Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0513b34 by security tracker role at 2022-10-31T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-20853
+ RESERVED
+CVE-2023-20852
+ RESERVED
+CVE-2022-44448
+ RESERVED
+CVE-2022-44447
+ RESERVED
+CVE-2022-44446
+ RESERVED
+CVE-2022-44445
+ RESERVED
+CVE-2022-44444
+ RESERVED
+CVE-2022-44443
+ RESERVED
+CVE-2022-44442
+ RESERVED
+CVE-2022-44441
+ RESERVED
+CVE-2022-44440
+ RESERVED
+CVE-2022-44439
+ RESERVED
+CVE-2022-44438
+ RESERVED
+CVE-2022-44437
+ RESERVED
+CVE-2022-44436
+ RESERVED
+CVE-2022-44435
+ RESERVED
+CVE-2022-44434
+ RESERVED
+CVE-2022-44433
+ RESERVED
+CVE-2022-44432
+ RESERVED
+CVE-2022-44431
+ RESERVED
+CVE-2022-44430
+ RESERVED
+CVE-2022-44429
+ RESERVED
+CVE-2022-44428
+ RESERVED
+CVE-2022-44427
+ RESERVED
+CVE-2022-44426
+ RESERVED
+CVE-2022-44425
+ RESERVED
+CVE-2022-44424
+ RESERVED
+CVE-2022-44423
+ RESERVED
+CVE-2022-44422
+ RESERVED
+CVE-2022-44421
+ RESERVED
+CVE-2022-44420
+ RESERVED
+CVE-2022-44419
+ RESERVED
+CVE-2022-3760
+ RESERVED
+CVE-2022-3759
+ RESERVED
+CVE-2022-3758
+ RESERVED
CVE-2022-44418
RESERVED
CVE-2022-44417
@@ -3233,6 +3303,7 @@ CVE-2022-43752
CVE-2022-43751
RESERVED
CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before
5.19.15 ...)
+ {DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 (6.1-rc1)
@@ -3389,7 +3460,7 @@ CVE-2022-43682
CVE-2022-43681
RESERVED
CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by
overeag ...)
- {DLA-3165-1}
+ {DSA-5266-1 DLA-3165-1}
- expat 2.5.0-1 (bug #1022743)
NOTE: https://github.com/libexpat/libexpat/issues/649
NOTE: https://github.com/libexpat/libexpat/pull/616
@@ -3652,6 +3723,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph user
to root exploit]
- ceph <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been
classified as p ...)
+ {DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
@@ -4003,6 +4075,7 @@ CVE-2022-3647 (A vulnerability, which was classified as
problematic, was found i
NOTE: Crash inside the crash report when redis already crashed due to
calling an invalid
NOTE: function pointer, negligible security impact
CVE-2022-3646 (A vulnerability, which was classified as problematic, has been
found i ...)
+ {DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1)
@@ -4037,6 +4110,7 @@ CVE-2022-3636 (A vulnerability, which was classified as
critical, was found in L
- linux <not-affected> (No vulnerable code in any upstream or Debian
released version)
NOTE:
https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
CVE-2022-3635 (A vulnerability, which was classified as critical, has been
found in L ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
@@ -4044,6 +4118,7 @@ CVE-2022-3635 (A vulnerability, which was classified as
critical, has been found
CVE-2022-3634
RESERVED
CVE-2022-3633 (A vulnerability classified as problematic has been found in
Linux Kern ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4058,6 +4133,7 @@ CVE-2022-3630 (A vulnerability was found in Linux Kernel.
It has been rated as p
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 (6.0-rc1)
CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared
as pro ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
@@ -4075,6 +4151,7 @@ CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write
in _TIFFmemset in libtif
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been
classified as c ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4088,6 +4165,7 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel.
It has been declared a
CVE-2022-3622
RESERVED
CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been
classified as p ...)
+ {DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE:
https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1)
@@ -4270,6 +4348,7 @@ CVE-2022-3588
CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage
Manage ...)
NOT-FOR-US: SourceCodester Simple Cold Storage Management System
CVE-2022-3586 (A flaw was found in the Linux kernel’s networking code. A
use-af ...)
+ {DLA-3173-1}
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
@@ -5435,7 +5514,7 @@ CVE-2022-42933 (A malicious crafted .dwf or .pct file
when consumed through Desi
NOT-FOR-US: Autodesk
CVE-2022-42932
RESERVED
- {DSA-5262-1 DSA-5259-1 DLA-3156-1}
+ {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
- thunderbird 1:102.4.0-1
@@ -5452,7 +5531,7 @@ CVE-2022-42930
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
CVE-2022-42929
RESERVED
- {DSA-5262-1 DSA-5259-1 DLA-3156-1}
+ {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
- thunderbird 1:102.4.0-1
@@ -5461,7 +5540,7 @@ CVE-2022-42929
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929
CVE-2022-42928
RESERVED
- {DSA-5262-1 DSA-5259-1 DLA-3156-1}
+ {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
- thunderbird 1:102.4.0-1
@@ -5470,7 +5549,7 @@ CVE-2022-42928
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928
CVE-2022-42927
RESERVED
- {DSA-5262-1 DSA-5259-1 DLA-3156-1}
+ {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
- thunderbird 1:102.4.0-1
@@ -6098,28 +6177,28 @@ CVE-2022-42724 (app/Controller/UsersController.php in
MISP before 2.4.164 allows
CVE-2022-42723
RESERVED
CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.x before 5.19.16, local
attackers ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in
the Lin ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the
mac80211 sta ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a
multi-BSSID elem ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -8484,7 +8563,7 @@ CVE-2022-41676
CVE-2022-41675
RESERVED
CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16.
Attackers ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -8897,7 +8976,7 @@ CVE-2022-3304
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound
subsystem du ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.19.11-1
NOTE:
https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5)
CVE-2022-3302 (The Spam protection, AntiSpam, FireWall by CleanTalk WordPress
plugin ...)
@@ -9893,6 +9972,7 @@ CVE-2022-40983
CVE-2022-40693
RESERVED
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a
use-after-free via ...)
+ {DLA-3173-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -10791,14 +10871,14 @@ CVE-2022-3229
RESERVED
CVE-2022-3228 (Using custom code, an attacker can write into name or
description fiel ...)
TODO: check
-CVE-2022-40742
- RESERVED
-CVE-2022-40741
- RESERVED
+CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion
vulnerability. An un ...)
+ TODO: check
+CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient
filtering f ...)
+ TODO: check
CVE-2022-40740
RESERVED
-CVE-2022-40739
- RESERVED
+CVE-2022-40739 (Ragic report generation page has insufficient filtering for
special ch ...)
+ TODO: check
CVE-2022-3227
RESERVED
CVE-2022-3226
@@ -11179,8 +11259,7 @@ CVE-2022-40619
RESERVED
CVE-2022-40618
RESERVED
-CVE-2022-40617
- RESERVED
+CVE-2022-40617 (strongSwan before 5.9.8 allows remote attackers to cause a
denial of s ...)
{DSA-5249-1 DLA-3143-1}
- strongswan 5.9.8-1 (bug #1021271)
NOTE:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
@@ -11455,7 +11534,7 @@ CVE-2022-3178 (Buffer Over-read in GitHub repository
gpac/gpac prior to 2.1.0-DE
CVE-2022-3177
RESERVED
CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel.
Signalf ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.17.3-1
NOTE: https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb
prior ...)
@@ -11876,7 +11955,7 @@ CVE-2022-3170 (An out-of-bounds access issue was found
in the Linux kernel sound
NOTE:
https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4)
NOTE:
https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4)
CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8.
drivers/fi ...)
- {DSA-5257-1 DLA-3131-1}
+ {DSA-5257-1 DLA-3173-1 DLA-3131-1}
- linux 5.19.11-1
NOTE:
https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit
Printsc ...)
@@ -11885,10 +11964,12 @@ CVE-2022-40305 (A Server-Side Request Forgery issue
in Canto Cumulus through 11.
NOT-FOR-US: Canto Cumulus
CVE-2022-40304 [dict corruption caused by entity reference cycles]
RESERVED
+ {DLA-3172-1}
- libxml2 <unfixed> (bug #1022225)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
(v2.10.3)
CVE-2022-40303 [integer overflows with XML_PARSE_HUGE]
RESERVED
+ {DLA-3172-1}
- libxml2 <unfixed> (bug #1022224)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
(v2.10.3)
CVE-2022-40302
@@ -12981,7 +13062,7 @@ CVE-2022-3121 (A vulnerability was found in
SourceCodester Online Employee Leave
CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3
R3 for U ...)
NOT-FOR-US: Lotus 1-2-3
CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In
pxa3xx_gcu ...)
- {DSA-5257-1 DLA-3131-1}
+ {DSA-5257-1 DLA-3173-1 DLA-3131-1}
- linux 5.19.6-1 (unimportant)
NOTE:
https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4)
NOTE: Driver not enabled in Debian configs
@@ -14469,6 +14550,7 @@ CVE-2022-39191
RESERVED
NOT-FOR-US: Mediawiki extension OAuth
CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in
the Linux ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -14574,7 +14656,7 @@ CVE-2022-39189 (An issue was discovered the x86 KVM
subsystem in the Linux kerne
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE:
https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the
Linux kern ...)
- {DSA-5257-1 DLA-3131-1}
+ {DSA-5257-1 DLA-3173-1 DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
@@ -14884,7 +14966,7 @@ CVE-2022-3063
CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not
escape pa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace
program coul ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.18.2-1
NOTE:
https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
CVE-2022-39043
@@ -14917,20 +14999,20 @@ CVE-2022-39030 (smart eVision has inadequate
authorization for system informatio
NOT-FOR-US: Smart eVision
CVE-2022-39029 (Smart eVision has inadequate authorization for the database
query func ...)
NOT-FOR-US: Smart eVision
-CVE-2022-39027
- RESERVED
-CVE-2022-39026
- RESERVED
-CVE-2022-39025
- RESERVED
-CVE-2022-39024
- RESERVED
-CVE-2022-39023
- RESERVED
-CVE-2022-39022
- RESERVED
-CVE-2022-39021
- RESERVED
+CVE-2022-39027 (U-Office Force Forum function has insufficient filtering for
special c ...)
+ TODO: check
+CVE-2022-39026 (U-Office Force UserDefault page has insufficient filtering for
special ...)
+ TODO: check
+CVE-2022-39025 (U-Office Force PrintMessage function has insufficient
filtering for sp ...)
+ TODO: check
+CVE-2022-39024 (U-Office Force Bulletin function has insufficient filtering
for specia ...)
+ TODO: check
+CVE-2022-39023 (U-Office Force Download function has a path traversal
vulnerability. A ...)
+ TODO: check
+CVE-2022-39022 (U-Office Force Download function has a path traversal
vulnerability. A ...)
+ TODO: check
+CVE-2022-39021 (U-Office Force login function has an Open Redirect
vulnerability. An u ...)
+ TODO: check
CVE-2022-39020
RESERVED
CVE-2022-39019
@@ -15546,7 +15628,7 @@ CVE-2022-3030 (An improper access control issue in
GitLab CE/EE affecting all ve
CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due
to a mi ...)
- routinator <itp> (bug #929024)
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework
for tran ...)
- {DLA-3131-1}
+ {DLA-3173-1 DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE:
https://lore.kernel.org/all/[email protected]/T/
@@ -16666,6 +16748,7 @@ CVE-2022-2906 (An attacker can leverage this flaw to
gradually erode available m
NOTE: Introduced after:
https://gitlab.isc.org/isc-projects/bind9/-/commit/e18777c7582d54d227714882e9e79746ce48e002
(v9_17_20)
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197
(v9_18_7)
CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux
kernel's BPF ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -19302,6 +19385,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef
has an i ...)
+ {DSA-5267-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -19573,7 +19657,7 @@ CVE-2020-36571
CVE-2020-36570
RESERVED
CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc
where the m ...)
- {DSA-5257-1 DLA-3131-1}
+ {DSA-5257-1 DLA-3173-1 DLA-3131-1}
- linux 6.0.2-1
NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1
CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which
may allo ...)
@@ -19947,7 +20031,7 @@ CVE-2022-2603 (Use after free in Omnibox in Google
Chrome prior to 104.0.5112.79
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2602 [io_uring/af_unix: defer registered files gc to io_uring release]
RESERVED
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 6.0.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80
@@ -28371,7 +28455,7 @@ CVE-2022-2155
CVE-2022-2154 (An attacker with physical access can exploit this vulnerability
to exe ...)
NOT-FOR-US: Intel
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when
attempting to se ...)
- {DSA-5173-1 DLA-3131-1 DLA-3065-1}
+ {DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1}
- linux 5.17.3-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736
@@ -38314,7 +38398,7 @@ CVE-2022-1680 (An account takeover issue has been
discovered in GitLab EE affect
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s
Atheros wi ...)
- {DLA-3131-1}
+ {DLA-3173-1 DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125
@@ -45252,7 +45336,7 @@ CVE-2022-28220 (Apache James prior to release 3.6.3 and
3.7.1 is vulnerable to a
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in
GitLab ...)
- gitlab <unfixed>
CVE-2022-1184 (A use-after-free flaw was found in
fs/ext4/namei.c:dx_insert_block() i ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
@@ -62240,7 +62324,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds
Read ...)
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API
has a v ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -70437,7 +70521,7 @@ CVE-2022-21133 (Out-of-bounds read in the Intel(R)
Trace Analyzer and Collector
CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M
Android appli ...)
NOT-FOR-US: Intel
CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner()
functio ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.14.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
NOTE:
https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
@@ -78499,13 +78583,14 @@ CVE-2022-20423 (In rndis_set_response of rndis.c,
there is a possible out of bou
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE:
https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17)
CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a
possible w ...)
+ {DLA-3173-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE:
https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1)
CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible
way to cor ...)
- {DSA-5257-1}
+ {DSA-5257-1 DLA-3173-1}
- linux 5.19.11-1
[buster] - linux 4.19.260-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0513b3480fbe948a74531f23f5583bd6a571350
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0513b3480fbe948a74531f23f5583bd6a571350
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
