[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9daa1ec7 by security tracker role at 2022-01-30T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-0418
+       RESERVED
+CVE-2022-0417
+       RESERVED
+CVE-2022-0416
+       RESERVED
+CVE-2022-0415
+       RESERVED
 CVE-2022-24129
        RESERVED
 CVE-2022-24128
@@ -34,8 +42,8 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 
allows an application
        NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
 CVE-2022-0414
        RESERVED
-CVE-2022-0413
-       RESERVED
+CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...)
+       TODO: check
 CVE-2022-0412
        RESERVED
 CVE-2022-0411
@@ -67,10 +75,10 @@ CVE-2022-24113
        RESERVED
 CVE-2022-0409
        RESERVED
-CVE-2022-0408
-       RESERVED
-CVE-2022-0407
-       RESERVED
+CVE-2022-0408 (Stack-based Buffer Overflow in Conda vim prior to 8.2. ...)
+       TODO: check
+CVE-2022-0407 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+       TODO: check
 CVE-2022-24112
        RESERVED
 CVE-2022-0406
@@ -1351,8 +1359,8 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in 
epub2txt (aka epub2txt2) th
        - epub2txt2 <itp> (bug #1004115)
 CVE-2022-23849
        RESERVED
-CVE-2022-0339
-       RESERVED
+CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 
0.6.16. ...)
+       TODO: check
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. 
...)
        - loguru <unfixed> (unimportant)
        NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -2695,8 +2703,8 @@ CVE-2022-21796 (A memory corruption vulnerability exists 
in the netserver parse_
        NOT-FOR-US: Reolink
 CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet 
OrchardCore.Application.C ...)
        NOT-FOR-US: Orchard CMS
-CVE-2022-0273
-       RESERVED
+CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
+       TODO: check
 CVE-2022-0272
        RESERVED
 CVE-2022-0271



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9daa1ec76189fff7e2f7932de4e17925e5d94897

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9daa1ec76189fff7e2f7932de4e17925e5d94897
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits