Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43783539 by Moritz Muehlenhoff at 2022-06-08T18:06:54+02:00
various bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -997,7 +997,7 @@ CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer
dereference in Componen
NOTE: https://github.com/thorfdbg/libjpeg/issues/73
NOTE: Crash in CLI tool, no security impact
CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in
_dwarf_check_strin ...)
- - dwarfutils <unfixed>
+ - dwarfutils <unfixed> (bug #1012515)
[bullseye] - dwarfutils <no-dsa> (Minor issue)
[buster] - dwarfutils <no-dsa> (Minor issue)
[stretch] - dwarfutils <no-dsa> (Minor issue)
@@ -1824,7 +1824,7 @@ CVE-2022-1946
RESERVED
CVE-2022-31813 [mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
CVE-2022-31812
@@ -2416,12 +2416,12 @@ CVE-2022-31653
CVE-2022-31652
RESERVED
CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in
rate.c in ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1012516)
[bullseye] - sox <no-dsa> (Minor issue)
[buster] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in
lsx_aiffstartwri ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1012516)
[bullseye] - sox <no-dsa> (Minor issue)
[buster] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
@@ -5444,7 +5444,7 @@ CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles
seccomp permissions. T
NOTE:
https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1)
CVE-2022-30556 [Information Disclosure in mod_lua with websockets]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
CVE-2022-30555
@@ -5619,7 +5619,7 @@ CVE-2022-30523 (Trend Micro Password Manager (Consumer)
version 5.0.0.1266 and b
NOT-FOR-US: Trend Micro
CVE-2022-30522 [mod_sed denial of service]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
CVE-2022-1642
@@ -8922,7 +8922,7 @@ CVE-2022-1382 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
NOTE:
https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
CVE-2022-29404 [Denial of service in mod_lua r:parsebody]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404
CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository
vim/vim ...)
@@ -9373,7 +9373,7 @@ CVE-2022-29244
CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST
crypto a ...)
- - libengine-gost-openssl1.1 <unfixed>
+ - libengine-gost-openssl1.1 <unfixed> (bug #1012512)
[bullseye] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
[buster] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
NOTE:
https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5
@@ -11121,12 +11121,12 @@ CVE-2022-28616 (A remote server-side request forgery
(ssrf) vulnerability was di
NOT-FOR-US: HPE OneView
CVE-2022-28615 [Read beyond bounds in ap_strcmp_match()]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615
CVE-2022-28614 [read beyond bounds via ap_rwrite()]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi
Energy RTU5 ...)
@@ -17606,7 +17606,7 @@ CVE-2022-26378
RESERVED
CVE-2022-26377 [mod_proxy_ajp: Possible request smuggling]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so
DemuxCmdIn ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43783539477ece2bfbec29dd45022826f37c6e8a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43783539477ece2bfbec29dd45022826f37c6e8a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
