Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
223664b6 by Moritz Muehlenhoff at 2022-03-14T19:25:05+01:00
apache2 fixed in sid
update two more netpbm-free issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8990,7 +8990,7 @@ CVE-2022-23944 (User can access /plugin api without
authentication. This issue a
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23943 [mod_sed: Read/write beyond bounds]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.53-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
CVE-2022-23942
RESERVED
@@ -13600,15 +13600,15 @@ CVE-2022-22722 (A CWE-798: Use of Hard-coded
Credentials vulnerability exists th
NOT-FOR-US: Schneider Electric
CVE-2022-22721 [Possible buffer overflow with very large or unlimited
LimitXMLRequestBody]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.53-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
CVE-2022-22720 [HTTP request smuggling vulnerability]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.53-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
CVE-2022-22719 [mod_lua Use of uninitialized value of in r:parsebody]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.53-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719
CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
NOT-FOR-US: Microsoft
@@ -324340,14 +324340,20 @@ CVE-2017-2581 (An out-of-bounds write vulnerability
was found in netpbm before 1
NOTE: Similar code path seems protected by earlier stricter size checks
("object too large")
NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2989/
(10.78.05)
CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before
10.61. ...)
- - netpbm-free <undetermined> (bug #854978)
+ - netpbm-free 2:10.97.00-1 (bug #854978)
+ [bullseye] - netpbm-free <not-affected> (Legacy fork not affected)
+ [buster] - netpbm-free <not-affected> (Legacy fork not affected)
+ [stretch] - netpbm-free <not-affected> (Legacy fork not affected)
[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c and bpm/libpm.c
rewritten, PoC triggers clean check "Zero byte allocation" missing in later
versions)
NOTE: Debian uses an old fork of netpbm
NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
NOTE: PoC+report attached to #854978
NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821
(10.47.63)
CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before
10.61. ...)
- - netpbm-free <undetermined> (bug #854978)
+ - netpbm-free 2:10.97.00-1 (bug #854978)
+ [bullseye] - netpbm-free <not-affected> (Legacy fork not affected)
+ [buster] - netpbm-free <not-affected> (Legacy fork not affected)
+ [stretch] - netpbm-free <not-affected> (Legacy fork not affected)
[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c rewritten, PoC
triggers clean application error handling)
NOTE: Debian uses an old fork of netpbm
NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223664b6f56aff225b8041676aab89b7710ab381
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223664b6f56aff225b8041676aab89b7710ab381
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
