[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 13 Feb 2022 12:10:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9e598462 by security tracker role at 2022-02-13T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2022-24976 [authentication bypass by ending an IRC handshake at a certain 
point during a challenge-response login sequence]
+CVE-2022-24980
+       RESERVED
+CVE-2022-24979
+       RESERVED
+CVE-2022-24978
+       RESERVED
+CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code 
execution v ...)
+       TODO: check
+CVE-2022-0579
+       RESERVED
+CVE-2022-0578
+       RESERVED
+CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction 
with InspI ...)
        - atheme-services <unfixed>
        [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via 
point release)
        [buster] - atheme-services <no-dsa> (Minor issue; can be fixed via 
point release)
@@ -14,15 +26,14 @@ CVE-2022-0574
        RESERVED
 CVE-2022-0573
        RESERVED
-CVE-2022-0572 [crash when repeatedly using :retab]
-       RESERVED
+CVE-2022-0572 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
        NOTE: 
https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f 
(v8.2.4359)
-CVE-2022-0571
-       RESERVED
+CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in Homebrew 
phoronixtestsuite p ...)
+       TODO: check
 CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
        - mruby <not-affected> (Vulnerable code introduced later)
        NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1
@@ -7286,7 +7297,7 @@ CVE-2022-22765 (BD Viper LT system, versions 2.0 and 
later, contains hardcoded c
        NOT-FOR-US: BD Viper LT system
 CVE-2022-22764
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -7295,7 +7306,7 @@ CVE-2022-22764
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764
 CVE-2022-22763
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
@@ -7306,7 +7317,7 @@ CVE-2022-22762
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
 CVE-2022-22761
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -7315,7 +7326,7 @@ CVE-2022-22761
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761
 CVE-2022-22760
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -7324,7 +7335,7 @@ CVE-2022-22760
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760
 CVE-2022-22759
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -7342,7 +7353,7 @@ CVE-2022-22757
        TODO: check if WebDriver enabled, if not demote severity to unimportant
 CVE-2022-22756
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -7355,7 +7366,7 @@ CVE-2022-22755
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
 CVE-2022-22754
        RESERVED
-       {DSA-5069-1 DLA-2916-1}
+       {DSA-5074-1 DSA-5069-1 DLA-2916-1}
        - firefox 97.0-1
        - firefox-esr 91.6.0esr-1
        - thunderbird 1:91.6.0-1
@@ -13138,8 +13149,7 @@ CVE-2021-44881 (D-Link device DIR_882 
DIR_882_FW1.30B06_Hotfix_02 was discovered
        NOT-FOR-US: D-Link
 CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 
DIR_882 ...)
        NOT-FOR-US: D-Link
-CVE-2021-44879
-       RESERVED
+CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 
5.16.3,  ...)
        - linux 5.16.7-1
        NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
        NOTE: Fixed by: 
https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e598462d72c5782e825b3f0f1432f22208814c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e598462d72c5782e825b3f0f1432f22208814c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to