Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50eaccef by Salvatore Bonaccorso at 2022-06-08T08:32:57+02:00
Reassociate some older NFUs with cri-o ITP bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13935,7 +13935,7 @@ CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment
for Chat) 3.2 to 3.4 befor
CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
NOT-FOR-US: Siemens
CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly
started w ...)
- NOT-FOR-US: cri-o
+ - cri-o <itp> (bug #979702)
CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly
started ...)
- golang-github-containers-buildah <unfixed> (bug #1009882)
NOTE:
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
(v1.25.1)
@@ -17713,7 +17713,7 @@ CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an
attacker to retrieve potent
NOTE: Fixed by:
https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486
NOTE: Negligible security impact
CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for
a pod. ...)
- NOT-FOR-US: cri-o
+ - cri-o <itp> (bug #979702)
CVE-2022-26333
REJECTED
CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers
name fie ...)
@@ -22525,7 +22525,7 @@ CVE-2022-0534 (A vulnerability was found in htmldoc
version 1.9.15 where the sta
CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before
3.0.15 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in
CRI-O 1.18 ...)
- NOT-FOR-US: cri-o
+ - cri-o <itp> (bug #979702)
CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the
convers ...)
@@ -197882,7 +197882,7 @@ CVE-2019-14892 (A flaw was discovered in
jackson-databind in versions before 2.9
NOTE:
https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
NOTE:
https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related
processes be ...)
- NOT-FOR-US: Kubernetes CRI-O
+ - cri-o <itp> (bug #979702)
CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where
an attac ...)
NOT-FOR-US: Ansible Tower
CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in
version ...)
@@ -264222,7 +264222,7 @@ CVE-2018-11233 (In Git before 2.13.7, 2.14.x before
2.14.4, 2.15.x before 2.15.2
NOTE: Only an issue when running on an NTFS filesystem.
NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege
Context Swi ...)
- NOT-FOR-US: Kubernetes CRI-O
+ - cri-o <itp> (bug #979702)
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite
loop vulner ...)
{DLA-2366-1 DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50eaccef52f8be82b95051495566244f90b821cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50eaccef52f8be82b95051495566244f90b821cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
