[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Wed, 10 Aug 2022 13:21:34 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
88eeaa02 by Moritz Muehlenhoff at 2022-08-10T22:20:49+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1711,7 +1711,7 @@ CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust 
and Open Project dialog c
 CVE-2022-37395
        RESERVED
 CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x 
before 2 ...)
-       - nova <unfixed>
+       - nova <unfixed> (bug #1016980)
        NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
        NOTE: https://review.opendev.org/c/openstack/nova/+/849985
        NOTE: https://review.opendev.org/c/openstack/nova/+/850003
@@ -2591,7 +2591,7 @@ CVE-2022-2590
        NOTE: 
https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2be...@redhat.com/
        NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1
 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
beancount/ ...)
-       - fava <unfixed>
+       - fava <unfixed> (bug #1016971)
        NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/
        NOTE: 
https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
 (v1.22.3)
 CVE-2022-37037
@@ -2599,7 +2599,7 @@ CVE-2022-37037
 CVE-2022-37036
        RESERVED
 CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In 
bgp_notify_ ...)
-       - frr <unfixed>
+       - frr <unfixed> (bug #1016978)
        NOTE: https://github.com/FRRouting/frr/issues/11698
 CVE-2022-37034
        RESERVED
@@ -4058,7 +4058,7 @@ CVE-2022-34859
 CVE-2022-33963
        RESERVED
 CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
beancount/ ...)
-       - fava <unfixed>
+       - fava <unfixed> (bug #1016971)
        NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
        NOTE: 
https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
 (v1.22.2)
 CVE-2022-36381
@@ -4195,7 +4195,7 @@ CVE-2022-33142
 CVE-2022-2515
        RESERVED
 CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are 
vulnerable t ...)
-       - fava <unfixed>
+       - fava <unfixed> (bug #1016971)
        NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
        NOTE: 
https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
 (v1.22)
 CVE-2022-2513
@@ -7639,9 +7639,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was 
discovered to contain a SQL
 CVE-2022-34944
        RESERVED
 CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution 
(RCE) v ...)
-       - php-laravel-framework <undetermined>
+       - php-laravel-framework <unfixed> (bug #1016977)
        NOTE: https://github.com/beicheng-maker/vulns/issues/1
-       TODO: check, unclear if upstream reported
 CVE-2022-34942
        RESERVED
 CVE-2022-34941
@@ -8869,7 +8868,7 @@ CVE-2022-34522
 CVE-2022-34521
        RESERVED
 CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer 
dereference vi ...)
-       - radare2 <unfixed>
+       - radare2 <unfixed> (bug #1016979)
        NOTE: https://github.com/radareorg/radare2/issues/20354
        NOTE: 
https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5
 (5.7.4)
 CVE-2022-34519
@@ -8910,7 +8909,7 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a 
heap buffer overflow via
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
        NOTE: Negligible security impact
 CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer 
overflow via th ...)
-       - radare2 <unfixed>
+       - radare2 <unfixed> (bug #1016979)
        NOTE: https://github.com/radareorg/radare2/issues/20336
        NOTE: 
https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4
 (5.7.2)
 CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code 
executi ...)
@@ -9552,7 +9551,7 @@ CVE-2022-34295 (totd before 1.5.3 does not properly 
randomize mesg IDs. ...)
 CVE-2022-34294
        RESERVED
 CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial 
of serv ...)
-       - wolfssl <unfixed>
+       - wolfssl <unfixed> (bug #1016981)
        NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
 CVE-2022-34292
        RESERVED
@@ -14455,12 +14454,12 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices 
before SRP 1.09, the Altra
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the 
initial-l ...)
        NOT-FOR-US: Zimbra
 CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a 
WISPR HT ...)
-       - connman <unfixed>
+       - connman <unfixed> (bug #1016976)
        NOTE: 
https://lore.kernel.org/connman/20220801080043.4861-1-w...@monom.org/
        NOTE: 
https://lore.kernel.org/connman/20220801080043.4861-3-w...@monom.org/
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190
 CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP 
requests t ...)
-       - connman <unfixed>
+       - connman <unfixed> (bug #1016976)
        NOTE: 
https://lore.kernel.org/connman/20220801080043.4861-5-w...@monom.org/
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189
 CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute 
arbitrary cod ...)
@@ -16502,7 +16501,7 @@ CVE-2022-31629
 CVE-2022-31628
        RESERVED
 CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, 
such as fi ...)
-       - php8.1 <unfixed>
+       - php8.1 <unfixed> (bug #1016972)
        - php7.4 <not-affected> (Only affects 8.1 and later)
        - php7.3 <not-affected> (Only affects 8.1 and later)
        NOTE: Fixed in 8.1.8
@@ -18296,17 +18295,17 @@ CVE-2022-31005 (Vapor is an HTTP web framework for 
Swift. Users of Vapor prior t
 CVE-2022-31004 (CVEProject/cve-services is an open source project used to 
operate the  ...)
        NOT-FOR-US: CVEProject/cve-services
 CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) 
User-Age ...)
-       - sofia-sip <unfixed>
+       - sofia-sip <unfixed> (bug #1016974)
        [stretch] - sofia-sip <postponed> (Minor issue)
        NOTE: 
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
        NOTE: 
https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9
 (v1.13.8)
 CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) 
User-Age ...)
-       - sofia-sip <unfixed>
+       - sofia-sip <unfixed> (bug #1016974)
        [stretch] - sofia-sip <postponed> (Minor issue)
        NOTE: 
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
        NOTE: 
https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba
 (v1.13.8)
 CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) 
User-Age ...)
-       - sofia-sip <unfixed>
+       - sofia-sip <unfixed> (bug #1016974)
        [stretch] - sofia-sip <postponed> (Minor issue)
        NOTE: 
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
        NOTE: 
https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
 (v1.13.8)
@@ -31405,7 +31404,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software 
v3.0.3 contains a cross-sit
 CVE-2022-26563
        RESERVED
 CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core 
v11.0.2.51 ...)
-       - kopanocore <unfixed>
+       - kopanocore <unfixed> (bug #1016973)
 CVE-2022-26561
        RESERVED
 CVE-2022-26560
@@ -41312,7 +41311,7 @@ CVE-2022-23439
 CVE-2022-23438 (An improper neutralization of input during web page generation 
('Cross ...)
        NOT-FOR-US: Fortinet
 CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java 
(XercesJ) XML pa ...)
-       - libxerces2-java <unfixed>
+       - libxerces2-java <unfixed> (bug #1016975)
        [bullseye] - libxerces2-java <postponed> (revisit when/if fix is 
complete)
        [buster] - libxerces2-java <postponed> (revisit when/if fix is complete)
        [stretch] - libxerces2-java <postponed> (revisit when/if fix is 
complete)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to