Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb904674 by Moritz Muehlenhoff at 2022-07-15T18:07:08+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3985,7 +3985,7 @@ CVE-2022-34302
CVE-2022-34301
RESERVED
CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in
tinyexr::D ...)
- - tinyexr <unfixed>
+ - tinyexr <unfixed> (bug #1014980)
[bullseye] - tinyexr <no-dsa> (Minor issue)
NOTE: https://github.com/syoyo/tinyexr/issues/167
CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This
issue i ...)
@@ -19006,9 +19006,8 @@ CVE-2022-1290 (Stored XSS in "Name", "Group Name" &
"Title" in GitHub reposi
CVE-2022-1289 (A denial of service vulnerability was found in tildearrow
Furnace. It ...)
- furnace <itp> (bug #1008592)
CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an
attacke ...)
- - apache-jena <undetermined>
+ - apache-jena <unfixed> (bug #1014982)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
- TODO: check, possibly not affected as according to upstrema 4.2.x and
4.3.x doe not allow external entities, double check
CVE-2021-4226
RESERVED
CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set
appropriate ...)
@@ -19593,7 +19592,7 @@ CVE-2022-1255 (The Import and export users and
customers WordPress plugin before
CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases
10.x p ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository
strukturag/libde265 pr ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -63107,7 +63106,7 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2
before 2.2.16, 2.3 before
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions
up to 4. ...)
- - apache-jena <undetermined>
+ - apache-jena <unfixed> (bug #1014982)
NOTE: https://lists.apache.org/thread/qpbfrdty7jt3yfm39hx4p9dp151sd6gm
CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP
Enterprise Pag ...)
NOT-FOR-US: HP
@@ -70154,14 +70153,14 @@ CVE-2021-36412 (A heap-based buffer overflow
vulnerability exists in MP4Box in G
NOTE: https://github.com/gpac/gpac/issues/1838
NOTE:
https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
(v2.0.0)
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect
access con ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/302
NOTE:
https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c
CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via
fallback-motion. ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -70170,14 +70169,14 @@ CVE-2021-36410 (A stack-buffer-overflow exists in
libde265 v1.0.8 via fallback-m
CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
NOT-FOR-US: Bitdefender
CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1'
failed at ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/300
NOTE:
https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c
CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a
Heap-use-after-f ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -72629,7 +72628,7 @@ CVE-2021-35454
CVE-2021-35453
RESERVED
CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265
v1.0.8 du ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
@@ -73529,7 +73528,7 @@ CVE-2021-35045 (Cross site scripting (XSS)
vulnerability in Ice Hrm 29.0.0.OS, a
CVE-2021-35044
RESERVED
CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes
when using ...)
- - libowasp-antisamy-java <unfixed>
+ - libowasp-antisamy-java <unfixed> (bug #1014981)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -77999,7 +77998,7 @@ CVE-2021-33193 (A crafted method sent through HTTP/2
will bypass validation and
NOTE:
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193
CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows
an atta ...)
- - apache-jena <undetermined>
+ - apache-jena <unfixed> (bug #1014982)
NOTE: https://lists.apache.org/thread/sq6q94q0prqwr9vdm2wptglcq1kv98k8
CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol
implements a ...)
NOT-FOR-US: Apache NiFi
@@ -129403,7 +129402,7 @@ CVE-2020-25634 (A flaw was found in Red Hat
3scale’s API docs URL, where i
NOT-FOR-US: 3scale
CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of
RESTEasy up to ...)
- resteasy <unfixed> (bug #970585)
- - resteasy3.0 <unfixed>
+ - resteasy3.0 <unfixed> (bug #1014983)
[bullseye] - resteasy3.0 <ignored> (Minor issue)
[buster] - resteasy3.0 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
@@ -268755,7 +268754,7 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP
injection via a crafted server_id
NOTE: Non-security issue as demostrated in
https://bugs.debian.org/902186
NOTE: and disputed as security issue. Should be properly rejected by
MITRE.
CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode
function. ...)
- - tinyexr <unfixed>
+ - tinyexr <unfixed> (bug #1014980)
[bullseye] - tinyexr <no-dsa> (Minor issue)
NOTE: https://github.com/syoyo/tinyexr/issues/83
CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in
tinyexr.h ...)
@@ -270816,7 +270815,7 @@ CVE-2018-12067 (The sell function of a smart contract
implementation for Substra
CVE-2018-12065 (A Local File Inclusion vulnerability in
/system/WCore/WHelper.php in C ...)
NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via
tinyexr::ReadChann ...)
- - tinyexr <undetermined>
+ - tinyexr <unfixed> (bug #1014980)
NOTE:
https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea
CVE-2018-12063 (The sell function of a smart contract implementation for
Internet Node ...)
NOT-FOR-US: Internet Node Token
@@ -312995,7 +312994,7 @@ CVE-2017-14737 (A cryptographic cache-based side
channel in the RSA implementati
CVE-2017-14736
RESERVED
CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as
demonstr ...)
- - libowasp-antisamy-java <unfixed>
+ - libowasp-antisamy-java <unfixed> (bug #1014981)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -346742,7 +346741,7 @@ CVE-2016-10008 (SQL injection vulnerability in the
"Content Types > Content T
CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms"
screen in do ...)
NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially
crafted inpu ...)
- - libowasp-antisamy-java <unfixed>
+ - libowasp-antisamy-java <unfixed> (bug #1014981)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb904674080e0c29949c3bc5c9953c8df545fae9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb904674080e0c29949c3bc5c9953c8df545fae9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
