[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 14 May 2022 13:10:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
37b9d5b8 by security tracker role at 2022-05-14T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1717
+       RESERVED
 CVE-2022-1716
        RESERVED
 CVE-2022-30703
@@ -4084,8 +4086,8 @@ CVE-2022-29267
        RESERVED
 CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name 
parameter in Gi ...)
        - snipe-it <itp> (bug #1005172)
-CVE-2022-1379
-       RESERVED
+CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml 
prior to ...)
+       TODO: check
 CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a 
security iss ...)
        NOT-FOR-US: Apache APISIX
 CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) 
has a  ...)
@@ -6253,6 +6255,7 @@ CVE-2022-28465
 CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting 
(XSS) which ...)
        NOT-FOR-US: Apifox
 CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ...)
+       {DLA-3007-1}
        - imagemagick <unfixed>
        [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <no-dsa> (Minor issue)
@@ -34173,7 +34176,7 @@ CVE-2022-21498 (Vulnerability in the Java VM component 
of Oracle Database Server
 CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of 
Oracle Fus ...)
        NOT-FOR-US: Oracle
 CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
-       {DSA-5131-1 DSA-5128-1}
+       {DSA-5131-1 DSA-5128-1 DLA-3006-1}
        - openjdk-8 8u332-ga-1
        - openjdk-11 11.0.15+10-1
        - openjdk-17 17.0.3+7-1
@@ -34217,7 +34220,7 @@ CVE-2022-21478 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of 
Oracle E ...)
        NOT-FOR-US: Oracle
 CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
-       {DSA-5131-1 DSA-5128-1}
+       {DSA-5131-1 DSA-5128-1 DLA-3006-1}
        - openjdk-8 8u332-ga-1
        - openjdk-11 11.0.15+10-1 (bug #1010597)
        - openjdk-17 17.0.3+7-1
@@ -34292,7 +34295,7 @@ CVE-2022-21444 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
        - mysql-8.0 <unfixed>
        - mysql-5.7 <removed>
 CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
-       {DSA-5131-1 DSA-5128-1}
+       {DSA-5131-1 DSA-5128-1 DLA-3006-1}
        - openjdk-8 8u332-ga-1
        - openjdk-11 11.0.15+10-1
        - openjdk-17 17.0.3+7-1
@@ -34314,7 +34317,7 @@ CVE-2022-21436 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
-       {DSA-5131-1 DSA-5128-1}
+       {DSA-5131-1 DSA-5128-1 DLA-3006-1}
        - openjdk-8 8u332-ga-1
        - openjdk-11 11.0.15+10-1
        - openjdk-17 17.0.3+7-1
@@ -34335,7 +34338,7 @@ CVE-2022-21427 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
        - mysql-8.0 <unfixed>
        - mysql-5.7 <removed>
 CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
-       {DSA-5131-1 DSA-5128-1}
+       {DSA-5131-1 DSA-5128-1 DLA-3006-1}
        - openjdk-8 8u332-ga-1
        - openjdk-11 11.0.15+10-1
        - openjdk-17 17.0.3+7-1
@@ -59997,6 +60000,7 @@ CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway 
&lt;= 3.0.9 a form contain
 CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 a 
vulnerability may  ...)
        NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in 
versions p ...)
+       {DLA-3007-1}
        - imagemagick 8:6.9.11.57+dfsg-1
        [buster] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b9d5b864196c5feb4e6a84fa2312e0b5bbe24b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b9d5b864196c5feb4e6a84fa2312e0b5bbe24b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to