[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 16 Oct 2022 01:10:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5fd46de1 by security tracker role at 2022-10-16T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-42969 (The py library through 1.11.0 for Python allows remote 
attackers to co ...)
+       TODO: check
+CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the 
git backe ...)
+       TODO: check
+CVE-2022-42967
+       RESERVED
+CVE-2022-42966
+       RESERVED
+CVE-2022-42965
+       RESERVED
+CVE-2022-42964
+       RESERVED
 CVE-2022-3520
        RESERVED
 CVE-2022-3519 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
@@ -3968,8 +3980,8 @@ CVE-2022-41325
        RESERVED
 CVE-2022-41324
        RESERVED
-CVE-2022-41323
-       RESERVED
+CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 
4.1.2, i ...)
+       {DSA-5254-1}
        - python-django 3:3.2.16-1
        [buster] - python-django <not-affected> (Vulnerable code not present)
        NOTE: 
https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
@@ -16734,6 +16746,7 @@ CVE-2022-2503 (Dm-verity is used for extending 
root-of-trust to root filesystems
 CVE-2022-2502
        RESERVED
 CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in 
Django 3.2 b ...)
+       {DSA-5254-1}
        - python-django 3:3.2.15-1
        [buster] - python-django <not-affected> (Vulnerable code introduced in 
2.1)
        NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1
@@ -22562,6 +22575,7 @@ CVE-2022-34267
 CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon 
Linux 2 a ...)
        NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package
 CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 
before 4.0 ...)
+       {DSA-5254-1}
        - python-django 2:4.0.6-1 (bug #1014541)
        NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2
        NOTE: 
https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
@@ -39216,6 +39230,7 @@ CVE-2022-28349 (Arm Mali GPU Kernel Driver has a 
use-after-free: Midgard r28p0 t
 CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, 
Bifrost r0p0 t ...)
        NOT-FOR-US: ARM Mali GPU driver
 CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in 
Django 2 ...)
+       {DSA-5254-1}
        - python-django 2:3.2.13-1 (bug #1009677)
        [stretch] - python-django <not-affected> (Vulnerable code not present)
        NOTE: 
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
@@ -39224,7 +39239,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in 
QuerySet.explain() in Dj
        NOTE: 
https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
 (3.2.13)
        NOTE: 
https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
 (2.2.28)
 CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 
before 3.2.13 ...)
-       {DLA-2982-1}
+       {DSA-5254-1 DLA-2982-1}
        - python-django 2:3.2.13-1 (bug #1009677)
        NOTE: 
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
        NOTE: 
https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
 (main)
@@ -53461,7 +53476,7 @@ CVE-2022-0336 (The Samba AD DC includes checks when 
adding service principals na
 CVE-2022-23834
        RESERVED
 CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 
before 2.2.27 ...)
-       {DLA-2906-1}
+       {DSA-5254-1 DLA-2906-1}
        - python-django 2:3.2.12-1 (bug #1004752)
        [buster] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
@@ -57085,7 +57100,7 @@ CVE-2022-22820 (Due to the lack of media file checks 
before rendering, it was po
 CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, 
LPC55S69JBD64, LPC55 ...)
        NOT-FOR-US: NXP
 CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 
before 3 ...)
-       {DLA-2906-1}
+       {DSA-5254-1 DLA-2906-1}
        - python-django 2:3.2.12-1 (bug #1004752)
        [buster] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd46de116b5ba7c56bf9e04e86477f01e663fd2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd46de116b5ba7c56bf9e04e86477f01e663fd2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to