[Git][security-tracker-team/security-tracker][master] new zoneminder issues

Moritz Muehlenhoff (@jmm) Mon, 10 Oct 2022 07:11:37 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
725f0300 by Moritz Muehlenhoff at 2022-10-10T16:11:05+02:00
new zoneminder issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6531,7 +6531,7 @@ CVE-2022-3134 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0389. ..
        NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
        NOTE: 
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e 
(v9.0.0389)
 CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to 
create a file ...)
-       TODO: check
+       NOT-FOR-US: Panini Everest Engine
 CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a 
response bo ...)
        - modsecurity-crs 3.3.4-1 (bug #1021137)
        [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in 
point release)
@@ -7974,11 +7974,23 @@ CVE-2022-39293
 CVE-2022-39292
        RESERVED
 CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408
+       NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39290 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
+       NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
+       NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39288
        RESERVED
 CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) 
protection mi ...)
@@ -7986,7 +7998,11 @@ CVE-2022-39287 (tiny-csrf is a Node.js cross site 
request forgery (CSRF) protect
 CVE-2022-39286
        RESERVED
 CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+       NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59
+       NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions 
prior to 4. ...)
        - codeigniter <itp> (bug #471583)
 CVE-2022-39283
@@ -7994,7 +8010,7 @@ CVE-2022-39283
 CVE-2022-39282
        RESERVED
 CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer 
relationship  ...)
-       TODO: check
+       NOT-FOR-US: fat_free_crm
 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in 
versions bef ...)
        NOT-FOR-US: dparse (parser for Python dependency files)
 CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board 
which adds  ...)
@@ -8010,7 +8026,7 @@ CVE-2022-39275 (Saleor is a headless, GraphQL commerce 
platform. In affected ver
 CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation 
of a LoRa ...)
        TODO: check
 CVE-2022-39273 (FlyteAdmin is the control plane for the data processing 
platform Flyte ...)
-       TODO: check
+       NOT-FOR-US: FlyteAdmin
 CVE-2022-39272
        RESERVED
 CVE-2022-39271



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new zoneminder issues

Reply via email to