Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e61f38f4 by security tracker role at 2021-12-30T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-22282
+ RESERVED
+CVE-2022-22281
+ RESERVED
+CVE-2022-22280
+ RESERVED
+CVE-2022-22279
+ RESERVED
+CVE-2022-22278
+ RESERVED
+CVE-2022-22277
+ RESERVED
+CVE-2022-22276
+ RESERVED
+CVE-2022-22275
+ RESERVED
+CVE-2022-22274
+ RESERVED
+CVE-2022-22273
+ RESERVED
+CVE-2022-22272
+ RESERVED
+CVE-2022-22271
+ RESERVED
+CVE-2022-22270
+ RESERVED
+CVE-2022-22269
+ RESERVED
+CVE-2022-22268
+ RESERVED
+CVE-2022-22267
+ RESERVED
+CVE-2022-22266
+ RESERVED
+CVE-2022-22265
+ RESERVED
+CVE-2022-22264
+ RESERVED
+CVE-2022-22263
+ RESERVED
+CVE-2021-45919
+ RESERVED
+CVE-2021-4190
+ RESERVED
CVE-2021-4189
RESERVED
CVE-2022-22262
@@ -146,8 +190,8 @@ CVE-2021-45915
RESERVED
CVE-2021-45914
RESERVED
-CVE-2021-4188
- RESERVED
+CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
+ TODO: check
CVE-2021-45913
RESERVED
CVE-2021-45912
@@ -3661,6 +3705,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to
deserialization of untr
CVE-2021-4103
RESERVED
CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding
security fi ...)
+ {DLA-2870-1}
- apache-log4j2 2.17.1-1 (bug #1002813)
[bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker
with permissions to modify the logging configuration file)
[buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with
permissions to modify the logging configuration file)
@@ -5622,7 +5667,7 @@ CVE-2021-44159 (4MOSAn GCB Doctor’s file upload
function has improper user
CVE-2021-44158
RESERVED
CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2
and befo ...)
- {DSA-5027-1}
+ {DSA-5027-1 DLA-2869-1}
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -5635,13 +5680,13 @@ CVE-2021-4010 (A flaw was found in xorg-x11-server in
versions before 21.1.2 and
NOTE:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2
and befo ...)
- {DSA-5027-1}
+ {DSA-5027-1 DLA-2869-1}
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2
and befo ...)
- {DSA-5027-1}
+ {DSA-5027-1 DLA-2869-1}
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -6561,8 +6606,8 @@ CVE-2021-43878
RESERVED
CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege
Vulnerability ...)
NOT-FOR-US: .NET core
-CVE-2021-43876
- RESERVED
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability
...)
NOT-FOR-US: Microsoft
CVE-2021-43874
@@ -182463,7 +182508,7 @@ CVE-2019-9211 (There is a reachable assertion abort
in the function write_long_s
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499
NOTE: Crash in CLI tool, no security impact
CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an
integer ...)
- {DLA-1702-1}
+ {DLA-2868-1 DLA-1702-1}
- advancecomp 2.1-2 (low; bug #923416)
NOTE: https://sourceforge.net/p/advancemame/bugs/277/
NOTE: Fixed by
https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
@@ -184870,6 +184915,7 @@ CVE-2019-8385 (An issue was discovered in Thomson
Reuters Desktop Extensions 1.9
CVE-2019-8384
RESERVED
CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid
memory ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928730)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/272/
@@ -184883,6 +184929,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay
4.3.1. An invalid memory acc
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer
dereferenc ...)
NOT-FOR-US: Bento4
CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL
pointer der ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928729)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/271/
@@ -259468,7 +259515,7 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in
all versions of Samba from
NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way
advancecom ...)
- {DLA-1702-1 DLA-1281-1}
+ {DLA-2868-1 DLA-1702-1 DLA-1281-1}
- advancecomp 2.1-1 (bug #889270)
NOTE: https://sourceforge.net/p/advancemame/bugs/259/
NOTE:
https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61f38f4608941e624d74aa1aa46886510cbb33e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61f38f4608941e624d74aa1aa46886510cbb33e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
