Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54f1474b by Salvatore Bonaccorso at 2022-09-12T20:50:17+02:00
Add Debian bug reference for CVE-2022-2989/libpod
- - - - -
1c4dfecb by Salvatore Bonaccorso at 2022-09-12T20:53:05+02:00
Add Debian bug references for vim issues
- - - - -
1038d615 by Salvatore Bonaccorso at 2022-09-12T20:55:17+02:00
Add Debian bug references for dpdk issues
- - - - -
1b6a97ab by Salvatore Bonaccorso at 2022-09-12T20:58:56+02:00
Add Debian bug references for advancecomp issues
- - - - -
e992e0fc by Salvatore Bonaccorso at 2022-09-12T21:06:57+02:00
Add upstream tag information for CVE-2019-17546/gdal
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1178,7 +1178,7 @@ CVE-2022-39960
CVE-2022-3135
RESERVED
CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.
...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
NOTE:
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e
(v9.0.0389)
@@ -2794,7 +2794,7 @@ CVE-2022-39199
CVE-2022-39198
RESERVED
CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.
...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
NOTE:
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c
(v9.0.0360)
@@ -3391,7 +3391,7 @@ CVE-2022-3038
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322.
...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1019590)
NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
NOTE:
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb
(v9.0.0322)
CVE-2022-3036
@@ -4097,7 +4097,7 @@ CVE-2022-2990
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453
CVE-2022-2989
RESERVED
- - libpod <unfixed>
+ - libpod <unfixed> (bug #1019591)
NOTE:
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
CVE-2022-2988
@@ -4146,7 +4146,7 @@ CVE-2022-2984
CVE-2022-2983
RESERVED
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260.
...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1019590)
NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
NOTE:
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420
(v9.0.0260)
CVE-2022-2981
@@ -4412,7 +4412,7 @@ CVE-2022-38649
CVE-2022-38648
RESERVED
CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246.
...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
NOTE:
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c
(v9.0.0246)
@@ -13894,37 +13894,37 @@ CVE-2022-35022
CVE-2022-35021
RESERVED
CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer
overflow via ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation
fault. ...)
- - advancecomp <unfixed>
+ - advancecomp <unfixed> (bug #1019592)
[buster] - advancecomp <no-dsa> (Minor issue)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md
TODO: check, unclear reporting to upstream
CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation
fault. ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer
overflow. ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer
overflow. ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer
overflow via ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
- - advancecomp <unfixed> (unimportant)
+ - advancecomp <unfixed> (unimportant; bug #1019592)
NOTE:
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md
NOTE: Crash in CLI tool, no security impact
TODO: check, unclear reporting to upstream
@@ -16418,7 +16418,7 @@ CVE-2022-2133 (The OAuth Single Sign On WordPress
plugin before 6.22.6 doesn't v
NOT-FOR-US: WordPress plugin
CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK.
This issue ...)
{DSA-5222-1 DLA-3092-1}
- - dpdk <unfixed>
+ - dpdk <unfixed> (bug #1019589)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031
NOTE:
https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623
(main)
NOTE:
https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717
(main)
@@ -33260,7 +33260,7 @@ CVE-2022-28200 (NVIDIA DGX A100 contains a
vulnerability in SBIOS in the BiosCfg
NOT-FOR-US: NVIDIA
CVE-2022-28199 (NVIDIA’s distribution of the Data Plane Development Kit
(MLNX_DP ...)
{DSA-5222-1}
- - dpdk <unfixed>
+ - dpdk <unfixed> (bug #1019589)
[buster] - dpdk <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa
(main)
NOTE:
https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45
(v21.11.2)
@@ -211443,7 +211443,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through
4.0.10, as used in GDAL throug
- gdal <unfixed> (unimportant)
- tiff 4.0.10+git190818-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
- NOTE:
https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
+ NOTE:
https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
(v3.1.0RC1)
NOTE:
https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1
(#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in
OGRExpatRealloc in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/429e9dd62bd0fc13ab79a48744daf436ddc794af...e992e0fc7b213492c6721ee1d632978dabbdd13a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/429e9dd62bd0fc13ab79a48744daf436ddc794af...e992e0fc7b213492c6721ee1d632978dabbdd13a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
