[Git][security-tracker-team/security-tracker][master] Add several GHSA references for heimdal CVEs

Sun, 20 Nov 2022 05:23:55 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0babc201 by Salvatore Bonaccorso at 2022-11-20T14:23:13+01:00
Add several GHSA references for heimdal CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3580,6 +3580,7 @@ CVE-2022-44641 (In Linaro Automated Validation 
Architecture (LAVA) before 2022.1
 CVE-2022-44640 [Invalid free in ASN.1 codec]
        RESERVED
        - heimdal <unfixed> (bug #1024187)
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
        NOTE: 
https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
 (heimdal-7.7.1)
 CVE-2022-44639
        RESERVED
@@ -10065,6 +10066,7 @@ CVE-2022-42898 [krb5_pac_parse() buffer parsing 
vulnerability]
        NOTE: MIT-krb5: 
https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 
(master)
        NOTE: MIT-krb5: 
https://github.com/krb5/krb5/commit/b99de751dd35360c0fccac74a40f4a60dbf1ceea 
(krb5-1.20.1-final)
        NOTE: MIT-krb5: 
https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 
(krb5-1.19.4-final)
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
        NOTE: Heimdal: 
https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246
 (heimdal-7.7.1)
        NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
 CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows 
unauthe ...)
@@ -10609,6 +10611,7 @@ CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
        - heimdal <unfixed> (bug #1024187)
        NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15134
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j
        NOTE: 
https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3
 (heimdal-7.7.1)
        NOTE: 
https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49
 (heimdal-7.7.1)
        NOTE: 
https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd
 (heimdal-7.7.1)
@@ -74065,6 +74068,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper 
Neutralization of Input During
 CVE-2021-44758 [spnego: send_reject when no mech selected]
        RESERVED
        - heimdal <unfixed> (bug #1024187)
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
        NOTE: 
https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
 (heimdal-7.7.1)
 CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and 
Desktop Centr ...)
        NOT-FOR-US: Zoho ManageEngine
@@ -96453,6 +96457,7 @@ CVE-2021-3671 (A null pointer de-reference was found in 
the way samba kerberos s
        [stretch] - samba <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-h9qj-cpmq-3562
        NOTE: Fixed by: 
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
        NOTE: Followup: 
https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
        NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 
vulnerability.
@@ -236529,6 +236534,7 @@ CVE-2019-14870 (All Samba versions 4.x.x before 
4.9.17, 4.10.x before 4.10.11 an
        [stretch] - heimdal <no-dsa> (Minor issue)
        [jessie] - heimdal <no-dsa> (Minor issue)
        NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html
+       NOTE: 
https://github.com/heimdal/heimdal/security/advisories/GHSA-q77c-9qvp-qfw4
        NOTE: https://github.com/heimdal/heimdal/pull/663
        NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch)
        NOTE: 
https://github.com/heimdal/heimdal/commit/0495a19a938ad68283078e62c659e4f1c5980815
 (heimdal-7.7.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0babc20175d1d66a898a148cb0753054b3cfae18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0babc20175d1d66a898a148cb0753054b3cfae18
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to