Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8eb2366 by Salvatore Bonaccorso at 2022-07-10T22:10:53+02:00
Expand one note for CVE-2022-2211
- - - - -
ed83f0f0 by Salvatore Bonaccorso at 2022-07-10T22:10:55+02:00
Process some NFUs
- - - - -
67e0bd82 by Salvatore Bonaccorso at 2022-07-10T22:10:56+02:00
Update todo for CVE-2022-2191
- - - - -
1187e1af by Salvatore Bonaccorso at 2022-07-10T22:10:58+02:00
Add CVE-2022-204{7,8}/jetty9
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -288,7 +288,7 @@ CVE-2022-2343 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853
(v9.0.0045)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository
outline/outli ...)
- TODO: check
+ NOT-FOR-US: outline
CVE-2022-2341
RESERVED
CVE-2022-2340
@@ -1169,7 +1169,7 @@ CVE-2022-2291
CVE-2022-34915
RESERVED
CVE-2022-34914 (Webswing before 22.1.3 allows X-Forwarded-For header
injection. The cl ...)
- TODO: check
+ NOT-FOR-US: Webswing
CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow
via a Mar ...)
TODO: check
CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x
before 1 ...)
@@ -2336,8 +2336,8 @@ CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
NOTE: In 1:1.46.2-1 of src:libguestfs the tools were split out to
src:guestfs-tools, marking that as fixed version
NOTE:
https://listman.redhat.com/archives/libguestfs/2022-June/029274.html
NOTE:
https://listman.redhat.com/archives/libguestfs/2022-June/029277.html
- NOTE:
https://github.com/libguestfs/libguestfs-common/commit/35467027f657
- NOTE: https://github.com/libguestfs/libguestfs/commit/99844660b48e
+ NOTE:
https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57
+ NOTE: Documentation:
https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53
CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
@@ -2751,7 +2751,7 @@ CVE-2022-2193
CVE-2022-2192
RESERVED
CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru
11.0.9 v ...)
- TODO: check
+ TODO: check, claims to affect only 10.x and 11.x series, check for
jetty9
CVE-2022-34362
RESERVED
CVE-2022-34361
@@ -3652,7 +3652,7 @@ CVE-2022-34009
CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows
privile ...)
NOT-FOR-US: Comodo Antivirus
CVE-2022-34007 (EQS Integrity Line through 2022-07-01 allows a stored XSS via
a crafte ...)
- TODO: check
+ NOT-FOR-US: EQS Integrity Line
CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen
before 1.2 ...)
NOT-FOR-US: TitanFTP
CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen
before 1.2 ...)
@@ -6637,9 +6637,11 @@ CVE-2022-26842
CVE-2022-2049
RESERVED
CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when
encountering an in ...)
- TODO: check
+ - jetty9 <unfixed>
+ NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru
10.0.9, a ...)
- TODO: check
+ - jetty9 <unfixed>
+ NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
CVE-2022-2046
RESERVED
CVE-2022-2045
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dc69a91ee68a180a9614e2e8d90f468bd687614...1187e1af6914c33d80a6bae706d2930be4658535
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dc69a91ee68a180a9614e2e8d90f468bd687614...1187e1af6914c33d80a6bae706d2930be4658535
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
