Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16b896bb by Moritz Muehlenhoff at 2022-09-05T12:20:25+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25478,6 +25478,7 @@ CVE-2022-28702 (Incorrect Default Permissions
vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable
random val ...)
- samba <unfixed>
+ [bullseye] - samba <postponed> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
NOTE:
https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe
(v4-17-stable)
CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting
a visi ...)
@@ -41751,12 +41752,14 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
@@ -55668,6 +55671,7 @@ CVE-2021-44739 (Acrobat Reader DC ActiveX Control
versions 21.007.20099 (and ear
NOT-FOR-US: Adobe
CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi and K ...)
- firmware-nonfree <unfixed>
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
NOTE: Fixed upstream in 20220815
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -55697,6 +55701,7 @@ CVE-2021-23188 (Improper access control for some
Intel(R) PROSet/Wireless WiFi a
NOT-FOR-US: Intel
CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and
Killer(T ...)
- firmware-nonfree <unfixed>
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
NOTE: Fixed upstream in 20220815
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -56681,6 +56686,7 @@ CVE-2021-4036
RESERVED
CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
- firmware-nonfree <unfixed>
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
NOTE: Fixed upstream in 20220815
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -56708,6 +56714,7 @@ CVE-2021-26251
RESERVED
CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
- firmware-nonfree <unfixed>
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
NOTE: Fixed upstream in 20220815
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -60384,6 +60391,7 @@ CVE-2022-21203 (Improper permissions in the SafeNet
Sentinel driver for Intel(R)
NOT-FOR-US: Intel
CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi and K ...)
- firmware-nonfree <unfixed>
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
NOTE: Fixed upstream in 20220815
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -69006,6 +69014,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG
HTML editor. In affected ver
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
(v4.17.0)
@@ -78002,6 +78011,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML
editor with rich content
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
@@ -87168,6 +87178,7 @@ CVE-2021-33829 (A cross-site scripting (XSS)
vulnerability in the HTML Data Proc
- ckeditor 4.16.0+dfsg-2
[buster] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
@@ -106873,6 +106884,7 @@ CVE-2021-26271 (It was possible to execute a
ReDoS-type attack inside CKEditor 4
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
@@ -266232,6 +266244,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows
user-assisted XSS involving a
[stretch] - ckeditor <ignored> (Minor issue, XSS through direct
copy/paste by victim, no identified patch)
[jessie] - ckeditor <ignored> (Minor issue)
- ckeditor3 <unfixed> (low; bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
- fckeditor <removed>
@@ -281770,6 +281783,7 @@ CVE-2018-12065 (A Local File Inclusion vulnerability
in /system/WCore/WHelper.ph
NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via
tinyexr::ReadChann ...)
- tinyexr <unfixed> (bug #1014980)
+ [bullseye] - tinyexr <no-dsa> (Minor issue)
NOTE:
https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea
CVE-2018-12063 (The sell function of a smart contract implementation for
Internet Node ...)
NOT-FOR-US: Internet Node Token
@@ -434982,6 +434996,7 @@ CVE-2014-5191 (Cross-site scripting (XSS)
vulnerability in the Preview plugin be
[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
- ckeditor3 <unfixed> (bug #1015217)
+ [bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706
(v3.6.x)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16b896bbe008f9d4fc519b76de8469636c488681
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16b896bbe008f9d4fc519b76de8469636c488681
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
