Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d16239a by Moritz Muehlenhoff at 2022-07-27T21:38:39+02:00
new net-snmp issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -33281,18 +33281,30 @@ CVE-2022-24812 (Grafana is an open-source platform
for monitoring and observabil
- grafana <not-affected> (Only affects Grafana Enterprise)
CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior
to versi ...)
NOT-FOR-US: Combodi
-CVE-2022-24810
+CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a
NULL pointer dereference]
RESERVED
-CVE-2022-24809
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can
cause a NULL pointer dereference]
RESERVED
-CVE-2022-24808
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24808 [A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
RESERVED
-CVE-2022-24807
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24807 [A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory
access]
RESERVED
-CVE-2022-24806
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master
agent and subagent simultaneously]
RESERVED
-CVE-2022-24805
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24805 [A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
RESERVED
+ - net-snmp <unfixed>
+ NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
CVE-2022-24804 (Discourse is an open source platform for community discussion.
In stab ...)
NOT-FOR-US: Discourse
CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard
include proces ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -40,6 +40,8 @@ linux (carnil)
---
ndpi/oldstable
--
+net-snmp
+--
netatalk
open regression with MacOS, tentative patch not yet merged upstream
--
@@ -63,6 +65,8 @@ ruby-tzinfo
--
salt
--
+samba
+--
slurm-llnl/oldstable
--
sox
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d16239ac5f32a25f8e09c281ba1160c52bf77ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d16239ac5f32a25f8e09c281ba1160c52bf77ab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
