Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:distros:stats:2023 [2023/10/16 18:31]
solar add June 2023
mailing-lists:distros:stats:2023 [2023/12/28 20:30] (current)
solar add December 2023
Line 1: Line 1:
 ====== Distros list statistics and data for 2023 ====== ====== Distros list statistics and data for 2023 ======
  
-==== Statistics by month ====+===== Statistics by month =====
  
 Statistics are grouped by month of the issue being reported to the private list. Statistics are grouped by month of the issue being reported to the private list.
  
-^ Month ^ Reports ​^ Average ^ Median ^ Min ^ Max embargo days ^ +^ Month ^ All reports ^ Embargoed ​^ Average ^ Median ^ Min ^ Max embargo days ^ 
-| 2023-06 | 7 | 26.26 | 7.99 | 1.21 | 131.43 | +| 2023-01 | 16 | 16 | 43.52 | 6.78 | 1.22 | 307.22 | 
-| 2023-07 | 3 | 3.97 | 3.11 | 1.87 | 6.93 | +| 2023-02 | 14 | 11 | 29.70 | 6.93 | 5.68 | 256.01 | 
-| 2023-08 | 1 | 7.31 | 7.31 | 7.31 | 7.31 | +| 2023-03 | 11 | 11 | 28.85 | 6.83 | 4.07 | 237.20 | 
-| 2023-09 | 12 | 9.86 | 9.63 | 1.26 | 20.27 | +| 2023-04 | 4 | 4 | 7.92 | 6.21 | 4.14 | 15.13 | 
-| Total | 23 13.97 | 7.31 | 1.21 | 131.43 |+| 2023-05 | 12 | 12 | 7.51 | 7.68 | 2.57 | 13.99 | 
 +| 2023-06 ​| 7 | 7 | 26.26 | 7.99 | 1.21 | 131.43 | 
 +| 2023-07 ​| 3 | 3 | 3.97 | 3.11 | 1.87 | 6.93 | 
 +| 2023-08 ​| 1 | 1 | 7.31 | 7.31 | 7.31 | 7.31 | 
 +| 2023-09 ​| 12 | 12 | 9.86 | 9.63 | 1.26 | 20.27 
 +| 2023-10 | 6 | 6 | 8.89 | 7.96 | 7.58 | 14.01 | 
 +| 2023-11 | 3 | 3 | 6.94 | 8.02 | 4.78 | 8.02 | 
 +| 2023-12 | 4 | 4 | 7.16 | 7.35 | 4.04 | 9.91 
 +| Total | 93 90 | 20.96 | 7.03 | 1.21 | 307.22 |
  
-==== Input data ====+The data for January 2023 excludes continued handling of some Linux kernel issues by the same reporter, who started reporting that group of related issues in December 2022. 
 + 
 +Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros,​ which only occurred in February 2023) are excluded from the calculation of average, median, and minimum embargo duration above. 
 + 
 +===== Formatted input data ====
 + 
 +For the statistics above, we only use the first embargo duration seen in this table, which is the delay between postings to (linux-)distros and oss-security. 
 + 
 +For some reports, there'​s a second embargo duration - that one is the delay (sometimes negative) between a first public posting elsewhere and the posting to (linux-)distros. Such first public posting often does not fully (or at all) reveal security relevance of the issue/fix, making it not-too-unreasonable to allow a little bit (more) of embargo time on the full detail, especially when that's the issue reporter'​s and/or the upstream project'​s preference.
  
 ^ Project ^ Subjects/​titles/​links ^ Time at distros (UTC) \\ ... oss-security (UTC) \\ Elsewhere (UTC) ^ Embargo days ^ Planned CRD(s) \\ (exact wording) ^ CVE(s) ^ ^ Project ^ Subjects/​titles/​links ^ Time at distros (UTC) \\ ... oss-security (UTC) \\ Elsewhere (UTC) ^ Embargo days ^ Planned CRD(s) \\ (exact wording) ^ CVE(s) ^
 +| Linux | [vs-plain] Warning in bpf_probe_read_user \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​11/​05/​5|[oss-security] Linux: BPF: issues with copy_from_user_nofault()]] \\ [[https://​lore.kernel.org/​bpf/​20230118051443.78988-1-alexei.starovoitov@gmail.com/​]] | Mon Jan 02 17:33:21 2023 \\ Sun Nov 05 22:44:05 2023 \\ Wed Jan 18 05:14:51 2023 | 307.22 \\ 15.49 | 1/9 \\ 1/12 \\ "​tomorrow or so" after June 27 |  |
 +| Cargo | [vs-plain] CVE-2022-46176:​ Cargo does not check SSH host keys \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​10/​3|[oss-security] CVE-2022-46176:​ Cargo does not check SSH host keys]] | Thu Jan 05 16:48:35 2023 \\ Tue Jan 10 16:58:09 2023 | 5.01 | 2023-01-10 at 16:30 UTC | CVE-2022-46176 |
 +| libgit2 | [vs-plain] CVE-2022-46176:​ Cargo does not check SSH host keys \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​11/​05/​6|Re:​ [oss-security] CVE-2022-46176:​ Cargo does not check SSH host keys]] | Thu Jan 05 16:48:35 2023 \\ Sun Nov 05 23:08:43 2023 | 304.26 | 2023-01-10 |  |
 +| X.Org libXpm | [vs-plain] Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​17/​2|[oss-security] Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15]] | Tue Jan 10 18:12:35 2023 \\ Tue Jan 17 16:48:05 2023 | 6.94 | January 17 | CVE-2022-46285 \\ CVE-2022-44617 \\ CVE-2022-4883 |
 +| git | [vs-plain] Upcoming Git security fix release \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​17/​4|[oss-security] Git 2.39.1 and friends]] | Tue Jan 10 23:08:20 2023 \\ Tue Jan 17 18:11:20 2023 | 6.79 | 2023-JAN-17 at around 10am Pacific Time | CVE-2022-23521 \\ CVE-2022-41903 |
 +| OpenStack | [vs] Vulnerability in OpenStack Swift (CVE-2022-47950) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​17/​1|[oss-security] [OSSA-2023-001] Swift: Arbitrary file access through custom S3 XML entities (CVE-2022-47950)]] | Wed Jan 11 00:35:07 2023 \\ Tue Jan 17 16:01:28 2023 | 6.64 | 2023-01-17, 1500UTC | CVE-2022-47950 |
 +| Linux | [vs-plain] Netfilter vulnerability disclosure \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​13/​2|[oss-security] CVE-2023-0179:​ Linux kernel stack buffer overflow in nftables: PoC and writeup]] \\ [[https://​groups.google.com/​g/​syzkaller/​c/​YRNDJBsJn_s]] | Wed Jan 11 01:26:07 2023 \\ Fri Jan 13 16:16:16 2023 \\ Wed Jan 11 14:13:59 2023 | 2.62 \\ 0.53 | 7-day embargo | CVE-2023-0179 |
 +| sudo | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​19/​1|[oss-security] CVE-2023-22809:​ Sudoedit can edit arbitrary files]] | Thu Jan 12 14:17:36 2023 \\ Thu Jan 19 07:30:23 2023 | 6.72 | Wednesday 18th January \\ 15:00 UTC | CVE-2023-22809 |
 +| PowerDNS Recursor | [vs] PowerDNS pre-notification:​ EMBARGO: PowerDNS Security Advisory 2023-01: PowerDNS Recursor 4.8.0 unbounded recursion results in program termination \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​20/​1|[oss-security] Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617)]] | Fri Jan 13 11:17:56 2023 \\ Fri Jan 20 12:34:24 2023 | 7.05 | 20th of January 2023 | CVE-2023-22617 |
 +| Linux | [vs-plain] null pointer dereference in Linux kernel \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​18/​2|[oss-security] null pointer dereference in Linux kernel]] \\ [[https://​lore.kernel.org/​netdev/​Y7s%2FFofVXLwoVgWt@westworld/​]] | Sun Jan 15 05:13:23 2023 \\ Wed Jan 18 08:32:11 2023 \\ Sun Jan 08 22:09:37 2023 | 3.14 \\ -6.29 | in a week (Jan 21st) \\ Tuesday, January 17 | CVE-2023-0394 |
 +| OpenStack | [vs] Vulnerability in OpenStack Cinder, Glance, Nova (CVE-2022-47951) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​24/​2|[oss-security] [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)]] | Tue Jan 17 21:53:18 2023 \\ Tue Jan 24 16:08:35 2023 | 6.76 | 2023-01-24, 1500UTC | CVE-2022-47951 |
 +| BIND 9 | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​25/​2|[oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094,​ CVE-2022-3736,​ CVE-2022-3924)]] | Tue Jan 24 11:59:13 2023 \\ Wed Jan 25 17:17:31 2023 | 1.22 | 25 January 2023 | CVE-2022-3094 \\ CVE-2022-3736 \\ CVE-2022-3924 |
 +| OpenSSL | [vs-plain] Embargoed OpenSSL security issues \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​07/​8|[oss-security] Fwd: OpenSSL Security Advisory]] | Wed Jan 25 12:02:11 2023 \\ Tue Feb 07 19:29:21 2023 | 13.31 | 7th February 2023 |  |
 +| pesign | [vs-plain] pesign: Local privilege escalation on pesign systemd service \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​31/​6|[oss-security] pesign: Local privilege escalation on pesign systemd service]] | Fri Jan 27 20:45:41 2023 \\ Tue Jan 31 17:40:43 2023 | 3.87 | Jan 31st \\ 15 UTC | CVE-2022-3560 |
 +| X.Org Server | [vs-plain] Preview of X.Org Security Advisory for 2023-02-07 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​07/​1|[oss-security] X.Org Security Advisory: Security issue in the X server]] | Mon Jan 30 22:33:46 2023 \\ Tue Feb 07 01:37:48 2023 | 7.13 | 2023-02-07 at 01:00 UTC | CVE-2023-0494 \\ ZDI-CAN-19596 |
 +| heimdal, samba | [vs-plain] [vc] heimdal: CVE-2022-45142:​ signature validation failure \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​08/​1|[oss-security] [vs] heimdal: CVE-2022-45142:​ signature validation failure]] | Tue Jan 31 13:52:38 2023 \\ Wed Feb 08 06:50:02 2023 | 7.71 | 2023-02-08 | CVE-2022-3437 |
 +| less | [vs-plain] less CVE-2022-46663 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​07/​7|[oss-security] CVE-2022-46663:​ less -R filtering bypass]] \\ [[https://​github.com/​gwsw/​less/​commit/​a78e1351113cef564d790a730d657a321624d79c]] | Wed Feb 01 06:35:37 2023 \\ Tue Feb 07 19:26:58 2023 \\ Sat Oct 08 02:25:00 2022 | 6.54 \\ -116.17 | Tuesday; 09:00 UTC, 2023-02-07 | CVE-2022-46663 |
 +| curl | [vs-plain] curl: CVE-2023-23914:​ HSTS ignored on multiple requests (1/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​15/​1|[oss-security] curl: CVE-2023-23914:​ HSTS ignored on multiple requests]] \\ [[https://​github.com/​curl/​curl/​pull/​10138]] | Tue Feb 07 09:36:32 2023 \\ Wed Feb 15 07:29:04 2023 \\ Thu Dec 22 15:14:00 2022 | 7.91 \\ -46.77 | Febrary 15th | CVE-2023-23914 |
 +| curl | [vs-plain] curl: CVE-2023-23915:​ HSTS amnesia with --parallel (2/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​15/​2|[oss-security] curl: CVE-2023-23915:​ HSTS amnesia with --parallel]] | Tue Feb 07 09:36:35 2023 \\ Wed Feb 15 07:29:08 2023 | 7.91 | Febrary 15th | CVE-2023-23915 |
 +| curl | [vs-plain] curl: CVE-2023-23916:​ HTTP multi-header compression denial of service (3/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​15/​3|[oss-security] curl: CVE-2023-23916:​ HTTP multi-header compression denial of service]] | Tue Feb 07 09:37:31 2023 \\ Wed Feb 15 07:29:11 2023 | 7.91 | Febrary 15th | CVE-2023-23916 |
 +| git | [vs-plain] Upcoming Git security fix release \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​14/​5|[oss-security] [Announce] Git 2.39.2 and friends]] | Tue Feb 07 16:47:06 2023 \\ Tue Feb 14 18:09:06 2023 | 7.06 | 2023-FEB-14 at 10am Pacific Time | CVE-2023-22490 \\ CVE-2023-23946 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​17/​3|[oss-security] Linux Kernel: hid: type confusions on hid report_list entry]] \\ [[https://​lore.kernel.org/​all/​20230114-hid-fix-emmpty-report-list-v1-0-e4d02fad3ba5@diag.uniroma1.it/​T/​]] | Wed Feb 22 17:24:49 2023 \\ Tue Jan 17 17:13:45 2023 \\ Mon Jan 16 11:12:09 2023 | -36.01 \\ -37.26 |  | CVE-2023-1073 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​18/​3|[oss-security] Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=3782c0d6edf658b71354a64d60aa7a296188fc90]] | Wed Feb 22 17:24:49 2023 \\ Wed Jan 18 16:18:17 2023 \\ Wed Jan 18 15:34:35 2023 | -35.05 \\ -35.08 |  | CVE-2023-1073 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​01/​23/​1|[oss-security] Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill()]] \\ [[https://​lore.kernel.org/​linux-sctp/​9fcd182f1099f86c6661f3717f63712ddd1c676c.1674496737.git.marcelo.leitner%40gmail.com/​T/​]] | Wed Feb 22 17:24:49 2023 \\ Mon Jan 23 18:55:36 2023 \\ Mon Jan 23 18:00:06 2023 | -29.94 \\ -29.98 |  | CVE-2023-1074 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​01/​6|[oss-security] CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready()]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=ffe2a22562444720b05bdfeb999c03e810d84cbb]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:25 2023 \\ Tue Jan 31 05:06:08 2023 | 6.93 \\ -22.51 |  | CVE-2023-1075 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​01/​5|[oss-security] CVE-2023-1076:​ Linux Kernel: Type Confusion hardcodes tuntap socket UID to root]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=66b2c338adce580dfce2199591e65e2bab889cff]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:17 2023 \\ Mon Feb 06 10:16:55 2023 | 6.93 \\ -16.30 |  | CVE-2023-1076 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​01/​7|[oss-security] CVE-2023-1077:​ Linux kernel: Type confusion in pick_next_rt_entity()]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:27 2023 \\ Sat Feb 11 10:18:10 2023 | 6.93 \\ -11.30 |  | CVE-2023-1077 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​11/​05/​1|[oss-security] CVE-2023-1078:​ Linux: rds_rm_zerocopy_callback() bugs]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=f753a68980cf4b59a80fe677619da2b1804f526d]] | Wed Feb 22 17:24:49 2023 \\ Sun Nov 05 17:32:17 2023 \\ Thu Feb 09 09:37:26 2023 | 256.01 \\ -13.32 |  | CVE-2023-1078 |
 +| Linux | [vs-plain] CVE Request \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​01/​4|[oss-security] CVE-2023-1079:​ Linux Kernel: Use-After-Free in asus_kbd_backlight_set()]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​next/​linux-next.git/​commit/?​id=4ab3a086d10eeec1424f2e8a968827a6336203df]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:11 2023 \\ Wed Feb 15 17:20:56 2023 | 6.93 \\ -7.00 |  | CVE-2023-1079 |
 +| sudo | [vs] sudo: double free with per-command chroot sudoers rules \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​02/​28/​1|[oss-security] sudo: double free with per-command chroot sudoers rules]] \\ [[https://​www.sudo.ws/​pipermail/​sudo-announce/​2023-February/​000206.html]] | Wed Feb 22 22:12:30 2023 \\ Tue Feb 28 14:33:57 2023 \\ Mon Feb 27 16:16:34 2023 | 5.68 \\ 4.75 | maybe Monday next week |  |
 +| Linux | [vs-plain] A double free vulnerability was found in the hci_conn_cleanup function of the Bluetooth subsystem \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​28/​2|[oss-security] CVE-2023-28464:​ Linux: Bluetooth: hci_conn_cleanup function has double free]] \\ [[https://​lore.kernel.org/​lkml/​20230309074645.74309-1-wzhmmmmm@gmail.com/​]] | Wed Mar 08 10:06:04 2023 \\ Tue Mar 28 11:18:01 2023 \\ Thu Mar 09 07:49:39 2023 | 20.05 \\ 0.91 | March 28 \\ 2023-03-28T10:​05:​42+00:​00 | CVE-2023-28464 |
 +| Linux | [vs-plain] Reporting a USB-accessible slab-out-of-bounds read in brcmfmac \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​13/​1|[oss-security] A USB-accessible slab-out-of-bounds read in Linux kernel driver]] \\ [[https://​lore.kernel.org/​linux-wireless/​20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/​]] | Thu Mar 09 11:24:15 2023 \\ Mon Mar 13 13:03:07 2023 \\ Thu Mar 09 10:45:59 2023 | 4.07 \\ -0.03 |  | CVE-2023-1380 |
 +| Bluez, Intel wireless devices | [vs-plain] Bluetooth Low Energy stuck in unresponsive state after repeated out of order transmission of packets \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​11/​02/​2|[oss-security] Bluez, Intel wireless devices: Bluetooth Low Energy stuck in unresponsive state after repeated out of order transmission of packets]] | Fri Mar 10 18:08:39 2023 \\ Thu Nov 02 22:55:03 2023 | 237.20 |  |  |
 +| curl | [vs-plain] curl: CVE-2023-27533:​ TELNET option IAC injection (1/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​1|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27533:​ TELNET option IAC injection]] \\ [[https://​github.com/​curl/​curl/​commit/​538b1e79a6e7b]] | Mon Mar 13 11:26:18 2023 \\ Mon Mar 20 07:26:15 2023 \\ Fri Mar 10 16:43:00 2023 | 6.83 \\ -2.78 | March 20 | CVE-2023-27533 |
 +| curl | [vs-plain] curl: CVE-2023-27534:​ SFTP path ~ resolving discrepancy (2/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​2|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27534:​ SFTP path ~ resolving discrepancy]] \\ [[https://​github.com/​curl/​curl/​commit/​4e2b52b5f7a3bf50a]] | Mon Mar 13 11:26:19 2023 \\ Mon Mar 20 07:26:20 2023 \\ Fri Mar 10 22:20:00 2023 | 6.83 \\ -2.55 | March 20 | CVE-2023-27534 |
 +| curl | [vs-plain] curl: CVE-2023-27535:​ FTP too eager connection reuse (3/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​3|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27535:​ FTP too eager connection reuse]] \\ [[https://​github.com/​curl/​curl/​commit/​8f4608468b890dc]] | Mon Mar 13 11:27:21 2023 \\ Mon Mar 20 07:26:22 2023 \\ Mon Mar 13 08:07:00 2023 | 6.83 \\ -0.14 | March 20 | CVE-2023-27535 |
 +| curl | [vs-plain] curl: CVE-2023-27536:​ GSS delegation too eager connection re-use (4/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​4|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27536:​ GSS delegation too eager connection re-use]] \\ [[https://​github.com/​curl/​curl/​commit/​cb49e67303dba]] | Mon Mar 13 11:27:20 2023 \\ Mon Mar 20 07:26:26 2023 \\ Fri Mar 10 22:30:00 2023 | 6.83 \\ -2.54 | March 20 | CVE-2023-27536 |
 +| curl | [vs-plain] curl: CVE-2023-27537:​ HSTS double-free (5/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​5|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27537:​ HSTS double-free]] \\ [[https://​github.com/​curl/​curl/​commit/​dca4cdf071be0]] | Mon Mar 13 11:28:21 2023 \\ Mon Mar 20 07:26:32 2023 \\ Fri Mar 10 16:45:00 2023 | 6.83 \\ -2.78 | March 20 | CVE-2023-27537 |
 +| curl | [vs-plain] curl: CVE-2023-27538:​ SSH connection too eager reuse still (6/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​20/​6|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27538:​ SSH connection too eager reuse still]] \\ [[https://​github.com/​curl/​curl/​commit/​af369db4d3833272b8ed]] | Mon Mar 13 11:28:23 2023 \\ Mon Mar 20 07:26:36 2023 \\ Fri Mar 10 16:54:00 2023 | 6.83 \\ -2.77 | March 20 | CVE-2023-27538 |
 +| X.Org Server | [vs-plain] Preview of X.Org Security Advisory for 2023-03-29 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​03/​29/​1|[oss-security] Fwd: X.Org Security Advisory: CVE-2023-1393:​ X.Org Server Overlay Window Use-After-Free]] \\ [[https://​lists.x.org/​archives/​xorg-announce/​2023-March/​003374.html]] | Mon Mar 20 08:03:14 2023 \\ Wed Mar 29 12:36:06 2023 \\ Wed Mar 29 12:15:05 2023 | 9.19 \\ 9.17 | 2023-03-29 at 12:00 UTC | CVE-2023-1393 \\ ZDI-CAN-19866 |
 +| Open vSwitch | [vs-plain] [ADVISORY] CVE-2023-1668:​ Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​04/​06/​1|[oss-security] [ADVISORY] CVE-2023-1668:​ Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0]] | Fri Mar 31 23:06:33 2023 \\ Thu Apr 06 19:18:23 2023 | 5.84 | 06-Apr-2023 | CVE-2023-1668 |
 +| Linux | [vs-plain] linux-bluetooth:​ Arbitrary management command execution \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​04/​16/​3|[oss-security] CVE-2023-2002:​ Linux Bluetooth: Unauthorized management command execution]] | Sun Apr 09 10:57:14 2023 \\ Sun Apr 16 11:22:19 2023 | 7.02 | April 16th | CVE-2023-2002 |
 +| Linux | [vs-plain] OOB access in the Linux kernel'​s XFS subsystem \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​04/​19/​2|[oss-security] CVE-2023-2124:​ OOB access in the Linux kernel'​s XFS subsystem]] \\ [[https://​lore.kernel.org/​linux-xfs/​20230411233159.GH360895@frogsfrogsfrogs/​]] | Sat Apr 15 03:27:54 2023 \\ Wed Apr 19 06:45:22 2023 \\ Tue Apr 11 23:32:04 2023 | 4.14 \\ -3.16 |  | CVE-2023-2124 |
 +| Git | [vs-plain] Upcoming Git security fix releases \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​04/​25/​2|[oss-security] [ANNOUNCE] Git v2.40.1 and friends]] | Thu Apr 20 07:29:59 2023 \\ Tue Apr 25 17:08:44 2023 | 5.40 | 2023-APR-25 at around 10am Pacific Time | CVE-2023-25652 \\ CVE-2023-25815 \\ CVE-2023-29007 |
 +| distribution/​distribution | [vs-plain] Embargoed DoS in distribution/​distribution:​ Catalog Endpoint can lead to OOM by user input \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​09/​1|[oss-security] CVE-2023-2253:​ distribution/​distribution:​ Catalog API endpoint can lead to OOM via malicious user input]] | Mon Apr 24 12:55:13 2023 \\ Tue May 09 16:04:12 2023 | 15.13 | 2023-05-08 13:00 UTC \\ 2023-05-09 15:00 UTC | CVE-2023-2253 |
 +| Linux | [vs-plain] Linux kernel LPE due to use-after-free in Netfilter nf_tables \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​08/​4|[oss-security] [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​netdev/​net.git/​commit/?​id=c1592a89942e9678f7d9c8030efa777c0d57edab]] | Tue May 02 08:28:08 2023 \\ Mon May 08 15:58:45 2023 \\ Wed May 03 06:24:32 2023 | 6.31 \\ 0.91 | Once the fix becomes public \\ Monday (May 8th) | CVE-2023-32233 |
 +| Linux | [vs-plain] linux >= 6.3-rc4: OOB physical memory read/write via io_uring \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​08/​3|[oss-security] Linux kernel io_uring out-of-bounds access to physical memory]] \\ [[https://​git.kernel.org/​pub/​scm/​linux/​kernel/​git/​torvalds/​linux.git/​commit/?​id=776617db78c6d208780e7c69d4d68d1fa82913de]] | Tue May 02 16:28:39 2023 \\ Mon May 08 14:34:55 2023 \\ Wed May 03 15:00:22 2023 | 5.92 \\ 0.94 | 2023-05-08 15:00 UTC \\ 12:00 UTC, Sunday 2023-05-07 | CVE-2023-2598 |
 +| OpenStack | [vs] Vulnerability in OpenStack cinder, glance_store,​ nova, os-brick (CVE-2023-2088) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​10/​5|[oss-security] [OSSA-2023-003] cinder, glance_store,​ nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088)]] | Thu May 04 00:57:23 2023 \\ Wed May 10 17:21:16 2023 | 6.68 | 2023-05-10, 1500UTC | CVE-2023-2088 \\ OSSA-2023-003 |
 +| libcap | [vs-plain] pre-announcement libcap-2.69 release 2023-05-15 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​15/​4|[oss-security] libcap-2.69 addresses 2 CVEs]] \\ [[https://​sites.google.com/​site/​fullycapable/​release-notes-for-libcap#​h.iuvg7sbjg8pe]] | Mon May 08 01:41:19 2023 \\ Mon May 15 16:00:06 2023 \\ Mon May 15 02:10:04 2023 | 7.60 \\ 7.02 | 2023-05-15 | LCAP-CR-23-01 \\ LCAP-CR-23-02 \\ CVE-2023-2602 \\ CVE-2023-2603 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-28319 (1/4) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​17/​1|[oss-security] curl: CVE-2023-28319:​ UAF in SSH sha256 fingerprint check]] | Tue May 09 12:16:16 2023 \\ Wed May 17 06:41:12 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28319 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-28320 (2/4) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​17/​2|[oss-security] curl: CVE-2023-28320:​ siglongjmp race condition]] | Tue May 09 12:16:30 2023 \\ Wed May 17 06:41:18 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28320 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-28321 (3/4) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​17/​3|[oss-security] curl: CVE-2023-28321:​ IDN wildcard match]] | Tue May 09 12:17:16 2023 \\ Wed May 17 06:41:21 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28321 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-28322 (4/4) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​17/​4|[oss-security] curl: CVE-2023-28322:​ more POST-after-PUT confusion]] | Tue May 09 12:17:29 2023 \\ Wed May 17 06:41:26 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28322 |
 +| cups-filters | [vs-plain] CVE-2023-24805:​ RCE in cups-filters,​ beh CUPS backend \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​17/​5|[oss-security] CVE-2023-24805:​ RCE in cups-filters,​ beh CUPS backend]] | Wed May 10 12:45:42 2023 \\ Wed May 17 12:14:29 2023 | 6.98 | May 17, 2023 | CVE-2023-24805 \\ GHSA-gpxc-v2m8-fr3x |
 +| OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​30/​1|[oss-security] OpenSSL Security Advisory]] | Tue May 16 14:13:29 2023 \\ Tue May 30 13:53:09 2023 | 13.99 | 30th May 2023 | CVE-2023-2650 |
 +| c-ares | [vs-plain] c-ares security vulns \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​05/​22/​2|[oss-security] c-ares multiple vulnerabilities:​ CVE-2023-32067,​ CVE-2023-31147,​ CVE-2023-31130,​ CVE-2023-31124]] | Fri May 19 23:08:20 2023 \\ Mon May 22 12:53:13 2023 | 2.57 | 5/22/2023 | CVE-2023-32067 \\ CVE-2023-31124 \\ CVE-2023-31130 \\ CVE-2023-31147 |
 +| CUPS | [vs-plain] EMBARGOED CVE-2023-32324 heap buffer overflow in cupsd \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​06/​01/​1|[oss-security] [vs] CVE-2023-32324 heap buffer overflow in cupsd]] | Tue May 23 10:06:35 2023 \\ Thu Jun 01 10:49:58 2023 | 9.03 | June 1st 2023, 12:00 PM CET | CVE-2023-32324 |
 | open-vm-tools | [vs] [EMBARGOED] CVE-2023-20867 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​16/​2|[oss-security] CVE-2023-20867:​ open-vm-tools:​ Authentication Bypass vulnerability in the vgauth module]] \\ [[https://​www.vmware.com/​security/​advisories/​VMSA-2023-0013.html]] | Tue Jun 06 15:31:40 2023 \\ Mon Oct 16 01:49:50 2023 \\ Tue Jun 13 15:31:40 2023 | 131.43 \\ 7.00 | June 13th, 2023 | CVE-2023-20867 \\ VMSA-2023-0013 | | open-vm-tools | [vs] [EMBARGOED] CVE-2023-20867 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​16/​2|[oss-security] CVE-2023-20867:​ open-vm-tools:​ Authentication Bypass vulnerability in the vgauth module]] \\ [[https://​www.vmware.com/​security/​advisories/​VMSA-2023-0013.html]] | Tue Jun 06 15:31:40 2023 \\ Mon Oct 16 01:49:50 2023 \\ Tue Jun 13 15:31:40 2023 | 131.43 \\ 7.00 | June 13th, 2023 | CVE-2023-20867 \\ VMSA-2023-0013 |
 | cpdb-libs | [vs-plain] CVE-2023-34095:​ Buffer overflows via scanf \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​06/​14/​7|[oss-security] CVE-2023-34095:​ cpdb-libs: Buffer overflows via scanf]] | Tue Jun 06 17:37:22 2023 \\ Wed Jun 14 17:18:55 2023 | 7.99 | June 14, 2023 | CVE-2023-34095 \\ GHSA-25j7-9gfc-f46x | | cpdb-libs | [vs-plain] CVE-2023-34095:​ Buffer overflows via scanf \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​06/​14/​7|[oss-security] CVE-2023-34095:​ cpdb-libs: Buffer overflows via scanf]] | Tue Jun 06 17:37:22 2023 \\ Wed Jun 14 17:18:55 2023 | 7.99 | June 14, 2023 | CVE-2023-34095 \\ GHSA-25j7-9gfc-f46x |
Line 38: Line 111:
 | libcue | [vs] CVE-2023-43641 (GHSL-2023-197) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​09/​3|[oss-security] CVE-2023-43641:​ out-of-bounds array access in libcue 2.2.1]] | Tue Sep 26 08:12:41 2023 \\ Mon Oct 09 17:13:07 2023 | 13.38 | 2023-10-09T17+00:​00 | CVE-2023-43641 \\ GHSL-2023-197 | | libcue | [vs] CVE-2023-43641 (GHSL-2023-197) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​09/​3|[oss-security] CVE-2023-43641:​ out-of-bounds array access in libcue 2.2.1]] | Tue Sep 26 08:12:41 2023 \\ Mon Oct 09 17:13:07 2023 | 13.38 | 2023-10-09T17+00:​00 | CVE-2023-43641 \\ GHSL-2023-197 |
 | libX11 & libXpm | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in libX11 & libXpm \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​03/​1|[oss-security] Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17]] | Tue Sep 26 17:15:59 2023 \\ Tue Oct 03 16:32:00 2023 | 6.97 | October 3, 2023 | CVE-2023-43785 \\ CVE-2023-43786 \\ CVE-2023-43787 \\ CVE-2023-43788 \\ CVE-2023-43789 | | libX11 & libXpm | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in libX11 & libXpm \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​03/​1|[oss-security] Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17]] | Tue Sep 26 17:15:59 2023 \\ Tue Oct 03 16:32:00 2023 | 6.97 | October 3, 2023 | CVE-2023-43785 \\ CVE-2023-43786 \\ CVE-2023-43787 \\ CVE-2023-43788 \\ CVE-2023-43789 |
 +| curl | [vs-plain] : CVE-2023-38545 curl SOCKS5 heap buffer overflow (1/2) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​11/​1|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-38545:​ SOCKS5 heap buffer overflow]] | Tue Oct 03 06:57:43 2023 \\ Wed Oct 11 05:58:55 2023 | 7.96 | October 11, around 06:00 UTC | CVE-2023-38545 |
 +| curl | [vs-plain] : CVE-2023-38546 curl cookie injection with none file (2/2) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​11/​2|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-38546]] | Tue Oct 03 06:57:52 2023 \\ Wed Oct 11 05:59:15 2023 | 7.96 | October 11 2023 | CVE-2023-38546 |
 +| OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​24/​1|[oss-security] OpenSSL Security Advisory]] | Tue Oct 10 14:57:08 2023 \\ Tue Oct 24 15:14:46 2023 | 14.01 | 24th October 2023 | CVE-2023-5363 \\ GHSA-q3f8-53qj-r58x |
 +| X.Org X server | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in X.Org X server \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​25/​1|[oss-security] FW: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.9 and Xwayland prior to 23.2.2]] \\ [[https://​lists.x.org/​archives/​xorg-announce/​2023-October/​003430.html]] | Tue Oct 17 05:13:14 2023 \\ Wed Oct 25 11:06:15 2023 \\ Wed Oct 25 01:53:55 2023 | 8.25 \\ 7.86 | October 25, 2023 | CVE-2023-5367 \\ CVE-2023-5380 \\ CVE-2023-5574 \\ ZDI-CAN-22153 \\ ZDI-CAN-21608 \\ ZDI-CAN-21213 |
 +| open-vm-tools | [vs-plain] SAML Bypass in VMware Tools CVE-2023-34058 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​27/​1|[oss-security] CVE-2023-34058 - SAML Token Signature Bypass in open-vm-tools]] | Thu Oct 19 18:43:23 2023 \\ Fri Oct 27 08:36:14 2023 | 7.58 | October 26th, 2023 | CVE-2023-34058 |
 +| open-vm-tools | [vs-plain] file descriptor hijack in VMware Tools CVE-2023-34059 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​10/​27/​2|[oss-security] CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools]] | Thu Oct 19 18:43:46 2023 \\ Fri Oct 27 08:36:17 2023 | 7.58 | October 26th, 2023 | CVE-2023-34059 |
 +| Intel CPUs | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​11/​14/​4|[oss-security] CVE-2023-23583:​ Intel - Denial of Service - Privilege Escalation (Reptar)]] | Thu Nov 09 23:51:52 2023 \\ Tue Nov 14 18:36:44 2023 | 4.78 | November 14th, 10 am Pacific Time | CVE-2023-23583 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-46218 (1/2) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​06/​1|[oss-security] [SECURITY ADVISORY] curl: cookie mixed case PSL bypass]] \\ [[https://​github.com/​curl/​curl/​pull/​12387]] | Tue Nov 28 07:04:22 2023 \\ Wed Dec 06 07:29:18 2023 \\ Thu Nov 23 07:16:00 2023 | 8.02 \\ -4.99 | 07:00 UTC on December 6 | CVE-2023-46218 |
 +| curl | [vs-plain] : curl pre-notification:​ CVE-2023-46219 (2/2) \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​06/​2|[oss-security] [SECURITY ADVISORY] curl: HSTS long file name clears contents]] \\ [[https://​github.com/​curl/​curl/​pull/​12388]] | Tue Nov 28 07:04:40 2023 \\ Wed Dec 06 07:29:58 2023 \\ Thu Nov 23 07:24:00 2023 | 8.02 \\ -4.99 | 07:00 UTC on December 6 | CVE-2023-46219 |
 +| X.Org X server and Xwayland | [vs-plain] Embargoed X.Org Security Advisory: Issues in X server and Xwayland \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​13/​1|[oss-security] FW: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.10 and Xwayland prior to 23.2.3]] \\ [[https://​lists.x.org/​archives/​xorg-announce/​2023-December/​003435.html]] | Tue Dec 05 21:17:38 2023 \\ Wed Dec 13 13:03:51 2023 \\ Wed Dec 13 02:02:10 2023 | 7.66 \\ 7.20 | December 13, 2023 00:00 UTC | CVE-2023-6377 \\ CVE-2023-6478 \\ ZDI-CAN-22412 \\ ZDI-CAN-22413 \\ ZDI-CAN-22561 |
 +| SSH protocol | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​18/​3|[oss-security] CVE-2023-48795:​ Prefix Truncation Attacks in SSH Specification (Terrapin Attack)]] \\ [[https://​groups.google.com/​g/​golang-announce/​c/​-n5WqVC18LQ]] | Mon Dec 11 15:40:29 2023 \\ Mon Dec 18 16:47:26 2023 \\ Tue Dec 12 20:56:36 2023 | 7.05 \\ 1.22 | 18th of December 2023 15:00 UTC | CVE-2023-48795 |
 +| Debian cpio | [vs-plain] Security vulnerability in Debian'​s cpio 2.13 \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​21/​8|[oss-security] Security vulnerability in Debian'​s cpio 2.13]] \\ [[https://​bugs.debian.org/​cgi-bin/​bugreport.cgi?​bug=1059163]] | Sun Dec 17 15:50:53 2023 \\ Thu Dec 21 16:50:17 2023 \\ Wed Dec 20 19:03:02 2023 | 4.04 \\ 3.13 | 2023-12-27 |  |
 +| xarchiver | [vs-plain] xarchiver: Path traversal with crafted cpio archives \\ [[https://​www.openwall.com/​lists/​oss-security/​2023/​12/​27/​1|[oss-security] xarchiver: Path traversal with crafted cpio archives]] | Sun Dec 17 15:50:53 2023 \\ Wed Dec 27 13:42:05 2023 | 9.91 | 2023-12-27 |  |
  
-==== Extra data for prior months not included in statistics ​==== +===== Source input data =====
- +
-The data here is unfortunately incomplete and unreliable, resulting from automated processing of input that wasn't meant to be fully machine-readable.+
  
-^Project^Subject^Reported^Coordinated Release Date^Time ​of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ +These files were manually created based on review ​of the e-mail threads and external resources referenced from thereThey were processed with {{stats-process.txt|this Perl script}} ​to produce the tables aboveYou should be able to reproduce that.
-^   ​February ​  ​^^^^^^^^ +
-| |less CVE-2022-46663|2023-02-01T06:​55:​51+00:​00|2023-02-08T06:​55:​51+00:​00|[[https://​marc.info/?​i=CAP9KPhB7PqqFt%3DOf8%2B6CKiaV%3D%2Bp%3DWwYOjG3QF3TEBDDop1125g%40mail.gmail.com|2023-02-07T18:​49:​47+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46663|CVE-2022-46663]]|7.00|6.46| +
-^   ​January ​  ​^^^^^^^^ +
-| |Preview of X.Org Security Advisory for 2023-02-07|2023-01-30T22:​33:​32+00:​00|2023-02-06T22:​33:​32+00:​00|[[https://​marc.info/?​i=9afca616-11f3-ac36-4d5f-918487e1a756%40redhat.com|2023-02-07T01:​36:​35+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0494|CVE-2022-0494]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0494|CVE-2023-0494]]|7.00|7.12| +
-| |pesign: Local privilege escalation on pesign systemd service|2023-01-27T20:​44:​55+00:​00|2023-02-03T20:​44:​55+00:​00|[[https://​marc.info/?​i=CAOGQQ29pYOHP2puP-nAzO%2BQnbc-OouwnVFpQVY_%3DOvVo12%3DMkw%40mail.gmail.com|2023-01-31T15:​59:​19+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-3560|CVE-2022-3560]]|7.00|3.79| +
-| |Embargoed OpenSSL security issues|2023-01-25T12:​02:​01+00:​00|2023-02-07T00:​00:​00+00:​00|[[https://​marc.info/?​i=CAPCCXc9UR7FmvkEvyy2_H%3Dh4Y8cSMtJC7i8FsypBQye_FXp5GA%40mail.gmail.com|2023-02-07T19:​28:​51+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4203|CVE-2022-4203]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4304|CVE-2022-4304]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4450|CVE-2022-4450]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0215|CVE-2023-0215]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0216|CVE-2023-0216]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0217|CVE-2023-0217]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0286|CVE-2023-0286]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0401|CVE-2023-0401]]|12.46|13.29| +
-| |...|2023-01-24T11:​58:​47+00:​00|2023-01-31T11:​58:​47+00:​00|[[https://​marc.info/?​i=Y9FhZ0vKzTx4WTCH%40larwa.hq.kempniu.pl|2023-01-25T17:​05:​43+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-3094|CVE-2022-3094]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-3736|CVE-2022-3736]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-3924|CVE-2022-3924]]|7.00|1.21| +
-| |Re: Vulnerability in OpenStack Cinder, Glance, Nova (CVE-2022-47951)|2023-01-17T21:​53:​09+00:​00|2023-01-24T21:​53:​09+00:​00|[[https://​marc.info/?​i=20230124160818.wlaspet7jsmths2p%40yuggoth.org|2023-01-24T16:​08:​18+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-47951|CVE-2022-47951]]|7.00|6.75| +
-| |null pointer dereference in Linux kernel|2023-01-15T05:​12:​43+00:​00|2023-01-22T05:​12:​43+00:​00|[[https://​marc.info/?​i=CADW8OBuhuCTq-MvcFuAxOc6pWrkmOd-mwV9yasNRfbnD9s85-g%40mail.gmail.com|2023-01-18T20:​26:​46+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0394|CVE-2023-0394]]|7.00|3.62| +
-| |Re: PowerDNS pre-notification:​ EMBARGO: PowerDNS Security Advisory 2023-01: PowerDNS Recursor 4.8.0 unbounded recursion results in program termination|2023-01-13T11:​17:​46+00:​00|2023-01-20T11:​17:​46+00:​00|[[https://​marc.info/?​i=1295588158.7348.1674217183817%40appsuite-guard.open-xchange.com|2023-01-20T12:​19:​43+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-22617|CVE-2023-22617]]|7.00|7.04| +
-| |Re: Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15|2023-01-12T23:​41:​22+00:​00|2023-01-19T23:​41:​22+00:​00|[[https://​marc.info/?​i=7b3fdf01-8189-567d-bf15-ba8478eaba79%40oracle.com|2023-01-17T16:​47:​45+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4883|CVE-2022-4883]]|7.00|4.71| +
-| |...|2023-01-12T14:​17:​07+00:​00|2023-01-19T14:​17:​07+00:​00|[[https://​marc.info/?​i=CAE-GootkXskaRKTmdPg1KsL3cm2oPq8DtL14MoupwX_CaVDeXw%40mail.gmail.com|2023-01-19T00:​33:​43+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-22809|CVE-2023-22809]]|7.00|6.42| +
-| |Netfilter vulnerability disclosure|2023-01-11T01:​26:​17+00:​00|2023-01-18T01:​26:​17+00:​00|[[https://​marc.info/?​i=CAHH-0UfWddrL_x9n1eG1oJ6iurew7D6Yb%3Dz%3D068BfV7uJGSRGw%40mail.gmail.com|2023-01-13T15:​22:​47+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1015|CVE-2022-1015]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2023-0179|CVE-2023-0179]]|7.00|2.54| +
-| |Re: Vulnerability in OpenStack Swift (CVE-2022-47950)|2023-01-11T00:​35:​00+00:​00|2023-01-18T00:​35:​00+00:​00|[[https://​marc.info/?​i=20230117160111.htaewnl2wmuqlgq7%40yuggoth.org|2023-01-17T16:​01:​11+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-47950|CVE-2022-47950]]|7.00|6.62| +
-| |Upcoming Git security fix release|2023-01-10T23:​08:​02+00:​00|2023-01-17T23:​08:​02+00:​00|[[https://​marc.info/?​i=xmqqfscit2ct.fsf%40gitster.g|2023-01-17T18:​06:​10+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-23521|CVE-2022-23521]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-41903|CVE-2022-41903]]|7.00|6.75| +
-| |Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15|2023-01-10T18:​12:​18+00:​00|2023-01-17T18:​12:​18+00:​00|[[https://​marc.info/?​i=7b3fdf01-8189-567d-bf15-ba8478eaba79%40oracle.com|2023-01-17T16:​47:​45+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-44617|CVE-2022-44617]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46285|CVE-2022-46285]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4883|CVE-2022-4883]]|7.00|6.92| +
-| |Re: CVE-2022-46176:​ Cargo does not check SSH host keys|2023-01-05T16:​48:​13+00:​00|2023-01-12T16:​48:​13+00:​00|[[https://​marc.info/?​i=0c602545-dfad-4d49-beaa-b5094b343af8%40app.fastmail.com|2023-01-10T16:​45:​06+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46176|CVE-2022-46176]]|7.00|4.96|+
  
 +  * {{stats-202301.txt}}
 +  * {{stats-202302.txt}}
 +  * {{stats-202303.txt}}
 +  * {{stats-202304.txt}}
 +  * {{stats-202305.txt}}
 +  * {{stats-202306.txt}}
 +  * {{stats-202307.txt}}
 +  * {{stats-202308.txt}}
 +  * {{stats-202309.txt}}
 +  * {{stats-202310.txt}}
 +  * {{stats-202311.txt}}
 +  * {{stats-202312.txt}}
mailing-lists/distros/stats/2023.1697473880.txt · Last modified: 2023/10/16 18:31 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux