Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c450ca7 by Moritz Muehlenhoff at 2022-09-12T22:58:12+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -592,7 +592,7 @@ CVE-2022-40321 CVE-2022-3173 RESERVED CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffe ...) - - libconfuse <unfixed> + - libconfuse <unfixed> (bug #1019596) [bullseye] - libconfuse <no-dsa> (Minor issue) NOTE: https://github.com/libconfuse/libconfuse/issues/163 NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b @@ -1695,12 +1695,12 @@ CVE-2022-39834 CVE-2022-39833 RESERVED CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) - - pspp <unfixed> + - pspp <unfixed> (bug #1019598) [bullseye] - pspp <no-dsa> (Minor issue) [buster] - pspp <no-dsa> (Minor issue) NOTE: https://savannah.gnu.org/bugs/index.php?63000 CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) - - pspp <unfixed> + - pspp <unfixed> (bug #1019597) [bullseye] - pspp <no-dsa> (Minor issue) [buster] - pspp <no-dsa> (Minor issue) NOTE: https://savannah.gnu.org/bugs/?62977 @@ -4929,7 +4929,7 @@ CVE-2022-38532 CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...) NOT-FOR-US: FPT router CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1019595) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2216 @@ -5944,7 +5944,7 @@ CVE-2022-38225 CVE-2022-38224 RESERVED CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...) - - w3m <unfixed> + - w3m <unfixed> (bug #1019599) [bullseye] - w3m <no-dsa> (Minor issue) [buster] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/242 @@ -11177,13 +11177,13 @@ CVE-2022-36193 CVE-2022-36192 RESERVED CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1019595) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2218 NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1019595) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2220 @@ -11196,7 +11196,7 @@ CVE-2022-36188 CVE-2022-36187 RESERVED CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...) - - gpac <unfixed> + - gpac <unfixed> (bug #1019595) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2223 @@ -11291,7 +11291,7 @@ CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation NOTE: https://github.com/djcsdy/swfmill/issues/64 NOTE: Crash in CLI tool, no security impact CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - - swfmill <unfixed> + - swfmill <unfixed> (bug #1019600) [bullseye] - swfmill <no-dsa> (Minor issue) [buster] - swfmill <no-dsa> (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/63 @@ -11312,7 +11312,7 @@ CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation NOTE: https://github.com/djcsdy/swfmill/issues/57 NOTE: Crash in CLI tool, no security impact CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - - swfmill <unfixed> + - swfmill <unfixed> (bug #1019600) [bullseye] - swfmill <no-dsa> (Minor issue) [buster] - swfmill <no-dsa> (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/56 @@ -11425,7 +11425,7 @@ CVE-2022-36111 CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...) NOT-FOR-US: Netmaker CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...) - - docker.io <unfixed> + - docker.io <unfixed> (bug #1019601) [bullseye] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 @@ -12896,191 +12896,191 @@ CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...) - zammad <itp> (bug #841355) CVE-2022-35486 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35480 RESERVED CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> + - texlive-bin <unfixed> (bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35473 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35472 (OTFCC v0.10.4 was discovered to contain a global overflow via /release ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35471 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> + - texlive-bin <unfixed> (bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) CVE-2022-35470 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35469 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35468 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> + - texlive-bin <unfixed> (bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) CVE-2022-35467 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> + - texlive-bin <unfixed> (bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) CVE-2022-35466 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35465 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35464 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35463 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35462 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35461 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35460 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35459 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> + - texlive-bin <unfixed> (bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) CVE-2022-35458 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35457 RESERVED CVE-2022-35456 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35455 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35454 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35453 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35452 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35451 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35450 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35449 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35448 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) CVE-2022-35447 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - - texlive-bin <unfixed> (unimportant) + - texlive-bin <unfixed> (unimportant; bug #1019602) [bullseye] - texlive-bin <not-affected> (Vulnerable code not present) [buster] - texlive-bin <not-affected> (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact) @@ -104105,7 +104105,7 @@ CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote a CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...) NOT-FOR-US: Zoom CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...) - - deluge <unfixed> + - deluge <unfixed> (bug #1019594) [bullseye] - deluge <no-dsa> (Minor issue) [buster] - deluge <no-dsa> (Minor issue) NOTE: https://dev.deluge-torrent.org/ticket/3459 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c450ca7e6b115c3c676aa18cca24f29d6185029 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c450ca7e6b115c3c676aa18cca24f29d6185029 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits