Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57351cea by security tracker role at 2022-09-11T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2603,8 +2603,7 @@ CVE-2022-39137
RESERVED
CVE-2022-39136
RESERVED
-CVE-2022-39135
- RESERVED
+CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators
EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
CVE-2022-39134
RESERVED
@@ -8400,7 +8399,7 @@ CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager
Plus, OpManager MSP, Netw
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
@@ -8408,14 +8407,14 @@ CVE-2022-2587 (Out of bounds write in Chrome OS Audio
Server in Google Chrome on
- chromium <not-affected> (Chrome on Chrome OS)
CVE-2022-2586
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netfilter-devel/[email protected]/T/#t
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5
NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/5
CVE-2022-2585
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/#u
@@ -8678,7 +8677,7 @@ CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS
attack can occur. This
CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer
through 7 ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel th ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
NOTE: Fixed by:
https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
@@ -8871,7 +8870,7 @@ CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and
earlier does not perform SS
CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850
allows ...)
NOT-FOR-US: Webmin module
CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14.
xfrm_expa ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901
(v5.19-rc8)
CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to
version 7 ...)
@@ -9812,6 +9811,7 @@ CVE-2022-2527
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a
heap-based buf ...)
+ {DSA-5228-1}
- gdk-pixbuf 2.42.8+dfsg-1
[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present; GIF
animation support added later)
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
@@ -25948,7 +25948,7 @@ CVE-2022-26844 (Insufficiently protected credentials in
the installation binarie
CVE-2022-26374 (Uncontrolled search path in the installation binaries for
Intel(R) SEA ...)
NOT-FOR-US: Intel
CVE-2022-26373 (Non-transparent sharing of return predictor targets between
contexts i ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
NOTE:
https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
@@ -27821,13 +27821,13 @@ CVE-2022-29902
CVE-2022-1526 (A vulnerability, which was classified as problematic, was found
in Eml ...)
NOT-FOR-US: Emlog Pro
CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new
Spectre ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.14-1
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
CVE-2022-29900 (Mis-trained branch predictions for return instructions may
allow arbit ...)
- {DSA-5207-1 DSA-5184-1}
+ {DSA-5207-1 DSA-5184-1 DLA-3102-1}
- linux 5.18.14-1
- xen 4.16.2-1
[buster] - xen <end-of-life> (DSA 4677-1)
@@ -39109,8 +39109,8 @@ CVE-2022-26060
RESERVED
CVE-2022-26050
RESERVED
-CVE-2022-26049
- RESERVED
+CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before
3.37.2. It ...)
+ TODO: check
CVE-2022-26048
RESERVED
CVE-2022-26046
@@ -41167,8 +41167,8 @@ CVE-2022-25297 (This affects the package
drogonframework/drogon before 1.7.5. Th
NOT-FOR-US: drogon
CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype
Pollution v ...)
NOT-FOR-US: Node bodymen
-CVE-2022-25295
- RESERVED
+CVE-2022-25295 (This affects the package github.com/gophish/gophish before
0.12.0. The ...)
+ TODO: check
CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies
on an in ...)
NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows
CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox
and XTM ap ...)
@@ -57184,6 +57184,7 @@ CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus
before Build 4419 allows rem
CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter
while gen ...)
- python-django-cms <itp> (bug #516183)
CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer
overflow vulner ...)
+ {DSA-5228-1}
- gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600)
[buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
[stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57351ceab2760a3f77d826a4fb4213292299052d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57351ceab2760a3f77d826a4fb4213292299052d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
