proj: Mock
subj: [vs-plain] Mock: Privilege escalation for users that can access mock configuration
trep: Mon Jan 08 20:42:02 2024
tcrd: January 16th 2024 at 1 PM UTC
cves: CVE-2023-6395
toss: Tue Jan 16 14:37:14 2024
soss: [oss-security] CVE-2023-6395 Mock: Privilege escalation for users that can access mock configuration
loss: https://www.openwall.com/lists/oss-security/2024/01/16/1

proj: Mock, Snap
subj: Re: [vs-plain] Mock: Privilege escalation for users that can access mock configuration
trep: Mon Jan 08 21:24:02 2024
tcrd: January 16
toss: Tue Jan 16 20:35:56 2024
soss: [oss-security] Mock, Snap, LXC expose(d) chroot, container trees with unsafe permissions and contents to host users, pose risk to host
loss: https://www.openwall.com/lists/oss-security/2024/01/16/3

proj: X.Org X server and Xwayland
subj: [vs-plain] Embargoed X.Org Security Advisory: Issues in X server and Xwayland
trep: Tue Jan 09 07:12:50 2024
tcrd: January 16, 2024 00:00 UTC
cves: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0409, CVE-2024-0408
toss: Thu Jan 18 09:21:40 2024
soss: [oss-security] Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4
loss: https://www.openwall.com/lists/oss-security/2024/01/18/1
tpub: Tue Jan 16 14:24:36 2024
lpub: https://lists.x.org/archives/xorg-announce/2024-January/003444.html

proj: Linux PAM pam_namespace
subj: [vs] encrypted subject
trep: Tue Jan 09 14:49:28 2024
tcrd: 2024-01-17
cves: CVE-2024-22365
toss: Thu Jan 18 09:48:33 2024
soss: [oss-security] pam: pam_namespace misses O_DIRECTORY flag in `protect_dir()` (CVE-2024-22365)
loss: https://www.openwall.com/lists/oss-security/2024/01/18/3
tpub: Wed Jan 17 15:17:00 2024
lpub: https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0

proj: glibc
subj: [vs] CVE-2023-6246, CVE-2023-6779, CVE-2023-6780
trep: Tue Jan 16 15:39:22 2024
tcrd: Tuesday, January 30, 2024, 18:00 UTC
cves: CVE-2023-6246, CVE-2023-6779, CVE-2023-6780
toss: Tue Jan 30 18:29:25 2024
soss: [oss-security] CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
loss: https://www.openwall.com/lists/oss-security/2024/01/30/6

proj: glibc
subj: [vs] Second advisory
trep: Tue Jan 16 16:02:18 2024
tcrd: Tuesday, January 30, 2024, 18:00 UTC
toss: Tue Jan 30 18:37:31 2024
soss: [oss-security] Out-of-bounds read & write in the glibc's qsort()
loss: https://www.openwall.com/lists/oss-security/2024/01/30/7

proj: coreutils
subj: [vs] ...
trep: Wed Jan 17 07:18:25 2024
cves: CVE-2024-0684
toss: Thu Jan 18 09:22:16 2024
soss: [oss-security] GNU coreutils v9.4; v9.3; v9.2 split heap buffer overflow vulnerability
loss: https://www.openwall.com/lists/oss-security/2024/01/18/2
tpub: Wed Jan 17 20:19:00 2024
lpub: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9

proj: curl
subj: [vs-plain] : curl pre-notification: CVE-2024-0853: OCSP verification bypass with TLS session reuse
trep: Wed Jan 24 09:26:59 2024
tcrd: January 31 2024 around 07:00 UTC
cves: CVE-2024-0853
toss: Wed Jan 31 07:10:04 2024
soss: [oss-security] [SECURITY ADVISORY] curl: CVE-2024-0853 : OCSP verification bypass with TLS session reuse
loss: https://www.openwall.com/lists/oss-security/2024/01/31/1
tpub: Tue Jan 23 07:26:00 2024
lpub: https://github.com/curl/curl/commit/c28e9478cb2548848ec

proj: grub2-set-bootflag
subj: [vs] grub-set-bootflag
trep: Wed Jan 24 22:07:37 2024
tcrd: January 31 \\ Feb 6th
cves: CVE-2024-1048
toss: Tue Feb 06 17:01:28 2024
soss: [oss-security] CVE-2024-1048: grub2-set-bootflag may be abused to fill up /boot, bypass RLIMIT_NPROC
loss: https://www.openwall.com/lists/oss-security/2024/02/06/3