Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0374758e by Moritz Muehlenhoff at 2022-09-30T17:12:05+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3391,7 +3391,7 @@ CVE-2022-40470
CVE-2022-40469
RESERVED
CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP
request lin ...)
- - tinyproxy <unfixed>
+ - tinyproxy <unfixed> (bug #1021015)
[bullseye] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
NOTE:
https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
@@ -3989,7 +3989,7 @@ CVE-2022-3166
RESERVED
CVE-2022-3165 [VNC: integer underflow in vnc_client_cut_text_ext leads to CPU
exhaustion]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1021019)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129739
@@ -6269,7 +6269,7 @@ CVE-2022-39175
CVE-2022-39174
RESERVED
CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer
overflow ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
CVE-2022-39172
RESERVED
CVE-2022-39171
@@ -7090,7 +7090,7 @@ CVE-2022-38865 (Certain The MPlayer Project products are
vulnerable to Divide By
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144
(r38386)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2406
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94
(r38391)
CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
@@ -7099,12 +7099,12 @@ CVE-2022-38863 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d
(r38393)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
[bullseye] - mplayer <no-dsa> (Minor issue)
NOTE: https://trac.mplayerhq.hu/ticket/2400
NOTE: https://trac.mplayerhq.hu/ticket/2404
CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to
memory ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2407
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1
(r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide
By Zero ...)
@@ -7123,7 +7123,7 @@ CVE-2022-38858 (Certain The MPlayer Project products are
vulnerable to Buffer Ov
CVE-2022-38857
RESERVED
CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2395
TODO: Fixed by other fixes, but not pin pointed upstream, try to
isolate revision to fix issue
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
@@ -7484,7 +7484,7 @@ CVE-2022-2995 (Incorrect handling of the supplementary
groups in the CRI-O conta
CVE-2022-2994
RESERVED
CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be
vulnerable to Den ...)
- - snakeyaml <unfixed>
+ - snakeyaml <unfixed> (bug #1021014)
[bullseye] - snakeyaml <no-dsa> (Minor issue)
NOTE:
https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not
public)
@@ -8000,7 +8000,7 @@ CVE-2022-38602
CVE-2022-38601
RESERVED
CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via
vf.c and vf ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e
(r38380)
NOTE: Followup:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8
(r38392)
@@ -8156,7 +8156,7 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to
contain a heap-buffer o
NOTE: https://github.com/syoyo/tinyexr/issues/169
NOTE:
https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was
discovered to co ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1021018)
[bullseye] - assimp <no-dsa> (Minor issue)
[buster] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
@@ -9458,11 +9458,11 @@ CVE-2022-38155 (TEE_Malloc in Samsung mTower through
0.3.0 allows a trusted appl
CVE-2022-38154
RESERVED
CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when
--enable-session ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
[bullseye] - wolfssl <not-affected> (Vulnerable code not present and
session tickets not enabled)
NOTE: https://github.com/wolfSSL/wolfssl/pull/5476
CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS
1.3 client ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/5468
CVE-2022-38151
@@ -10512,7 +10512,7 @@ CVE-2022-37705
CVE-2022-37704
RESERVED
CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found
in the ca ...)
- - amanda <unfixed>
+ - amanda <unfixed> (bug #1021017)
[bullseye] - amanda <no-dsa> (Minor issue)
[buster] - amanda <no-dsa> (Minor issue)
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
@@ -12240,7 +12240,7 @@ CVE-2022-37034
CVE-2022-37033
RESERVED
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR
before 8.4 ma ...)
- - frr <unfixed>
+ - frr <unfixed> (bug #1021016)
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
CVE-2022-37031
RESERVED
@@ -23464,7 +23464,7 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC
accepts kpasswd requests encr
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for
the dNSH ...)
[experimental] - samba 2:4.17.0+dfsg-1
- - samba <unfixed>
+ - samba <unfixed> (bug #1021022)
[bullseye] - samba <no-dsa> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not
correctly ...)
@@ -30694,7 +30694,7 @@ CVE-2022-28702 (Incorrect Default Permissions
vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable
random val ...)
[experimental] - samba 2:4.17.0+dfsg-1
- - samba <unfixed>
+ - samba <unfixed> (bug #1021024)
[bullseye] - samba <postponed> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
