[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Sun, 13 Nov 2022 11:47:03 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
686231bf by Moritz Muehlenhoff at 2022-11-13T20:46:36+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2022-45190
 CVE-2022-45189
        RESERVED
 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer 
overflow  ...)
-       - netatalk <unfixed>
+       - netatalk <unfixed> (bug #1024021)
        NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/
 CVE-2022-45187
        RESERVED
@@ -519,7 +519,7 @@ CVE-2022-3874
 CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository 
jgraph/drawio pr ...)
        NOT-FOR-US: jgraph/drawio
 CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of 
QEMU.  ...)
-       - qemu <unfixed>
+       - qemu <unfixed> (bug #1024022)
        [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned 
patch)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
@@ -1026,11 +1026,11 @@ CVE-2022-44795 (An issue was discovered in Object First 
1.0.7.712. A flaw was fo
 CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management 
protocol ...)
        NOT-FOR-US: Object First
 CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c 
in Net-S ...)
-       - net-snmp <unfixed>
+       - net-snmp <unfixed> (bug #1024020)
        NOTE: https://github.com/net-snmp/net-snmp/issues/475
        NOTE: 
https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
 CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in 
Net-SNMP  ...)
-       - net-snmp <unfixed>
+       - net-snmp <unfixed> (bug #1024020)
        NOTE: https://github.com/net-snmp/net-snmp/issues/474
        NOTE: 
https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
 CVE-2022-44791
@@ -8592,13 +8592,13 @@ CVE-2022-42968 (Gitea before 1.17.3 does not sanitize 
and escape refs in the git
 CVE-2022-42967
        RESERVED
 CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) 
can be tri ...)
-       - python-cleo <unfixed>
+       - python-cleo <unfixed> (bug #1024018)
        NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
        NOTE: Doesn't seem to be reported upstream so far
 CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) 
can be tri ...)
        NOT-FOR-US: snowflake-connector-python
 CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) 
can be tri ...)
-       - pymatgen <unfixed>
+       - pymatgen <unfixed> (bug #1024017)
        NOTE: 
https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
        NOTE: Doesn't seem to be reported upstream so far
 CVE-2022-3520
@@ -17291,11 +17291,11 @@ CVE-2022-39412 (Vulnerability in the Oracle Access 
Manager product of Oracle Fus
 CVE-2022-39411 (Vulnerability in the Oracle Transportation Management product 
of Oracl ...)
        NOT-FOR-US: Oracle
 CVE-2022-39410 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-39409 (Vulnerability in the Oracle Transportation Management product 
of Oracl ...)
        NOT-FOR-US: Oracle
 CVE-2022-39408 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-39407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2022-39406 (Vulnerability in the PeopleSoft Enterprise Common Components 
product o ...)
@@ -17305,14 +17305,13 @@ CVE-2022-39405 (Vulnerability in the Oracle Access 
Manager product of Oracle Fus
 CVE-2022-39404 (Vulnerability in the MySQL Installer product of Oracle MySQL 
(componen ...)
        NOT-FOR-US: Oracle
 CVE-2022-39403 (Vulnerability in the MySQL Shell product of Oracle MySQL 
(component: S ...)
-       - mysql-8.0 <unfixed>
-       TODO: check, component "MySQL Shell", unclear if in src:mysql-8.0
+       NOT-FOR-US: Oracle (MySQL Shell)
 CVE-2022-39402 (Vulnerability in the MySQL Shell product of Oracle MySQL 
(component: S ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-11 11.0.17+8-1
        [bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next 
CPU)
@@ -76239,13 +76238,13 @@ CVE-2021-3962 (A flaw was found in ImageMagick where 
it did not properly sanitiz
 CVE-2022-21641 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.30-1
 CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.30-1
 CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of 
Oracle E ...)
        NOT-FOR-US: Oracle
 CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -76253,9 +76252,9 @@ CVE-2022-21635 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
@@ -76278,7 +76277,7 @@ CVE-2022-21626 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM Enterprise E
        [bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next 
CPU)
        [buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u352-ga-1
        - openjdk-11 11.0.17+8-1
@@ -76307,7 +76306,7 @@ CVE-2022-21618 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM Enterprise E
        - openjdk-17 17.0.5+8-1
        [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next 
CPU)
 CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of 
Oracle  ...)
@@ -76319,13 +76318,13 @@ CVE-2022-21613 (Vulnerability in the Oracle 
Enterprise Data Quality product of O
 CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
 CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.29-1
 CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction 
Server  ...)
@@ -76333,7 +76332,7 @@ CVE-2022-21606 (Vulnerability in the Oracle Services 
for Microsoft Transaction S
 CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.29-1
 CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of 
Oracle Da ...)
        NOT-FOR-US: Oracle
 CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
@@ -76343,7 +76342,7 @@ CVE-2022-21601 (Vulnerability in the Oracle 
Communications Billing and Revenue M
 CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.28-1
 CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and 
Configuration pro ...)
        NOT-FOR-US: Oracle
 CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product 
of Orac ...)
@@ -76353,7 +76352,7 @@ CVE-2022-21596 (Vulnerability in the Oracle Database - 
Advanced Queuing componen
 CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.28-1
 CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1024016)
 CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle 
Fusion Middl ...)
        NOT-FOR-US: Oracle
 CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686231bf5cbed1104e1866a0094be62f0af96001

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686231bf5cbed1104e1866a0094be62f0af96001
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to