ipsec/policy keyword
Reported by: Pierre Chifflier <pollux@debian.org>; Date: Mon, 5 Nov 2018 12:18:47 UTC; Severity: important; Tags: security; Found in version iptables/1.8.1-2; Forwarded to https://bugzilla.netfilter.org/show_bug.cgi?id=1290; Filed 4 years and 239 days ago; Modified 4 years and 156 days ago;
#915807 [i|Su|↝] [src:hdf5] hdf5: CVE-2017-17507
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 14 Dec 2017 15:21:02 UTC; Severity: important; Tags: security, upstream; Found in version hdf5/1.8.13+docs-1; Forwarded to HDFFV-10356; Filed 5 years and 200 days ago; Modified 3 years and 269 days ago;
#916083 [i|Su|↝] [src:cairo] cairo: CVE-2018-18064: Out of bound memset in libcairo result in stack buffer overflow
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 9 Dec 2018 21:21:01 UTC; Severity: important; Tags: security, upstream; Found in version cairo/1.14.8-1; Forwarded to https://gitlab.freedesktop.org/cairo/cairo/issues/341; Filed 4 years and 205 days ago; Modified 4 years and 205 days ago;
#918269 [i|USu|↝] [src:nasm] nasm: CVE-2018-20538
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 4 Jan 2019 20:24:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version nasm/2.14-1; Forwarded to https://bugzilla.nasm.us/show_bug.cgi?id=3392531; Filed 4 years and 179 days ago; Modified 2 years and 182 days ago;
#919914 [i|M+S|↝☣] [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on lid close" with "don't lock on lid close" (security issue)
Reported by: Josh Triplett <josh@joshtriplett.org>; Date: Sun, 20 Jan 2019 16:57:04 UTC; Severity: important; Tags: bullseye-ignore, moreinfo, patch, security; Found in versions gnome-settings-daemon/3.30.2-3, gnome-settings-daemon/3.32.0-1, gnome-settings-daemon/3.31.90-1; Forwarded to https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84; Filed 4 years and 163 days ago; Modified 263 days ago;
#922433 [i|Su|↝] [src:nasm] nasm: CVE-2019-8343: Use after free in paste_tokens
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 15 Feb 2019 20:12:01 UTC; Severity: important; Tags: security, upstream; Found in version nasm/2.14-1; Forwarded to https://bugzilla.nasm.us/show_bug.cgi?id=3392556; Filed 4 years and 137 days ago; Modified 4 years and 137 days ago;
#922648 [i|Su|↝] [src:openjpeg2] CVE-2019-6988
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 18 Feb 2019 22:03:02 UTC; Severity: important; Tags: security, upstream; Found in version openjpeg2/2.3.0-1.1; Forwarded to https://github.com/uclouvain/openjpeg/issues/1178; Filed 4 years and 134 days ago; Modified 3 years and 121 days ago;
#923415 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2018-20797
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 27 Feb 2019 20:39:01 UTC; Severity: important; Tags: security, upstream; Found in version libpodofo/0.9.6+dfsg-4; Forwarded to https://sourceforge.net/p/podofo/tickets/34/; Filed 4 years and 125 days ago; Modified 4 years and 125 days ago;
#923552 [i|Su|↝] [src:poppler] poppler: CVE-2019-9545: Recursive function call at function JBIG2Stream::readTextRegion()
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 1 Mar 2019 20:21:02 UTC; Severity: important; Tags: security, upstream; Found in version poppler/0.71.0-2; Forwarded to https://gitlab.freedesktop.org/poppler/poppler/issues/731; Filed 4 years and 123 days ago; Modified 4 years and 123 days ago;
#923553 [i|Su|↝] [src:poppler] poppler: CVE-2019-9543: recursive function call in function JBIG2Stream::readGenericBitmap()
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 1 Mar 2019 20:27:02 UTC; Severity: important; Tags: security, upstream; Found in version poppler/0.71.0-2; Forwarded to https://gitlab.freedesktop.org/poppler/poppler/issues/730; Filed 4 years and 123 days ago; Modified 4 years and 123 days ago;
#926705 [i|Su|↝] [claws-mail] claws-mail: CVE-2019-10735
Reported by: Sylvain Beucler <beuc@beuc.net>; Date: Tue, 9 Apr 2019 11:33:01 UTC; Severity: important; Tags: confirmed, security, upstream; Found in version claws-mail/3.17.3-2; Forwarded to https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159; Filed 4 years and 84 days ago; Modified 4 years and 84 days ago;
#929466 [i|USu|↝] [src:freeradius] freeradius: CVE-2019-10143: privilege escalation due to insecure logration
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 24 May 2019 07:00:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version freeradius/3.0.17+dfsg-1.1; Forwarded to https://github.com/FreeRADIUS/freeradius-server/pull/2666; Filed 4 years and 39 days ago; Modified 4 years and 33 days ago;
#929944 [i|Su|↝] [src:cairo] cairo: CVE-2019-6461
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 3 Jun 2019 19:39:02 UTC; Severity: important; Tags: security, upstream; Found in versions cairo/1.16.0-4, cairo/1.14.8-1; Forwarded to https://gitlab.freedesktop.org/cairo/cairo/issues/352; Filed 4 years and 29 days ago; Modified 4 years and 29 days ago;
#929945 [i|USu|☺↝] [src:cairo] cairo: CVE-2019-6462
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 3 Jun 2019 19:42:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions cairo/1.16.0-4, cairo/1.14.8-1; Fixed in version cairo/1.17.8-1; Forwarded to https://gitlab.freedesktop.org/cairo/cairo/issues/353; Done: Jeremy Bícha <jbicha@ubuntu.com>; Filed 4 years and 29 days ago;
#930885 [i|USu|↝] [libgcrypt20] CVE-2019-12904
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 21 Jun 2019 21:21:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions libgcrypt20/1.8.4-5, 1.8.5-1; Forwarded to https://dev.gnupg.org/T4541; Filed 4 years and 11 days ago; Modified 20 days ago;
#931343 [i|Su|↝] [src:audiofile] audiofile: CVE-2019-13147
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 2 Jul 2019 14:57:02 UTC; Severity: important; Tags: security, upstream; Found in versions audiofile/0.3.6-4, audiofile/0.3.6-5, audiofile/0.3.6-4+deb9u1; Forwarded to https://github.com/mpruett/audiofile/issues/54; Filed 4 years ago; Modified 4 years ago;
#941187 [i|USu|↝] [src:gradle] gradle: CVE-2019-15052
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 26 Sep 2019 05:06:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version gradle/4.4.1-8; Forwarded to https://github.com/gradle/gradle/issues/10278; Filed 3 years and 279 days ago; Modified 3 years and 142 days ago;
#947431 [i|Su|↝] [src:xerces-c] xerces-c: CVE-2018-1311: use-after-free vulnerability processing external DTD
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 26 Dec 2019 20:42:05 UTC; Severity: important; Tags: security, upstream; Found in versions xerces-c/3.1.4+debian-2+deb9u1, xerces-c/3.2.2+debian-1, xerces-c/3.1.4+debian-1; Forwarded to https://issues.apache.org/jira/browse/XERCESC-2188; Filed 3 years and 188 days ago; Modified 2 years and 198 days ago;
#947477 [i|Su|↝] [src:freeimage] freeimage: CVE-2019-12212
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sun, 26 May 2019 19:27:01 UTC; Severity: important; Tags: security, upstream; Found in version freeimage/3.18.0+ds2-1; Forwarded to https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/; Filed 4 years and 37 days ago; Modified 3 years and 187 days ago;
#947478 [i|Su|↝] [src:freeimage] freeimage: CVE-2019-12214
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sun, 26 May 2019 19:27:01 UTC; Severity: important; Tags: security, upstream; Found in version freeimage/3.18.0+ds2-1; Forwarded to https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/; Filed 4 years and 37 days ago; Modified 3 years and 187 days ago;
#948235 [i|S|↝] [libhibernate-validator-java] libhibernate-validator-java: CVE-2019-10219
Reported by: Markus Koschany <apo@debian.org>; Date: Sun, 5 Jan 2020 18:18:02 UTC; Severity: important; Tags: security; Found in version libhibernate-validator-java/5.3.6-1; Forwarded to https://hibernate.atlassian.net/browse/HV-1739; Filed 3 years and 178 days ago; Modified 3 years and 178 days ago;
#948664 [i|Su|↝] [src:ganglia-web] ganglia-web: CVE-2019-20378 CVE-2019-20379
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 11 Jan 2020 13:42:01 UTC; Severity: important; Tags: security, upstream; Found in version ganglia-web/3.6.1-3; Forwarded to https://github.com/ganglia/ganglia-web/issues/351; Filed 3 years and 172 days ago; Modified 3 years and 172 days ago;
#953037 [i|Su|↝] [lua-cgi] lua-cgi: CVE-2014-2875
Reported by: Sylvain Beucler <beuc@beuc.net>; Date: Tue, 3 Mar 2020 16:51:02 UTC; Severity: important; Tags: security, upstream; Found in version lua-cgi/5.2~alpha2-1; Forwarded to https://github.com/keplerproject/cgilua/issues/17; Filed 3 years and 120 days ago; Modified 3 years and 104 days ago;
#953945 [i|Su|↝] [src:phppgadmin] phppgadmin: CVE-2019-10784
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 14 Mar 2020 20:36:01 UTC; Severity: important; Tags: security, upstream; Found in version phppgadmin/7.12.1+dfsg-1; Forwarded to https://github.com/phppgadmin/phppgadmin/issues/94; Filed 3 years and 109 days ago; Modified 3 years and 109 days ago;
#954051 [i|USu|↝] [libgitlab-api-v4-perl] libgitlab-api-v4-perl: CVE-2023-31485
Reported by: Felix Lechner <felix.lechner@lease-up.com>; Date: Mon, 16 Mar 2020 02:45:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/bluefeet/GitLab-API-v4/pull/57; Filed 3 years and 107 days ago; Modified 18 days ago;
#954089 [i|USu|♙↝] [src:perl] perl: CVE-2023-31486
Reported by: Felix Lechner <felix.lechner@lease-up.com>; Date: Mon, 16 Mar 2020 15:33:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version perl/5.36.0-7; Forwarded to https://github.com/chansen/p5-http-tiny/issues/134; Fix blocked by 962407: libhttp-tiny-perl: CVE-2023-31486: Does not defaults to verify SSL certificates; Filed 3 years and 107 days ago; Modified 63 days ago;
#960062 [i|Su|↝] [libemail-mime-perl] libemail-mime-perl: DoS on excessive or deeply nested parts
Reported by: Perl Email user <p5p@yhbt.net>; Date: Fri, 8 May 2020 22:09:01 UTC; Severity: important; Tags: security, upstream; Found in version libemail-mime-perl/1.946-1; Forwarded to https://github.com/rjbs/Email-MIME/issues/66; Filed 3 years and 54 days ago; Modified 3 years and 53 days ago;
#962282 [i|USu|☺↝] [src:pupnp-1.8] pupnp-1.8: CVE-2020-13848
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 5 Jun 2020 15:09:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version pupnp-1.8/1:1.8.4-2; Fixed in version pupnp/1:1.14.16-1; Forwarded to https://github.com/pupnp/pupnp/issues/177; Done: Sebastian Ramacher <sramacher@debian.org>; Filed 3 years and 26 days ago; Modified 43 days ago;
#962407 [i|USu|♔↝] [libhttp-tiny-perl] libhttp-tiny-perl: CVE-2023-31486: Does not defaults to verify SSL certificates
Reported by: Felix Lechner <felix.lechner@lease-up.com>; Date: Mon, 16 Mar 2020 15:33:02 UTC; Owned by: dom@earth.li; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/chansen/p5-http-tiny/issues/134; Blocking fix for 954089: perl: CVE-2023-31486; Filed 3 years and 107 days ago; Modified 12 days ago;
#963626 [i|Su|↝] [src:tuxguitar] tuxguitar: CVE-2020-14940
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 24 Jun 2020 19:15:02 UTC; Severity: important; Tags: security, upstream; Found in versions tuxguitar/1.2-25, tuxguitar/1.2-23, tuxguitar/1.2-22; Forwarded to https://sourceforge.net/p/tuxguitar/bugs/126/; Filed 3 years and 7 days ago; Modified 3 years and 7 days ago;
#964759 [i|+S|↝] [redmine] redmine: insecure account with well-known password
Reported by: merkys@debian.org; Date: Fri, 10 Jul 2020 06:51:01 UTC; Severity: important; Tags: patch, security; Forwarded to https://salsa.debian.org/ruby-team/redmine/-/merge_requests/3; Filed 2 years and 356 days ago; Modified 2 years and 356 days ago;
#966197 [i|Su|↝] [src:beaker] CVE-2013-7489
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 24 Jul 2020 16:03:01 UTC; Severity: important; Tags: security, upstream; Found in version beaker/1.10.0-3; Forwarded to https://github.com/bbangert/beaker/issues/191; Filed 2 years and 342 days ago; Modified 2 years and 342 days ago;
#966663 [i|USu|↝] [src:ansible] ansible: CVE-2020-1736
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 1 Aug 2020 11:51:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version ansible/2.9.9+dfsg-1; Forwarded to https://github.com/ansible/ansible/issues/67794; Filed 2 years and 334 days ago; Modified 345 days ago;
#967994 [i|USu|↝] [src:edk2] edk2: CVE-2019-14560
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 6 Aug 2020 11:06:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions edk2/2020.05-3, edk2/2020.05-2; Forwarded to https://bugzilla.tianocore.org/show_bug.cgi?id=2167; Filed 2 years and 329 days ago; Modified 32 days ago;
#970932 [i|Su|☺↝] [src:ruby-oauth] ruby-oauth: CVE-2016-11086
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Sep 2020 19:30:02 UTC; Severity: important; Tags: security, upstream; Found in version ruby-oauth/0.5.4-1; Fixed in version ruby-oauth/0.5.6-1; Forwarded to https://github.com/oauth-xx/oauth-ruby/issues/137; Done: Pirate Praveen <praveen@debian.org>; Filed 2 years and 279 days ago; Modified 1 year and 331 days ago;
#972114 [i|USu|↝] [src:sympa] sympa: CVE-2020-26880
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 12 Oct 2020 20:12:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions sympa/6.2.40~dfsg-7, sympa/6.2.40~dfsg-1, sympa/6.2.40~dfsg-6; Forwarded to https://github.com/sympa-community/sympa/issues/1009; Filed 2 years and 262 days ago; Modified 2 years and 66 days ago;
#973384 [i|USu|↝] [ruby-omniauth] CVE-2015-9284
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 29 Oct 2020 18:51:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/omniauth/omniauth/pull/809; Filed 2 years and 245 days ago; Modified 2 years and 171 days ago;
#974685 [i|Su|↝] [src:python-rsa] python-rsa: CVE-2020-25658
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 13 Nov 2020 18:48:02 UTC; Severity: important; Tags: security, upstream; Found in versions python-rsa/4.0-4, python-rsa/4.0-2; Forwarded to https://github.com/sybrenstuvel/python-rsa/issues/165; Filed 2 years and 230 days ago; Modified 1 year and 278 days ago;
#975370 [i|Su|↝] [src:xdg-utils] xdg-utils: CVE-2020-27748: local file inclusion vulnerability
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 21 Nov 2020 09:27:01 UTC; Severity: important; Tags: security, upstream; Found in versions xdg-utils/1.1.3-1+deb10u1, xdg-utils/1.1.3-1, xdg-utils/1.1.3-2; Forwarded to https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177; Filed 2 years and 222 days ago; Modified 2 years and 183 days ago;
#977238 [i|S|↝] [qimgv] qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Sat, 12 Dec 2020 23:21:01 UTC; Severity: important; Tags: security; Found in version qimgv/0.9.1-2; Forwarded to https://github.com/easymodo/qimgv/issues/154; Filed 2 years and 201 days ago; Modified 2 years and 201 days ago;
#983664 [i|USu|↝] [src:jackson-dataformat-cbor] jackson-dataformat-cbor: CVE-2020-28491
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 28 Feb 2021 09:45:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version jackson-dataformat-cbor/2.7.8-3; Forwarded to https://github.com/FasterXML/jackson-dataformats-binary/issues/186; Filed 2 years and 123 days ago; Modified 2 years and 119 days ago;
#986791 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2021-30469
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 09:18:01 UTC; Severity: important; Tags: security, upstream; Forwarded to https://sourceforge.net/p/podofo/tickets/129/; Filed 2 years and 80 days ago; Modified 2 years and 78 days ago;
#986792 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2021-30470
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 09:18:03 UTC; Severity: important; Tags: security, upstream; Forwarded to https://sourceforge.net/p/podofo/tickets/130/; Filed 2 years and 80 days ago; Modified 2 years and 78 days ago;
#986793 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2021-30471
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 09:18:05 UTC; Severity: important; Tags: security, upstream; Forwarded to https://sourceforge.net/p/podofo/tickets/131/; Filed 2 years and 80 days ago; Modified 2 years and 78 days ago;
#986794 [i|Su|↝] [src:libpodofo] libpodofo: CVE-2021-30472
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 09:18:08 UTC; Severity: important; Tags: security, upstream; Forwarded to https://sourceforge.net/p/podofo/tickets/132/; Filed 2 years and 80 days ago; Modified 2 years and 78 days ago;
#986801 [i|Su|↝] [gnuchess] CVE-2021-30184
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 09:51:02 UTC; Severity: important; Tags: security, upstream; Forwarded to https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html; Filed 2 years and 80 days ago; Modified 2 years and 29 days ago;
#986833 [i|Su|☺↝] [src:pupnp-1.8] pupnp-1.8: CVE-2021-28302
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 12 Apr 2021 15:06:01 UTC; Severity: important; Tags: security, upstream; Found in version pupnp-1.8/1:1.8.4-2; Fixed in version pupnp/1:1.14.16-1; Forwarded to https://github.com/pupnp/pupnp/issues/249; Done: Sebastian Ramacher <sramacher@debian.org>; Filed 2 years and 80 days ago; Modified 43 days ago;
#987360 [i|S|↝] [swaylock] swaylock: Occassional unlock without password entered
Reported by: Pelle <pelle@riseup.net>; Date: Thu, 22 Apr 2021 10:33:00 UTC; Severity: important; Tags: security; Found in version swaylock/1.5-2; Forwarded to https://github.com/swaywm/swaylock/issues/181; Filed 2 years and 70 days ago; Modified 1 year and 72 days ago;
#988151 [i|Su|↝] [src:giflib] CVE-2020-23922
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 6 May 2021 17:45:05 UTC; Severity: important; Tags: security, upstream; Forwarded to https://sourceforge.net/p/giflib/bugs/151/; Filed 2 years and 56 days ago; Modified 2 years and 56 days ago;
#988159 [i|S|↝] [src:libsixel] CVE-2020-36120
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 6 May 2021 18:09:01 UTC; Severity: important; Tags: security; Forwarded to https://github.com/libsixel/libsixel/issues/46; Filed 2 years and 56 days ago; Modified 1 year and 71 days ago;
#988209 [i|Su|↝] [wget] CVE-2021-31879
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 7 May 2021 19:18:03 UTC; Severity: important; Tags: security, upstream; Found in version wget/1.21-1; Forwarded to https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html https://savannah.gnu.org/bugs/?56909; Filed 2 years and 55 days ago; Modified 1 year and 118 days ago;
#988916 [i|Su|↝] [src:flask-caching] flask-caching: CVE-2021-33026
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 21 May 2021 12:03:01 UTC; Severity: important; Tags: security, upstream; Found in version flask-caching/1.10.1-1; Forwarded to https://github.com/sh4nks/flask-caching/pull/209; Filed 2 years and 41 days ago; Modified 2 years and 41 days ago;
#989149 [i|Su|↝] [src:libgrss] libgrss: CVE-2016-20011: No TLS certificate verification
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 26 May 2021 20:12:01 UTC; Severity: important; Tags: security, upstream; Found in version libgrss/0.7.0-2; Forwarded to https://gitlab.gnome.org/GNOME/libgrss/-/issues/4; Filed 2 years and 36 days ago; Modified 2 years and 36 days ago;
#989363 [i|Su|↝] [src:mapcache] mapcache: Multiple security issues in ezxml
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Tue, 1 Jun 2021 19:57:08 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/MapServer/mapcache/issues/267; Filed 2 years and 30 days ago; Modified 1 year and 271 days ago;
#989549 [i|S|↝] [clamav-daemon] clamav-daemon: any local user can shut clamd down via control socket
Reported by: Stephane Chazelas <stephane@chazelas.org>; Date: Mon, 7 Jun 2021 09:27:01 UTC; Severity: important; Tags: security; Found in version clamav/0.103.2+dfsg-2; Forwarded to https://bugzilla.clamav.net/show_bug.cgi?id=12782; Filed 2 years and 24 days ago; Modified 2 years and 1 day ago;
#989775 [i|Su|↝] [src:openjpeg2] openjpeg2: CVE-2021-3575
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 12 Jun 2021 14:27:01 UTC; Severity: important; Tags: security, upstream; Found in version openjpeg2/2.4.0-3; Forwarded to https://github.com/uclouvain/openjpeg/issues/1347; Filed 2 years and 19 days ago; Modified 2 years and 19 days ago;
#989998 [i|USu|↝] [src:keystone] keystone: CVE-2021-3563
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 17 Jun 2021 13:51:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version keystone/2:18.0.0-3; Forwarded to https://bugs.launchpad.net/keystone/+bug/1901891; Filed 2 years and 14 days ago; Modified 20 days ago;
#990673 [i|USu|↝] [src:libjdom2-intellij-java] libjdom2-intellij-java: CVE-2021-33813
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 4 Jul 2021 12:36:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libjdom2-intellij-java/2.0.6+git20180529-2; Forwarded to https://github.com/hunterhacker/jdom/pull/188; Filed 1 year and 362 days ago; Modified 1 year and 358 days ago;
#992150 [i|Su|↝] [src:firefox-esr] Please allow symlink in system extension
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Fri, 13 Aug 2021 14:39:01 UTC; Severity: important; Tags: security, upstream; Found in version firefox-esr/102.8.0esr-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1420286; Filed 1 year and 322 days ago; Modified 124 days ago;
#993400 [i|USu|↝] [src:mosquitto] mosquitto: CVE-2021-34434
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 31 Aug 2021 19:33:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version mosquitto/2.0.11-1; Forwarded to https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/638; Filed 1 year and 304 days ago; Modified 184 days ago;
#993592 [i|USu|↝] [src:libgda5] libgda5: CVE-2021-39359
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 3 Sep 2021 13:27:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libgda5/5.2.9-2; Forwarded to https://gitlab.gnome.org/GNOME/libgda/-/issues/249; Filed 1 year and 301 days ago; Modified 180 days ago;
#994818 [i|Su|↝] [firejail] firejail: audio input is not blocked in default.profile
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Tue, 21 Sep 2021 10:27:01 UTC; Severity: important; Tags: security, upstream; Found in version firejail/0.9.66-2; Forwarded to https://github.com/netblue30/firejail/issues/4565; Filed 1 year and 283 days ago; Modified 1 year and 283 days ago;
#996778 [i|+Su|↝] [xymon-client] xymon-client: Disable by default the ability of logfetch to execute arbitrary code fetched from the Xymon server
Reported by: Christoph Zechner <zechner@vrvis.at>; Date: Mon, 18 Oct 2021 14:15:02 UTC; Severity: important; Tags: confirmed, patch, security, upstream; Forwarded to https://lists.xymon.com/archive/2021-October/047749.html; Filed 1 year and 256 days ago; Modified 1 year and 256 days ago;
#1000886 [i|Su|↝] [src:linux] CVE-2013-7445: Direct Rendering Manager (DRM) subsystem in the Linux Kernel through 4.x mishandles requests for GEM object
Reported by: "Jeremiah C. Foster" <jeremiah@jeremiahfoster.com>; Date: Tue, 30 Nov 2021 18:00:02 UTC; Severity: important; Tags: security, upstream; Forwarded to https://bugzilla.kernel.org/show_bug.cgi?id=60533; Filed 1 year and 213 days ago; Modified 1 year and 213 days ago;
#1004377 [i|USu|↝] [src:libsixel] libsixel: CVE-2021-45340
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 26 Jan 2022 08:48:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libsixel/1.10.3-3; Forwarded to https://github.com/libsixel/libsixel/issues/51; Filed 1 year and 156 days ago; Modified 1 year and 151 days ago;
#1004967 [i|USu|↝] [mutt] mutt: sending a mail message with a newline character in subject yields garbage, possible header injection
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Fri, 4 Feb 2022 13:57:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version mutt/2.1.4-1; Forwarded to https://gitlab.com/muttmua/mutt/-/issues/391; Filed 1 year and 147 days ago; Modified 1 year and 141 days ago;
#1008017 [i|Su|↝] [src:audiofile] audiofile: CVE-2022-24599
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 20 Mar 2022 15:36:01 UTC; Severity: important; Tags: security, upstream; Found in version audiofile/0.3.6-5; Forwarded to https://github.com/mpruett/audiofile/issues/60; Filed 1 year and 103 days ago; Modified 1 year and 103 days ago;
#1010569 [i|Su|↝] [firejail] firejail: with the firefox profile, /etc/resolv.conf is not updated, making DNS resolution fail
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Wed, 4 May 2022 15:03:04 UTC; Severity: important; Tags: security, upstream; Found in version firejail/0.9.68-3; Forwarded to https://github.com/netblue30/firejail/issues/5010; Filed 1 year and 58 days ago; Modified 1 year and 58 days ago;
#1012482 [i|UHSu|↝☣] [src:rdflib] rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely
Reported by: Andrius Merkys <merkys@debian.org>; Date: Wed, 8 Jun 2022 06:03:02 UTC; Severity: important; Tags: fixed-upstream, help, security, upstream; Found in version rdflib/6.1.1; Forwarded to https://github.com/RDFLib/rdflib/issues/1844; Filed 1 year and 23 days ago; Modified 20 days ago;
#1012515 [i|USu|↝] [src:dwarfutils] dwarfutils: CVE-2022-32200
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 8 Jun 2022 15:54:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/davea42/libdwarf-code/issues/116; Filed 1 year and 23 days ago; Modified 1 year and 18 days ago;
#1013270 [i|USu|↝] [src:jodd] jodd: CVE-2022-29631
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Jun 2022 13:33:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/oblac/jodd-http/issues/9; Filed 1 year and 11 days ago; Modified 1 year and 4 days ago;
#1014493 [i|USu|↝] [src:dwarfutils] dwarfutils: CVE-2022-34299
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 6 Jul 2022 21:06:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/davea42/libdwarf-code/issues/119; Filed 360 days ago; Modified 352 days ago;
#1016353 [i|Su|↝] [src:yasm] yasm: CVE-2021-33464
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 29 Jul 2022 21:27:04 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/yasm/yasm/issues/164; Filed 337 days ago; Modified 335 days ago;
#1016578 [i|USu|↝] [src:milkytracker] milkytracker: CVE-2022-34927 - stack overflow via the component LoaderXM::load
Reported by: Neil Williams <codehelp@debian.org>; Date: Wed, 3 Aug 2022 10:42:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version milkytracker/1.03.00+dfsg-2; Forwarded to https://github.com/milkytracker/MilkyTracker/issues/275; Filed 332 days ago; Modified 327 days ago;
#1017754 [i|USu|↝] [src:fdkaac] fdkaac: CVE-2022-37781
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 19 Aug 2022 20:09:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version fdkaac/1.0.0-1; Forwarded to https://github.com/nu774/fdkaac/issues/54; Filed 316 days ago; Modified 310 days ago;
#1021018 [i|Su|↝] [src:assimp] assimp: CVE-2022-38528
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 30 Sep 2022 14:51:09 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/assimp/assimp/issues/4662; Filed 274 days ago; Modified 274 days ago;
#1021669 [i|USu|↝] [src:poppler] poppler: CVE-2022-24106
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 12 Oct 2022 17:42:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://gitlab.freedesktop.org/poppler/poppler/-/issues/1297; Filed 262 days ago; Modified 257 days ago;
#1024274 [i|USu|↝] [src:rails] rails: CVE-2022-3704: XSS within Route Error Page
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 16 Nov 2022 21:45:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version rails/2:6.1.7+dfsg-2; Forwarded to https://github.com/rails/rails/issues/46244; Filed 227 days ago; Modified 97 days ago;
#1024903 [i|USu|↝] [src:pytorch] pytorch: CVE-2022-45907: torch.jit.annotations.parse_type_line prone to command injection
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 27 Nov 2022 19:39:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions pytorch/1.12.1-1, pytorch/1.7.1-7; Forwarded to https://github.com/pytorch/pytorch/issues/88868; Filed 216 days ago; Modified 20 days ago;
#1029833 [i|Su|↝] [src:assimp] assimp: CVE-2022-45748
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 28 Jan 2023 13:15:01 UTC; Severity: important; Tags: security, upstream; Found in version assimp/5.2.5~ds0-1; Forwarded to https://github.com/assimp/assimp/issues/4286; Filed 154 days ago; Modified 154 days ago;
#1031699 [i|USu|↝] [src:python-future] python-future: CVE-2022-40899
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 20 Feb 2023 20:42:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version python-future/0.18.2-6; Forwarded to https://github.com/PythonCharmers/python-future/pull/610; Filed 131 days ago; Modified 20 days ago;
#1031732 [i|USu|↝] [src:iortcw] iortcw: CVE-2019-25104
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 21 Feb 2023 15:12:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/rtcwcoop/rtcwcoop/pull/45; Filed 130 days ago; Modified 20 days ago;
#1031796 [i|Su|↝] [src:glusterfs] glusterfs: CVE-2022-48340
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 22 Feb 2023 20:57:02 UTC; Severity: important; Tags: security, upstream; Found in version glusterfs/10.3-4; Forwarded to https://github.com/gluster/glusterfs/issues/3732; Filed 129 days ago; Modified 129 days ago;
#1031877 [i|USu|↝] [src:vtk9] vtk9: CVE-2021-42521
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 24 Feb 2023 16:12:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://gitlab.kitware.com/vtk/vtk/-/issues/17818; Filed 127 days ago; Modified 20 days ago;
#1032089 [i|USu|↝] [src:libwoodstox-java] libwoodstox-java: CVE-2022-40152
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 19:48:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/x-stream/xstream/issues/304; Filed 124 days ago; Modified 20 days ago;
#1032665 [i|USu|↝] [src:tidy-html5] tidy-html5: CVE-2021-33391
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:03:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/htacg/tidy-html5/issues/946; Filed 113 days ago; Modified 20 days ago;
#1032670 [i|USu|↝] [src:allegro4.4] allegro4.4: CVE-2021-36489
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:06:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/liballeg/allegro5/issues/1251; Filed 113 days ago; Modified 20 days ago;
#1033475 [i|Su|☺↝] [src:tomcat9] tomcat9: CVE-2023-28708
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 25 Mar 2023 16:57:01 UTC; Severity: important; Tags: security, upstream; Found in versions tomcat9/9.0.43-2, tomcat9/9.0.43-2~deb11u4, tomcat9/9.0.70-1; Fixed in version tomcat9/9.0.43-2~deb11u6; Forwarded to https://bz.apache.org/bugzilla/show_bug.cgi?id=66471; Done: Markus Koschany <apo@debian.org>; Filed 98 days ago; Modified 85 days ago;
#1033741 [i|Su|↝] [src:libelfin] libelfin: CVE-2023-24180
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 31 Mar 2023 16:15:03 UTC; Severity: important; Tags: security, upstream; Found in versions libelfin/0.3-1, libelfin/0.3-2.1, libelfin/0.3-3; Forwarded to https://github.com/aclements/libelfin/issues/75; Filed 92 days ago; Modified 92 days ago;
#1034154 [i|USu|↝] [src:libyang2] libyang2: CVE-2023-26916
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 10 Apr 2023 12:36:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libyang2/2.1.30-2; Forwarded to https://github.com/CESNET/libyang/issues/1979; Filed 82 days ago; Modified 20 days ago;
#1034184 [i|UMSu|↝] [src:nextcloud-desktop] nextcloud-desktop: CVE-2023-28999
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:45:03 UTC; Severity: important; Tags: fixed-upstream, moreinfo, security, upstream; Forwarded to https://github.com/nextcloud/desktop/pull/5560; Filed 82 days ago; Modified 20 days ago;
#1034185 [i|Su|↝] [src:opendoas] opendoas: CVE-2023-28339
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:45:06 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/Duncaen/OpenDoas/issues/106; Filed 82 days ago; Modified 82 days ago;
#1034482 [i|USu|↝] [src:shadow] shadow: CVE-2023-29383
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 16 Apr 2023 14:09:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version shadow/1:4.13+dfsg1-1; Forwarded to https://github.com/shadow-maint/shadow/pull/687; Filed 76 days ago; Modified 20 days ago;
#1034722 [i|USu|↝] [src:jpeg-xl] jpeg-xl: CVE-2023-0645
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sat, 22 Apr 2023 17:33:05 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/libjxl/libjxl/issues/2100; Filed 70 days ago; Modified 20 days ago;
#1034724 [i|USu|↝] [src:libyang2] libyang2: CVE-2023-26917
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sat, 22 Apr 2023 17:33:09 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libyang2/2.1.30-2; Forwarded to https://github.com/CESNET/libyang/issues/1987; Filed 70 days ago; Modified 20 days ago;
#1034803 [i|Su|↝] [src:samba] samba: CVE-2018-14628
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 20:57:04 UTC; Severity: important; Tags: security, upstream; Forwarded to https://bugzilla.samba.org/show_bug.cgi?id=13595; Filed 68 days ago; Modified 67 days ago;
#1034807 [i|Su|↝] [src:hdf5] hdf5: CVE-2018-11205
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 21:09:01 UTC; Severity: important; Tags: security, upstream; Forwarded to https://jira.hdfgroup.org/browse/HDFFV-10479; Filed 68 days ago; Modified 67 days ago;
#1035607 [i|USu|↝] [src:libheif] libheif: CVE-2023-29659
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 6 May 2023 07:54:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version libheif/1.15.1-1; Forwarded to https://github.com/strukturag/libheif/issues/794; Filed 56 days ago; Modified 20 days ago;
#1035686 [i|USu|↝] [src:wabt] wabt: CVE-2023-30300
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 7 May 2023 19:03:06 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version wabt/1.0.32-1; Forwarded to https://github.com/WebAssembly/wabt/issues/2180; Filed 55 days ago; Modified 20 days ago;
#1035951 [i|Su|↝] [src:yasm] yasm: CVE-2023-29579
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:45:01 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/yasm/yasm/issues/214; Filed 51 days ago; Modified 51 days ago;
#1036294 [i|USu|↝] [src:sysstat] sysstat: CVE-2023-33204
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 18 May 2023 19:36:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version sysstat/12.6.1-1; Forwarded to https://github.com/sysstat/sysstat/pull/360; Filed 44 days ago; Modified 20 days ago;
#1036295 [i|USu|↝] [src:etcd] etcd: CVE-2023-32082
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 18 May 2023 19:45:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version etcd/3.4.23-4; Forwarded to https://github.com/etcd-io/etcd/pull/15656; Filed 44 days ago; Modified 20 days ago;
#1036995 [i|Su|☺↝] [src:openldap] openldap: CVE-2023-2953
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 31 May 2023 19:18:01 UTC; Severity: important; Tags: security, upstream; Found in versions openldap/2.5.11+dfsg-1~exp1, openldap/2.5.13+dfsg-5; Fixed in version openldap/2.6.4+dfsg-1~exp1; Forwarded to https://bugs.openldap.org/show_bug.cgi?id=9904; Filed 31 days ago; Modified 30 days ago;
#1036999 [i|USu|↝] [src:imagemagick] imagemagick: CVE-2023-34151
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 31 May 2023 20:18:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.6; Forwarded to https://github.com/ImageMagick/ImageMagick/issues/6341; Filed 31 days ago; Modified 20 days ago;
#1037093 [i|Su|↝] [src:libarchive] libarchive: CVE-2023-30571
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 4 Jun 2023 13:09:01 UTC; Severity: important; Tags: security, upstream; Found in version libarchive/3.6.2-1; Forwarded to https://github.com/libarchive/libarchive/issues/1876; Filed 27 days ago; Modified 27 days ago;
#1037432 [i|USu|↝] [src:syncthing] syncthing: CVE-2022-46165: XSS in Web GUI
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 12 Jun 2023 19:45:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version syncthing/1.19.2~ds1-1; Forwarded to https://github.com/syncthing/syncthing/pull/8923; Filed 19 days ago; Modified 9 days ago;
#1037530 [i|USu|↝] [src:golang-github-gin-gonic-gin] golang-github-gin-gonic-gin: CVE-2023-29401
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 13 Jun 2023 20:39:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version golang-github-gin-gonic-gin/1.8.1-1; Forwarded to https://github.com/gin-gonic/gin/issues/3555; Filed 18 days ago; Modified 9 days ago;
#1038663 [i|Su|↝] [src:jtidy] jtidy: CVE-2023-34623
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 19 Jun 2023 19:21:02 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/trajano/jtidy/issues/4; Filed 12 days ago; Modified 12 days ago;
#1038950 [i|USu|↝] [src:ruby-doorkeeper] ruby-doorkeeper: CVE-2023-34246
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 23 Jun 2023 15:12:05 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/doorkeeper-gem/doorkeeper/issues/1589; Filed 8 days ago;
#1038951 [i|USu|↝] [src:fdkaac] fdkaac: CVE-2023-34823 CVE-2023-34824
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 23 Jun 2023 15:15:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/nu774/fdkaac/issues/55; Filed 8 days ago;
#1038977 [i|USu|↝] [src:flvmeta] flvmeta: CVE-2023-36243
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 23 Jun 2023 21:09:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version flvmeta/1.2.1-1; Forwarded to https://github.com/noirotm/flvmeta/issues/19; Filed 8 days ago;
#1039991 [i|Su|↝] [src:libxml2] libxml2: CVE-2022-2309
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jun 2023 17:24:01 UTC; Severity: important; Tags: security, upstream; Found in versions libxml2/2.9.10+dfsg-1, libxml2/2.9.10+dfsg-6.7+deb11u4, libxml2/2.9.14+dfsg-1.2; Forwarded to https://gitlab.gnome.org/GNOME/libxml2/-/issues/378;

Forwarded bugs -- Normal bugs (37 bugs)

#136093 [n|S|↝] [uudeview] uudeview bufer overflow
Reported by: rusmir@tula.net; Date: Wed, 27 Feb 2002 20:48:02 UTC; Severity: normal; Tags: security; Found in version 0.5pl15; Forwarded to fp@fpx.de; Filed 21 years and 129 days ago; Modified 6 years and 338 days ago;
#330907 [n|UHSu|↝] [vte] [CAN-2005-0023] /usr/sbin/gnome-pty-helper: writes arbitrary utmp records
Reported by: Paul Szabo <psz@maths.usyd.edu.au>; Date: Mon, 19 Sep 2005 23:18:01 UTC; Severity: normal; Tags: fixed-upstream, help, security, upstream; Forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=317312; Filed 17 years and 289 days ago; Modified 6 years and 221 days ago;
#355192 [n|S|☺↝] [sylpheed] sylpheed: fails to alert the user when a POP3s server SSL certificate is expired
Reported by: Francesco Poli <invernomuto@paranoici.org>; Date: Fri, 3 Mar 2006 23:18:13 UTC; Severity: normal; Tags: security; Found in versions sylpheed/2.4.7-1, sylpheed/2.4.5-1, sylpheed/3.2.0~beta3-1, sylpheed/1.0.4-1sarge1, sylpheed/2.5.0~beta1-1; Fixed in version sylpheed/3.0.0~beta3+svn2374-1; Forwarded to sylpheed@sraoss.jp; Filed 17 years and 124 days ago; Modified 11 years and 252 days ago;
#506906 [n|US|↝] [evolution] [evolution] evolutions ssl certificate warnings are less than usefull
Reported by: Matthias Bläsing <matthias.blaesing@rwth-aachen.de>; Date: Tue, 25 Nov 2008 20:33:01 UTC; Severity: normal; Tags: fixed-upstream, security; Found in version evolution/2.22.3.1-1; Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=470441; Filed 14 years and 221 days ago; Modified 10 years and 104 days ago;
#559775 [n|S|↝] [imagemagick] imagemagick: CVE-2008-3134 denial-of-service
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Mon, 7 Dec 2009 01:06:01 UTC; Severity: normal; Tags: security; Found in version imagemagick/7:6.2.4.5.dfsg1-0.14; Forwarded to http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=15257; Filed 13 years and 210 days ago; Modified 13 years and 184 days ago;
#584621 [n|S|↝] [blender] blender: possible symlink attack
Reported by: Paul Wise <pabs@debian.org>; Date: Sat, 5 Jun 2010 06:30:02 UTC; Severity: normal; Tags: security; Found in versions blender/2.50~alpha~0~svn24834-2, blender/2.63a-1, blender/2.71+dfsg0-1; Forwarded to https://projects.blender.org/tracker/index.php?func=detail&aid=22509&group_id=9&atid=498; Filed 13 years and 29 days ago; Modified 8 years and 331 days ago;
#599676 [n|Su|↝] [missingh] secureAbsNormPath isn't secure
Reported by: Joey Hess <joeyh@debian.org>; Date: Sun, 10 Oct 2010 01:51:01 UTC; Severity: normal; Tags: security, upstream; Found in version 1.1.0.3-3; Forwarded to https://github.com/jgoerzen/missingh/issues/6; Filed 12 years and 267 days ago; Modified 12 years and 15 days ago;
#677418 [n|Su☹|↝] [gpm] gpm shares its clipboard among different users
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Wed, 13 Jun 2012 20:45:01 UTC; Severity: normal; Tags: security, upstream, wontfix; Found in versions 1.10-4, gpm/1.20.4-6; Forwarded to Nico Schottelius <nico-gpm@schottelius.org>; Filed 11 years and 20 days ago; Modified 5 years and 285 days ago;
#700235 [n|S|=↝] [xserver-xorg-video-nouveau] xserver-xorg-video-nouveau: uninitialized video memory or garbled images on login screen (lightdm)
Reported by: Andrei POPESCU <andreimpopescu@gmail.com>; Date: Sun, 10 Feb 2013 11:18:05 UTC; Severity: normal; Tags: security; Merged with 732854; Found in versions xserver-xorg-video-nouveau/1:1.0.11-1, xserver-xorg-video-nouveau/1:1.0.10-1, xserver-xorg-video-nouveau/1:1.0.1-5; Forwarded to https://gitlab.freedesktop.org/xorg/driver/xf86-video-nouveau/issues/81; Filed 10 years and 143 days ago; Modified 3 years and 209 days ago;
#725357 [n|US|↝] [systemd] CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts
Reported by: Moritz Muehlenhoff <jmm@inutil.org>; Date: Fri, 4 Oct 2013 13:51:01 UTC; Severity: normal; Tags: fixed-upstream, security; Forwarded to https://bugzilla.redhat.com/show_bug.cgi?id=859060; Filed 9 years and 272 days ago; Modified 5 years and 80 days ago;
#765017 [n|US|↝] [spice-client-glib-usb-acl-helper] SECURITY - normal users are allowed full access to USB devices per default
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Sat, 11 Oct 2014 22:45:06 UTC; Severity: normal; Tags: fixed-upstream, security; Found in version spice-gtk/0.28-1; Forwarded to https://bugzilla.redhat.com/show_bug.cgi?id=1151798; Filed 8 years and 265 days ago; Modified 1 year and 249 days ago;
#776268 [n|S|↝] [src:perl] perl: CVE-2011-4116 unsafe traversal of symlinks
Reported by: Michael Gilbert <mgilbert@debian.org>; Date: Mon, 26 Jan 2015 03:42:02 UTC; Severity: normal; Tags: security; Forwarded to https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14; Filed 8 years and 158 days ago; Modified 7 years and 70 days ago;
#824610 [n|Su|↝] [rkhunter] rkhunter: SSH PermitRootLogin is fragile and incomplete
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Wed, 18 May 2016 01:03:01 UTC; Severity: normal; Tags: security, upstream; Found in version rkhunter/1.4.2-5; Forwarded to https://sourceforge.net/p/rkhunter/bugs/151/; Filed 7 years and 46 days ago; Modified 7 years and 46 days ago;
#844732 [n|Su☹|↝] [src:dokuwiki] dokuwiki: CVE-2016-7965
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 18 Nov 2016 14:06:01 UTC; Severity: normal; Tags: security, upstream, wontfix; Found in version dokuwiki/0.0.20160626.a-1; Forwarded to https://github.com/splitbrain/dokuwiki/issues/1709; Filed 6 years and 226 days ago; Modified 1 year and 102 days ago;
#869702 [n|USu|↝] [src:rbenv] rbenv: CVE-2017-1000047
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 25 Jul 2017 19:12:02 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in version rbenv/1.0.0-1; Forwarded to https://github.com/rbenv/rbenv/issues/977; Filed 5 years and 342 days ago; Modified 4 years and 89 days ago;
#880868 [n|Su|↝] [src:wordpress] wordpress: CVE-2012-6707
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 5 Nov 2017 08:54:01 UTC; Severity: normal; Tags: security, upstream; Found in versions wordpress/4.1+dfsg-1, wordpress/4.8.3+dfsg-1; Forwarded to https://core.trac.wordpress.org/ticket/21022; Filed 5 years and 239 days ago; Modified 4 years and 151 days ago;
#906565 [n|Su|↝] [src:wordpress] wordpress: CVE-2018-14028
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 18 Aug 2018 21:15:57 UTC; Severity: normal; Tags: security, upstream; Found in version wordpress/4.9.7+dfsg1-1; Forwarded to https://core.trac.wordpress.org/ticket/44710; Filed 4 years and 318 days ago; Modified 3 years and 258 days ago;
#914154 [n|Su|↝] [gnome-keyring] CVE-2018-19358
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 19 Nov 2018 22:51:02 UTC; Severity: normal; Tags: security, upstream; Found in version gnome-keyring/3.28.2-1; Forwarded to https://gitlab.gnome.org/GNOME/gnome-keyring/issues/5; Filed 4 years and 225 days ago; Modified 4 years and 183 days ago;
#919428 [n|Su|↝] [src:flex] flex: CVE-2019-6293: stack consumption
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 15 Jan 2019 20:42:01 UTC; Severity: normal; Tags: security, upstream; Found in version flex/2.6.4-6.2; Forwarded to https://github.com/westes/flex/issues/414; Filed 4 years and 168 days ago; Modified 4 years and 168 days ago;
#925284 [n|USu|↝] [src:graphviz] graphviz: CVE-2019-9904
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 22 Mar 2019 13:15:02 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in version graphviz/2.40.1-5; Forwarded to https://gitlab.com/graphviz/graphviz/issues/1512; Filed 4 years and 102 days ago; Modified 2 years and 84 days ago;
#926724 [n|USu|↝] [src:graphviz] graphviz: CVE-2019-11023
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 9 Apr 2019 16:21:02 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in versions graphviz/2.40.1-6, graphviz/2.40.1-5; Forwarded to https://gitlab.com/graphviz/graphviz/issues/1517; Filed 4 years and 84 days ago; Modified 3 years and 16 days ago;
#929365 [n|Su|↝] [src:qemu] qemu: CVE-2019-12247: qemu-guest-agent: integer overflow while running guest-exec command
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 22 May 2019 12:45:01 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:3.1+dfsg-7; Forwarded to https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html; Filed 4 years and 41 days ago; Modified 2 years and 204 days ago;
#929990 [n|USu|↝] [src:apparmor] apparmor: CVE-2016-1585: mount rules grant excessive permissions
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 4 Jun 2019 19:33:01 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in versions apparmor/2.11.0-3+deb9u2, apparmor/2.11.0-1, apparmor/2.13.2-10; Forwarded to https://bugs.launchpad.net/apparmor/+bug/1597017; Filed 4 years and 28 days ago; Modified 38 days ago;
#964033 [n|US|↝] [dirmngr] /usr/bin/dirmngr: dane key location doesn't validate DNSSEC
Reported by: Uwe Kleine-König <ukleinek@debian.org>; Date: Tue, 30 Jun 2020 19:09:04 UTC; Severity: normal; Tags: fixed-upstream, security; Found in version gnupg2/2.2.20-1; Forwarded to https://dev.gnupg.org/T4618; Filed 3 years and 1 day ago; Modified 20 days ago;
#970939 [n|Su|↝] [src:qemu] qemu: CVE-2020-25741: fdc: null pointer dereference during r/w data transfer
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Sep 2020 20:33:01 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:5.1+dfsg-4; Forwarded to https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html; Filed 2 years and 279 days ago; Modified 197 days ago;
#970940 [n|Su|↝] [src:qemu] qemu: CVE-2020-25743: ide: null pointer dereference while cancelling i/o operation
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 25 Sep 2020 20:39:01 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:5.1+dfsg-4; Forwarded to https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html; Filed 2 years and 279 days ago; Modified 197 days ago;
#971390 [n|Su|↝] [src:qemu] qemu: CVE-2020-25742: scsi: lsi: null pointer dereference during memory move
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 29 Sep 2020 19:15:02 UTC; Severity: normal; Tags: security, upstream; Found in version qemu/1:5.1+dfsg-4; Forwarded to https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html; Filed 2 years and 275 days ago; Modified 197 days ago;
#972099 [n|Su|↝] [qemu] qemu: CVE-2019-12067: ahci: possible null dereference in ahci_commit_buf
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Oct 2020 17:51:01 UTC; Severity: normal; Tags: security, upstream; Forwarded to https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html; Filed 2 years and 262 days ago; Modified 197 days ago;
#978644 [n|Su|↝] [dracut-core] Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks from Dracut Initramfs
Reported by: Patrick Schleizer <adrelanos@riseup.net>; Date: Tue, 29 Dec 2020 17:06:02 UTC; Severity: normal; Tags: security, upstream; Forwarded to https://www.github.com/dracutdevs/dracut/issues/997; Filed 2 years and 184 days ago; Modified 2 years and 184 days ago;
#989008 [n|Su|↝] [dmg2img] CVE-2021-32614
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sun, 23 May 2021 09:21:01 UTC; Severity: normal; Tags: security, upstream; Forwarded to https://github.com/Lekensteyn/dmg2img/issues/11; Filed 2 years and 39 days ago; Modified 2 years and 39 days ago;
#1014526 [n|S|↝] [src:libsixel] libsixel: CVE-2022-29977
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 15:33:01 UTC; Severity: normal; Tags: security; Forwarded to https://github.com/libsixel/libsixel/issues/62; Filed 359 days ago; Modified 358 days ago;
#1014527 [n|Su|↝] [src:libsixel] libsixel: CVE-2022-29978
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 15:33:04 UTC; Severity: normal; Tags: security, upstream; Forwarded to https://github.com/libsixel/libsixel/issues/63; Filed 359 days ago; Modified 358 days ago;
#1014586 [n|Su|↝] [src:giflib] giflib: CVE-2021-40633
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 8 Jul 2022 12:21:01 UTC; Severity: normal; Tags: security, upstream; Forwarded to https://sourceforge.net/p/giflib/bugs/157/; Filed 358 days ago; Modified 358 days ago;
#1017751 [n|USu|↝] [src:fdkaac] fdkaac: CVE-2022-36148
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 19 Aug 2022 19:57:02 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in version fdkaac/1.0.0-1; Forwarded to https://github.com/nu774/fdkaac/issues/52; Filed 316 days ago; Modified 310 days ago;
#1019848 [n|S|↝] [mupdf] mupdf: insecure use of /var/tmp
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Wed, 14 Sep 2022 22:12:01 UTC; Severity: normal; Tags: security; Found in version mupdf/1.20.3+ds1-1; Forwarded to https://bugs.ghostscript.com/show_bug.cgi?id=705866; Filed 290 days ago; Modified 290 days ago;
#1033250 [n|Su|♙↝] [src:node-request] node-request: CVE-2023-28155
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 18:39:02 UTC; Severity: normal; Tags: security, upstream; Found in version node-request/2.88.1-6; Forwarded to https://github.com/request/request/issues/3442; Fix blocked by 956423: node-request: deprecated upstream: should not be part of next stable Debian release; Filed 103 days ago; Modified 102 days ago;
#1035109 [n|USu|↝] [src:perl] perl: CVE-2023-31484
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 29 Apr 2023 20:21:01 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in version perl/5.36.0-7; Forwarded to https://github.com/andk/cpanpm/pull/175; Filed 63 days ago; Modified 20 days ago;

Forwarded bugs -- Minor bugs (3 bugs)

#827340 [m|Su|↝] [src:linux] linux: CVE-2010-5321 memory leak in videobuf on multiple calls to mmap()
Reported by: Petter Reinholdtsen <pere@hungry.com>; Date: Wed, 15 Jun 2016 06:51:01 UTC; Severity: minor; Tags: security, upstream; Found in versions linux/4.6.2-1, linux/3.2.41-2, linux/3.2.78-1; Forwarded to https://bugzilla.kernel.org/show_bug.cgi?id=120571; Filed 7 years and 17 days ago; Modified 7 years and 14 days ago;
#859025 [m|USu|↝] [src:imagemagick] imagemagick: CVE-2017-7275
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 29 Mar 2017 16:36:01 UTC; Severity: minor; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/ImageMagick/ImageMagick/issues/271; Filed 6 years and 95 days ago; Modified 5 years and 298 days ago;
#863016 [m|USu|↝] [src:poppler] poppler: CVE-2017-9083
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 20 May 2017 08:33:02 UTC; Severity: minor; Tags: fixed-upstream, security, upstream; Found in version poppler/0.26.5-2; Forwarded to https://bugs.freedesktop.org/show_bug.cgi?id=101084; Filed 6 years and 43 days ago; Modified 5 years and 74 days ago;

Forwarded bugs -- Wishlist items (7 bugs)

#258392 [w|Su|↝] [lftp] lftp should support encrypted passwords in bookmarks
Reported by: LT-P <LT-P@LT-P.net>; Date: Fri, 9 Jul 2004 11:18:02 UTC; Severity: wishlist; Tags: security, upstream; Found in version 3.0.5-1; Forwarded to https://github.com/lavv17/lftp/issues/373; Filed 18 years and 361 days ago; Modified 5 years and 334 days ago;
#328228 [w|S|↝] [tar] tar: CAN-2005-2541: Should warn when extracting setuid/setgid files
Reported by: Martin Pitt <mpitt@debian.org>; Date: Wed, 14 Sep 2005 09:18:04 UTC; Severity: wishlist; Tags: security; Found in version tar/1.15.1-2; Forwarded to bug-tar@gnu.org; Filed 17 years and 294 days ago; Modified 17 years and 293 days ago;
#426410 [w|S|↝] [src:bluez] bluez-utils: Once paired, a device is granted all accesses
Reported by: Vincent Bernat <bernat@luffy.cx>; Date: Mon, 28 May 2007 15:24:01 UTC; Severity: wishlist; Tags: security; Found in version bluez/3.7-1; Forwarded to bluez-devel@lists.sf.net; Filed 16 years and 38 days ago; Modified 4 years and 56 days ago;
#809067 [w|S|↝] [lightdm] lightdm should no longer run the Xorg server as root
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Sat, 26 Dec 2015 22:09:01 UTC; Severity: wishlist; Tags: security; Found in version lightdm/1.16.6-1; Forwarded to https://bugs.launchpad.net/lightdm/+bug/1292324; Filed 7 years and 189 days ago; Modified 7 years and 187 days ago;
#971367 [w|S|↝] [mariadb-server] mariadb-10.5 should not embed wolfssl
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Tue, 29 Sep 2020 14:12:01 UTC; Severity: wishlist; Tags: security; Found in version 1.10.6.5-1; Forwarded to https://jira.mariadb.org/browse/MDEV-21835; Filed 2 years and 275 days ago; Modified 98 days ago;
#981520 [w|Su|↝] [minigalaxy] minigalaxy: Shows a browser login window without any proof of origin (no URL, no HTTPS indicator, no chance to review SSL certificate, etc.)
Reported by: Axel Beckert <abe@debian.org>; Date: Sun, 31 Jan 2021 23:45:02 UTC; Severity: wishlist; Tags: security, upstream; Found in version minigalaxy/1.0.1-1; Forwarded to https://github.com/sharkwouter/minigalaxy/issues/282; Filed 2 years and 151 days ago; Modified 2 years and 148 days ago;
#1004140 [w|U+Su|↝] [python3-certbot-apache] [certbot-apache] Bad SSLHonorCipherOrder
Reported by: "Jean-Michel Vourgère" <jean-michel.vourgere@greenpeace.org>; Date: Fri, 21 Jan 2022 16:18:01 UTC; Severity: wishlist; Tags: fixed-upstream, patch, security, upstream; Found in version python-certbot-apache/1.10.1-1; Forwarded to https://github.com/certbot/certbot/issues/9180; Filed 1 year and 161 days ago; Modified 1 year and 155 days ago;

Pending Upload bugs -- Important bugs (2 bugs)

#1024395 [i|PS| ] [grub-efi-amd64-bin] grub-efi-amd64-signed: after upgrade to 1+2.06+5 I get errors when booting (although I manage to boot)
Reported by: Eric Valette <eric.valette@free.fr>; Date: Fri, 18 Nov 2022 18:33:01 UTC; Severity: important; Tags: pending, security; Found in versions 1+2.06+3~deb11u4, 1+2.06+5; Filed 225 days ago; Modified 202 days ago;
#1033165 [i|PSu| ] [src:dnsmasq] dnsmasq: CVE-2023-28450
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 18 Mar 2023 19:54:02 UTC; Severity: important; Tags: pending, security, upstream; Found in version dnsmasq/2.89-1; Filed 105 days ago; Modified 97 days ago;

Pending Upload bugs -- Normal bugs (2 bugs)

#1027164 [n|UPSu|☺↝] [src:imagemagick] imagemagick: CVE-2021-3574
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 18:57:01 UTC; Severity: normal; Tags: fixed-upstream, pending, security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.3; Fixed in version imagemagick/8:6.9.12.20+dfsg1-1; Forwarded to https://github.com/ImageMagick/ImageMagick/issues/3540; Filed 185 days ago; Modified 20 days ago;
#1031267 [n|+PS| ] [debian-goodies] debmany: CVE-2023-27635: shell injection
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 14 Feb 2023 09:57:01 UTC; Severity: normal; Tags: confirmed, patch, pending, security; Found in version debian-goodies/0.88.1; Filed 137 days ago; Modified 117 days ago;

Pending Upload bugs -- Wishlist items (1 bug)

#913772 [w|PS| ] [pristine-tar] pristine-tar: please add -S (sign commit) option
Reported by: Thorsten Glaser <tg@mirbsd.de>; Date: Wed, 14 Nov 2018 23:33:02 UTC; Severity: wishlist; Tags: pending, security; Found in version pristine-tar/1.45; Filed 4 years and 230 days ago; Modified 3 years and 248 days ago;

Resolved bugs -- Critical bugs (1 bug)

#1023688 [C|+S|☺] [fcgiwrap] improper permissions on fcgiwrap systemd socket lead to privilege escalation to www-data under default config
Reported by: Anton Luka Šijanec <anton@sijanec.eu>; Date: Tue, 8 Nov 2022 19:09:01 UTC; Severity: critical; Tags: patch, security; Found in version fcgiwrap/1.1.0-12; Fixed in version fcgiwrap/1.1.0-14; Done: Jordi Mallach <jordi@debian.org>; Can be archived in 7 days; Filed 235 days ago; Modified 194 days ago;

Resolved bugs -- Grave functionality bugs (51 bugs)

#796495 [G|S|☺] [yubiserver] yubiserver: multiple vulnerabilities, affecting old/stable?
Reported by: Raphael Geissert <geissert@debian.org>; Date: Sat, 22 Aug 2015 08:12:02 UTC; Severity: grave; Tags: security; Found in versions yubiserver/0.5-2, yubiserver/0.2-2; Fixed in version yubiserver/0.6-1; Filed 7 years and 315 days ago; Modified 7 years and 181 days ago;
#935548 [G|Su|☺] [src:libxml-security-java] libxml-security-java: CVE-2019-12400
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 23 Aug 2019 20:18:01 UTC; Severity: grave; Tags: bullseye-ignore, security, upstream; Found in version libxml-security-java/2.0.10-2; Fixed in version libxml-security-java/2.1.7-1; Done: Markus Koschany <apo@debian.org>; Can be archived in 7 days; Filed 3 years and 313 days ago; Modified 1 year and 281 days ago;
#956712 [G|Su|=☺] [emacs] emacs: https to plain http downgrade after unhandled GNUTLS_E_AGAIN error in TLS1.3 connection
Reported by: Heenec <heenec@firemail.cc>; Date: Tue, 14 Apr 2020 15:51:02 UTC; Severity: grave; Tags: security, upstream; Merged with 969971; Found in version emacs/1:26.1+1-3.2+deb10u1; Fixed in version emacs/1:26.3+1-2; Filed 3 years and 78 days ago; Modified 2 years and 129 days ago;
#969213 [G|USu|☺↝] [src:rust-rgb] rust-rgb: CVE-2020-25016: RUSTSEC-2020-0029: Allows viewing and modifying arbitrary structs as bytes
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 29 Aug 2020 11:51:02 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version rust-rgb/0.8.11-1; Fixed in version rust-rgb/0.8.36-1; Forwarded to https://github.com/kornelski/rust-rgb/issues/35; Done: Peter Michael Green <plugwash@debian.org>; Can be archived in 7 days; Filed 2 years and 306 days ago; Modified 106 days ago;
#992045 [G|Su|☺↝] [cpio] CVE-2021-38185
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 9 Aug 2021 21:21:01 UTC; Severity: grave; Tags: security, upstream; Found in version cpio/2.13+dfsg-4; Fixed in version cpio/2.13+dfsg-5; Forwarded to https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html; Done: Anibal Monsalve Salazar <anibal@debian.org>; Can be archived in 7 days; Filed 1 year and 326 days ago; Modified 1 year and 325 days ago;
#992704 [G|Su|☺] [src:jupyter-notebook] jupyter-notebook: CVE-2021-32798
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 22 Aug 2021 15:09:01 UTC; Severity: grave; Tags: security, upstream; Found in version jupyter-notebook/6.2.0-1; Fixed in version jupyter-notebook/6.4.3-1; Done: Gordon Ball <gordon@chronitis.net>; Can be archived in 7 days; Filed 1 year and 313 days ago; Modified 1 year and 289 days ago;
#992710 [G|Su|☺] [src:sssd] sssd: CVE-2021-3621: shell command injection in sssctl
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 22 Aug 2021 15:54:01 UTC; Severity: grave; Tags: security, upstream; Found in versions sssd/2.4.1-2, sssd/1.16.3-3.2, sssd/1.16.3-1; Fixed in version sssd/2.5.2-1; Done: Timo Aaltonen <tjaalton@debian.org>; Can be archived in 7 days; Filed 1 year and 313 days ago; Modified 1 year and 288 days ago;
#994790 [G|USu|☺↝] [src:hcxtools] hcxtools: CVE-2021-32286
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Sep 2021 21:21:02 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version hcxtools/6.0.2-1; Fixed in version hcxtools/6.2.4-1; Forwarded to https://github.com/ZerBea/hcxtools/issues/155; Done: Paulo Roberto Alves de Oliveira (aka kretcheu) <kretcheu@gmail.com>; Can be archived in 7 days; Filed 1 year and 284 days ago; Modified 1 year and 249 days ago;
#994841 [G|Su|☺] [src:sqlparse] sqlparse: CVE-2021-32839
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 21 Sep 2021 19:06:02 UTC; Severity: grave; Tags: security, upstream; Found in version sqlparse/0.4.1-1; Fixed in version sqlparse/0.4.2-1; Done: Michael R. Crusoe <crusoe@debian.org>; Can be archived in 7 days; Filed 1 year and 283 days ago; Modified 1 year and 212 days ago;
#997977 [G|S|☺] [monopd] /lib/systemd/system/monopd.service:8: Special user nobody configured, this is not safe!
Reported by: "Jason L. Quinn" <jason.lee.quinn+debian@gmail.com>; Date: Thu, 28 Oct 2021 06:27:02 UTC; Severity: grave; Tags: security; Found in version monopd/0.10.2-4; Fixed in version monopd/0.10.2-5; Done: Markus Koschany <apo@debian.org>; Can be archived in 7 days; Filed 1 year and 246 days ago; Modified 1 year and 241 days ago;
#1001711 [G|USu|☺↝] [libtoxcore2] libtoxcore2: Stack-based buffer overflow vulnerability in UDP packet handling in Toxcore (CVE-2021-44847)
Reported by: Vincas Dargis <vindrg@gmail.com>; Date: Tue, 14 Dec 2021 18:15:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in versions libtoxcore/0.2.9-1, libtoxcore/0.2.12-1; Fixed in version libtoxcore/0.2.13-1; Forwarded to https://github.com/TokTok/c-toxcore/pull/1718; Done: Yangfl <mmyangfl@gmail.com>; Can be archived in 7 days; Filed 1 year and 199 days ago; Modified 1 year and 178 days ago;
#1003190 [G|USu|☺↝] [src:tcpslice] tcpslice: CVE-2021-41043: use-after-free in extract_slice()
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 5 Jan 2022 20:09:04 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in versions tcpslice/1.3-2, tcpslice/1.2a3-4; Fixed in version tcpslice/1.5-1; Forwarded to https://github.com/the-tcpdump-group/tcpslice/issues/11; Done: Bruno Naibert de Campos <bruno.naibert@gmail.com>; Can be archived in 7 days; Filed 1 year and 177 days ago; Modified 1 year and 30 days ago;
#1010152 [G|U+Su|☺↝] [emacs-gtk] emacs-gtk: tries to read a config file from another user's home dir
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Mon, 25 Apr 2022 12:30:01 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version emacs/1:27.1+1-3.1; Fixed in version emacs/1:28.1+1-1; Forwarded to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=42827; Filed 1 year and 67 days ago; Modified 229 days ago;
#1010347 [G|+S|☺] [src:cloudcompare] cloudcompare: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib
Reported by: Neil Williams <codehelp@debian.org>; Date: Fri, 29 Apr 2022 10:09:04 UTC; Severity: grave; Tags: patch, security; Found in version cloudcompare/2.11.3-5; Fixed in version cloudcompare/2.11.3-7.1; Done: Adrian Bunk <bunk@debian.org>; Filed 1 year and 63 days ago; Modified 83 days ago;
#1010667 [G|U+Su|☺] [src:ruby-xmlhash] ruby-xmlhash: CVE-2022-21949 - Improper Restriction of XML External Entity Reference
Reported by: Neil Williams <codehelp@debian.org>; Date: Fri, 6 May 2022 13:09:02 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version ruby-xmlhash/1.3.6-2; Fixed in version ruby-xmlhash/1.3.6-3.1; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 1 year and 56 days ago; Modified 105 days ago;
#1011747 [G|Su|☺] [src:pyjwt] pyjwt: CVE-2022-29217 - Key confusion through non-blocklisted public key formats
Reported by: Neil Williams <codehelp@debian.org>; Date: Thu, 26 May 2022 09:45:01 UTC; Severity: grave; Tags: security, upstream; Found in versions pyjwt/2.3.0-1, pyjwt/1.7.1-2; Fixed in version pyjwt/2.4.0-1; Done: Daniele Tricoli <eriol@debian.org>; Can be archived in 7 days; Filed 1 year and 36 days ago; Modified 351 days ago;
#1012279 [G|Su|☺] [src:php-horde-turba] php-horde-turba: CVE-2022-30287
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 2 Jun 2022 20:33:02 UTC; Severity: grave; Tags: security, upstream; Found in version php-horde-turba/4.2.25-5; Fixed in version php-horde-turba/4.2.25-6; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 7 days; Filed 1 year and 29 days ago; Modified 1 year and 24 days ago;
#1014803 [G|Su|☺] [src:ruby-yajl] ruby-yajl: CVE-2022-24795
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 12 Jul 2022 09:15:05 UTC; Severity: grave; Tags: security, upstream; Found in version ruby-yajl/1.4.1-1; Fixed in version 1.4.3-1; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 354 days ago; Modified 258 days ago;
#1014807 [G|USu|☺↝] [src:ruby-jmespath] ruby-jmespath: CVE-2022-32511
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 12 Jul 2022 10:09:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Fixed in version 1.6.1-1; Forwarded to https://github.com/jmespath/jmespath.rb/pull/55; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 354 days ago; Modified 311 days ago;
#1014966 [G|Su|☺] [src:onionshare] onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 15 Jul 2022 12:06:01 UTC; Severity: grave; Tags: security, upstream; Fixed in versions onionshare/2.2-3+deb11u1, onionshare/2.5-1; Filed 351 days ago; Modified 216 days ago;
#1016140 [G|Su|☺] [src:rails] rails: CVE-2022-32224
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 27 Jul 2022 20:57:06 UTC; Severity: grave; Tags: security, upstream; Found in versions rails/2:6.0.3.7+dfsg-2, rails/2:6.1.4.7+dfsg-2; Fixed in version rails/2:6.1.6.1+dfsg-1; Done: Gabriela Pivetta <gpivetta99@gmail.com>; Can be archived in 7 days; Filed 339 days ago; Modified 312 days ago;
#1016974 [G|Su|☺] [src:sofia-sip] sofia-sip: CVE-2022-31001 CVE-2022-31002 CVE-2022-31003
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 10 Aug 2022 20:09:04 UTC; Severity: grave; Tags: security, upstream; Fixed in version sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-3; Done: Evangelos Ribeiro Tzaras <devrtz-debian@fortysixandtwo.eu>; Can be archived in 7 days; Filed 325 days ago; Modified 322 days ago;
#1021270 [G|U+Su|☺↝] [src:libmodbus] libmodbus: CVE-2022-0367
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 4 Oct 2022 19:42:01 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version libmodbus/3.1.6-2; Fixed in version libmodbus/3.1.6-2.1; Forwarded to https://github.com/stephane/libmodbus/issues/614; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 270 days ago; Modified 256 days ago;
#1023361 [G|Su|☺] [src:jupyter-core] jupyter-core: CVE-2022-39286: Execution with Unnecessary Privileges in JupyterApp
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 2 Nov 2022 21:12:01 UTC; Severity: grave; Tags: security, upstream; Found in versions jupyter-core/4.7.1-1, jupyter-core/4.11.1-1; Fixed in versions jupyter-core/4.11.2-1, jupyter-core/4.7.1-1+deb11u1; Done: Aron Xu <aron@debian.org>; Can be archived in 13 days; Filed 241 days ago; Modified 15 days ago;
#1023571 [G|Su|☺] [src:php-cas] php-cas: CVE-2022-39369: Service Hostname Discovery Exploitation
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 6 Nov 2022 20:15:02 UTC; Severity: grave; Tags: security, upstream; Found in versions php-cas/1.3.6-1, php-cas/1.3.8-1; Fixed in version php-cas/1.6.0-1; Done: Yadd <yadd@debian.org>; Can be archived in 7 days; Filed 237 days ago; Modified 236 days ago;
#1024632 [G|USu|☺] [erlang] erlang: CVE-2022-37026 Client Authentication Bypass
Reported by: Markus Koschany <apo@debian.org>; Date: Tue, 22 Nov 2022 13:39:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in version erlang/1:24.3.4.1+dfsg-1; Fixed in version erlang/1:24.3.4.5+dfsg-1; Filed 221 days ago; Modified 199 days ago;
#1026106 [G|+Su|☺↝] [src:pacparser] pacparser: CVE-2019-25078: memory overwrite issue for pacparser_find_proxy function
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 14 Dec 2022 19:57:01 UTC; Severity: grave; Tags: patch, security, upstream; Found in version pacparser/1.3.6-1.1; Fixed in version pacparser/1.3.6-1.4; Forwarded to https://github.com/manugarg/pacparser/issues/99; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 199 days ago; Modified 121 days ago;
#1027143 [G|Su|☺] [src:openimageio] openimageio: CVE-2022-36354 CVE-2022-38143 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 16:33:01 UTC; Severity: grave; Tags: security, upstream; Fixed in versions openimageio/2.2.10.1+dfsg-1+deb11u1, openimageio/2.4.7.1+dfsg-1; Filed 185 days ago; Modified 81 days ago;
#1029832 [G|Su|☺] [src:ruby-rack] ruby-rack: CVE-2022-44570 CVE-2022-44571 CVE-2022-44572
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 28 Jan 2023 13:09:05 UTC; Severity: grave; Tags: security, upstream; Found in version ruby-rack/2.2.4-2; Fixed in version ruby-rack/2.2.4-3; Done: Sruthi Chandran <srud@debian.org>; Filed 154 days ago; Modified 141 days ago;
#1029913 [G|HSu|☺] [texlive-pictures] texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability
Reported by: Frank Heckenbach <f.heckenbach@fh-soft.de>; Date: Sat, 28 Jan 2023 23:42:04 UTC; Severity: grave; Tags: help, security, upstream; Found in version texlive-base/2020.20210202-3; Fixed in version texlive-base/2022.20230122-2; Done: Hilmar Preusse <hille42@web.de>; Can be archived in 7 days; Filed 154 days ago; Modified 127 days ago;
#1030355 [G|Su|☺] [bash] heap overflow CVE-2022-3715
Reported by: Toni Mueller <toni@debian.org>; Date: Fri, 3 Feb 2023 12:33:02 UTC; Severity: grave; Tags: security, upstream; Found in versions bash/5.1-2, bash/5.1-2+deb11u1; Fixed in version bash/5.2-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 7 days; Filed 148 days ago; Modified 148 days ago;
#1030767 [G|Su|☺] [imagemagick] imagemagick: CVE-2022-44267 CVE-2022-44268
Reported by: Waylon Liu <gliuwr@gmail.com>; Date: Tue, 7 Feb 2023 11:09:02 UTC; Severity: grave; Tags: security, upstream; Found in versions imagemagick/8:6.9.11.60+dfsg-1.5, imagemagick/8:6.9.11.60+dfsg-1.3; Fixed in versions imagemagick/8:6.9.11.60+dfsg-1.3+deb11u1, imagemagick/8:6.9.11.60+dfsg-1.6; Done: Jeremy Bicha <jbicha@ubuntu.com>; Filed 144 days ago; Modified 135 days ago;
#1031370 [G|+Su|☺] [src:python-werkzeug] python-werkzeug: CVE-2023-23934 CVE-2023-25577
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 15 Feb 2023 21:36:02 UTC; Severity: grave; Tags: patch, security, upstream; Found in versions python-werkzeug/1.0.1+dfsg1-2, python-werkzeug/2.2.2-2; Fixed in version python-werkzeug/2.2.2-3; Done: Thomas Goirand <zigo@debian.org>; Can be archived in 7 days; Filed 136 days ago; Modified 71 days ago;
#1032091 [G|Su|☺] [src:py7zr] py7zr: CVE-2022-44900
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 19:48:11 UTC; Severity: grave; Tags: security, upstream; Fixed in version py7zr/0.11.3+dfsg-5; Done: Sandro Tosi <morph@debian.org>; Can be archived in 7 days; Filed 124 days ago; Modified 98 days ago;
#1032101 [G|Su|☺↝] [src:libheif] libheif: CVE-2023-0996
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 22:15:02 UTC; Severity: grave; Tags: security, upstream; Fixed in version libheif/1.15.1-1; Forwarded to https://github.com/strukturag/libheif/pull/759; Done: Sebastian Ramacher <sramacher@debian.org>; Can be archived in 7 days; Filed 124 days ago; Modified 122 days ago;
#1033340 [G|Su|☺] [src:redis] redis: CVE-2023-28425
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 22 Mar 2023 21:42:02 UTC; Severity: grave; Tags: security, upstream; Found in version redis/5:7.0.9-1; Fixed in version redis/5:7.0.10-1; Done: Chris Lamb <lamby@debian.org>; Filed 101 days ago; Modified 98 days ago;
#1033752 [G|Su|☺] [src:sniproxy] sniproxy: CVE-2023-25076
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 31 Mar 2023 18:39:01 UTC; Severity: grave; Tags: security, upstream; Found in version sniproxy/0.6.0-2; Fixed in versions sniproxy/0.6.0-2.1, sniproxy/0.6.0-2+deb11u1; Done: Thorsten Alteholz <debian@alteholz.de>; Can be archived in 7 days; Filed 92 days ago; Modified 33 days ago;
#1034835 [G|Su|☺] [src:git] git: CVE-2023-25652 CVE-2023-25815 CVE-2023-29007
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 25 Apr 2023 18:39:02 UTC; Severity: grave; Tags: security, upstream; Found in versions git/1:2.30.2-1+deb11u2, git/1:2.40.0-1, git/1:2.30.2-1; Fixed in version git/1:2.40.1-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 67 days ago; Modified 66 days ago;
#1035371 [G|+Su|☺] [src:libwebp] libwebp: CVE-2023-1999
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 2 May 2023 08:15:01 UTC; Severity: grave; Tags: patch, security, upstream; Found in versions libwebp/1.2.4-0.1, libwebp/0.6.1-2.1; Fixed in versions libwebp/1.2.4-0.2, libwebp/0.6.1-2.1+deb11u1; Done: Moritz Mühlenhoff <jmm@debian.org>; Can be archived in 7 days; Filed 60 days ago; Modified 34 days ago;
#1035542 [G|+Su|☺↝] [src:libreswan] libreswan: CVE-2023-30570: Incorrect aggressive mode interaction causes the pluto daemon to crash
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 5 May 2023 08:21:02 UTC; Severity: grave; Tags: patch, security, upstream; Found in versions libreswan/4.10-2, libreswan/3.28-1, libreswan/4.3-1+deb11u3; Fixed in versions libreswan/4.11-1, libreswan/4.10-2+deb12u1, libreswan/4.3-1+deb11u4; Forwarded to https://github.com/libreswan/libreswan/issues/1039; Done: Daniel Kahn Gillmor <dkg@fifthhorseman.net>; Filed 57 days ago; Modified 15 days ago;
#1035829 [G|Su|☺] [src:frr] frr: CVE-2022-43681 CVE-2022-40318 CVE-2022-40302
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 9 May 2023 19:21:02 UTC; Severity: grave; Tags: security, upstream; Fixed in version frr/8.4.1-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 26 days; Filed 53 days ago;
#1035875 [G|Su|☺] [osslsigncode] Arbitrary code execution vulnerability in versions < 2.3
Reported by: Lee Garrett <debian@rocketjump.eu>; Date: Wed, 10 May 2023 12:21:01 UTC; Severity: grave; Tags: security, upstream; Found in version osslsigncode/2.1-1; Fixed in version osslsigncode/2.3.0-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 17 days; Filed 52 days ago; Modified 11 days ago;
#1035957 [G|Su|☺] [src:openjdk-17] openjdk-17: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:48:05 UTC; Severity: grave; Tags: security, upstream; Found in versions openjdk-17/17.0.6+10-1, openjdk-17/17.0.6+10-1~deb11u1; Fixed in version openjdk-17/17.0.7+7-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 51 days ago; Modified 22 days ago;
#1036224 [G|Su|☺] [src:cups-filters] cups-filters: CVE-2023-24805
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 17 May 2023 17:30:02 UTC; Severity: grave; Tags: security, upstream; Found in versions cups-filters/1.28.7-1, cups-filters/1.28.7-1+deb11u1, cups-filters/1.28.17-2; Fixed in versions cups-filters/1.28.17-3, cups-filters/1.28.7-1+deb11u2; Done: Thorsten Alteholz <debian@alteholz.de>; Can be archived in 7 days; Filed 45 days ago; Modified 34 days ago;
#1036279 [G|Su|☺↝] [src:dokuwiki] dokuwiki: CVE-2023-34408: XSS in RSS syntax
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Thu, 18 May 2023 13:21:04 UTC; Severity: grave; Tags: security, upstream; Found in version dokuwiki/0.0.20220731.a-1; Fixed in version dokuwiki/0.0.20220731.a-2; Forwarded to https://github.com/dokuwiki/dokuwiki/pull/3967; Done: Axel Beckert <abe@debian.org>; Can be archived in 2 days; Filed 44 days ago; Modified 26 days ago;
#1036281 [G|+Su|☺↝☣] [src:libraw] libraw: CVE-2023-1729
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 18 May 2023 13:24:01 UTC; Severity: grave; Tags: patch, security, upstream; Found in version libraw/0.20.2-2; Fixed in versions libraw/0.20.2-2.1, libraw/0.20.2-1+deb11u1; Forwarded to https://github.com/LibRaw/LibRaw/issues/557; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 44 days ago; Modified 33 days ago;
#1036706 [G|Su|☺↝] [src:xerial-sqlite-jdbc] xerial-sqlite-jdbc: CVE-2023-32697
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 24 May 2023 14:12:02 UTC; Severity: grave; Tags: security, upstream; Found in version xerial-sqlite-jdbc/3.40.1.0+dfsg-1; Fixed in versions xerial-sqlite-jdbc/3.42.0.0+dfsg-1, xerial-sqlite-jdbc/3.40.1.0+dfsg-1+deb12u1; Forwarded to https://github.com/xerial/sqlite-jdbc/issues/909; Done: Pierre Gruet <pgt@debian.org>; Filed 38 days ago;
#1036847 [G|Su|☺↝] [src:sofia-sip] sofia-sip: CVE-2023-32307: heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 27 May 2023 20:48:01 UTC; Severity: grave; Tags: security, upstream; Found in version sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-5; Fixed in versions sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-6, sofia-sip/1.12.11+20110422.1-2.1+deb11u2; Forwarded to https://github.com/freeswitch/sofia-sip/pull/214; Done: Moritz Mühlenhoff <jmm@debian.org>; Can be archived in 13 days; Filed 35 days ago; Modified 15 days ago;
#1037052 [G|+Su|☺] [src:minidlna] minidlna: CVE-2023-33476
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 2 Jun 2023 21:27:02 UTC; Severity: grave; Tags: patch, security, upstream; Found in versions minidlna/1.3.0+dfsg-2.2, minidlna/1.3.0+dfsg-2+deb11u1, minidlna/1.3.2+dfsg-1, minidlna/1.3.0+dfsg-2; Fixed in versions minidlna/1.3.2+dfsg-1.1, minidlna/1.3.0+dfsg-2.2+deb12u1, minidlna/1.3.0+dfsg-2+deb11u2; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 29 days ago;
#1038133 [G|Su|☺] [src:libx11] libx11: CVE-2023-3138
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 15 Jun 2023 19:39:02 UTC; Severity: grave; Tags: security, upstream; Found in version libx11/2:1.8.4-2; Fixed in versions libx11/2:1.8.6-1, libx11/2:1.8.4-2+deb12u1, libx11/2:1.7.2-1+deb11u1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 16 days ago;
#1038885 [G|Su|☺] [src:cups] cups: CVE-2023-34241: use-after-free in cupsdAcceptClient()
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 22 Jun 2023 14:24:01 UTC; Severity: grave; Tags: security, upstream; Found in version cups/2.4.2-4; Fixed in versions cups/2.4.2-5, cups/2.4.2-3+deb12u1, cups/2.3.3op2-3+deb11u3; Done: Thorsten Alteholz <debian@alteholz.de>; Can be archived in 26 days; Filed 9 days ago;

Resolved bugs -- Serious (policy violations or makes package unfit for release) (8 bugs)

#922981 [S|S|☺] [ca-certificates-java] ca-certificates-java: /etc/ca-certificates/update.d/jks-keystore doesn't update /etc/ssl/certs/java/cacerts
Reported by: Dom <thyzoul@gmail.com>; Date: Fri, 22 Feb 2019 15:09:02 UTC; Severity: serious; Tags: security; Found in versions ca-certificates-java/20170929~deb9u1, ca-certificates-java/20110425; Fixed in version ca-certificates-java/20220719; Done: Matthias Klose <doko@debian.org>; Can be archived in 7 days; Filed 4 years and 130 days ago; Modified 347 days ago;
#992058 [S|+Su|☺] [opensysusers] opensysusers: uses `eval` on data that is not supposed to be safe to eval (CVE-2021-40084)
Reported by: Ansgar <ansgar@debian.org>; Date: Tue, 10 Aug 2021 09:09:02 UTC; Severity: serious; Tags: patch, security, upstream; Found in version opensysusers/0.6-2; Fixed in version opensysusers/0.6-3; Done: Lorenzo Puliti <plorenzo@disroot.org>; Can be archived in 7 days; Filed 1 year and 325 days ago; Modified 1 year and 285 days ago;
#992297 [S|Su|☺] [src:gitit] gitit: CVE-2021-38711
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 16 Aug 2021 20:51:02 UTC; Severity: serious; Tags: security, upstream; Found in versions gitit/0.12.3.1+dfsg-1, gitit/0.13.0.0+dfsg-2; Fixed in version gitit/0.15.1.0+dfsg-1; Done: Scott Talbert <swt@techie.net>; Can be archived in 7 days; Filed 1 year and 319 days ago; Modified 1 year and 44 days ago;
#998206 [S|S|☺] [calendar] calendar: cronjob processes all users’ calendars as root, allowing information disclosure
Reported by: Thorsten Glaser <tg@mirbsd.de>; Date: Sun, 31 Oct 2021 23:39:02 UTC; Severity: serious; Tags: security; Found in version bsdmainutils/12.1.7+nmu3; Fixed in version bsdmainutils/12.1.8; Done: Michael Meskes <meskes@debian.org>; Can be archived in 7 days; Filed 1 year and 243 days ago; Modified 131 days ago;
#1014597 [S|Su|☺] [libitext5-java] libitext5-java: new version 5.5.13.3 addresses CVE-2021-43113
Reported by: Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de>; Date: Fri, 8 Jul 2022 14:21:02 UTC; Severity: serious; Tags: security, upstream; Found in versions libitext5-java/5.5.13.2-1, libitext5-java/5.5.13-1; Fixed in version libitext5-java/5.5.13.3-1; Done: tony mancill <tmancill@debian.org>; Can be archived in 7 days; Filed 358 days ago; Modified 356 days ago;
#1023818 [S|USu|☺] [vim] vim: buffer overflow in block_insert
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Thu, 10 Nov 2022 14:09:17 UTC; Severity: serious; Tags: fixed-upstream, security, upstream; Found in version vim/2:8.1.0875-5; Fixed in version vim/2:8.2.3455-1; Done: Helmut Grohne <helmut@subdivi.de>; Can be archived in 7 days; Filed 233 days ago; Modified 233 days ago;
#1031741 [S|+S|☺] [goxel] goxel: usage of sanitizers might introduce vulnerabilities
Reported by: Adrian Bunk <bunk@debian.org>; Date: Tue, 21 Feb 2023 19:15:01 UTC; Severity: serious; Tags: patch, security; Found in version goxel/0.10.6-1; Fixed in version goxel/0.11.0-1.1; Done: Adrian Bunk <bunk@debian.org>; Can be archived in 7 days; Filed 130 days ago; Modified 101 days ago;
#1032904 [S|Su|☺↝] [src:node-webpack] node-webpack: CVE-2023-28154
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 13 Mar 2023 19:27:02 UTC; Severity: serious; Tags: security, upstream; Found in version node-webpack/5.75.0+dfsg+~cs17.16.14-1; Fixed in versions node-webpack/5.76.1+dfsg1+~cs17.16.16-1, node-webpack/4.43.0-6+deb11u1; Forwarded to https://github.com/webpack/webpack/pull/16500; Done: Yadd <yadd@debian.org>; Filed 110 days ago; Modified 63 days ago;

Resolved bugs -- Important bugs (68 bugs)

#761879 [i|S|☺] [fotoxx] fotoxx: Insecure use of temporary files
Reported by: Steve Kemp <steve@steve.org.uk>; Date: Tue, 16 Sep 2014 13:18:02 UTC; Severity: important; Tags: security; Found in version fotoxx/11.11.1-1.1; Fixed in version fotoxx/14.10.2-1; Filed 8 years and 290 days ago; Modified 7 years and 87 days ago;
#787641 [i|Su|☺↝] [src:pcre3] pcre3: CVE-2015-3217
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 3 Jun 2015 17:06:01 UTC; Severity: important; Tags: security, upstream; Found in versions pcre3/2:8.35-5, pcre3/1:8.30-5; Fixed in version pcre3/2:8.38-1; Forwarded to https://bugs.exim.org/show_bug.cgi?id=1638; Filed 8 years and 30 days ago; Modified 7 years and 192 days ago;
#801236 [i|+S|☺] [src:httpcomponents-client] CVE-2015-5262: https calls ignore http.socket.timeout during SSL Handshake
Reported by: Guido Günther <agx@sigxcpu.org>; Date: Fri, 11 Sep 2015 13:15:02 UTC; Severity: important; Tags: patch, security; Found in version httpcomponents-client/4.0.1-1squeeze1; Fixed in version httpcomponents-client/4.4.1-1; Filed 7 years and 295 days ago; Modified 7 years and 269 days ago;
#815965 [i|+Su|☺↝] [src:cpio] cpio: reads out-of-bounds with cpio 2.11
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 26 Feb 2016 06:36:02 UTC; Severity: important; Tags: patch, security, upstream; Found in version cpio/2.11-4; Fixed in version cpio/2.13+dfsg-1; Forwarded to http://lists.gnu.org/archive/html/bug-cpio/2015-09/msg00002.html; Filed 7 years and 127 days ago; Modified 290 days ago;
#827564 [i|U+Su|☺↝] [src:pcre3] pcre3: Stack corruption from crafted pattern
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 17 Jun 2016 20:39:01 UTC; Severity: important; Tags: fixed-upstream, patch, security, upstream; Found in version pcre3/2:8.35-3.3; Fixed in version pcre3/2:8.39-1; Forwarded to https://bugs.exim.org/show_bug.cgi?id=1780; Filed 7 years and 15 days ago; Modified 6 years and 339 days ago;
#833823 [i|USu|☺] [src:openssh] CVE-2016-6515: CPU consumption via auth_password
Reported by: Guido Günther <agx@sigxcpu.org>; Date: Tue, 9 Aug 2016 05:15:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions openssh/1:7.2p2-8, openssh/1:6.0p1-4, openssh/1:6.0p1-1; Fixed in version openssh/1:7.3p1-1; Filed 6 years and 327 days ago; Modified 6 years and 326 days ago;
#891638 [i|Su|☺] [src:libcdio] libcdio: CVE-2017-18201: double free inget_cdtext_generic() in lib/driver/_cdio_generic.c.
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 27 Feb 2018 15:51:02 UTC; Severity: important; Tags: security, upstream; Found in version libcdio/1.0.0-1; Fixed in version libcdio/2.0.0-1; Filed 5 years and 125 days ago; Modified 5 years and 125 days ago;
#896491 [i|U+Su|☺↝] [src:yubico-pam] yubico-pam: CVE-2018-9275: Authfile Leaking File Descriptor
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 21 Apr 2018 17:21:02 UTC; Severity: important; Tags: fixed-upstream, patch, security, upstream; Found in version yubico-pam/2.18-1; Fixed in version yubico-pam/2.26-1; Forwarded to https://github.com/Yubico/yubico-pam/issues/136; Filed 5 years and 72 days ago; Modified 4 years and 332 days ago;
#908000 [i|S|☺] [zsh] zsh: CVE-2018-0502 + CVE-2018-13259: Two security bugs in shebang line parsing
Reported by: Axel Beckert <abe@debian.org>; Date: Wed, 5 Sep 2018 00:27:02 UTC; Severity: important; Tags: security; Found in versions zsh/5.5.1-1, zsh/5.3.1-4; Fixed in version zsh/5.6-1; Filed 4 years and 301 days ago; Modified 3 years and 136 days ago;
#922460 [i|US|☺↝] [src:libsixel] CVE-2019-3574
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 16 Feb 2019 12:36:01 UTC; Severity: important; Tags: fixed-upstream, security; Found in versions libsixel/1.5.2-2, libsixel/1.8.2-1; Fixed in versions libsixel/1.8.2-2, libsixel/1.8.2-1+deb10u1; Forwarded to https://github.com/saitoha/libsixel/issues/83; Filed 4 years and 136 days ago; Modified 3 years and 198 days ago;
#927711 [i|USu|☺↝] [telegram-desktop] CVE-2019-10044
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sun, 21 Apr 2019 20:21:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version telegram-desktop/1.5.11-1; Fixed in version telegram-desktop/1.8.4-1; Forwarded to https://github.com/telegramdesktop/tdesktop/issues/6331; Filed 4 years and 72 days ago; Modified 3 years and 295 days ago;
#942332 [i|USu|☺↝] [src:ansible] ansible: CVE-2019-14858: sub parameters marked as no_log are not masked in certain failure scenarios
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 14 Oct 2019 19:57:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions ansible/2.7.7+dfsg-1, ansible/2.7.8+dfsg-1, ansible/2.8.3+dfsg-1; Fixed in versions ansible/2.9.2+dfsg-1, ansible/2.8.6+dfsg-1; Forwarded to https://github.com/ansible/ansible/pull/63405; Filed 3 years and 261 days ago; Modified 3 years and 142 days ago;
#946983 [i|Su|☺] [src:ruby-rack] ruby-rack: CVE-2019-16782
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 18 Dec 2019 21:09:02 UTC; Severity: important; Tags: security, upstream; Found in versions ruby-rack/1.6.4-4+deb9u1, ruby-rack/2.0.6-3, ruby-rack/2.0.7-2, ruby-rack/1.6.4-1; Fixed in version ruby-rack/2.1.1-1; Filed 3 years and 196 days ago; Modified 3 years and 68 days ago;
#982593 [i|Su|☺] [src:godot] godot: CVE-2021-26825 CVE-2021-26826
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 12 Feb 2021 08:54:01 UTC; Severity: important; Tags: security, upstream; Found in version godot/3.2.3-stable-1; Fixed in version godot/3.5.1-stable-1; Done: Dominik George <natureshadow@debian.org>; Can be archived in 24 days; Filed 2 years and 139 days ago; Modified 146 days ago;
#985120 [i|Su|☺] [git] CVE-2021-21300 (was: Re: Accepted git 1:2.30.2-1 (source) into unstable)
Reported by: Jonathan Nieder <jrnieder@gmail.com>; Date: Sat, 13 Mar 2021 02:24:01 UTC; Severity: important; Tags: security, upstream; Found in versions git/1:2.20.1-2+deb10u3, git/1:2.20.1-1; Fixed in version git/1:2.30.2-1; Filed 2 years and 110 days ago; Modified 2 years and 110 days ago;
#985391 [i|USu|☺↝] [src:gnome-autoar] gnome-autoar: CVE-2021-28650
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 17 Mar 2021 08:39:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version gnome-autoar/0.2.4-3; Fixed in version gnome-autoar/0.3.1-1; Forwarded to https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12; Filed 2 years and 106 days ago; Modified 2 years and 24 days ago;
#990529 [i|Su|☺] [src:tesseract] tesseract: CVE-2021-36081
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 1 Jul 2021 11:51:06 UTC; Severity: important; Tags: security, upstream; Fixed in version tesseract/5.1.0-1; Filed 2 years ago; Modified 177 days ago;
#991331 [i|UHSu|☺] [src:sendmail] sendmail: CVE-2021-3618
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 20 Jul 2021 20:24:09 UTC; Severity: important; Tags: fixed-upstream, help, security, upstream; Found in versions sendmail/8.15.2-22, sendmail/8.14.1-1; Fixed in version sendmail/8.16.1-1; Filed 1 year and 346 days ago; Modified 278 days ago;
#996588 [i|Su|☺] [src:imagemagick] imagemagick: CVE-2021-39212
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 15 Oct 2021 20:03:00 UTC; Severity: important; Tags: security, upstream; Found in version imagemagick/8:6.9.11.60+dfsg-1.3; Fixed in version imagemagick/8:6.9.11.60+dfsg-1.5; Done: Jeremy Bicha <jbicha@ubuntu.com>; Filed 1 year and 259 days ago; Modified 146 days ago;
#1006759 [i|S|☺] [src:ruby-commonmarker] ruby-commonmarker: CVE-2022-24724 - integer overflow prior to 0.29.0.gfm.3 and 0.28.3.gfm.21 in cmark extension
Reported by: Neil Williams <codehelp@debian.org>; Date: Fri, 4 Mar 2022 11:51:01 UTC; Severity: important; Tags: security; Found in version ruby-commonmarker/0.23.2-2; Fixed in version ruby-commonmarker/0.23.4-1; Filed 1 year and 119 days ago; Modified 176 days ago;
#1009636 [i|S|☺] [src:ruby-devise-two-factor] ruby-devise-two-factor: CVE-2021-43177 - possible reuse of OTP due to incomplete fix for CVE-2015-7225
Reported by: Neil Williams <codehelp@debian.org>; Date: Wed, 13 Apr 2022 10:21:02 UTC; Severity: important; Tags: security; Found in version ruby-devise-two-factor/2.0.0-1; Fixed in version ruby-devise-two-factor/4.0.2-1; Filed 1 year and 79 days ago; Modified 247 days ago;
#1009735 [i|Su|☺] [src:neomutt] neomutt: CVE-2022-1328
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 15 Apr 2022 19:30:02 UTC; Severity: important; Tags: security, upstream; Found in version neomutt/20211029+dfsg1-1; Fixed in version neomutt/20220429+dfsg1-1; Filed 1 year and 77 days ago; Modified 256 days ago;
#1009879 [i|USu|☺↝] [src:pypdf2] pypdf2: CVE-2022-24859: Manipulated inline images can cause Infinite Loop
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 19 Apr 2022 19:18:21 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions pypdf2/1.26.0-4, pypdf2/1.26.0-2; Fixed in versions pypdf2/1.26.0-2+deb9u1, pypdf2/1.27.9-1; Forwarded to https://github.com/py-pdf/PyPDF2/issues/329; Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>; Can be archived in 5 days; Filed 1 year and 73 days ago; Modified 23 days ago;
#1010974 [i|S|☺] [src:db5.3] db5.3: CVE-2019-8457 in embedded sqlite3 copy
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Sat, 4 May 2019 18:30:02 UTC; Severity: important; Tags: security; Found in version db5.3/5.3.28+dfsg1-0.6; Fixed in version db5.3/5.3.28+dfsg1-0.9; Filed 4 years and 59 days ago; Modified 361 days ago;
#1014776 [i|Su|☺] [src:tinyobjloader] tinyobjloader: CVE-2020-28589
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 11 Jul 2022 19:21:01 UTC; Severity: important; Tags: security, upstream; Found in versions tinyobjloader/2.0.0~rc5+dfsg1-5, tinyobjloader/2.0.0~rc5+dfsg1-4; Fixed in version tinyobjloader/2.0.0~rc9+dfsg-1; Filed 355 days ago; Modified 295 days ago;
#1014810 [i|Su|☺] [src:owncloud-client] owncloud-client: CVE-2021-44537
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 12 Jul 2022 10:15:01 UTC; Severity: important; Tags: security, upstream; Found in version owncloud-client/2.6.3.14058+dfsg-1; Fixed in version owncloud-client/2.11.0.8354+dfsg-1; Filed 354 days ago; Modified 271 days ago;
#1016685 [i|Su|☺] [src:v4l2loopback] v4l2loopback: CVE-2022-2652 - leaking kernel memory via crafted card labels
Reported by: Neil Williams <codehelp@debian.org>; Date: Fri, 5 Aug 2022 08:45:02 UTC; Severity: important; Tags: security, upstream; Found in version v4l2loopback/0.12.5-1; Fixed in version v4l2loopback/0.12.7-1; Filed 330 days ago; Modified 327 days ago;
#1024017 [i|Su|☺↝] [src:pymatgen] pymatgen: CVE-2022-42964
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 13 Nov 2022 19:36:01 UTC; Severity: important; Tags: security, upstream; Fixed in version pymatgen/2023.06.23+dfsg1-1; Forwarded to https://github.com/materialsproject/pymatgen/issues/2755; Done: Drew Parsons <dparsons@debian.org>; Can be archived in 28 days; Filed 230 days ago;
#1029155 [i|+Su|☺↝] [src:qemu] qemu: CVE-2023-0330: A DMA-MMIO reentrancy problem in lsi53c895a device
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 18 Jan 2023 16:36:01 UTC; Severity: important; Tags: confirmed, patch, security, upstream; Fixed in version qemu/1:8.0.2+dfsg-1; Forwarded to https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html; Done: Michael Tokarev <mjt@tls.msk.ru>; Can be archived in 21 days; Filed 164 days ago; Modified 20 days ago;
#1031418 [i|Su|☺] [src:node-undici] node-undici: CVE-2023-23936 CVE-2023-24807
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 16 Feb 2023 21:45:02 UTC; Severity: important; Tags: security, upstream; Found in version node-undici/5.15.0+dfsg1+~cs20.10.9.3-1; Fixed in version node-undici/5.19.1+dfsg1+~cs20.10.9.5-1; Done: Yadd <yadd@debian.org>; Can be archived in 10 days; Filed 135 days ago; Modified 134 days ago;
#1033166 [i|Su|☺] [src:openssh] openssh: CVE-2023-28531
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 18 Mar 2023 19:57:02 UTC; Severity: important; Tags: security, upstream; Found in version openssh/1:9.2p1-2; Fixed in version openssh/1:9.3p1-1; Done: Colin Watson <cjwatson@debian.org>; Can be archived in 16 days; Filed 105 days ago; Modified 12 days ago;
#1033257 [i|Su|☺] [src:libde265] libde265: CVE-2023-27102 CVE-2023-27103
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:15:07 UTC; Severity: important; Tags: security, upstream; Found in version libde265/1.0.11-1; Fixed in version libde265/1.0.12-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 22 days; Filed 103 days ago; Modified 11 days ago;
#1033341 [i|Su|☺♙] [src:org-mode] org-mode: CVE-2023-28617
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 22 Mar 2023 21:42:21 UTC; Severity: important; Tags: security, upstream; Found in versions org-mode/9.5.2+dfsh-4, org-mode/9.4.0+dfsg-1; Fixed in versions org-mode/9.6.6+dfsg-1~exp1, org-mode/9.5.2+dfsh-5; Fix blocked by 1037175: [preapproval] bullseye-pu: package org-mode/9.4.0+dfsg-1+deb11u1; Filed 101 days ago; Modified 10 days ago;
#1033756 [i|USu|☺↝] [src:wireshark] wireshark: CVE-2023-1161
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 31 Mar 2023 19:03:05 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version wireshark/4.0.3-1; Fixed in versions wireshark/4.0.5-1~exp1, wireshark/4.0.6-1, wireshark/4.0.6-1~deb12u1; Forwarded to https://gitlab.com/wireshark/wireshark/-/issues/18839; Done: Balint Reczey <balint@balintreczey.hu>; Can be archived in 13 days; Filed 92 days ago; Modified 15 days ago;
#1033846 [i|USu|☺↝] [src:libjettison-java] libjettison-java: CVE-2023-1436
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 2 Apr 2023 19:03:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in versions libjettison-java/1.5.3-1~deb11u1, libjettison-java/1.5.3-1; Fixed in version libjettison-java/1.5.4-1; Forwarded to https://github.com/jettison-json/jettison/issues/60; Done: tony mancill <tmancill@debian.org>; Can be archived in 14 days; Filed 90 days ago; Modified 20 days ago;
#1033964 [i|Su|☺] [src:smarty3] smarty3: CVE-2023-28447: Cross site scripting vulnerability in Javascript escaping
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 5 Apr 2023 05:57:02 UTC; Severity: important; Tags: security, upstream; Found in version smarty3/3.1.47-2; Fixed in version smarty3/3.1.48-1; Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>; Can be archived in 18 days; Filed 87 days ago; Modified 16 days ago;
#1033965 [i|Su|☺] [src:smarty4] smarty4: CVE-2023-28447: Cross site scripting vulnerability in Javascript escaping
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 5 Apr 2023 05:57:02 UTC; Severity: important; Tags: security, upstream; Found in version smarty4/4.3.0-1; Fixed in version smarty4/4.3.1-1; Done: Mike Gabriel <sunweaver@debian.org>; Can be archived in 12 days; Filed 87 days ago; Modified 16 days ago;
#1034152 [i|Su|☺↝] [src:configobj] configobj: CVE-2023-26112
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 10 Apr 2023 12:33:02 UTC; Severity: important; Tags: security, upstream; Found in version configobj/5.0.8-1; Fixed in version configobj/5.0.8-2; Forwarded to https://github.com/DiffSK/configobj/issues/232; Done: Stefano Rivera <stefanor@debian.org>; Can be archived in 10 days; Filed 82 days ago; Modified 28 days ago;
#1034179 [i|Su|☺↝] [src:qemu] qemu: CVE-2023-1544: VMWare pvrdma device allows guest driver to allocate huge number of page tables for a ring of descriptors for CQ and async events, potentially leading to an OOB read and crash
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:39:04 UTC; Severity: important; Tags: security, upstream; Fixed in version qemu/1:8.0.2+dfsg-1; Forwarded to https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html; Done: Michael Tokarev <mjt@tls.msk.ru>; Can be archived in 21 days; Filed 82 days ago; Modified 20 days ago;
#1034483 [i|Su|☺] [src:dmidecode] dmidecode: CVE-2023-30630
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 16 Apr 2023 14:09:04 UTC; Severity: important; Tags: security, upstream; Found in version dmidecode/3.4-1; Fixed in version dmidecode/3.5-1; Filed 76 days ago; Modified 17 days ago;
#1034613 [i|Su|☺] [src:redis] redis: CVE-2023-28856
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 19 Apr 2023 19:27:01 UTC; Severity: important; Tags: security, upstream; Found in versions redis/5:6.0.16-1, redis/5:7.0.10-1, redis/5:6.0.16-1+deb11u2; Fixed in version redis/5:7.0.11-1; Done: Chris Lamb <lamby@debian.org>; Filed 73 days ago; Modified 71 days ago;
#1034720 [i|Su|☺] [src:openssl] openssl: CVE-2023-1255 CVE-2023-0466 CVE-2023-0465 CVE-2023-0464
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sat, 22 Apr 2023 17:30:01 UTC; Severity: important; Tags: security, upstream; Found in versions openssl/3.0.8-1, openssl/1.1.1-1; Fixed in versions openssl/3.0.9-1, openssl/3.1.1-1, openssl/1.1.1n-0+deb11u5; Done: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>; Can be archived in 5 days; Filed 70 days ago; Modified 23 days ago;
#1034721 [i|Su|☺] [src:wireshark] wireshark: CVE-2023-1992 CVE-2023-1993 CVE-2023-1994
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sat, 22 Apr 2023 17:33:02 UTC; Severity: important; Tags: security, upstream; Found in version wireshark/4.0.3-1; Fixed in versions wireshark/4.0.5-1~exp1, wireshark/4.0.6-1, wireshark/4.0.6-1~deb12u1; Done: Balint Reczey <balint@balintreczey.hu>; Can be archived in 13 days; Filed 70 days ago; Modified 15 days ago;
#1034845 [i|Su| ] [src:lua5.1] lua5.1: CVE-2021-43519
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 19:00:01 UTC; Severity: important; Tags: security, upstream; Done: Guilhem Moulin <guilhem@debian.org>; Can be archived in 24 days; Filed 67 days ago;
#1034846 [i|Su| ] [src:lua5.2] lua5.2: CVE-2021-43519
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 19:00:04 UTC; Severity: important; Tags: security, upstream; Done: Guilhem Moulin <guilhem@debian.org>; Can be archived in 24 days; Filed 67 days ago;
#1034847 [i|Su| ] [src:lua5.3] lua5.3: CVE-2021-43519
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 19:00:06 UTC; Severity: important; Tags: security, upstream; Done: Guilhem Moulin <guilhem@debian.org>; Can be archived in 24 days; Filed 67 days ago;
#1035023 [i|Su|☺] [src:cloud-init] cloud-init: CVE-2023-1786
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 27 Apr 2023 19:33:02 UTC; Severity: important; Tags: security, upstream; Found in version cloud-init/22.4.2-1; Fixed in version cloud-init/23.2-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 11 days; Filed 65 days ago; Modified 17 days ago;
#1035671 [i|Su|☺] [src:hoteldruid] hoteldruid: CVE-2023-29839
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 7 May 2023 15:33:02 UTC; Severity: important; Tags: security, upstream; Found in version hoteldruid/3.0.4-1; Fixed in version hoteldruid/3.0.5-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 18 days; Filed 55 days ago; Modified 17 days ago;
#1035950 [i|PSu|☺] [src:dav1d] dav1d: CVE-2023-32570
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:36:01 UTC; Severity: important; Tags: pending, security, upstream; Fixed in version dav1d/1.2.0-1; Filed 51 days ago; Modified 28 days ago;
#1036296 [i|Su|☺] [src:wordpress] wordpress: CVE-2023-2745
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 18 May 2023 19:54:11 UTC; Severity: important; Tags: security, upstream; Found in versions wordpress/6.1.1+dfsg1-1, wordpress/6.2+dfsg1-1; Fixed in version wordpress/6.2.1+dfsg1-1; Done: Craig Small <csmall@debian.org>; Can be archived in 10 days; Filed 44 days ago; Modified 44 days ago;
#1036689 [i|Su|☺] [src:wordpress] wordpress: WordPress 6.2.2 Security Release: Block themes parsing shortcodes in user-generated data
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 24 May 2023 12:30:04 UTC; Severity: important; Tags: security, upstream; Found in version wordpress/6.2.1+dfsg1-1; Fixed in version wordpress/6.2.2+dfsg1-1; Done: Craig Small <csmall@debian.org>; Can be archived in 10 days; Filed 38 days ago; Modified 37 days ago;
#1036874 [i|Su|☺] [src:kanboard] kanboard: CVE-2023-32685
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 28 May 2023 13:33:02 UTC; Severity: important; Tags: security, upstream; Found in version kanboard/1.2.26+ds-2; Fixed in versions kanboard/1.2.26+ds-3, kanboard/1.2.26+ds-2+deb12u1; Done: Joseph Nahmias <jello@debian.org>; Can be archived in 25 days; Filed 34 days ago;
#1036875 [i|Su|☺] [src:python-tornado] python-tornado: CVE-2023-28370
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 28 May 2023 13:36:01 UTC; Severity: important; Tags: security, upstream; Found in version python-tornado/6.2.0-3; Fixed in version python-tornado/6.3.2-1; Done: Julien Puydt <jpuydt@debian.org>; Can be archived in 23 days; Filed 34 days ago;
#1037018 [i|Su|☺] [src:rust-buffered-reader] rust-buffered-reader: RUSTSEC-2023-0039: Out-of-bounds array access leads to panic
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 1 Jun 2023 18:54:02 UTC; Severity: important; Tags: security, upstream; Found in versions rust-buffered-reader/1.1.4-1, rust-buffered-reader/1.0.1-1; Fixed in version rust-buffered-reader/1.2.0-1; Done: Peter Michael Green <plugwash@debian.org>; Can be archived in 19 days; Filed 30 days ago; Modified 16 days ago;
#1037021 [i|USu|☺↝] [src:opensc] opensc: CVE-2023-2977
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 1 Jun 2023 19:54:02 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version opensc/0.23.0-0.2; Fixed in version opensc/0.23.0-0.3; Forwarded to https://github.com/OpenSC/OpenSC/issues/2785; Filed 30 days ago; Modified 20 days ago;
#1037092 [i|Su|☺] [src:erofs-utils] erofs-utils: CVE-2023-33551 CVE-2023-33552
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 4 Jun 2023 13:06:02 UTC; Severity: important; Tags: security, upstream; Found in version erofs-utils/1.6-1; Fixed in version erofs-utils/1.6-2; Done: Gao Xiang <xiang@kernel.org>; Can be archived in 12 days; Filed 27 days ago; Modified 22 days ago;
#1037151 [i|S|☺] [dbus] dbus: CVE-2023-34969: denial of service when a monitor is active and a message from the driver cannot be delivered
Reported by: Simon McVittie <smcv@debian.org>; Date: Tue, 6 Jun 2023 13:39:02 UTC; Severity: important; Tags: security; Found in versions dbus/1.12.20-0+deb10u1, dbus/1.12.24-0+deb11u1, dbus/1.15.4-1, dbus/1.14.6-1; Fixed in versions dbus/1.15.6-1, dbus/1.14.8-1, dbus/1.14.8-1~deb12u1, dbus/1.12.28-0+deb11u1; Done: Simon McVittie <smcv@debian.org>; Can be archived in 21 days; Filed 25 days ago;
#1037167 [i|Su|☺] [src:kanboard] kanboard: CVE-2023-33956 CVE-2023-33968 CVE-2023-33969 CVE-2023-33970
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 6 Jun 2023 19:12:02 UTC; Severity: important; Tags: security, upstream; Found in version kanboard/1.2.26+ds-2; Fixed in versions kanboard/1.2.26+ds-4, kanboard/1.2.26+ds-2+deb12u1; Done: Joseph Nahmias <jello@debian.org>; Can be archived in 25 days; Filed 25 days ago;
#1037209 [i|Su|☺] [src:qt6-base] qt6-base: CVE-2023-34410
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Jun 2023 19:03:02 UTC; Severity: important; Tags: security, upstream; Found in version qt6-base/6.4.2+dfsg-10; Fixed in version qt6-base/6.4.2+dfsg-11; Done: Patrick Franz <deltaone@debian.org>; Can be archived in 4 days; Filed 24 days ago; Modified 24 days ago;
#1037210 [i|Su|☺] [src:qtbase-opensource-src] qtbase-opensource-src: CVE-2023-34410
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Jun 2023 19:03:02 UTC; Severity: important; Tags: security, upstream; Found in version qtbase-opensource-src/5.15.8+dfsg-11; Fixed in version qtbase-opensource-src/5.15.8+dfsg-12; Done: Dmitry Shachnev <mitya57@debian.org>; Can be archived in 6 days; Filed 24 days ago; Modified 23 days ago;
#1037333 [i|Su|☺] [src:libeconf] libeconf: CVE-2023-32181 CVE-2023-22652
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 11 Jun 2023 15:15:02 UTC; Severity: important; Tags: security, upstream; Found in version libeconf/0.5.1+dfsg1-1; Fixed in version libeconf/0.5.2+dfsg1-1; Done: Andreas Henriksson <andreas@fatal.se>; Can be archived in 14 days; Filed 20 days ago; Modified 19 days ago;
#1037534 [i|USu|↝] [src:rust-xml-rs] rust-xml-rs: CVE-2023-34411
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 13 Jun 2023 20:57:04 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version rust-xml-rs/0.8.3-1; Forwarded to https://github.com/netvl/xml-rs/pull/226; Done: peter green <plugwash@p10link.net>; Can be archived in 19 days; Filed 18 days ago; Modified 9 days ago;
#1037919 [i|U+S|☺↝] [src:vte2.91] vte2.91: infinite loop parsing control sequence '\e]104;x\a'
Reported by: Simon McVittie <smcv@debian.org>; Date: Wed, 14 Jun 2023 10:39:04 UTC; Severity: important; Tags: fixed-upstream, patch, security; Found in versions vte2.91/0.70.5-1, vte2.91/0.70.3-1; Fixed in versions vte2.91/0.70.5-2, vte2.91/0.72.2-1, vte2.91/0.70.6-1, vte2.91/0.70.6-1~deb12u1; Forwarded to https://gitlab.gnome.org/GNOME/vte/-/issues/2631; Done: Simon McVittie <smcv@debian.org>; Can be archived in 21 days; Filed 17 days ago;
#1037948 [i|+Su|☺] [src:xmltooling] xmltooling: Parsing of KeyInfo elements can cause remote resource access
Reported by: Ferenc Wágner <wferi@debian.org>; Date: Wed, 14 Jun 2023 16:33:02 UTC; Severity: important; Tags: patch, security, upstream; Found in versions xmltooling/3.0.2-1, xmltooling/3.2.3-1; Fixed in versions xmltooling/3.2.4-1, xmltooling/3.2.3-1+deb12u1, xmltooling/3.2.0-3+deb11u1; Done: Ferenc Wágner <wferi@debian.org>; Can be archived in 21 days; Filed 17 days ago;
#1038248 [i|Su|☺] [src:trafficserver] trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 16 Jun 2023 18:45:01 UTC; Severity: important; Tags: security, upstream; Found in versions trafficserver/8.0.2+ds-1+deb10u6, trafficserver/9.2.0+ds-2, trafficserver/8.1.6+ds-1~deb11u1; Fixed in versions trafficserver/9.2.1+ds-1, trafficserver/8.1.7+ds-1~deb11u1; Done: Jean Baptiste Favre <debian@jbfavre.org>; Can be archived in 23 days; Filed 15 days ago;
#1038253 [i|Su|☺] [src:cpdb-libs] cpdb-libs: CVE-2023-34095
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 16 Jun 2023 19:03:04 UTC; Severity: important; Tags: security, upstream; Found in version cpdb-libs/1.2.0-2; Fixed in versions cpdb-libs/1.2.0-3, cpdb-libs/1.2.0-2+deb12u1; Done: Thorsten Alteholz <debian@alteholz.de>; Can be archived in 28 days; Filed 15 days ago;
#1038949 [i|Su|☺] [src:sabnzbdplus] sabnzbdplus: CVE-2023-34237
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 23 Jun 2023 15:12:02 UTC; Severity: important; Tags: security, upstream; Found in version sabnzbdplus/3.7.1+dfsg-2; Fixed in version sabnzbdplus/4.0.2+dfsg-1; Done: Jeroen Ploemen <jcfp@debian.org>; Can be archived in 27 days; Filed 8 days ago;
#1038979 [i|Su|☺] [src:guava-libraries] guava-libraries: CVE-2020-8908 CVE-2023-2976
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 23 Jun 2023 21:36:01 UTC; Owned by: tony mancill <tmancill@debian.org>; Severity: important; Tags: security, upstream; Found in version guava-libraries/31.1-1; Fixed in version guava-libraries/32.0.1-1; Done: tony mancill <tmancill@debian.org>; Can be archived in 21 days; Filed 8 days ago;

Resolved bugs -- Normal bugs (9 bugs)

#350889 [n|S|☺] [pure-ftpd-mysql] pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem
Reported by: Adam Borowski <kilobyte@utumno.angband.pl>; Date: Wed, 1 Feb 2006 11:18:06 UTC; Severity: normal; Tags: security; Found in version pure-ftpd-mysql/1.0.19-4; Fixed in version pure-ftpd/1.0.21-1; Filed 17 years and 154 days ago; Modified 15 years and 325 days ago;
#598018 [n|U+S|☺↝] [coreutils] install: temporary insecure file permissions
Reported by: "Bernhard R. Link" <brlink@debian.org>; Date: Sat, 25 Sep 2010 12:21:04 UTC; Severity: normal; Tags: fixed-upstream, patch, security; Found in versions coreutils/8.5-1, coreutils/6.10-6; Fixed in version coreutils/8.21-1; Forwarded to http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12947; Filed 12 years and 282 days ago; Modified 4 years and 169 days ago;
#728255 [n|US|☺] [nfs-common] rpc.gssd: Cannot determine realm for numeric host address
Reported by: Sergio Gelato <Sergio.Gelato@astro.su.se>; Date: Tue, 29 Oct 2013 23:21:01 UTC; Severity: normal; Tags: fixed-upstream, security; Found in version nfs-utils/1:1.2.6-4; Fixed in versions 1.3.4-2, nfs-utils/1:1.3.4-2; Filed 9 years and 247 days ago; Modified 6 years and 192 days ago;
#871503 [n|US|☺↝] [msitools] msiinfo: buffer overflow in create_stream()
Reported by: Jakub Wilk <jwilk@jwilk.net>; Date: Tue, 8 Aug 2017 15:42:01 UTC; Severity: normal; Tags: fixed-upstream, security; Found in version msitools/0.97-1; Fixed in version msitools/0.102+repack-1; Forwarded to https://gitlab.gnome.org/GNOME/msitools/-/issues/36; Done: Stephen Kitt <skitt@debian.org>; Can be archived in 25 days; Filed 5 years and 328 days ago; Modified 9 days ago;
#915635 [n|HS|☺] [nullmailer] nullmailer: smtp helper called with mail credentials in command line
Reported by: Martin Wache <wache@abstracture.de>; Date: Wed, 5 Dec 2018 13:12:02 UTC; Severity: normal; Tags: help, security; Found in version nullmailer/1:1.13-1.2; Fixed in version nullmailer/1:2.0-1; Filed 4 years and 209 days ago; Modified 4 years and 206 days ago;
#1028475 [n|S|☺] [glib2.0] Backport recent GVariant security fixes to Stable
Reported by: philip@tecnocode.co.uk; Date: Wed, 11 Jan 2023 16:39:02 UTC; Severity: normal; Tags: security; Found in version 2.66.8-1; Fixed in version 2.74.4-1; Filed 171 days ago; Modified 111 days ago;
#1034889 [n|Su|☺↝] [src:mariadb] mariadb: CVE-2022-47015
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 26 Apr 2023 17:39:09 UTC; Severity: normal; Tags: security, upstream; Found in version mariadb/1:10.11.2-1; Fixed in versions mariadb/1:10.11.3-1~exp1, mariadb/1:10.11.3-1; Forwarded to https://jira.mariadb.org/browse/MDEV-29644; Done: Otto Kekäläinen <otto@debian.org>; Can be archived in 2 days; Filed 66 days ago; Modified 34 days ago;
#1038975 [n|USu|☺↝] [src:sngrep] sngrep: CVE-2023-36192
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 23 Jun 2023 20:54:02 UTC; Severity: normal; Tags: fixed-upstream, security, upstream; Found in version sngrep/1.7.0-1; Fixed in version sngrep/1.7.0-2; Forwarded to https://github.com/irontec/sngrep/issues/438; Filed 8 days ago;
#1038976 [n|Su|☺↝] [src:gifsicle] gifsicle: CVE-2023-36193
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 23 Jun 2023 21:06:01 UTC; Severity: normal; Tags: security, upstream; Found in version gifsicle/1.93-2; Fixed in version gifsicle/1.94-1; Forwarded to https://github.com/kohler/gifsicle/issues/191; Done: Gürkan Myczko <tar@debian.org>; Can be archived in 21 days; Filed 8 days ago;

Resolved bugs -- Wishlist items (1 bug)

#979546 [w|S|☺] [docker.io] version in Buster does not support rootless mode
Reported by: Chris <debbugs@chris.oldnest.ca>; Date: Fri, 8 Jan 2021 03:48:02 UTC; Severity: wishlist; Tags: security; Found in version docker.io/18.09.1+dfsg1-7.1+deb10u2; Fixed in version docker.io/20.10.0~rc1+dfsg2-1; Filed 2 years and 174 days ago; Modified 2 years and 173 days ago;

From other Branch bugs -- Grave functionality bugs (42 bugs)

#874070 [G|Su|↝] [src:rtpproxy] rtpproxy: CVE-2017-14114
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 2 Sep 2017 17:21:02 UTC; Severity: grave; Tags: security, upstream; Found in version rtpproxy/1.2.1-1.1; Forwarded to https://github.com/sippy/rtpproxy/issues/70; Filed 5 years and 303 days ago; Modified 5 years and 193 days ago;
#875448 [G|U+Su|☺↝] [src:emacs24] emacs24: CVE-2017-14482: enriched text remote code execution
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 11 Sep 2017 13:27:01 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version emacs24/24.4+1-4; Fixed in versions emacs24/24.4+1-5+deb8u1, emacs24/24.5+1-11+deb9u1; Forwarded to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350; Filed 5 years and 294 days ago; Modified 4 years and 159 days ago;
#875449 [G|U+Su|↝] [src:emacs23] emacs23: CVE-2017-14482: enriched text remote code execution
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 11 Sep 2017 13:27:01 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version emacs23/23.4+1-4; Forwarded to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350; Filed 5 years and 294 days ago; Modified 4 years and 159 days ago;
#898453 [G|Su|↝] [src:vncterm] vncterm: CVE-2018-7226: integer overflow in vcSetXCutTextProc in VNConsole.c
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 11 May 2018 19:54:02 UTC; Severity: grave; Tags: security, upstream; Found in version vncterm/0.9.10-1; Forwarded to https://github.com/LibVNC/vncterm/issues/6; Filed 5 years and 52 days ago; Modified 4 years and 350 days ago;
#899128 [G|+S| ] [src:kdepim] Limit CVE-2017-17689 (EFAIL) for kmail
Reported by: Yves-Alexis Perez <corsac@debian.org>; Date: Mon, 14 May 2018 13:36:01 UTC; Severity: grave; Tags: patch, security; Filed 5 years and 49 days ago; Modified 4 years and 84 days ago;
#942737 [G|Su| ] [libapache2-mod-gnutls] libapache2-mod-gnutls: mod_gnutls consumes 100% cpu (CVE-2023-25824)
Reported by: Nicolas <nicolas@progweb.com>; Date: Sun, 20 Oct 2019 18:21:01 UTC; Severity: grave; Tags: security, upstream; Found in version mod-gnutls/0.9.0-1; Filed 3 years and 255 days ago; Modified 127 days ago;
#950372 [G|S| ] [src:radare2] Is radare2 suitable for stable Debian releases?
Reported by: Adrian Bunk <bunk@debian.org>; Date: Fri, 31 Jan 2020 21:03:01 UTC; Severity: grave; Tags: security; Found in versions radare2/3.2.1+dfsg-5, radare2/0.9.6-3.1+deb8u1; Filed 3 years and 152 days ago; Modified 3 years and 144 days ago;
#963777 [G|+Su| ] [src:condor] condor: CVE-2019-18823
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 26 Jun 2020 19:33:01 UTC; Severity: grave; Tags: patch, security, upstream; Found in versions condor/8.6.8~dfsg.1-2, condor/8.4.11~dfsg.1-1; Filed 3 years and 5 days ago; Modified 1 year and 40 days ago;
#964195 [G|U+Su|☺] [src:guacamole-server] CVE-2020-9497 CVE-2020-9498
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 3 Jul 2020 13:36:02 UTC; Severity: grave; Tags: fixed-upstream, patch, security, upstream; Found in version guacamole-server/0.9.9-2; Fixed in version guacamole-server/1.3.0-1; Filed 2 years and 363 days ago; Modified 2 years and 148 days ago;
#991344 [G|USu|=] [src:umatrix] umatrix: CVE-2021-36773: Denial of Service
Reported by: Marcus Frings <marcus.frings@oc.rwth-aachen.de>; Date: Wed, 21 Jul 2021 09:33:04 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Merged with 991770; Found in version umatrix/1.4.0+dfsg-1; Filed 1 year and 345 days ago; Modified 1 year and 300 days ago;
#994213 [G|Su| ] [src:node-matrix-js-sdk] node-matrix-js-sdk: CVE-2021-40823: E2EE vulnerability
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 13 Sep 2021 18:57:02 UTC; Severity: grave; Tags: security, upstream; Found in version node-matrix-js-sdk/9.11.0+~cs9.9.16-1; Filed 1 year and 291 days ago; Modified 1 year and 291 days ago;
#1001225 [G|Su|↝] [src:tmate-ssh-server] tmate-ssh-server: CVE-2021-44512 CVE-2021-44513
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 6 Dec 2021 16:12:01 UTC; Severity: grave; Tags: security, upstream; Found in version tmate-ssh-server/2.3.0-49-g97d20249-1; Forwarded to https://github.com/tmate-io/tmate-ssh-server/issues/95; Filed 1 year and 207 days ago; Modified 1 year and 163 days ago;
#1002540 [G|Su| ] [src:condor] condor: CVE-2021-45101
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 23 Dec 2021 21:03:02 UTC; Severity: grave; Tags: security, upstream; Found in version condor/8.6.8~dfsg.1-2; Filed 1 year and 190 days ago; Modified 1 year and 190 days ago;
#1003125 [G|S|☺↝] [src:e2guardian] e2guardian: CVE-2021-44273
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 4 Jan 2022 15:42:02 UTC; Severity: grave; Tags: bookworm, bullseye, buster, security, sid; Fixed in versions e2guardian/5.3.5-3, e2guardian/5.3.4-1+deb11u1; Forwarded to https://github.com/e2guardian/e2guardian/issues/707; Done: Mike Gabriel <sunweaver@debian.org>; Can be archived in 7 days; Filed 1 year and 178 days ago; Modified 1 year and 105 days ago;
#1008634 [G|+Su| ] [src:condor] condor: CVE-2022-26110 / HTCONDOR-2022-0003
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 29 Mar 2022 20:09:04 UTC; Severity: grave; Tags: patch, security, upstream; Found in version condor/8.6.8~dfsg.1-2; Filed 1 year and 94 days ago; Modified 1 year and 40 days ago;
#1009966 [G|Su| ] [src:libpam-tacplus] libpam-tacplus: CVE-2016-20014
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 21 Apr 2022 12:21:02 UTC; Severity: grave; Tags: security, upstream; Found in versions libpam-tacplus/1.3.8-2, libpam-tacplus/1.3.8-2.1, libpam-tacplus/1.3.8-2+deb10u1; Filed 1 year and 71 days ago; Modified 243 days ago;
#1013872 [G|Su| ] [src:salt] salt: CVE-2022-22967
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 26 Jun 2022 11:57:02 UTC; Severity: grave; Tags: security, upstream; Found in version salt/3004.1+dfsg-2; Filed 1 year and 5 days ago; Modified 117 days ago;
#1014124 [G|Su|↝] [src:nomacs] nomacs: CVE-2020-23884
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 30 Jun 2022 14:51:01 UTC; Severity: grave; Tags: security, upstream; Forwarded to https://github.com/nomacs/nomacs/issues/516; Filed 1 year and 1 day ago; Modified 25 days ago;
#1014166 [G|S| ] [src:bitcoin] bitcoin: CVE-2021-31876
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 1 Jul 2022 12:45:01 UTC; Severity: grave; Tags: security; Filed 1 year ago; Modified 162 days ago;
#1014478 [G|Su| ] [src:radare2] radare2: CVE-2022-1714 CVE-2022-1809 CVE-2022-1899 CVE-2022-0849 CVE-2022-1052 CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238 CVE-2022-1240 CVE-2022-1244 CVE-2022-0476 CVE-2022-0518 CVE-2022-0519 CVE-2022-0521 CVE-2022-0523 CVE-2022-0559 CVE-2022-0676 CVE-2022-0695 CVE-2022-0712 CVE-2022-0713 CVE-2022-0139 CVE-2022-0173 CVE-2022-0419 CVE-2022-1031 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296 CVE-2022-1297 CVE-2022-1382 CVE-2022-1444 CVE-2022-1437 CVE-2022-1451 CVE-2022-1452 CVE-2022-1649 CVE-2022-1383
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 6 Jul 2022 18:30:01 UTC; Severity: grave; Tags: security, upstream; Found in version radare2/5.5.0+dfsg-1; Filed 360 days ago; Modified 360 days ago;
#1014539 [G|Su| ] [src:squirrel3] squirrel3: CVE-2022-30292
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 15:57:01 UTC; Severity: grave; Tags: security, upstream; Found in versions squirrel3/3.1-8, squirrel3/3.1-7; Filed 359 days ago; Modified 184 days ago;
#1017982 [G|Su| ] [src:consul] consul: CVE-2022-29153
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 17 Jul 2022 20:03:02 UTC; Severity: grave; Tags: security, upstream; Filed 349 days ago; Modified 256 days ago;
#1018073 [G|USu|☺] [asterisk] asterisk: CVE-2021-46837 AST-2021-006 crash when receiving m=image 0 udptl t38 re-invite fixed in 16.16.2
Reported by: Benoit Panizzon <panizzon@woody.ch>; Date: Thu, 25 Aug 2022 08:51:01 UTC; Severity: grave; Tags: fixed-upstream, security, upstream; Found in versions asterisk/1:16.16.1~dfsg-1+deb11u1, asterisk/1:16.16.1~dfsg-1; Fixed in version asterisk/1:18.9.0~dfsg+~cs6.10.40431411-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 18 days; Filed 310 days ago; Modified 305 days ago;
#1018970 [G|Su| ] [src:node-matrix-js-sdk] node-matrix-js-sdk: CVE-2022-36059
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 2 Sep 2022 19:33:02 UTC; Severity: grave; Tags: security, upstream; Found in version node-matrix-js-sdk/9.11.0+~cs9.9.16-2; Filed 302 days ago; Modified 302 days ago;
#1019600 [G|Su| ] [src:swfmill] swfmill: CVE-2022-36139 CVE-2022-36144
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 12 Sep 2022 20:39:14 UTC; Severity: grave; Tags: security, upstream; Filed 292 days ago; Modified 291 days ago;
#1021136 [G|Su| ] [node-matrix-js-sdk] node-matrix-js-sdk: CVE-2022-39236 CVE-2022-39249 CVE-2022-39251
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Sun, 2 Oct 2022 18:09:02 UTC; Severity: grave; Tags: security, upstream; Filed 272 days ago; Modified 272 days ago;
#1021273 [G|Su| ] [src:nomad] nomad: CVE-2021-37218 CVE-2021-43415 CVE-2022-24683 CVE-2022-24684 CVE-2022-24685 CVE-2022-24686
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 4 Oct 2022 19:45:04 UTC; Severity: grave; Tags: security, upstream; Found in version nomad/0.3.1+dfsg-1; Filed 270 days ago; Modified 228 days ago;
#1021276 [G|PSu| ] [src:snort] snort: CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 4 Oct 2022 19:54:02 UTC; Severity: grave; Tags: pending, security, upstream; Filed 270 days ago; Modified 161 days ago;
#1031874 [G|U+PSu|↝] [src:upx-ucl] upx-ucl: CVE-2023-23457
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 24 Feb 2023 16:09:01 UTC; Severity: grave; Tags: fixed-upstream, patch, pending, security, upstream; Forwarded to https://github.com/upx/upx/issues/631; Filed 127 days ago; Modified 68 days ago;
#1032092 [G|Su| ] [src:asterisk] asterisk: CVE-2022-23537 CVE-2022-23547 CVE-2022-39269
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 19:51:01 UTC; Severity: grave; Tags: security, upstream; Filed 124 days ago; Modified 124 days ago;
#1033116 [G|Su|☺] [src:gpac] gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-46489 CVE-2022-46490 CVE-2022-47086 CVE-2022-47087 CVE-2022-47088 CVE-2022-47089 CVE-2022-47091 CVE-2022-47092 CVE-2022-47093 CVE-2022-47094 CVE-2022-47095 CVE-2022-47653 CVE-2022-47654 CVE-2022-47656 CVE-2022-47657 CVE-2022-47658 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0358 CVE-2023-0760 CVE-2023-0770 CVE-2023-0817 CVE-2023-0818 CVE-2023-0819
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 17 Mar 2023 14:30:02 UTC; Severity: grave; Tags: security, upstream; Fixed in version gpac/2.2.1+dfsg1-1; Done: Reinhard Tartler <siretart@tauware.de>; Filed 106 days ago; Modified 11 days ago;
#1033252 [G|Su|☺] [src:maradns] maradns: CVE-2022-30256
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:09:05 UTC; Severity: grave; Tags: security, upstream; Fixed in version maradns/2.0.13-1.4+deb11u1; Done: Aron Xu <aron@debian.org>; Filed 103 days ago;
#1033258 [G|U+PSu|↝] [src:upx-ucl] upx-ucl: CVE-2023-23456
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:27:01 UTC; Severity: grave; Tags: fixed-upstream, patch, pending, security, upstream; Forwarded to https://github.com/upx/upx/issues/632; Filed 103 days ago; Modified 53 days ago;
#1033621 [G|Su| ] [src:node-matrix-js-sdk] node-matrix-js-sdk: CVE-2023-28427
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 28 Mar 2023 19:51:01 UTC; Severity: grave; Tags: security, upstream; Found in version node-matrix-js-sdk/9.11.0+~cs9.9.16-2; Filed 95 days ago; Modified 95 days ago;
#1033753 [G|Su| ] [src:golang-github-crewjam-saml] golang-github-crewjam-saml: CVE-2023-28119
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 31 Mar 2023 18:48:02 UTC; Severity: grave; Tags: security, upstream; Found in version golang-github-crewjam-saml/0.4.12-2; Filed 92 days ago; Modified 89 days ago;
#1034806 [G|Su| ] [src:dogecoin] dogecoin: CVE-2021-37491 CVE-2023-30769
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 21:03:04 UTC; Severity: grave; Tags: security, upstream; Filed 68 days ago; Modified 67 days ago;
#1034841 [G|Su| ] [src:consul] consul: CVE-2021-41803
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 18:57:04 UTC; Severity: grave; Tags: security, upstream; Filed 67 days ago; Modified 67 days ago;
#1034848 [G|Su|↝] [src:slic3r] slic3r: CVE-2022-36788
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 19:00:09 UTC; Severity: grave; Tags: security, upstream; Found in versions slic3r/1.3.0+dfsg1-3, slic3r/1.3.0+dfsg1-5; Forwarded to https://github.com/slic3r/Slic3r/issues/5162; Filed 67 days ago;
#1036280 [G|Su|☺] [src:openjdk-11] openjdk-11: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 18 May 2023 13:21:06 UTC; Severity: grave; Tags: security, upstream; Found in version openjdk-11/11.0.18+10-1; Fixed in version openjdk-11/11.0.19+7-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 28 days; Filed 44 days ago; Modified 20 days ago;
#1036467 [G|Su| ] [src:virtuoso-opensource] virtuoso-opensource: CVE-2023-31607 CVE-2023-31608 CVE-2023-31609 CVE-2023-31610 CVE-2023-31611 CVE-2023-31612 CVE-2023-31613 CVE-2023-31614 CVE-2023-31615 CVE-2023-31616 CVE-2023-31617 CVE-2023-31618 CVE-2023-31619 CVE-2023-31620 CVE-2023-31621 CVE-2023-31622 CVE-2023-31623 CVE-2023-31624 CVE-2023-31625 CVE-2023-31626 CVE-2023-31627 CVE-2023-31628 CVE-2023-31629 CVE-2023-31630 CVE-2023-31631
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sun, 21 May 2023 18:45:02 UTC; Severity: grave; Tags: security, upstream; Found in version virtuoso-opensource/7.2.5.1+dfsg1-0.3; Filed 41 days ago; Modified 41 days ago;
#1036647 [G|Su| ] [src:bitcoin] bitcoin: CVE-2023-33297
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Tue, 23 May 2023 19:27:02 UTC; Severity: grave; Tags: security, upstream; Found in version bitcoin/22.0-1; Filed 39 days ago; Modified 39 days ago;
#1036697 [G|Su| ] [src:asterisk] asterisk: CVE-2023-27585
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 12:54:06 UTC; Severity: grave; Tags: security, upstream; Filed 38 days ago; Modified 38 days ago;

From other Branch bugs -- Serious (policy violations or makes package unfit for release) (28 bugs)

#711172 [S|S|☺] [phpbb3] phpbb3: creates world writable /var/cache/phpbb3/cache/phpbb3/data_hooks.php
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 5 Jun 2013 08:21:02 UTC; Severity: serious; Tags: security; Found in versions phpbb3/3.0.7-PL1-4+squeeze1, phpbb3/3.0.11-3; Fixed in version phpbb3/3.0.11-4; Done: David Prévot <taffit@debian.org>; Can be archived in 22 days; Filed 10 years and 28 days ago;
#930099 [S|Su|☺↝☣] [src:pyxdg] pyxdg: CVE-2019-12761
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 6 Jun 2019 21:21:02 UTC; Severity: serious; Tags: bullseye, buster, jessie, security, stretch, upstream; Found in versions pyxdg/0.25-5, pyxdg/0.25-4; Fixed in versions pyxdg/0.25-4+deb9u1, pyxdg/0.26-1, pyxdg/0.25-4+deb8u1; Forwarded to https://gitlab.freedesktop.org/xdg/pyxdg/issues/14; Done: Salvatore Bonaccorso <carnil@debian.org>; Can be archived in 7 days; Filed 4 years and 26 days ago; Modified 1 year and 331 days ago;
#976156 [S|S| ] [libapache-mod-auth-kerb] libapache-mod-auth-kerb probably shouldn't be released in its current form
Reported by: Sam Hartman <hartmans@debian.org>; Date: Mon, 30 Nov 2020 17:39:02 UTC; Severity: serious; Tags: bookworm, bullseye, security, sid, trixie; Found in version 5.4-2.4; Filed 2 years and 213 days ago; Modified 20 days ago;
#979671 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2021-1056
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Sat, 9 Jan 2021 22:54:01 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 2 years and 173 days ago; Modified 2 years and 163 days ago;
#984810 [S|Su|☺] [courier-authlib] courier-authlib: CVE-2021-28374: /run/courier/authdaemon directory with weak permissions
Reported by: PICCORO McKAY Lenz <mckaygerhard@gmail.com>; Date: Mon, 8 Mar 2021 15:54:04 UTC; Severity: serious; Tags: bullseye, buster, confirmed, security, stretch, upstream; Found in versions courier-authlib/0.71.1-1, courier-authlib/0.71.0-1, courier-authlib/0.69.0-2, courier-authlib/0.66.4-9; Fixed in version courier-authlib/0.71.1-2; Filed 2 years and 115 days ago; Modified 2 years and 108 days ago;
#987217 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2021-1076
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Mon, 19 Apr 2021 20:06:01 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 2 years and 73 days ago; Modified 2 years and 73 days ago;
#991352 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 21 Jul 2021 12:42:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 1 year and 345 days ago; Modified 1 year and 345 days ago;
#992263 [S|Su|↝] [firefox] Please allow symlink in system extension
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Fri, 13 Aug 2021 14:39:01 UTC; Severity: serious; Tags: security, upstream; Found in version 57.0.0; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1420286; Filed 1 year and 322 days ago; Modified 1 year and 319 days ago;
#1004848 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2022-21813, CVE-2022-21814
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 2 Feb 2022 10:51:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 1 year and 149 days ago; Modified 1 year and 149 days ago;
#1011141 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, CVE-2022-28185
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Tue, 17 May 2022 13:21:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 1 year and 45 days ago; Modified 1 year and 45 days ago;
#1011143 [S|Su☹| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Tue, 17 May 2022 13:21:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1; Filed 1 year and 45 days ago; Modified 1 year and 45 days ago;
#1016615 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Thu, 4 Aug 2022 01:51:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 331 days ago; Modified 331 days ago;
#1016617 [S|Su☹| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Thu, 4 Aug 2022 01:51:02 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1; Filed 331 days ago; Modified 331 days ago;
#1025280 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Thu, 1 Dec 2022 23:00:04 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 212 days ago; Modified 212 days ago;
#1025282 [S|Su☹| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Thu, 1 Dec 2022 23:00:04 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1; Filed 212 days ago; Modified 212 days ago;
#1028567 [S|S| ] [acetoneiso] acetoneiso: should not download and run random binaries off the internet
Reported by: Andres Salomon <dilinger@queued.net>; Date: Thu, 12 Jan 2023 22:15:02 UTC; Severity: serious; Tags: security; Found in version acetoneiso/2.4-3; Filed 170 days ago; Modified 170 days ago;
#1033775 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Sat, 1 Apr 2023 08:06:01 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6; Filed 91 days ago; Modified 91 days ago;
#1033776 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-390xx] nvidia-graphics-drivers-legacy-390xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Sat, 1 Apr 2023 08:06:01 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-390xx/390.48-4; Filed 91 days ago; Modified 91 days ago;
#1033777 [S|Su☹| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Sat, 1 Apr 2023 08:06:01 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1; Filed 91 days ago; Modified 91 days ago;
#1033864 [S|PSu| ] [src:golang-github-crewjam-saml] Don't release with bookworm
Reported by: Shengjing Zhu <zhsj@debian.org>; Date: Fri, 31 Mar 2023 18:48:02 UTC; Severity: serious; Tags: pending, security, upstream; Found in version golang-github-crewjam-saml/0.4.12-2; Filed 92 days ago; Modified 67 days ago;
#1036806 [S|Su| ] [src:matrix-synapse] matrix-synapse: not suitable for inclusion in bookworm
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 26 May 2023 17:33:04 UTC; Severity: serious; Tags: security, upstream; Found in version matrix-synapse/1.78.0-1; Filed 36 days ago; Modified 32 days ago;
#1039678 [S|Su| ] [src:nvidia-graphics-drivers] nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream; Found in versions nvidia-graphics-drivers/530.30.02-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/495.44-1, nvidia-graphics-drivers/525.53-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/520.56.06-1, nvidia-graphics-drivers/515.48.07-1, nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/340.24-1;
#1039679 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-340xx] nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-340xx/340.76-6;
#1039680 [S|Su☹| ] [src:nvidia-graphics-drivers-legacy-390xx] nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-legacy-390xx/390.48-4;
#1039681 [S|Su☹| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1;
#1039682 [S|Su|☺] [src:nvidia-graphics-drivers-tesla-450] nvidia-graphics-drivers-tesla-450: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream; Found in version nvidia-graphics-drivers-tesla-450/450.51.05-1; Fixed in version nvidia-graphics-drivers-tesla-450/450.248.02-1; Done: Andreas Beckmann <anbe@debian.org>; Can be archived in 25 days;
#1039683 [S|Su☹|☺] [src:nvidia-graphics-drivers-tesla-460] nvidia-graphics-drivers-tesla-460: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream, wontfix; Found in version nvidia-graphics-drivers-tesla-460/460.32.03-1; Fixed in version nvidia-graphics-drivers-tesla-460/460.106.00-3; Done: Andreas Beckmann <anbe@debian.org>; Can be archived in 25 days;
#1039685 [S|Su| ] [src:nvidia-graphics-drivers-tesla] nvidia-graphics-drivers-tesla: CVE-2023-25515, CVE-2023-25516
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 28 Jun 2023 07:15:09 UTC; Severity: serious; Tags: security, upstream; Found in versions nvidia-graphics-drivers-tesla/515.48.07-1, nvidia-graphics-drivers-tesla/525.60.13-1, nvidia-graphics-drivers-tesla/510.85.02-1;

From other Branch bugs -- Important bugs (96 bugs)

#232688 [i|Su☹|↝] [iceweasel] mozilla-firebird: parse mailcap properly
Reported by: Jim Paris <jim@jtan.com>; Date: Sat, 14 Feb 2004 19:48:02 UTC; Severity: important; Tags: security, upstream, wontfix; Found in versions iceweasel/2.0.0.3-1, iceweasel/2.0.0.8-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=83305; Filed 19 years and 142 days ago; Modified 7 years and 198 days ago;
#410671 [i|UPSu|=↝] [iceweasel] iceweasel: firefox leaks filehandles to external applications
Reported by: Marc Lehmann <debian-reportbug@plan9.de>; Date: Mon, 12 Feb 2007 15:48:17 UTC; Severity: important; Tags: fixed-upstream, pending, security, upstream; Merged with 487781, 496958, 517256; Found in versions iceweasel/2.0.0.1+dfsg-2, iceweasel/3.0.1-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=147659, merged-upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1406971; Filed 16 years and 143 days ago; Modified 5 years and 259 days ago;
#492465 [i|S| ] [python-dnspython] python-dnspython: appears to be vulnerable to cache poisoning attack CVE-2008-1447
Reported by: Thijs Kinkhorst <thijs@debian.org>; Date: Sat, 26 Jul 2008 11:03:02 UTC; Severity: important; Tags: security; Filed 14 years and 343 days ago; Modified 14 years and 227 days ago;
#533663 [i|US|↝] [squid] "slowloris" denial-of-service vulnerability
Reported by: Michael S Gilbert <michael.s.gilbert@gmail.com>; Date: Fri, 19 Jun 2009 17:12:02 UTC; Severity: important; Tags: fixed-upstream, security; Found in version squid/2.6.5-6etch4; Forwarded to http://bugs.squid-cache.org/show_bug.cgi?id=2694; Filed 14 years and 15 days ago; Modified 4 years and 342 days ago;
#556268 [i|S|↝] [iceweasel] iceweasel: CVE-2007-1084 bookmarklets cross-site information disclosure
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>; Date: Sun, 15 Nov 2009 06:21:02 UTC; Severity: important; Tags: security; Found in version iceweasel/3.0.6-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=528772, merged-upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=371179; Filed 13 years and 231 days ago; Modified 13 years and 201 days ago;
#566654 [i|Su| ] [dtc-common] dtc-core: saves administrator password in plain text
Reported by: ansgar@debian.org; Date: Sun, 24 Jan 2010 12:48:01 UTC; Severity: important; Tags: security, upstream; Found in versions dtc/0.34.1-1, dtc/0.29.17-1; Filed 13 years and 161 days ago; Modified 11 years and 205 days ago;
#604820 [i|MSu| ] [nvidia-legacy-340xx-driver] xserver-xorg: fragments of video memory displayed during login
Reported by: Bernhard Kuemel <bernhard@bksys.at>; Date: Wed, 24 Nov 2010 15:30:02 UTC; Severity: important; Tags: moreinfo, security, upstream; Found in version 295.20-1; Filed 12 years and 222 days ago; Modified 5 years and 297 days ago;
#618668 [i|Su|↝] [iceweasel] iceweasel: A double-click on a word can select invisible text, including newline characters
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Thu, 17 Mar 2011 13:21:01 UTC; Severity: important; Tags: security, upstream; Found in version iceweasel/3.5.17-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=637895; Filed 12 years and 109 days ago; Modified 5 years and 32 days ago;
#625829 [i|US|↝] [iceweasel] URL preview now chops middle instead of end
Reported by: jidanni@jidanni.org; Date: Fri, 6 May 2011 10:00:02 UTC; Severity: important; Tags: fixed-upstream, security; Found in versions iceweasel/4.0.1-2, 7.0~a2+20110715042002-1, 5.0~a2+20110509042008-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=673830, merged-upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=632634; Filed 12 years and 59 days ago; Modified 11 years and 78 days ago;
#627552 [i|S|↝] [iceweasel] iceweasel doesn't (re)validate certificates when loading HTTPS page from cache (CVE-2011-0082)
Reported by: Jakub Wilk <jwilk@debian.org>; Date: Sat, 21 May 2011 22:00:02 UTC; Severity: important; Tags: security; Found in version iceweasel/4.0.1-2; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=660749; Filed 12 years and 44 days ago; Modified 9 years and 142 days ago;
#682369 [i|S| ] [firefox-esr] firefox-esr disobeys "until I close Firefox" "cookies and site data" setting
Reported by: Ian Zimmerman <itz@buug.org>; Date: Sun, 22 Jul 2012 06:09:13 UTC; Severity: important; Tags: security; Found in versions firefox-esr/60.5.1esr-1~deb9u1, firefox-esr/60.6.1esr-1~deb9u1, firefox-esr/45.5.1esr-1; Filed 10 years and 346 days ago; Modified 4 years and 57 days ago;
#684072 [i|S|↝] [src:kfreebsd-10] CVE-2011-2393
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 6 Aug 2012 18:06:01 UTC; Severity: important; Tags: security; Forwarded to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=158726; Filed 10 years and 331 days ago; Modified 5 years and 19 days ago;
#722361 [i|US| ] [rubygems] rubygems: CVE-2013-4287: Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
Reported by: Henri Salo <henri@nerv.fi>; Date: Tue, 10 Sep 2013 15:51:02 UTC; Severity: important; Tags: fixed-upstream, security; Found in versions libgems-ruby/1.3.7-3, rubygems/1.8.24-1; Filed 9 years and 296 days ago; Modified 2 years and 256 days ago;
#731996 [i|Su|↝] [libembperl-perl] libembperl-perl: Embperl discloses full filesystem path in 404 pages
Reported by: Eldar Marcussen <wireghoul@gmail.com>; Date: Thu, 12 Dec 2013 06:54:01 UTC; Severity: important; Tags: security, upstream; Found in version libembperl-perl/2.5.0~rc3-1~bpo70+1; Forwarded to http://mail-archives.apache.org/mod_mbox/perl-embperl/201401.mbox/%3Czarafa.52cd5a3d.0a1c.643065013630d522%40srvgr1.ubrichter.de%3E; Filed 9 years and 203 days ago; Modified 2 years and 314 days ago;
#733444 [i|Su|↝] [wicd-daemon] wicd-daemon: wrong permissions (-rw-rw-rw-) for some log files
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Sat, 28 Dec 2013 22:03:01 UTC; Severity: important; Tags: confirmed, security, upstream; Found in versions wicd/1.7.4+tb2-4, wicd/1.7.2.4-4.1; Forwarded to https://bugs.launchpad.net/wicd/+bug/1709584; Filed 9 years and 187 days ago; Modified 2 years and 311 days ago;
#739828 [i|Su| ] [enigmail] enigmail: mistaken identity of signature
Reported by: Steven Chamberlain <steven@pyro.eu.org>; Date: Sat, 22 Feb 2014 23:18:01 UTC; Severity: important; Tags: security, upstream; Found in versions enigmail/2:1.5.1+id17-3~deb7u1, enigmail/2:1.7.2-1~deb7u1; Filed 9 years and 131 days ago; Modified 8 years and 200 days ago;
#741888 [i|S☹| ] [postfix] postfix: vulnerability, remotely exploitable, spews DSNs
Reported by: Robert Munyer <4539632595@munyer.com>; Date: Mon, 17 Mar 2014 00:09:02 UTC; Severity: important; Tags: security, wontfix; Found in versions postfix/3.1.9-0+deb9u2, postfix/2.9.6-2; Filed 9 years and 109 days ago; Modified 4 years and 131 days ago;
#766796 [i|S| ] [konqueror] konqueror: Konqueror is vulnerable to the Poodle attack
Reported by: Patrick Häcker <pat_h@web.de>; Date: Sat, 25 Oct 2014 21:54:02 UTC; Severity: important; Tags: security; Found in version kde-baseapps/4:4.14.1-1; Filed 8 years and 251 days ago; Modified 8 years and 250 days ago;
#778367 [i|MS|↝] [src:kfreebsd-10] kfreebsd-10: CVE-2014-7250 resource consumption issue
Reported by: Michael Gilbert <mgilbert@debian.org>; Date: Sat, 14 Feb 2015 04:12:02 UTC; Severity: important; Tags: moreinfo, security; Forwarded to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243; Filed 8 years and 139 days ago; Modified 8 years and 139 days ago;
#779129 [i|S| ] [squid-deb-proxy] squid-deb-proxy: needs to be restarted on upgrade of squid3
Reported by: Vagrant Cascadian <vagrant@debian.org>; Date: Tue, 24 Feb 2015 17:18:01 UTC; Severity: important; Tags: security; Found in version squid-deb-proxy/0.8.9; Filed 8 years and 129 days ago; Modified 8 years and 129 days ago;
#779872 [i|S| ] [iceweasel] Iceweasel incorrectly uses /tmp for temporary files
Reported by: Pierre Schweitzer <pierre@reactos.org>; Date: Thu, 5 Mar 2015 19:45:01 UTC; Severity: important; Tags: security; Found in version iceweasel/31.5.0esr-1~deb7u1; Filed 8 years and 120 days ago; Modified 8 years and 119 days ago;
#792420 [i|S|☺] [zsnes] zsnes: emulator escape vulnerability
Reported by: Paul Wise <pabs@debian.org>; Date: Tue, 14 Jul 2015 16:18:02 UTC; Severity: important; Tags: security; Fixed in version 1.510+bz2-10.2+rm; Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>; Can be archived in 25 days; Filed 7 years and 354 days ago;
#836551 [i|US|☺↝] [gitlab] gitlab: short gpg key used in script
Reported by: D Haley <mycae@gmx.com>; Date: Sat, 3 Sep 2016 22:00:02 UTC; Severity: important; Tags: fixed-upstream, security; Found in version gitlab/8.10.5+dfsg-2; Fixed in version 13.4.7-2+rm; Forwarded to https://gitlab.com/gitlab-org/gitlab-ce/issues/24402; Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>; Filed 6 years and 302 days ago; Modified 133 days ago;
#838339 [i|S| ] [firefox-esr] Firefox no longer prompts for cookie storage choices
Reported by: Florian Weimer <fw@deneb.enyo.de>; Date: Tue, 20 Sep 2016 06:18:02 UTC; Severity: important; Tags: security; Found in version firefox-esr/45.3.0esr-1~deb8u1; Filed 6 years and 285 days ago; Modified 6 years and 285 days ago;
#851058 [i|Su| ] [qt4-x11] CVE-2016-10040
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Wed, 11 Jan 2017 15:48:02 UTC; Severity: important; Tags: security, upstream; Found in version 4:4.8.2+dfsg-11; Filed 6 years and 172 days ago; Modified 6 years and 172 days ago;
#862078 [i|S|↝] [slic3r] slic3r: insecure use of tmp-files as intermediate to upload to octoprint
Reported by: Tobias Frost <tobi@debian.org>; Date: Mon, 8 May 2017 09:27:05 UTC; Severity: important; Tags: security; Found in version slic3r/1.2.9+dfsg-6; Forwarded to https://github.com/slic3r/Slic3r/issues/4431; Filed 6 years and 55 days ago; Modified 5 years and 36 days ago;
#864651 [i|+Su| ] [src:ruby-passenger] passenger: CVE-2015-7519: Header overwriting issue
Reported by: Loic Gomez <debian@kyoshiro.org>; Date: Mon, 12 Jun 2017 13:33:01 UTC; Severity: important; Tags: patch, security, upstream; Found in version ruby-passenger/4.0.53-1; Filed 6 years and 20 days ago; Modified 6 years and 20 days ago;
#864788 [i|S| ] [gnupg-agent] Unable to control cache expiry for smartcards
Reported by: martin f krafft <madduck@debian.org>; Date: Wed, 14 Jun 2017 20:15:04 UTC; Severity: important; Tags: security; Found in version gnupg2/2.1.18-8; Filed 6 years and 18 days ago; Modified 5 years and 136 days ago;
#873926 [i|S| ] [enigmail] enigmail: show short Key ID, where it should be long Key ID or fingerprint
Reported by: "W. Martin Borgert" <debacle@debian.org>; Date: Fri, 1 Sep 2017 09:51:01 UTC; Severity: important; Tags: security; Found in version 2:1.9.8.1-1~deb9u1; Filed 5 years and 304 days ago; Modified 5 years and 304 days ago;
#877685 [i|S| ] [dnsmasq] Critical unfixed security bugs in dnsmasq below 2.78
Reported by: debian@decotrain.de, debian@decotrain.de; Date: Wed, 4 Oct 2017 10:57:01 UTC; Severity: important; Tags: security; Found in version dnsmasq/2.76-5+deb9u1; Filed 5 years and 271 days ago; Modified 5 years and 271 days ago;
#877903 [i|S| ] [src:kfreebsd-10] CVE-2017-15037
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Fri, 6 Oct 2017 22:00:02 UTC; Severity: important; Tags: security; Filed 5 years and 269 days ago; Modified 5 years and 269 days ago;
#881138 [i|S| ] [ffmpeg2theora] ffmpeg2theora: use uninitialized stack value as a pointer while running ffmpeg2theora
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 06:03:01 UTC; Severity: important; Tags: security; Found in version ffmpeg2theora/0.30-1; Filed 5 years and 236 days ago; Modified 5 years and 236 days ago;
#881139 [i|S| ] [ffmpeg2theora] ffmpeg2theora: heap buffer overflow while running ffmpeg2theora
Reported by: Joonun Jang <joonun.jang@gmail.com>; Date: Wed, 8 Nov 2017 06:06:01 UTC; Severity: important; Tags: security; Found in version ffmpeg2theora/0.30-1; Filed 5 years and 236 days ago; Modified 5 years and 236 days ago;
#888257 [i|U+S|☺↝☣] [emacs25] use safe_run_hooks in non-interactive mode
Reported by: dirk@computer42.org (H.-Dirk Schmitt); Date: Mon, 1 Jan 2018 18:54:07 UTC; Severity: important; Tags: fixed-upstream, patch, security; Fixed in version 26.2; Forwarded to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29955; Filed 5 years and 182 days ago; Modified 3 years and 29 days ago;
#891063 [i|S☹|↝] [emacs25] When run as root, emacs reads/writes dconf files in a non-root user's /run/user/XXX directory
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Thu, 22 Feb 2018 03:15:02 UTC; Severity: important; Tags: security, wontfix; Found in version emacs25/25.2+1-6; Forwarded to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32413; Filed 5 years and 130 days ago; Modified 4 years and 146 days ago;
#902421 [i|S| ] [wicd-daemon] wicd-daemon: silently keeps and uses obsolete, possibly insecure config in /etc/wicd/wireless-settings.conf
Reported by: Vincent Lefevre <vincent@vinc17.net>; Date: Tue, 26 Jun 2018 12:57:02 UTC; Severity: important; Tags: security; Found in version wicd/1.7.4+tb2-6; Filed 5 years and 6 days ago; Modified 2 years and 311 days ago;
#908595 [i|Su☹|↝] [src:bind9] krb5-subdomain and ms-subdomain update policy rules ineffective
Reported by: Dominik George <natureshadow@debian.org>; Date: Tue, 11 Sep 2018 16:39:02 UTC; Severity: important; Tags: security, upstream, wontfix; Found in versions bind9/1:9.11.4.P2+dfsg-1, bind9/1:9.10.3.dfsg.P4-12.3+deb9u4, bind9/1:9.11.4+dfsg-4, bind9/1:9.11.4.P1+dfsg-1; Forwarded to security-officer@isc.org; Filed 4 years and 294 days ago; Modified 4 years and 114 days ago;
#913604 [i|Su|↝] [firefox-esr] [firefox-esr] Lack of login storage API on recent firefox
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Mon, 12 Nov 2018 21:39:02 UTC; Severity: important; Tags: security, upstream; Found in versions firefox-esr/60.3.0esr-1, firefox-esr/60.3.0esr-1~deb9u1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1344788; Filed 4 years and 232 days ago; Modified 3 years and 51 days ago;
#921550 [i|S| ] [src:nginx] nginx: Default nginx.conf leaves sites vulnerable to BREACH (and does not warn about it)
Reported by: Gabriel Corona <gabriel.corona@enst-bretagne.fr>; Date: Wed, 6 Feb 2019 18:18:35 UTC; Severity: important; Tags: security; Found in version nginx/1.10.3-1+deb9u2; Filed 4 years and 146 days ago; Modified 3 years and 111 days ago;
#933516 [i|S| ] [gnome-keyring] gnome-keyring: should expose whether it is using an unencrypted keyring
Reported by: Helmut Grohne <helmut@subdivi.de>; Date: Wed, 31 Jul 2019 06:27:01 UTC; Severity: important; Tags: security; Found in version gnome-keyring/3.28.2-5; Filed 3 years and 336 days ago; Modified 3 years and 336 days ago;
#944666 [i|S| ] [openjdk-11-jdk] jconsole does not validate the hostname against the CN/Altname of the certificate
Reported by: Laurent Bigonville <bigon@debian.org>; Date: Wed, 13 Nov 2019 14:57:02 UTC; Severity: important; Tags: security; Found in version openjdk-11/11.0.5+10-2; Filed 3 years and 231 days ago; Modified 3 years and 231 days ago;
#964748 [i|Su| ] [src:aufs] aufs: CVE-2020-11935
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 9 Jul 2020 21:09:02 UTC; Severity: important; Tags: security, upstream; Found in version aufs/5.2+20190909-1.1; Filed 2 years and 357 days ago; Modified 2 years and 357 days ago;
#968712 [i|S| ] [src:linux] IPv6 default accept_redirect not honoured
Reported by: Testinstall <testinstall@testinstall.com>; Date: Thu, 20 Aug 2020 14:15:02 UTC; Severity: important; Tags: ipv6, security; Found in version linux/4.19.132-1; Filed 2 years and 315 days ago; Modified 2 years and 312 days ago;
#969174 [i|S|=☺] [firefox] Firefox doesn't load system add-ons (right at startup)
Reported by: Christoph Anton Mitterer <calestyo@scientia.net>; Date: Fri, 28 Aug 2020 15:21:01 UTC; Severity: important; Tags: security; Merged with 969521; Found in versions firefox/84.0-1, firefox/82.0.2-1, firefox/82.0-1, firefox/84.0.2-1, firefox/80.0-1, firefox/83.0-1; Fixed in version 85.0.1-1; Done: Mike Hommey <mh@glandium.org>; Filed 2 years and 307 days ago; Modified 2 years and 94 days ago;
#970328 [i|USu|↝] [src:resteasy] CVE-2020-10688
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 14 Sep 2020 18:09:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/resteasy/Resteasy/pull/2320; Filed 2 years and 290 days ago; Modified 1 year and 204 days ago;
#970585 [i|S| ] [src:resteasy] CVE-2020-25633
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 19 Sep 2020 11:39:01 UTC; Severity: important; Tags: security; Filed 2 years and 285 days ago; Modified 2 years and 285 days ago;
#973439 [i|S| ] [lxc] lxc-net conflicts with iptables-persistent on boot
Reported by: Ludwig Gramberg <info@ludwig-gramberg.de>; Date: Fri, 30 Oct 2020 16:00:02 UTC; Severity: important; Tags: security, stretch; Found in version lxc/1:2.0.7-2+deb9u2; Filed 2 years and 244 days ago; Modified 2 years and 163 days ago;
#976448 [i|Su| ] [src:bitcoin] bitcoin: CVE-2020-14198
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 5 Dec 2020 10:48:02 UTC; Severity: important; Tags: security, upstream; Found in version bitcoin/0.20.1~dfsg-1; Filed 2 years and 208 days ago; Modified 2 years and 166 days ago;
#984666 [i|S| ] [src:tika] CVE-2020-9489
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Sat, 6 Mar 2021 20:00:01 UTC; Severity: important; Tags: security; Filed 2 years and 117 days ago; Modified 2 years and 117 days ago;
#986027 [i|US|=☺↝☣] [firefox] firefox: WebExtensions process sometimes consumes 100% CPU indefinitely on Firefox 87
Reported by: Yuya Nishihara <yuya@tcha.org>; Date: Sun, 28 Mar 2021 06:54:02 UTC; Severity: important; Tags: fixed-upstream, security; Merged with 986567, 987704; Found in versions firefox/90.0-2, firefox/87.0-1, firefox/87.0-2; Fixed in version firefox/95.0-1; Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=1706594; Filed 2 years and 95 days ago; Modified 1 year and 1 day ago;
#986805 [i|Su| ] [src:tika] CVE-2021-28657
Reported by: Moritz Muehlenhoff <jmm@debian.org>; Date: Mon, 12 Apr 2021 10:03:06 UTC; Severity: important; Tags: security, upstream; Filed 2 years and 80 days ago; Modified 2 years and 80 days ago;
#989561 [i|Su|=☺] [src:python-websockets] python-websockets: CVE-2021-33880
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 7 Jun 2021 15:36:01 UTC; Severity: important; Tags: bullseye, security, upstream; Merged with 1038829; Found in version python-websockets/8.1-1; Fixed in version python-websockets/9.1-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 2 years and 24 days ago; Modified 9 days ago;
#991596 [i|Su|☺] [bluez] bluez: CVE-2021-3658
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Jul 2021 09:15:09 UTC; Severity: important; Tags: bookworm, bullseye, security, sid, upstream; Found in versions bluez/5.60-1~exp0, bluez/5.55-3.1; Fixed in version bluez/5.61-1; Done: Salvatore Bonaccorso <carnil@debian.org>; Filed 1 year and 338 days ago; Modified 232 days ago;
#991719 [i|PSu| ] [src:consul] consul: CVE-2021-32574
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 30 Jul 2021 19:21:02 UTC; Severity: important; Tags: pending, security, upstream; Found in version consul/1.8.7+dfsg1-2; Filed 1 year and 336 days ago; Modified 257 days ago;
#992144 [i|S| ] [firefox] firefox: Better documentation of embdeded library README.Source
Reported by: "Bastien Roucariès" <roucaries.bastien@gmail.com>; Date: Fri, 13 Aug 2021 09:03:01 UTC; Severity: important; Tags: security; Filed 1 year and 322 days ago; Modified 1 year and 322 days ago;
#994746 [i|Su| ] [ccextractor] ccextractor embeds unpatched and vulnerable source code from gpac
Reported by: Neil Williams <codehelp@debian.org>; Date: Mon, 20 Sep 2021 12:36:01 UTC; Severity: important; Tags: security, upstream; Found in versions ccextractor/0.88+ds1-1, ccextractor/0.87+ds1-1; Filed 1 year and 284 days ago; Modified 1 year and 283 days ago;
#1004850 [i|Su| ] [src:nvidia-graphics-drivers-tesla-418] nvidia-graphics-drivers-tesla-418: CVE-2022-21813, CVE-2022-21814
Reported by: Andreas Beckmann <anbe@debian.org>; Date: Wed, 2 Feb 2022 10:51:02 UTC; Severity: important; Tags: security, upstream; Found in version nvidia-graphics-drivers-tesla-418/418.87.01-1; Filed 1 year and 149 days ago; Modified 1 year and 120 days ago;
#1006487 [i|Su| ] [src:consul] consul: CVE-2022-24687
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Sat, 26 Feb 2022 09:48:02 UTC; Severity: important; Tags: security, upstream; Found in versions consul/1.8.7+dfsg1-2, consul/1.8.7+dfsg1-3; Filed 1 year and 125 days ago; Modified 1 year and 125 days ago;
#1009328 [i|Su| ] [src:php-memcached] php-memcached: CVE-2022-26635
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 11 Apr 2022 19:21:10 UTC; Severity: important; Tags: security, upstream; Found in version php-memcached/3.1.5+2.2.0-14.1; Filed 1 year and 81 days ago; Modified 1 year and 81 days ago;
#1014490 [i|Su| ] [src:radare2] radare2: CVE-2021-44975 CVE-2021-44974 CVE-2021-4021
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 6 Jul 2022 20:57:02 UTC; Severity: important; Tags: security, upstream; Filed 360 days ago; Modified 359 days ago;
#1014540 [i|Su| ] [src:node-mermaid] node-mermaid: CVE-2022-31108
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 7 Jul 2022 16:00:01 UTC; Severity: important; Tags: security, upstream; Filed 359 days ago; Modified 358 days ago;
#1014854 [i|Su| ] [src:dogtag-pki] dogtag-pki: CVE-2020-1696
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 13 Jul 2022 09:27:01 UTC; Severity: important; Tags: security, upstream; Filed 353 days ago; Modified 353 days ago;
#1014855 [i|Su| ] [src:dogtag-pki] dogtag-pki: CVE-2019-10180
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 13 Jul 2022 09:27:04 UTC; Severity: important; Tags: security, upstream; Filed 353 days ago; Modified 353 days ago;
#1014856 [i|Su| ] [src:dogtag-pki] dogtag-pki: CVE-2019-10178
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 13 Jul 2022 09:33:01 UTC; Severity: important; Tags: security, upstream; Filed 353 days ago; Modified 353 days ago;
#1015002 [i|Su| ] [src:tika] tika: CVE-2022-25169 CVE-2022-30126 CVE-2022-33879
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 15 Jul 2022 22:39:01 UTC; Severity: important; Tags: security, upstream; Filed 351 days ago; Modified 335 days ago;
#1016212 [i|Su| ] [src:squirrel3] squirrel3: CVE-2021-41556
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 29 Jul 2022 14:39:01 UTC; Severity: important; Tags: security, upstream; Found in version squirrel3/3.1-8; Filed 337 days ago; Modified 335 days ago;
#1016497 [i|Su|☺] [src:node-fetch] node-fetch: CVE-2022-2596
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Mon, 1 Aug 2022 20:33:02 UTC; Severity: important; Tags: experimental, security, upstream; Found in version node-fetch/3.2.9+~cs18.4.14-1; Fixed in version node-fetch/3.2.10+~cs18.4.14-1; Filed 334 days ago; Modified 317 days ago;
#1016979 [i|Su| ] [src:radare2] radare2: CVE-2022-34502 CVE-2022-34520
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 10 Aug 2022 20:15:09 UTC; Severity: important; Tags: security, upstream; Filed 325 days ago; Modified 324 days ago;
#1019358 [i|USu|↝] [src:davs2] davs2: CVE-2022-36647
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Sep 2022 19:54:01 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Found in version davs2/1.6-1; Forwarded to https://github.com/pkuvcl/davs2/issues/29; Filed 297 days ago; Modified 292 days ago;
#1021670 [i|Su| ] [src:nomad] nomad: CVE-2022-41606
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 12 Oct 2022 17:45:02 UTC; Severity: important; Tags: security, upstream; Filed 262 days ago; Modified 262 days ago;
#1023130 [i|S| ] [src:matrix-synapse] matrix-synapse: embeds several Rust crates
Reported by: Jonas Smedegaard <dr@jones.dk>; Date: Sun, 30 Oct 2022 14:33:05 UTC; Severity: important; Tags: security; Found in version matrix-synapse/1.70.1-1; Filed 244 days ago; Modified 244 days ago;
#1026233 [i|Su| ] [src:bookkeeper] bookkeeper: CVE-2022-32531
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 16 Dec 2022 19:18:01 UTC; Severity: important; Tags: security, upstream; Found in version bookkeeper/4.4.0-1; Filed 197 days ago; Modified 197 days ago;
#1026444 [i|+Su|☺] [src:libapache2-mod-auth-openidc] libapache2-mod-auth-openidc: CVE-2022-23527
Reported by: Moritz Schlarb <schlarbm@uni-mainz.de>; Date: Tue, 20 Dec 2022 11:45:02 UTC; Severity: important; Tags: bullseye, buster, patch, security, upstream; Found in versions libapache2-mod-auth-openidc/2.4.9.4-0+deb11u1, libapache2-mod-auth-openidc/2.4.12.1-1, libapache2-mod-auth-openidc/2.3.10.2-1+deb10u1; Fixed in versions libapache2-mod-auth-openidc/2.4.9.4-0+deb11u2, libapache2-mod-auth-openidc/2.4.12.2-1; Done: Moritz Schlarb <schlarbm@uni-mainz.de>; Can be archived in 7 days; Filed 193 days ago; Modified 133 days ago;
#1027144 [i|Su| ] [src:radare2] radare2: CVE-2022-4398
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 16:36:02 UTC; Severity: important; Tags: security, upstream; Filed 185 days ago; Modified 185 days ago;
#1027161 [i|Su|=] [src:consul] consul: CVE-2022-40716
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 28 Dec 2022 18:54:02 UTC; Severity: important; Tags: security, upstream; Merged with 1027162; Filed 185 days ago; Modified 185 days ago;
#1029037 [i|Su| ] [src:radare2] radare2: CVE-2023-0302
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 16 Jan 2023 19:33:02 UTC; Severity: important; Tags: security, upstream; Filed 166 days ago; Modified 166 days ago;
#1031728 [i|Su|↝] [src:resteasy] resteasy: CVE-2023-0482
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 21 Feb 2023 15:09:09 UTC; Severity: important; Tags: security, upstream; Forwarded to https://github.com/resteasy/resteasy/pull/3409/; Filed 130 days ago; Modified 130 days ago;
#1032087 [i|S| ] [src:undertow] undertow: CVE-2022-4492
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 27 Feb 2023 19:45:02 UTC; Severity: important; Tags: security; Filed 124 days ago; Modified 124 days ago;
#1032313 [i|Su| ] [src:node-mermaid] node-mermaid: CVE-2022-48345
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Fri, 3 Mar 2023 15:54:01 UTC; Severity: important; Tags: security, upstream; Found in version node-mermaid/8.14.0+~cs11.4.14-1; Filed 120 days ago; Modified 120 days ago;
#1032667 [i|USu|↝] [src:radare2] radare2: CVE-2023-27114
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 10 Mar 2023 17:03:09 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Forwarded to https://github.com/radareorg/radare2/issues/21363; Filed 113 days ago; Modified 20 days ago;
#1033253 [i|Su| ] [src:undertow] undertow: CVE-2023-1108
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 20 Mar 2023 19:09:07 UTC; Severity: important; Tags: security, upstream; Filed 103 days ago; Modified 103 days ago;
#1034180 [i|Su| ] [src:radare2] radare2: CVE-2023-1605
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:39:07 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034181 [i|Su| ] [src:nomad] nomad: CVE-2023-0821
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:42:01 UTC; Severity: important; Tags: security, upstream; Filed 82 days ago; Modified 82 days ago;
#1034187 [i|Su|☺] [src:gpac] gpac: CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-1655
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 10 Apr 2023 17:48:01 UTC; Severity: important; Tags: security, upstream; Fixed in version gpac/2.2.1+dfsg1-1; Done: Reinhard Tartler <siretart@tauware.de>; Filed 82 days ago; Modified 11 days ago;
#1034802 [i|Su| ] [src:dogtag-pki] dogtag-pki: CVE-2022-2393
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 20:57:02 UTC; Severity: important; Tags: security, upstream; Filed 68 days ago; Modified 67 days ago;
#1034804 [i|Su| ] [src:resteasy] resteasy: CVE-2020-1695
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Mon, 24 Apr 2023 20:57:07 UTC; Severity: important; Tags: security, upstream; Filed 68 days ago; Modified 67 days ago;
#1034843 [i|USu|☺↝] [src:vtk6] vtk6: CVE-2021-42521
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 18:57:09 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Fixed in version 6.3.0+dfsg2-8.1+rm; Forwarded to https://gitlab.kitware.com/vtk/vtk/-/issues/17818; Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>; Can be archived in 19 days; Filed 67 days ago; Modified 9 days ago;
#1034844 [i|USu|☺↝] [src:vtk7] vtk7: CVE-2021-42521
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Tue, 25 Apr 2023 18:57:12 UTC; Severity: important; Tags: fixed-upstream, security, upstream; Fixed in version 7.1.1+dfsg3-1+rm; Forwarded to https://gitlab.kitware.com/vtk/vtk/-/issues/17818; Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>; Can be archived in 19 days; Filed 67 days ago; Modified 9 days ago;
#1035026 [i|Su| ] [src:singularity-container] singularity-container: CVE-2023-30549
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Thu, 27 Apr 2023 20:09:01 UTC; Severity: important; Tags: security, upstream; Found in version singularity-container/3.11.0+ds1-1; Filed 65 days ago; Modified 65 days ago;
#1035936 [i|Su|☺] [src:maradns] maradns: CVE-2023-31137
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 12:15:02 UTC; Severity: important; Tags: security, upstream; Fixed in version maradns/2.0.13-1.4+deb11u1; Done: Aron Xu <aron@debian.org>; Filed 51 days ago;
#1035953 [i|Su|☺] [src:odoo] odoo: CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186 CVE-2021-23203 CVE-2021-26263 CVE-2021-26947 CVE-2021-44476 CVE-2021-44775 CVE-2021-45071 CVE-2021-45111
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Thu, 11 May 2023 15:45:08 UTC; Severity: important; Tags: security, upstream; Found in version odoo/14.0.0+dfsg.4-1; Fixed in version odoo/16.0.0+dfsg.1-1; Done: Sebastien Delafond <seb@debian.org>; Can be archived in 27 days; Filed 51 days ago; Modified 13 days ago;
#1036696 [i|Su| ] [src:bitcoin] bitcoin: CVE-2018-20587
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 12:54:02 UTC; Severity: important; Tags: security, upstream; Filed 38 days ago; Modified 38 days ago;
#1036701 [i|Su| ] [src:gpac] gpac: CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Wed, 24 May 2023 13:45:02 UTC; Severity: important; Tags: security, upstream; Filed 38 days ago; Modified 11 days ago;
#1037158 [i|Su|☺] [mozjs102] mozjs102: CVE-2023-34416, update to mozjs 102.12
Reported by: Jeremy Bícha <jeremy.bicha@canonical.com>; Date: Tue, 6 Jun 2023 15:57:04 UTC; Severity: important; Tags: bookworm, security, upstream; Found in version 102.11.0-1; Fixed in version mozjs102/102.12.0-1; Done: Jeremy Bícha <jbicha@ubuntu.com>; Filed 25 days ago; Modified 25 days ago;
#1037207 [i|Su| ] [src:matrix-synapse] matrix-synapse: CVE-2023-32682 CVE-2023-32683
Reported by: Salvatore Bonaccorso <carnil@debian.org>; Date: Wed, 7 Jun 2023 18:39:01 UTC; Severity: important; Tags: security, upstream; Found in version matrix-synapse/1.78.0-1; Filed 24 days ago; Modified 24 days ago;
#1038948 [i|Su| ] [src:flask-appbuilder] flask-appbuilder: CVE-2023-34110
Reported by: Moritz Mühlenhoff <jmm@inutil.org>; Date: Fri, 23 Jun 2023 15:06:04 UTC; Severity: important; Tags: security, upstream; Found in version flask-appbuilder/4.1.4+ds-3; Filed 8 days ago; Modified 8 days ago;

Select bugs		The same search fields are ORed, different fields are ANDed. Valid severities are critical, grave, serious, important, normal, minor, wishlist, fixed Valid tags are patch, wontfix, moreinfo, unreproducible, help, security, upstream, pending, confirmed, ipv6, lfs, d-i, l10n, newcomer, a11y, ftbfs, fixed-upstream, fixed, fixed-in-experimental, sid, experimental, potato, woody, sarge, sarge-ignore, etch, etch-ignore, lenny, lenny-ignore, squeeze, squeeze-ignore, wheezy, wheezy-ignore, jessie, jessie-ignore, stretch, stretch-ignore, buster, buster-ignore, bullseye, bullseye-ignore, bookworm, bookworm-ignore, trixie, trixie-ignore, forky, forky-ignore
Include Bugs
Exclude Bugs
Categorize/Order using
Misc options	Repeat Merged Reverse Bugs Reverse Pending Reverse Severity No Bugs which affect packages Toggle all extra information
Submit

Debian Bug report logs: Bugs tagged security at version

Outstanding bugs -- Grave functionality bugs; Unclassified (4 bugs)

Outstanding bugs -- Serious (policy violations or makes package unfit for release); Unclassified (6 bugs)

Outstanding bugs -- Important bugs; Patch Available (6 bugs)

Outstanding bugs -- Important bugs; Confirmed (3 bugs)

Outstanding bugs -- Important bugs; Unclassified (254 bugs)