Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 88eeaa02 by Moritz Muehlenhoff at 2022-08-10T22:20:49+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1711,7 +1711,7 @@ CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog c CVE-2022-37395 RESERVED CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...) - - nova <unfixed> + - nova <unfixed> (bug #1016980) NOTE: https://bugs.launchpad.net/ossa/+bug/1981813 NOTE: https://review.opendev.org/c/openstack/nova/+/849985 NOTE: https://review.opendev.org/c/openstack/nova/+/850003 @@ -2591,7 +2591,7 @@ CVE-2022-2590 NOTE: https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2be...@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - - fava <unfixed> + - fava <unfixed> (bug #1016971) NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3) CVE-2022-37037 @@ -2599,7 +2599,7 @@ CVE-2022-37037 CVE-2022-37036 RESERVED CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...) - - frr <unfixed> + - frr <unfixed> (bug #1016978) NOTE: https://github.com/FRRouting/frr/issues/11698 CVE-2022-37034 RESERVED @@ -4058,7 +4058,7 @@ CVE-2022-34859 CVE-2022-33963 RESERVED CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - - fava <unfixed> + - fava <unfixed> (bug #1016971) NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) CVE-2022-36381 @@ -4195,7 +4195,7 @@ CVE-2022-33142 CVE-2022-2515 RESERVED CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...) - - fava <unfixed> + - fava <unfixed> (bug #1016971) NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429 NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22) CVE-2022-2513 @@ -7639,9 +7639,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL CVE-2022-34944 RESERVED CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...) - - php-laravel-framework <undetermined> + - php-laravel-framework <unfixed> (bug #1016977) NOTE: https://github.com/beicheng-maker/vulns/issues/1 - TODO: check, unclear if upstream reported CVE-2022-34942 RESERVED CVE-2022-34941 @@ -8869,7 +8868,7 @@ CVE-2022-34522 CVE-2022-34521 RESERVED CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...) - - radare2 <unfixed> + - radare2 <unfixed> (bug #1016979) NOTE: https://github.com/radareorg/radare2/issues/20354 NOTE: https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5 (5.7.4) CVE-2022-34519 @@ -8910,7 +8909,7 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5 NOTE: Negligible security impact CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...) - - radare2 <unfixed> + - radare2 <unfixed> (bug #1016979) NOTE: https://github.com/radareorg/radare2/issues/20336 NOTE: https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4 (5.7.2) CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...) @@ -9552,7 +9551,7 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...) CVE-2022-34294 RESERVED CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) - - wolfssl <unfixed> + - wolfssl <unfixed> (bug #1016981) NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 CVE-2022-34292 RESERVED @@ -14455,12 +14454,12 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...) NOT-FOR-US: Zimbra CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...) - - connman <unfixed> + - connman <unfixed> (bug #1016976) NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-w...@monom.org/ NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-w...@monom.org/ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190 CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...) - - connman <unfixed> + - connman <unfixed> (bug #1016976) NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-w...@monom.org/ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189 CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...) @@ -16502,7 +16501,7 @@ CVE-2022-31629 CVE-2022-31628 RESERVED CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...) - - php8.1 <unfixed> + - php8.1 <unfixed> (bug #1016972) - php7.4 <not-affected> (Only affects 8.1 and later) - php7.3 <not-affected> (Only affects 8.1 and later) NOTE: Fixed in 8.1.8 @@ -18296,17 +18295,17 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...) NOT-FOR-US: CVEProject/cve-services CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip <unfixed> + - sofia-sip <unfixed> (bug #1016974) [stretch] - sofia-sip <postponed> (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip <unfixed> + - sofia-sip <unfixed> (bug #1016974) [stretch] - sofia-sip <postponed> (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip <unfixed> + - sofia-sip <unfixed> (bug #1016974) [stretch] - sofia-sip <postponed> (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) @@ -31405,7 +31404,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-sit CVE-2022-26563 RESERVED CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 ...) - - kopanocore <unfixed> + - kopanocore <unfixed> (bug #1016973) CVE-2022-26561 RESERVED CVE-2022-26560 @@ -41312,7 +41311,7 @@ CVE-2022-23439 CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Fortinet CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - - libxerces2-java <unfixed> + - libxerces2-java <unfixed> (bug #1016975) [bullseye] - libxerces2-java <postponed> (revisit when/if fix is complete) [buster] - libxerces2-java <postponed> (revisit when/if fix is complete) [stretch] - libxerces2-java <postponed> (revisit when/if fix is complete) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits