[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 06 May 2022 01:10:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f6f37609 by security tracker role at 2022-05-06T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use 
predictable D ...)
+       TODO: check
+CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a 
use-after-fre ...)
+       TODO: check
+CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a 
heap-based bu ...)
+       TODO: check
+CVE-2022-29894
+       RESERVED
+CVE-2022-1602
+       RESERVED
+CVE-2022-1601
+       RESERVED
 CVE-2022-1600
        RESERVED
 CVE-2022-1599
@@ -2181,8 +2193,8 @@ CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x 
before 42.2, an HTML docu
        NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
        NOTE: Introduced by: 
https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228
 (3.29.2)
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525
-CVE-2022-29535
-       RESERVED
+CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL 
Injection via a  ...)
+       TODO: check
 CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In 
UsersController.php ...)
        NOT-FOR-US: MISP
 CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS 
in app/Co ...)
@@ -3107,38 +3119,38 @@ CVE-2022-29178
        RESERVED
 CVE-2022-29177
        RESERVED
-CVE-2022-29176
-       RESERVED
-CVE-2022-29175
-       RESERVED
+CVE-2022-29176 (Rubygems is a package registry used to supply software for the 
Ruby la ...)
+       TODO: check
+CVE-2022-29175 (Vyper is a pythonic smart contract language for the ethereum 
virtual m ...)
+       TODO: check
 CVE-2022-29174
        RESERVED
-CVE-2022-29173
-       RESERVED
-CVE-2022-29172
-       RESERVED
-CVE-2022-29171
-       RESERVED
+CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). 
go-tuf do ...)
+       TODO: check
+CVE-2022-29172 (Auth0 is an authentication broker that supports both social 
and enterp ...)
+       TODO: check
+CVE-2022-29171 (Sourcegraph is a fast and featureful code search and 
navigation engine ...)
+       TODO: check
 CVE-2022-29170
        RESERVED
 CVE-2022-29169
        RESERVED
 CVE-2022-29168
        RESERVED
-CVE-2022-29167
-       RESERVED
-CVE-2022-29166
-       RESERVED
+CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for 
making  ...)
+       TODO: check
+CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The 
vulnerab ...)
+       TODO: check
 CVE-2022-29165
        RESERVED
-CVE-2022-29164
-       RESERVED
+CVE-2022-29164 (Argo Workflows is an open source container-native workflow 
engine for  ...)
+       TODO: check
 CVE-2022-29163
        RESERVED
 CVE-2022-29162
        RESERVED
-CVE-2022-29161
-       RESERVED
+CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
 CVE-2022-29160
        RESERVED
 CVE-2022-29159
@@ -15058,20 +15070,19 @@ CVE-2022-24905
        RESERVED
 CVE-2022-24904
        RESERVED
-CVE-2022-24903
-       RESERVED
+CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules 
for TCP sy ...)
        - rsyslog <unfixed> (bug #1010619)
        NOTE: https://www.openwall.com/lists/oss-security/2022/05/05/3
        NOTE: 
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
        NOTE: 
https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f
 (v8.2204.1)
-CVE-2022-24902
-       RESERVED
+CVE-2022-24902 (TkVideoplayer is a simple library to play video files in 
tkinter. Unco ...)
+       TODO: check
 CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple 
Game Cen ...)
        TODO: check
 CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to 
light up as ...)
        NOT-FOR-US: Piano LED Visualizer
-CVE-2022-24899
-       RESERVED
+CVE-2022-24899 (Contao is a powerful open source CMS that allows you to create 
profess ...)
+       TODO: check
 CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by 
other X ...)
        NOT-FOR-US: Xwiki
 CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs 
to evalua ...)
@@ -15103,8 +15114,8 @@ CVE-2022-24886 (Nextcloud Android app is the Android 
client for Nextcloud, a sel
        NOT-FOR-US: Nextcloud Android app
 CVE-2022-24885 (Nextcloud Android app is the Android client for Nextcloud, a 
self-host ...)
        NOT-FOR-US: Nextcloud Android app
-CVE-2022-24884
-       RESERVED
+CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA 
(keygen, si ...)
+       TODO: check
 CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop 
Protocol (RDP). ...)
        - freerdp2 2.7.0+dfsg1-1
        - freerdp <removed>
@@ -15123,10 +15134,10 @@ CVE-2022-24880 (flask-session-captcha is a package 
which allows users to extend
        NOT-FOR-US: flask-session-captcha
 CVE-2022-24879 (Shopware is an open source e-commerce software platform. 
Versions prio ...)
        NOT-FOR-US: Shopware
-CVE-2022-24878
-       RESERVED
-CVE-2022-24877
-       RESERVED
+CVE-2022-24878 (Flux is an open and extensible continuous delivery solution 
for Kubern ...)
+       TODO: check
+CVE-2022-24877 (Flux is an open and extensible continuous delivery solution 
for Kubern ...)
+       TODO: check
 CVE-2022-24876
        RESERVED
 CVE-2022-24875 (The CVEProject/cve-services is an open source project used to 
operate  ...)
@@ -15268,8 +15279,8 @@ CVE-2022-24819 (XWiki Platform is a generic wiki 
platform offering runtime servi
        NOT-FOR-US: XWiki
 CVE-2022-24818 (GeoTools is an open source Java library that provides tools 
for geospa ...)
        NOT-FOR-US: GeoTools
-CVE-2022-24817
-       RESERVED
+CVE-2022-24817 (Flux2 is an open and extensible continuous delivery solution 
for Kuber ...)
+       TODO: check
 CVE-2022-24816 (JAI-EXT is an open-source project which aims to extend the 
Java Advanc ...)
        NOT-FOR-US: JAI-EXT
 CVE-2022-24815 (JHipster is a development platform to quickly generate, 
develop, &amp; ...)
@@ -81357,11 +81368,9 @@ CVE-2021-25748
        RESERVED
 CVE-2021-25747
        RESERVED
-CVE-2021-25746
-       RESERVED
+CVE-2021-25746 (A security issue was discovered in ingress-nginx where a user 
that can ...)
        NOT-FOR-US: Kubernetes ingress-nginx component
-CVE-2021-25745
-       RESERVED
+CVE-2021-25745 (A security issue was discovered in ingress-nginx where a user 
that can ...)
        NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2021-25744
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f3760966467b37ecb265c17f5293e1c9e3b84b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f3760966467b37ecb265c17f5293e1c9e3b84b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to