Update GPLv2+ license text

[bjoernricks]

What

Update GPLv2+ license text

Why

Use the text from the official GNU web page.

Fixes #932

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 489f175.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[github-actions]

🔍 Vulnerabilities of harbor-os.greenbone.net/community/gvm-libs:934-merge-amd64

📦 Image Reference harbor-os.greenbone.net/community/gvm-libs:934-merge-amd64

digest	sha256:fa28e2588d09dab05352272dea97e7d23fe07d654f13d525e00fbe5cd12a14b1
vulnerabilities
size	48 MB
packages	200

📦 Base Image debian:testing-20250610-slim

also known as	testing-slim
digest	sha256:757269df9b611ea9da477069d009468f404ffb2c73436f503911eade276da64a
vulnerabilities

libxml2 2.12.7+dfsg+really2.9.14-1 (deb) pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-1?os_distro=trixie&os_name=debian&os_version=13 Affected range >=2.12.7+dfsg+really2.9.14-1 Fixed version Not Fixed EPSS Score 0.05% EPSS Percentile 16th percentile Description A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752) [bookworm] - libxml2 (Minor issue) https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 Affected range >=2.12.7+dfsg+really2.9.14-1 Fixed version Not Fixed EPSS Score 0.07% EPSS Percentile 21st percentile Description A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755) [bookworm] - libxml2 (Minor issue; revisit when fixed upstream) https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 Affected range >=2.12.7+dfsg+really2.9.14-1 Fixed version Not Fixed EPSS Score 0.05% EPSS Percentile 16th percentile Description A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720) [bookworm] - libxml2 (Minor issue; does not affect the parser code) https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad346c9a249c4b380bf73c460ad3e81135c5d781 (master) Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0 (2.14-branch) Affected range >=2.12.7+dfsg+really2.9.14-1 Fixed version Not Fixed EPSS Score 0.05% EPSS Percentile 16th percentile Description A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107753) [bookworm] - libxml2 (Minor issue) https://gitlab.gnome.org/GNOME/libxml2/-/issues/932 Affected range >=2.12.7+dfsg+really2.9.14-1 Fixed version Not Fixed EPSS Score 0.01% EPSS Percentile 2nd percentile Description A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. libxml2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938) https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

pam 1.7.0-3 (deb) pkg:deb/debian/pam@1.7.0-3?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.7.0-3 Fixed version Not Fixed EPSS Score 0.02% EPSS Percentile 4th percentile Description A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. pam (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919) https://www.openwall.com/lists/oss-security/2025/06/17/1 GHSA-f9p8-gjr4-j9gx Fixed by: linux-pam/linux-pam@475bd60 (v1.7.1) Fixed by: linux-pam/linux-pam@592d84e (v1.7.1) Fixed by: linux-pam/linux-pam@976c200 (v1.7.1)

perl 5.40.1-3 (deb) pkg:deb/debian/perl@5.40.1-3?os_distro=trixie&os_name=debian&os_version=13 Affected range >=5.40.1-3 Fixed version Not Fixed EPSS Score 0.02% EPSS Percentile 2nd percentile Description Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 perl (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226) [bookworm] - perl (Minor issue; Perl maintainer will fix it via point release) [bullseye] - perl (Minor issue, revisit when fixed upstream) Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition) Perl/perl5#23010 Fixed by: Perl/perl5@fc8063a (v5.41.13) Fixed by: Perl/perl5@a1327b5 (v5.41.13) Fixed by: Perl/perl5@1f9097b (v5.41.13) Fixed by: Perl/perl5@5c2e757 (v5.41.13) Squashed version of fix (to help backports): Perl/perl5@918bfff https://lists.security.metacpan.org/cve-announce/msg/30017499/ Affected range >=5.40.1-3 Fixed version Not Fixed EPSS Score 0.81% EPSS Percentile 73rd percentile Description _is_safe in the File::Temp module for Perl does not properly handle symlinks. perl (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776268) http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177 File:Temp::_is_safe() allows unsafe traversal of symlinks [rt.cpan.org #69106] Perl-Toolchain-Gang/File-Temp#14

ncurses 6.5+20250216-2 (deb) pkg:deb/debian/ncurses@6.5%2B20250216-2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=6.5+20250216-2 Fixed version Not Fixed EPSS Score 0.01% EPSS Percentile 2nd percentile Description A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. ncurses (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107937) [bookworm] - ncurses (Minor issue) [bullseye] - ncurses (Minor issue) https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html https://invisible-island.net/ncurses/NEWS.html#index-t20250329

systemd 257.6-1 (deb) pkg:deb/debian/systemd@257.6-1?os_distro=trixie&os_name=debian&os_version=13 Affected range >=257.6-1 Fixed version Not Fixed EPSS Score 0.09% EPSS Percentile 27th percentile Description An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf Affected range >=257.6-1 Fixed version Not Fixed EPSS Score 0.10% EPSS Percentile 29th percentile Description An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf Affected range >=257.6-1 Fixed version Not Fixed EPSS Score 0.13% EPSS Percentile 33rd percentile Description An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf Affected range >=257.6-1 Fixed version Not Fixed EPSS Score 0.07% EPSS Percentile 23rd percentile Description systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. systemd (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357) [wheezy] - systemd (/etc/tmpfiles.d not supported in Wheezy) https://bugzilla.redhat.com/show_bug.cgi?id=859060 only relevant to systems running systemd along with selinux

openldap 2.6.10+dfsg-1 (deb) pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?os_distro=trixie&os_name=debian&os_version=13 Affected range >=2.6.10+dfsg-1 Fixed version Not Fixed EPSS Score 0.37% EPSS Percentile 58th percentile Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. openldap (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965184) https://bugs.openldap.org/show_bug.cgi?id=9266 https://bugzilla.redhat.com/show_bug.cgi?id=1740070 RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap behaviour does conform with RFC4513. RFC6125 does not superseed the rules for verifying service identity provided in specifications for existing application protocols published prior to RFC6125, like RFC4513 for LDAP. Affected range >=2.6.10+dfsg-1 Fixed version Not Fixed EPSS Score 2.84% EPSS Percentile 86th percentile Description contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. openldap (unimportant) http://www.openldap.org/its/index.cgi/Incoming?id=8759 nops slapd-module not built Affected range >=2.6.10+dfsg-1 Fixed version Not Fixed EPSS Score 0.11% EPSS Percentile 31st percentile Description slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript. openldap (unimportant) http://www.openldap.org/its/index.cgi?findid=8703 Negligible security impact, but filed #877512 Affected range >=2.6.10+dfsg-1 Fixed version Not Fixed EPSS Score 2.15% EPSS Percentile 83rd percentile Description The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. openldap (unimportant) Debian builds with GNUTLS, not NSS

krb5 1.21.3-5 (deb) pkg:deb/debian/krb5@1.21.3-5?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.21.3-5 Fixed version Not Fixed EPSS Score 0.08% EPSS Percentile 25th percentile Description Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. krb5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098754; unimportant) https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md Fixed by: krb5/krb5@c5f9c81 Codepath cannot be triggered via API calls, negligible security impact https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html Affected range >=1.21.3-5 Fixed version Not Fixed EPSS Score 0.15% EPSS Percentile 37th percentile Description Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. krb5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098754; unimportant) https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md Fixed by: krb5/krb5@c5f9c81 Unused codepath, negligible security impact https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html Affected range >=1.21.3-5 Fixed version Not Fixed EPSS Score 0.46% EPSS Percentile 63rd percentile Description An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. krb5 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889684) https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow non-issue, codepath is only run on trusted input, potential integer overflow is non-issue

shadow 1:4.17.4-2 (deb) pkg:deb/debian/shadow@1:4.17.4-2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1:4.17.4-2 Fixed version Not Fixed EPSS Score 2.87% EPSS Percentile 86th percentile Description shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. shadow (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103832) [bookworm] - shadow (Minor issue) [bullseye] - shadow (Minor issue, disputed, no upstream patch) Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-maint/shadow#1157 Affected range >=1:4.17.4-2 Fixed version Not Fixed EPSS Score 0.25% EPSS Percentile 48th percentile Description initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. shadow (unimportant) See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so unknown usernames are not recorded on login failures

glibc 2.41-8 (deb) pkg:deb/debian/glibc@2.41-8?os_distro=trixie&os_name=debian&os_version=13 Affected range <2.41-9 Fixed version 2.41-9 EPSS Score 0.05% EPSS Percentile 15th percentile Description The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. glibc 2.41-9 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107366) [bookworm] - glibc (Vulnerable code introduced in 2.40) [bullseye] - glibc (Vulnerable code introduced in 2.40) https://sourceware.org/bugzilla/show_bug.cgi?id=33060 https://sourceware.org/pipermail/libc-alpha/2025-June/167405.html Introduced with: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23f0d81608d0ca6379894ef81670cf30af7fd081 (glibc-2.40) Affected range <2.41-9 Fixed version 2.41-9 EPSS Score 0.05% EPSS Percentile 15th percentile Description The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. glibc 2.41-9 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107365) [bookworm] - glibc (Vulnerable code introduced in 2.39) [bullseye] - glibc (Vulnerable code introduced in 2.39) https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://sourceware.org/pipermail/libc-alpha/2025-June/167381.html Introduced with: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3367d8e180848030d1646f088759f02b8dfe0d6f (glibc-2.39)

libgcrypt20 1.11.0-7 (deb) pkg:deb/debian/libgcrypt20@1.11.0-7?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.11.0-7 Fixed version Not Fixed EPSS Score 0.23% EPSS Percentile 46th percentile Description A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. libgcrypt20 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683) https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt https://people.redhat.com/~hkario/marvin/ https://dev.gnupg.org/T7136 https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17 Not in scope for libgcrypt security policy, work ongoing to add support in the protocol layer Affected range >=1.11.0-7 Fixed version Not Fixed EPSS Score 1.27% EPSS Percentile 78th percentile Description cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. libgcrypt20 (unimportant) libgcrypt11 (unimportant) gnupg1 (unimportant) gnupg (unimportant) https://github.com/weikengchen/attack-on-libgcrypt-elgamal https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html GnuPG uses ElGamal in hybrid mode only. This is not a vulnerability in libgcrypt, but in an application using it in an insecure manner, see also https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

libssh 0.11.1-2 (deb) pkg:deb/debian/libssh@0.11.1-2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh [bookworm] - libssh (Vulnerable code not present) [bullseye] - libssh (Vulnerable code not present) https://www.libssh.org/security/advisories/CVE-2025-5449.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=261612179f740bc62ba363d98b3bd5e5573a811f (libssh-0.11.2) Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=3443aec90188d6aab9282afc80a81df5ab72c4da (libssh-0.11.2) Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2) Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2) Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh https://www.libssh.org/security/advisories/CVE-2025-5987.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh https://www.libssh.org/security/advisories/CVE-2025-5372.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972 (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh https://www.libssh.org/security/advisories/CVE-2025-5351.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. libssh https://www.libssh.org/security/advisories/CVE-2025-5318.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh https://www.libssh.org/security/advisories/CVE-2025-4878.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 (libssh-0.11.2) Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb (libssh-0.11.2) Affected range >=0.11.1-2 Fixed version Not Fixed Description libssh https://www.libssh.org/security/advisories/CVE-2025-4877.txt Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d (libssh-0.11.2)

glib2.0 2.84.3-1 (deb) pkg:deb/debian/glib2.0@2.84.3-1?os_distro=trixie&os_name=debian&os_version=13 Affected range >=2.84.3-1 Fixed version Not Fixed EPSS Score 0.49% EPSS Percentile 64th percentile Description GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. glib2.0 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044)

tar 1.35+dfsg-3.1 (deb) pkg:deb/debian/tar@1.35%2Bdfsg-3.1?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.35+dfsg-3.1 Fixed version Not Fixed EPSS Score 2.81% EPSS Percentile 85th percentile Description Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. This is intended behaviour, after all tar is an archiving tool and you need to give -p as a command line flag tar (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328228; unimportant)

openssl 3.5.0-2 (deb) pkg:deb/debian/openssl@3.5.0-2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=3.2.1-3 Fixed version Not Fixed EPSS Score 0.10% EPSS Percentile 28th percentile Description OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf openssl/openssl#24540 Fault injection based attacks are not within OpenSSLs threat model according to the security policy: https://www.openssl.org/policies/general/security-policy.html

gnutls28 3.8.9-2 (deb) pkg:deb/debian/gnutls28@3.8.9-2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=3.8.9-2 Fixed version Not Fixed EPSS Score 5.42% EPSS Percentile 90th percentile Description The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. sun-java6 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) openjdk-6 6b23~pre11-1 openjdk-7 7~b147-2.0-1 iceweasel (Vulnerable code not present) http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser lighttpd 1.4.30-1 strictly speaking this is no lighttpd issue, but lighttpd adds a workaround curl 7.24.0-1 http://curl.haxx.se/docs/adv_20120124B.html python2.6 2.6.8-0.1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684511) [squeeze] - python2.6 (Minor issue) python2.7 2.7.3~rc1-1 python3.1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678998) [squeeze] - python3.1 (Minor issue) python3.2 3.2.3~rc1-1 http://bugs.python.org/issue13885 python3.1 is fixed starting 3.1.5 cyassl gnutls26 (unimportant) gnutls28 (unimportant) No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0 haskell-tls (unimportant) No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2 matrixssl (low) [squeeze] - matrixssl (Minor issue) [wheezy] - matrixssl (Minor issue) matrixssl fix this upstream in 3.2.2 bouncycastle 1.49+dfsg-1 [squeeze] - bouncycastle (Minor issue) [wheezy] - bouncycastle (Minor issue) No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9 nss 3.13.1.with.ckbi.1.88-1 https://bugzilla.mozilla.org/show_bug.cgi?id=665814 https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab polarssl (unimportant) No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases tlslite [wheezy] - tlslite (Minor issue) pound 2.6-2 Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks. erlang 1:15.b-dfsg-1 [squeeze] - erlang (Minor issue) asterisk 1:13.7.2dfsg-1 [jessie] - asterisk 1:11.13.1dfsg-2+deb8u1 [wheezy] - asterisk (Minor issue) [squeeze] - asterisk (Not supported in Squeeze LTS) http://downloads.digium.com/pub/security/AST-2016-001.html https://issues.asterisk.org/jira/browse/ASTERISK-24972 patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4 all versions vulnerable, backport required for wheezy

cjson 1.7.18-3 (deb) pkg:deb/debian/cjson@1.7.18-3?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.7.18-3 Fixed version Not Fixed EPSS Score 0.02% EPSS Percentile 5th percentile Description cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. cjson 1.7.18-3.1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103687) [bookworm] - cjson (Minor issue) https://github.com/boofish/json_bugs/tree/main/cjson Fixed by: DaveGamble/cJSON@a328d65

util-linux 2.41-5 (deb) pkg:deb/debian/util-linux@2.41-5?os_distro=trixie&os_name=debian&os_version=13 Affected range >=2.41-5 Fixed version Not Fixed EPSS Score 0.03% EPSS Percentile 5th percentile Description A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. util-linux (unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2053151 https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u util-linux/util-linux@faa5a3a util-linux in Debian does build with readline support but chfn and chsh are provided by src:shadow and util-linux is configured with --disable-chfn-chsh

apt 3.0.2 (deb) pkg:deb/debian/apt@3.0.2?os_distro=trixie&os_name=debian&os_version=13 Affected range >=3.0.2 Fixed version Not Fixed EPSS Score 1.51% EPSS Percentile 80th percentile Description It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. apt (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480) Not exploitable in Debian, since no keyring URI is defined

sqlite3 3.46.1-6 (deb) pkg:deb/debian/sqlite3@3.46.1-6?os_distro=trixie&os_name=debian&os_version=13 Affected range >=3.46.1-6 Fixed version Not Fixed EPSS Score 0.17% EPSS Percentile 39th percentile Description A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. sqlite3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005974) sqlite (unimportant) https://github.com/guyinatuxedo/sqlite3_record_leaking https://bugzilla.redhat.com/show_bug.cgi?id=2054793 https://sqlite.org/forum/forumpost/056d557c2f8c452ed5bb9c215414c802b215ce437be82be047726e521342161e Negligible security impact

gnupg2 2.4.7-21 (deb) pkg:deb/debian/gnupg2@2.4.7-21?os_distro=trixie&os_name=debian&os_version=13 Affected range >=2.4.7-21 Fixed version Not Fixed EPSS Score 0.01% EPSS Percentile 1st percentile Description GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. gnupg2 (unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://www.openwall.com/lists/oss-security/2022/07/04/8 GnuPG upstream is not implementing this change.

hiredis 1.2.0-6 (deb) pkg:deb/debian/hiredis@1.2.0-6?os_distro=trixie&os_name=debian&os_version=13 Affected range >=1.2.0-6 Fixed version Not Fixed EPSS Score 0.01% EPSS Percentile 1st percentile Description Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a denial of service via the sdscatlen function. REJECTED