Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b49693b6 by Moritz Muehlenhoff at 2022-07-12T13:13:30+02:00
golang-github-containers-buildah, golang-golang-x-text, aom fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22084,6 +22084,7 @@ CVE-2022-27652 (A flaw was found in cri-o, where
containers were incorrectly sta
CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly
started ...)
- golang-github-containers-buildah <unfixed> (bug #1009882)
NOTE:
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
(v1.25.1)
+ NOTE:
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
CVE-2022-27650 (A flaw was found in crun where containers were incorrectly
started wit ...)
- crun <unfixed> (bug #1009881)
NOTE:
https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562
(1.4.4)
@@ -64057,10 +64058,9 @@ CVE-2021-38562 (Best Practical Request Tracker (RT)
4.2 before 4.2.17, 4.4 befor
NOTE:
https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f
(rt-4.2.17)
CVE-2021-38561
RESERVED
- - golang-golang-x-text <unfixed>
+ - golang-golang-x-text 0.3.7-1
- golang-x-text <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495
- TODO: check details
CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the
appName par ...)
NOT-FOR-US: Ivanti
CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in
prenota.php ...)
@@ -73678,7 +73678,7 @@ CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a
vulnerability that can resu
NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
NOTE:
https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3
(v6.5.0)
CVE-2021-3602 (An information disclosure flaw was found in Buildah, when
building con ...)
- - golang-github-containers-buildah <unfixed>
+ - golang-github-containers-buildah 1.22.3+ds1-1
[bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
NOTE:
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
NOTE:
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0
(main)
@@ -195629,11 +195629,10 @@ CVE-2020-0480 (In callUnchecked of
DocumentsProvider.java, there is a possible p
CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible
permis ...)
NOT-FOR-US: Android
CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out
of bou ...)
- - aom <undetermined>
+ - aom 1.0.0.errata1.avif-1
NOTE:
https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1
NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
NOTE:
https://aomedia.googlesource.com/aom/+/ebba9c769be2c99d5396d0018901e9a4af5e2d2c
(v1.0.0-errata1-avif)
- TODO: check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed
commit
CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of
ClientModeImpl.java, there ...)
NOT-FOR-US: Android
CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible
leak o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49693b64c530c29e309d606de5bc67f02d7ffe1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49693b64c530c29e309d606de5bc67f02d7ffe1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
