Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8dc4c5b by security tracker role at 2022-04-03T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-28377
+ RESERVED
+CVE-2022-28376 (Verizon LVSKIHP 5G outside devices through 2022-02-15 allow
anyone (kn ...)
+ TODO: check
+CVE-2022-28375
+ RESERVED
+CVE-2022-28374
+ RESERVED
+CVE-2022-28373
+ RESERVED
+CVE-2022-28372
+ RESERVED
+CVE-2022-28371
+ RESERVED
+CVE-2022-28370
+ RESERVED
+CVE-2022-28369
+ RESERVED
+CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in
the src:u ...)
+ TODO: check
+CVE-2022-28367
+ RESERVED
+CVE-2022-28366
+ RESERVED
+CVE-2022-28365
+ RESERVED
+CVE-2022-28364
+ RESERVED
+CVE-2022-28363
+ RESERVED
+CVE-2022-28362
+ RESERVED
+CVE-2022-28361
+ RESERVED
+CVE-2022-28360
+ RESERVED
+CVE-2022-28359
+ RESERVED
+CVE-2022-28358
+ RESERVED
+CVE-2022-28357
+ RESERVED
+CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was
found in ne ...)
+ TODO: check
+CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable
values. ...)
+ TODO: check
+CVE-2022-28354
+ RESERVED
+CVE-2022-28353
+ RESERVED
+CVE-2022-1210
+ RESERVED
CVE-2021-46782
RESERVED
CVE-2021-46781
@@ -1553,7 +1605,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in
GitHub repository radareo
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
NOTE:
https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating
(i.e., when ...)
- {DSA-5111-1}
+ {DSA-5111-1 DLA-2968-1}
- zlib 1:1.2.11.dfsg-4 (bug #1008265)
- libz-mingw-w64 1.2.11+dfsg-5
[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
@@ -2721,8 +2773,8 @@ CVE-2022-27308
RESERVED
CVE-2022-27307
RESERVED
-CVE-2022-27306 (The function url.parse() in Node.js v17.7.0 allows attackers
to spoof ...)
- TODO: check
+CVE-2022-27306
+ REJECTED
CVE-2022-27305
RESERVED
CVE-2022-27304
@@ -99734,6 +99786,7 @@ CVE-2020-28243 (An issue was discovered in SaltStack
Salt before 3002.5. The min
NOTE: Follow-up:
https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2
(v3002.6)
NOTE: Follow-up doc:
https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54
(next commit)
CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before
13.37.1, 1 ...)
+ {DLA-2969-1}
- asterisk 1:16.15.0~dfsg-1 (bug #974713)
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29013
@@ -169450,6 +169503,7 @@ CVE-2019-18978 (An issue was discovered in the
rack-cors (aka Rack CORS Middlewa
CVE-2019-18977
RESERVED
CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk
through ...)
+ {DLA-2969-1}
- asterisk 1:16.1.1~dfsg-1
[jessie] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-008.html
@@ -169979,7 +170033,7 @@ CVE-2019-18792 (An issue was discovered in Suricata
5.0.0. It is possible to byp
CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark
devices ha ...)
NOT-FOR-US: Lexmark
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma
Asterisk 13. ...)
- {DLA-2017-1}
+ {DLA-2969-1 DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947381)
[buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
@@ -172602,7 +172656,7 @@ CVE-2019-18612 (An issue was discovered in the
AbuseFilter extension through 1.3
CVE-2019-18611 (An issue was discovered in the CheckUser extension through
1.34 for Me ...)
NOT-FOR-US: CheckUser MediaWiki extension
CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk
through 13.x, ...)
- {DLA-2017-1}
+ {DLA-2969-1 DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947377)
[buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
@@ -191084,6 +191138,7 @@ CVE-2019-13163 (The Fujitsu TLS library allows a
man-in-the-middle attack. This
CVE-2019-13162
RESERVED
CVE-2019-13161 (An issue was discovered in Asterisk Open Source through
13.27.0, 14.x ...)
+ {DLA-2969-1}
- asterisk 1:16.2.1~dfsg-2 (low; bug #931981)
[buster] - asterisk 1:16.2.1~dfsg-1+deb10u1
[jessie] - asterisk <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8dc4c5bef2ed7288502eec9fb55c35e1a40a2e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8dc4c5bef2ed7288502eec9fb55c35e1a40a2e8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
