-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove failing workflow triggers #869
Conversation
Both triggers fail since a while and therefore deactivate them.
The input got renamed from file to files.
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. OpenSSF Scorecard
Scanned Files |
🔍 Vulnerabilities of
|
digest | sha256:b08fa075485ed2a80052deddbb99153e3466730ee43ef5881a3ede29191d15e0 |
vulnerabilities | |
size | 81 MB |
packages | 214 |
📦 Base Image debian:testing-20250113-slim
also known as |
|
digest | sha256:ba4db7666a71884a240c1a760e7702fae1eda1ce7ab7c801f1a7cb2769f1e0eb |
vulnerabilities |
libxml2
|
Affected range | >=2.12.7+dfsg+really2.9.14-0.2 |
Fixed version | Not Fixed |
EPSS Score | 0.05% |
EPSS Percentile | 24th percentile |
Description
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
[experimental] - libxml2 2.12.5+dfsg-0exp1
- libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234)
[bookworm] - libxml2 (Minor issue)
[bullseye] - libxml2 (Minor issue)
[buster] - libxml2 (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 (v2.11.7)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970884fcc13305cb8e23cdc5f0dd7667c2c (v2.12.5)
Affected range | >=2.12.7+dfsg+really2.9.14-0.2 |
Fixed version | Not Fixed |
EPSS Score | 0.08% |
EPSS Percentile | 36th percentile |
Description
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629)
[bookworm] - libxml2 (Minor issue)
[bullseye] - libxml2 (Minor issue)
[buster] - libxml2 (Minor issue, very hard/unlikely to trigger)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
NOTE: Originally fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0)
NOTE: Introduced regression (and thus commit reverted temporarily upstream):
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/634
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/30d7660ba87c8487b26582ccc050f4d2880ccb3c (v2.12.2)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5 (v2.13.0)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5
Affected range | >=2.12.7+dfsg+really2.9.14-0.2 |
Fixed version | Not Fixed |
EPSS Score | 0.06% |
EPSS Percentile | 30th percentile |
Description
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230)
[bookworm] - libxml2 (Minor issue)
[bullseye] - libxml2 (Minor issue)
[buster] - libxml2 (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 (v2.12.0)
NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129 (v2.12.0)
Affected range | >=2.12.7+dfsg+really2.9.14-0.2 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 12th percentile |
Description
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
- libxml2 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7)
NOTE: Crash in CLI tool, no security impact
libgcrypt20 1.11.0-7
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=1.11.0-7 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 18th percentile |
Description
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
- libgcrypt20 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683)
[bookworm] - libgcrypt20 (Minor issue, revisit when fixed upstream)
[bullseye] - libgcrypt20 (Minor issue)
[buster] - libgcrypt20 (Minor issue; side-channel timing attack)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
NOTE: https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://dev.gnupg.org/T7136
NOTE: https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17
Affected range | >=1.11.0-7 |
Fixed version | Not Fixed |
EPSS Score | 0.33% |
EPSS Percentile | 71st percentile |
Description
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
- libgcrypt20 (unimportant)
- libgcrypt11 (unimportant)
- gnupg1 (unimportant)
- gnupg (unimportant)
https://github.com/weikengchen/attack-on-libgcrypt-elgamal
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
GnuPG uses ElGamal in hybrid mode only.
This is not a vulnerability in libgcrypt, but in an application using
it in an insecure manner, see also
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
pam 1.5.3-7
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=1.5.3-7 |
Fixed version | Not Fixed |
EPSS Score | 0.05% |
EPSS Percentile | 24th percentile |
Description
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
- pam (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038)
[bookworm] - pam (Minor issue)
[bullseye] - pam (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2319212
NOTE: CVE-2024-10041 pam: libpam: Libpam vulnerable to read hashed password linux-pam/linux-pam#846
NOTE: pam_unix/passverify: always run the helper to obtain shadow password file entries linux-pam/linux-pam#686
NOTE: linux-pam/linux-pam@b3020da (v1.6.0)
Affected range | >=1.5.3-7 |
Fixed version | Not Fixed |
EPSS Score | 0.09% |
EPSS Percentile | 40th percentile |
Description
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
- pam (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087019)
[bookworm] - pam (The vulnerable code was introduced in 1.5.3)
[bullseye] - pam (The vulnerable code was introduced in 1.5.3)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
NOTE: pam_access.so considers tty* names as hostnames linux-pam/linux-pam#834
NOTE: Introduced in linux-pam/linux-pam@23393be (v1.5.3)
glibc 2.40-5
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.10% |
EPSS Percentile | 42nd percentile |
Description
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
- glibc (unimportant)
- eglibc (unimportant)
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.35% |
EPSS Percentile | 72nd percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
- glibc (unimportant)
Not treated as a security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 2.33% |
EPSS Percentile | 89th percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
- glibc (unimportant)
Not treated as a security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.84% |
EPSS Percentile | 82nd percentile |
Description
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
- glibc (unimportant)
Not treated as a security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.59% |
EPSS Percentile | 78th percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
- glibc (unimportant)
Not treated as a security issue by upstream
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.30% |
EPSS Percentile | 69th percentile |
Description
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.
- glibc (unimportant)
- eglibc (unimportant)
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
No treated as vulnerability: https://sourceware.org/glibc/wiki/Security%20Exceptions
Affected range | >=2.40-5 |
Fixed version | Not Fixed |
EPSS Score | 0.88% |
EPSS Percentile | 82nd percentile |
Description
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
- glibc (unimportant)
- eglibc (unimportant)
That's standard POSIX behaviour implemented by (e)glibc. Applications using
glob need to impose limits for themselves
krb5 1.21.3-3
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=1.21.3-3 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 11th percentile |
Description
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
- krb5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064965)
[bookworm] - krb5 (Minor issue)
[bullseye] - krb5 (Vulnerable code introduced later)
[buster] - krb5 (Vulnerable code introduced later)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
NOTE: Introduced by: krb5/krb5@c85894c (krb5-1.20-beta1)
NOTE: Fixed by: krb5/krb5@7d0d85b
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
Affected range | >=1.21.3-3 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 11th percentile |
Description
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
- krb5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064965; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
NOTE: Fixed by: krb5/krb5@c5f9c81
NOTE: Codepath cannot be triggered via API calls, negligible security impact
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
Affected range | >=1.21.3-3 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 11th percentile |
Description
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
- krb5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064965; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
NOTE: Fixed by: krb5/krb5@c5f9c81
NOTE: Unused codepath, negligible security impact
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
Affected range | >=1.21.3-3 |
Fixed version | Not Fixed |
EPSS Score | 0.09% |
EPSS Percentile | 39th percentile |
Description
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
- krb5 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889684)
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
non-issue, codepath is only run on trusted input, potential integer
overflow is non-issue
coreutils 9.5-1+b1
(deb)
pkg:deb/debian/[email protected]%2Bb1?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=9.5-1 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 5th percentile |
Description
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
- coreutils (unimportant)
http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
https://www.openwall.com/lists/oss-security/2018/01/04/3
Documentation patches proposed:
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
Neutralised by kernel hardening
Affected range | >=9.5-1 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 5th percentile |
Description
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
- coreutils (low; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320)
[bookworm] - coreutils (Minor issue)
[bullseye] - coreutils (Minor issue)
[buster] - coreutils (Minor issue)
[stretch] - coreutils (Minor issue)
[jessie] - coreutils (Minor issue)
[wheezy] - coreutils (Minor issue)
Restricting ioctl on the kernel side seems the better approach, but rejected by Linux upstream
Fixing this issue via setsid() would introduce regressions:
https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
shadow 1:4.16.0-7
(deb)
pkg:deb/debian/shadow@1:4.16.0-7?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=1:4.16.0-7 |
Fixed version | Not Fixed |
EPSS Score | 0.04% |
EPSS Percentile | 18th percentile |
Description
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
Affected range | >=1:4.16.0-7 |
Fixed version | Not Fixed |
EPSS Score | 0.17% |
EPSS Percentile | 55th percentile |
Description
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
- shadow (unimportant)
See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
unknown usernames are not recorded on login failures
sqlite3 3.46.1-1
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=3.43.1-1 |
Fixed version | Not Fixed |
Description
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.
Affected range | >=3.46.1-1 |
Fixed version | Not Fixed |
EPSS Score | 0.28% |
EPSS Percentile | 68th percentile |
Description
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
- sqlite3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005974)
- sqlite (unimportant)
NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
NOTE: https://sqlite.org/forum/forumpost/056d557c2f8c452ed5bb9c215414c802b215ce437be82be047726e521342161e
NOTE: Negligible security impact
openssl 3.4.0-2
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=3.2.2-1 |
Fixed version | Not Fixed |
EPSS Score | 0.07% |
EPSS Percentile | 31st percentile |
Description
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
openssl/openssl#24540
Fault injection based attacks are not within OpenSSLs threat model according
to the security policy: https://www.openssl.org/policies/general/security-policy.html
perl 5.40.0-8
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=5.40.0-8 |
Fixed version | Not Fixed |
EPSS Score | 0.16% |
EPSS Percentile | 53rd percentile |
Description
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
gnupg2 2.2.46-1
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=2.2.46-1 |
Fixed version | Not Fixed |
EPSS Score | 0.05% |
EPSS Percentile | 19th percentile |
Description
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
- gnupg2 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127010
NOTE: https://dev.gnupg.org/D556
NOTE: https://dev.gnupg.org/T5993
NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/8
NOTE: GnuPG upstream is not implementing this change.
tar 1.35+dfsg-3.1
(deb)
pkg:deb/debian/[email protected]%2Bdfsg-3.1?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=1.35+dfsg-3.1 |
Fixed version | Not Fixed |
EPSS Score | 0.69% |
EPSS Percentile | 80th percentile |
Description
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
This is intended behaviour, after all tar is an archiving tool and you
need to give -p as a command line flag
- tar (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328228; unimportant)
gnutls28 3.8.8-2
(deb)
pkg:deb/debian/[email protected]?os_distro=trixie&os_name=debian&os_version=unstable
Affected range | >=3.8.8-2 |
Fixed version | Not Fixed |
EPSS Score | 1.43% |
EPSS Percentile | 86th percentile |
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
- sun-java6 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645881)
[lenny] - sun-java6 (Non-free not supported)
[squeeze] - sun-java6 (Non-free not supported)- openjdk-6 6b23~pre11-1
- openjdk-7 7~b147-2.0-1
- iceweasel (Vulnerable code not present)
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/- chromium-browser 15.0.874.106~r107270-1
[squeeze] - chromium-browser- lighttpd 1.4.30-1
strictly speaking this is no lighttpd issue, but lighttpd adds a workaround- curl 7.24.0-1
http://curl.haxx.se/docs/adv_20120124B.html- python2.6 2.6.8-0.1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684511)
[squeeze] - python2.6 (Minor issue)- python2.7 2.7.3~rc1-1
- python3.1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678998)
[squeeze] - python3.1 (Minor issue)- python3.2 3.2.3~rc1-1
http://bugs.python.org/issue13885
python3.1 is fixed starting 3.1.5- cyassl
- gnutls26 (unimportant)
- gnutls28 (unimportant)
No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0- haskell-tls (unimportant)
No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2- matrixssl (low)
[squeeze] - matrixssl (Minor issue)
[wheezy] - matrixssl (Minor issue)
matrixssl fix this upstream in 3.2.2- bouncycastle 1.49+dfsg-1
[squeeze] - bouncycastle (Minor issue)
[wheezy] - bouncycastle (Minor issue)
No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9- nss 3.13.1.with.ckbi.1.88-1
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab- polarssl (unimportant)
No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases- tlslite
[wheezy] - tlslite (Minor issue)- pound 2.6-2
Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.- erlang 1:15.b-dfsg-1
[squeeze] - erlang (Minor issue)- asterisk 1:13.7.2
dfsg-1dfsg-2+deb8u1
[jessie] - asterisk 1:11.13.1
[wheezy] - asterisk (Minor issue)
[squeeze] - asterisk (Not supported in Squeeze LTS)
http://downloads.digium.com/pub/security/AST-2016-001.html
https://issues.asterisk.org/jira/browse/ASTERISK-24972
patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
all versions vulnerable, backport required for wheezy
What
Don't trigger boreas and openvas-scanner repos when pushing to main branch.
Why
Both triggers are failing at the moment and the scanner team has agreed on removing the triggers for now.
References
https://jira.greenbone.net/browse/GEA-854