Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 54fe6ddb by Moritz Muehlenhoff at 2022-10-02T20:21:20+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3226,7 +3226,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...) NOT-FOR-US: Delta CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - - imagemagick <unfixed> + - imagemagick <unfixed> (bug #1021141) [bullseye] - imagemagick <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 @@ -4919,21 +4919,21 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. .. CVE-2022-39959 RESERVED CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #1021137) [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #1021137) [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #1021137) [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf. NOTE: https://bugs.debian.org/1020303 CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) - - modsecurity-crs <unfixed> + - modsecurity-crs <unfixed> (bug #1021137) [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39954 @@ -5340,7 +5340,7 @@ CVE-2022-3101 NOT-FOR-US: tripleo-ansible CVE-2022-3100 [access policy bypass via query string injection] RESERVED - - barbican <unfixed> + - barbican <unfixed> (bug #1021139) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 CVE-2022-39798 RESERVED @@ -6444,24 +6444,21 @@ CVE-2022-39253 CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) TODO: check CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - - node-matrix-js-sdk <undetermined> + - node-matrix-js-sdk <unfixed> (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients - TODO: check if affecting the nodejs version of matrix-js-sdk CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...) - - node-matrix-js-sdk <undetermined> + - node-matrix-js-sdk <unfixed> (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients - TODO: check if affecting the nodejs version of matrix-js-sdk CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - - node-matrix-js-sdk <undetermined> + - node-matrix-js-sdk <unfixed> (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients - TODO: check if affecting the nodejs version of matrix-js-sdk CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...) NOT-FOR-US: Matrix SDK for Android CVE-2022-39247 @@ -6487,11 +6484,10 @@ CVE-2022-39238 (Arvados is an open source platform for managing and analyzing bi CVE-2022-39237 RESERVED CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - - node-matrix-js-sdk <undetermined> + - node-matrix-js-sdk <unfixed> (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488 - TODO: check if affects nodejs version of matrix-js-sdk CVE-2022-39235 RESERVED CVE-2022-39234 @@ -15061,19 +15057,19 @@ CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.0 CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...) - - cargo <unfixed> + - cargo <unfixed> (bug #1021142) [bullseye] - cargo <no-dsa> (Minor issue) [buster] - cargo <no-dsa> (Minor issue) - - rust-cargo <unfixed> + - rust-cargo <unfixed> (bug #1021142) [bullseye] - rust-cargo <no-dsa> (Minor issue) [buster] - rust-cargo <no-dsa> (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp NOTE: https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a ...) - - cargo <unfixed> + - cargo <unfixed> (bug #1021142) [bullseye] - cargo <no-dsa> (Minor issue) [buster] - cargo <no-dsa> (Minor issue) - - rust-cargo <unfixed> + - rust-cargo <unfixed> (bug #1021142) [bullseye] - rust-cargo <no-dsa> (Minor issue) [buster] - rust-cargo <no-dsa> (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j @@ -27022,14 +27018,14 @@ CVE-2022-31631 CVE-2022-31630 RESERVED CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...) - - php8.1 <unfixed> + - php8.1 <unfixed> (bug #1021138) - php7.4 <removed> - php7.3 <removed> NOTE: Fixed in 8.1.11, 7.4.32 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727 NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...) - - php8.1 <unfixed> + - php8.1 <unfixed> (bug #1021138) - php7.4 <removed> - php7.3 <removed> NOTE: Fixed in 8.1.11, 7.4.32 @@ -92834,7 +92830,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...) - - sox <unfixed> + - sox <unfixed> (bug #1021135) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664 NOTE: https://sourceforge.net/p/sox/bugs/349/ CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) @@ -92849,11 +92845,11 @@ CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670 NOTE: https://sourceforge.net/p/sox/bugs/351/ CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) - - sox <unfixed> + - sox <unfixed> (bug #1021134) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666 NOTE: https://sourceforge.net/p/sox/bugs/350/ CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) - - sox <unfixed> + - sox <unfixed> (bug #1021133) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671 NOTE: https://sourceforge.net/p/sox/bugs/352/ CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits