Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f89f3f31 by security tracker role at 2022-08-09T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,373 @@
+CVE-2022-38053
+ RESERVED
+CVE-2022-38052
+ RESERVED
+CVE-2022-38051
+ RESERVED
+CVE-2022-38050
+ RESERVED
+CVE-2022-38049
+ RESERVED
+CVE-2022-38048
+ RESERVED
+CVE-2022-38047
+ RESERVED
+CVE-2022-38046
+ RESERVED
+CVE-2022-38045
+ RESERVED
+CVE-2022-38044
+ RESERVED
+CVE-2022-38043
+ RESERVED
+CVE-2022-38042
+ RESERVED
+CVE-2022-38041
+ RESERVED
+CVE-2022-38040
+ RESERVED
+CVE-2022-38039
+ RESERVED
+CVE-2022-38038
+ RESERVED
+CVE-2022-38037
+ RESERVED
+CVE-2022-38036
+ RESERVED
+CVE-2022-38035
+ RESERVED
+CVE-2022-38034
+ RESERVED
+CVE-2022-38033
+ RESERVED
+CVE-2022-38032
+ RESERVED
+CVE-2022-38031
+ RESERVED
+CVE-2022-38030
+ RESERVED
+CVE-2022-38029
+ RESERVED
+CVE-2022-38028
+ RESERVED
+CVE-2022-38027
+ RESERVED
+CVE-2022-38026
+ RESERVED
+CVE-2022-38025
+ RESERVED
+CVE-2022-38024
+ RESERVED
+CVE-2022-38023
+ RESERVED
+CVE-2022-38022
+ RESERVED
+CVE-2022-38021
+ RESERVED
+CVE-2022-38020
+ RESERVED
+CVE-2022-38019
+ RESERVED
+CVE-2022-38018
+ RESERVED
+CVE-2022-38017
+ RESERVED
+CVE-2022-38016
+ RESERVED
+CVE-2022-38015
+ RESERVED
+CVE-2022-38014
+ RESERVED
+CVE-2022-38013
+ RESERVED
+CVE-2022-38012
+ RESERVED
+CVE-2022-38011
+ RESERVED
+CVE-2022-38010
+ RESERVED
+CVE-2022-38009
+ RESERVED
+CVE-2022-38008
+ RESERVED
+CVE-2022-38007
+ RESERVED
+CVE-2022-38006
+ RESERVED
+CVE-2022-38005
+ RESERVED
+CVE-2022-38004
+ RESERVED
+CVE-2022-38003
+ RESERVED
+CVE-2022-38002
+ RESERVED
+CVE-2022-38001
+ RESERVED
+CVE-2022-38000
+ RESERVED
+CVE-2022-37999
+ RESERVED
+CVE-2022-37998
+ RESERVED
+CVE-2022-37997
+ RESERVED
+CVE-2022-37996
+ RESERVED
+CVE-2022-37995
+ RESERVED
+CVE-2022-37994
+ RESERVED
+CVE-2022-37993
+ RESERVED
+CVE-2022-37992
+ RESERVED
+CVE-2022-37991
+ RESERVED
+CVE-2022-37990
+ RESERVED
+CVE-2022-37989
+ RESERVED
+CVE-2022-37988
+ RESERVED
+CVE-2022-37987
+ RESERVED
+CVE-2022-37986
+ RESERVED
+CVE-2022-37985
+ RESERVED
+CVE-2022-37984
+ RESERVED
+CVE-2022-37983
+ RESERVED
+CVE-2022-37982
+ RESERVED
+CVE-2022-37981
+ RESERVED
+CVE-2022-37980
+ RESERVED
+CVE-2022-37979
+ RESERVED
+CVE-2022-37978
+ RESERVED
+CVE-2022-37977
+ RESERVED
+CVE-2022-37976
+ RESERVED
+CVE-2022-37975
+ RESERVED
+CVE-2022-37974
+ RESERVED
+CVE-2022-37973
+ RESERVED
+CVE-2022-37972
+ RESERVED
+CVE-2022-37971
+ RESERVED
+CVE-2022-37970
+ RESERVED
+CVE-2022-37969
+ RESERVED
+CVE-2022-37968
+ RESERVED
+CVE-2022-37967
+ RESERVED
+CVE-2022-37966
+ RESERVED
+CVE-2022-37965
+ RESERVED
+CVE-2022-37964
+ RESERVED
+CVE-2022-37963
+ RESERVED
+CVE-2022-37962
+ RESERVED
+CVE-2022-37961
+ RESERVED
+CVE-2022-37960
+ RESERVED
+CVE-2022-37959
+ RESERVED
+CVE-2022-37958
+ RESERVED
+CVE-2022-37957
+ RESERVED
+CVE-2022-37956
+ RESERVED
+CVE-2022-37955
+ RESERVED
+CVE-2022-37954
+ RESERVED
+CVE-2022-37953
+ RESERVED
+CVE-2022-37952
+ RESERVED
+CVE-2022-37951
+ RESERVED
+CVE-2022-37950
+ RESERVED
+CVE-2022-37949
+ RESERVED
+CVE-2022-37948
+ RESERVED
+CVE-2022-37947
+ RESERVED
+CVE-2022-37946
+ RESERVED
+CVE-2022-37945
+ RESERVED
+CVE-2022-37944
+ RESERVED
+CVE-2022-37943
+ RESERVED
+CVE-2022-37942
+ RESERVED
+CVE-2022-37941
+ RESERVED
+CVE-2022-37940
+ RESERVED
+CVE-2022-37939
+ RESERVED
+CVE-2022-37938
+ RESERVED
+CVE-2022-37937
+ RESERVED
+CVE-2022-37936
+ RESERVED
+CVE-2022-37935
+ RESERVED
+CVE-2022-37934
+ RESERVED
+CVE-2022-37933
+ RESERVED
+CVE-2022-37932
+ RESERVED
+CVE-2022-37931
+ RESERVED
+CVE-2022-37930
+ RESERVED
+CVE-2022-37929
+ RESERVED
+CVE-2022-37928
+ RESERVED
+CVE-2022-37927
+ RESERVED
+CVE-2022-37926
+ RESERVED
+CVE-2022-37925
+ RESERVED
+CVE-2022-37924
+ RESERVED
+CVE-2022-37923
+ RESERVED
+CVE-2022-37922
+ RESERVED
+CVE-2022-37921
+ RESERVED
+CVE-2022-37920
+ RESERVED
+CVE-2022-37919
+ RESERVED
+CVE-2022-37918
+ RESERVED
+CVE-2022-37917
+ RESERVED
+CVE-2022-37916
+ RESERVED
+CVE-2022-37915
+ RESERVED
+CVE-2022-37914
+ RESERVED
+CVE-2022-37913
+ RESERVED
+CVE-2022-37912
+ RESERVED
+CVE-2022-37911
+ RESERVED
+CVE-2022-37910
+ RESERVED
+CVE-2022-37909
+ RESERVED
+CVE-2022-37908
+ RESERVED
+CVE-2022-37907
+ RESERVED
+CVE-2022-37906
+ RESERVED
+CVE-2022-37905
+ RESERVED
+CVE-2022-37904
+ RESERVED
+CVE-2022-37903
+ RESERVED
+CVE-2022-37902
+ RESERVED
+CVE-2022-37901
+ RESERVED
+CVE-2022-37900
+ RESERVED
+CVE-2022-37899
+ RESERVED
+CVE-2022-37898
+ RESERVED
+CVE-2022-37897
+ RESERVED
+CVE-2022-37896
+ RESERVED
+CVE-2022-37895
+ RESERVED
+CVE-2022-37894
+ RESERVED
+CVE-2022-37893
+ RESERVED
+CVE-2022-37892
+ RESERVED
+CVE-2022-37891
+ RESERVED
+CVE-2022-37890
+ RESERVED
+CVE-2022-37889
+ RESERVED
+CVE-2022-37888
+ RESERVED
+CVE-2022-37887
+ RESERVED
+CVE-2022-37886
+ RESERVED
+CVE-2022-37885
+ RESERVED
+CVE-2022-37884
+ RESERVED
+CVE-2022-37883
+ RESERVED
+CVE-2022-37882
+ RESERVED
+CVE-2022-37881
+ RESERVED
+CVE-2022-37880
+ RESERVED
+CVE-2022-37879
+ RESERVED
+CVE-2022-37878
+ RESERVED
+CVE-2022-37877
+ RESERVED
+CVE-2022-2725
+ RESERVED
+CVE-2022-2724
+ RESERVED
+CVE-2022-2723
+ RESERVED
+CVE-2022-2722
+ RESERVED
+CVE-2022-2721
+ RESERVED
+CVE-2022-2720
+ RESERVED
+CVE-2021-46833
+ RESERVED
+CVE-2021-46832
+ RESERVED
CVE-2022-37876
RESERVED
CVE-2022-37875
@@ -27,6 +397,7 @@ CVE-2022-37864
CVE-2022-35733
RESERVED
CVE-2022-2719 [Assertion Failure could lead to DoS due to attempted writing of
NULL image list]
+ RESERVED
- imagemagick <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49
@@ -1005,7 +1376,7 @@ CVE-2022-37434 (zlib through 1.2.12 has a heap-based
buffer over-read or buffer
NOTE: https://github.com/ivd38/zlib_overflow
NOTE:
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
NOTE:
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
-CVE-2022-37431 (A Reflected Cross-site scripting (XSS) issue was discovered in
dotCMS ...)
+CVE-2022-37431 (** DISPUTED ** A Reflected Cross-site scripting (XSS) issue
was discov ...)
NOT-FOR-US: dotCMS
CVE-2022-37430
RESERVED
@@ -7048,7 +7419,7 @@ CVE-2022-34972 (So Filter Shop v3.x was discovered to
contain multiple blind SQL
NOT-FOR-US: So Filter Shop
CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising
Management m ...)
NOT-FOR-US: Feehi CMS
-CVE-2022-34970 (Crow before v1.0+4 was discovered to contain a buffer overflow
via the ...)
+CVE-2022-34970 (Crow before 1.0+4 has a heap-based buffer overflow via the
function qs ...)
NOT-FOR-US: CrowCpp
CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer
dereferen ...)
NOT-FOR-US: pingcap/tidb
@@ -32556,8 +32927,8 @@ CVE-2022-25910
RESERVED
CVE-2022-25908
RESERVED
-CVE-2022-25907
- RESERVED
+CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to
Prototype Poll ...)
+ TODO: check
CVE-2022-25906
RESERVED
CVE-2022-25904
@@ -62278,8 +62649,8 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before
8.8, when certain non-def
NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
NOTE:
https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
NOTE:
https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
-CVE-2021-41615
- RESERVED
+CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce
entropy bec ...)
+ TODO: check
CVE-2021-41614
RESERVED
CVE-2021-41613
@@ -316953,7 +317324,7 @@ CVE-2017-15124 (VNC server implementation in Quick
Emulator (QEMU) 2.11.0 and ol
CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8
- 5.10, ...)
NOT-FOR-US: CloudForms
CVE-2017-15122
- RESERVED
+ REJECTED
CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on
RHEL 6 or ...)
- linux 3.11.5-1
[wheezy] - linux <ignored> (Too much work to backport)
@@ -317011,7 +317382,7 @@ CVE-2017-15111 (keycloak-httpd-client-install
versions before 0.8 insecurely cre
CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other
students ...)
- moodle <removed>
CVE-2017-15109
- RESERVED
+ REJECTED
CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly
escape save ...)
{DLA-2524-1}
- spice-vdagent 0.18.0-1 (bug #883238)
@@ -317029,7 +317400,7 @@ CVE-2017-15107 (A vulnerability was found in the
implementation of DNSSEC in Dns
NOTE:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404
NOTE:
https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be
CVE-2017-15106
- RESERVED
+ REJECTED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated
wildcard-sy ...)
{DLA-1676-1 DLA-1264-1}
- unbound 1.7.1-1 (bug #887733)
@@ -326081,7 +326452,7 @@ CVE-2017-12153 (A security flaw was discovered in the
nl80211_set_rekey_data() f
NOTE: https://marc.info/?t=150525503100001&r=1&w=2
NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
CVE-2017-12152
- RESERVED
+ REJECTED
CVE-2017-12151 (A flaw was found in the way samba client before samba 4.4.16,
samba 4. ...)
{DSA-3983-1}
- samba 2:4.6.7+dfsg-2
@@ -340283,7 +340654,7 @@ CVE-2017-7529 (Nginx versions since 0.5.6 up to and
including 1.13.2 are vulnera
CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management
Engine 5 i ...)
NOT-FOR-US: Ansible Tower
CVE-2017-7527
- RESERVED
+ REJECTED
CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache
side-channel a ...)
{DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1}
- libgcrypt20 1.7.8-1
@@ -355505,7 +355876,7 @@ CVE-2017-2659 (It was found that dropbear before
version 2013.59 with GSSAPI lea
CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in
Red Hat J ...)
NOT-FOR-US: JBoss BPMS
CVE-2017-2657
- RESERVED
+ REJECTED
CVE-2017-2656
REJECTED
CVE-2017-2655
@@ -355586,7 +355957,7 @@ CVE-2017-2633 (An out-of-bounds memory access issue
was found in Quick Emulator
CVE-2017-2632 (A logic error in valid_role() in CloudForms role validation
before 5.7 ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2631
- RESERVED
+ REJECTED
CVE-2017-2630 (A stack buffer overflow flaw was found in the Quick Emulator
(QEMU) be ...)
- qemu 1:2.8+dfsg-3 (bug #855227)
[jessie] - qemu <not-affected> (Vulnerable code introduced in
v2.8.0-rc0)
@@ -355717,7 +356088,7 @@ CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2
uses AES ECB block cipher mo
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2597
- RESERVED
+ REJECTED
CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in
the Linux ...)
{DSA-3791-1}
- linux 4.9.13-1
@@ -355729,7 +356100,7 @@ CVE-2017-2595 (It was found that the log file viewer
in Red Hat JBoss Enterprise
CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2,
2.0-m3, ...)
NOT-FOR-US: hawtio
CVE-2017-2593
- RESERVED
+ REJECTED
CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is
vulner ...)
- python-oslo.middleware 3.19.0-3 (bug #852742)
NOTE: https://launchpad.net/bugs/1628031
@@ -355745,7 +356116,7 @@ CVE-2017-2590 (A vulnerability was found in ipa
before 4.4. IdM's ca-del, ca-dis
CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single
HttpClient ...)
NOT-FOR-US: hawtio
CVE-2017-2588
- RESERVED
+ REJECTED
CVE-2017-2587 (A memory allocation vulnerability was found in netpbm before
10.61. A ...)
- netpbm-free <not-affected> (vulnerable code not present)
NOTE: Debian uses an old fork of netpbm
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f89f3f31eba8eb13b370e1dca5dbf2474fea49d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f89f3f31eba8eb13b370e1dca5dbf2474fea49d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
