Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e70af35 by security tracker role at 2022-12-10T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-46907
+ RESERVED
+CVE-2022-4399
+ RESERVED
+CVE-2022-4398
+ RESERVED
+CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has
been c ...)
+ TODO: check
+CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
RDFlib py ...)
+ TODO: check
CVE-2022-46906
RESERVED
CVE-2022-46905
@@ -5290,8 +5300,8 @@ CVE-2022-3942 (A vulnerability was found in
SourceCodester Sanitization Manageme
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle
BC-FJA b ...)
NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian
package for Bouncycastle
-CVE-2022-45145
- RESERVED
+CVE-2022-45145 (egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary
OS comman ...)
+ TODO: check
CVE-2022-45144
RESERVED
CVE-2022-3941 (A vulnerability has been found in Activity Log Plugin and
classified a ...)
@@ -8257,7 +8267,7 @@ CVE-2022-3776 (The Restaurant Menu – Food Ordering
System – Table Re
NOT-FOR-US: WordPress plugin
CVE-2022-3775
RESERVED
- {DSA-5280-1 DLA-3190-1}
+ {DSA-5280-1 DLA-3190-2 DLA-3190-1}
- grub2 2.06-5
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App
1.0 an ...)
@@ -16751,6 +16761,7 @@ CVE-2022-41854 (Those using Snakeyaml to parse
untrusted YAML files may be vulne
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
TODO: check details
CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement
in hsqldb ...)
+ {DLA-3234-1}
- hsqldb 2.7.1-1 (bug #1023573)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
NOTE:
http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
@@ -28909,7 +28920,7 @@ CVE-2022-37300 (A CWE-640: Weak Password Recovery
Mechanism for Forgotten Passwo
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and
Modicon Controllers M580 and M340
CVE-2022-2601
RESERVED
- {DSA-5280-1 DLA-3190-1}
+ {DSA-5280-1 DLA-3190-2 DLA-3190-1}
- grub2 2.06-5
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not
set re ...)
@@ -74040,6 +74051,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a
heap-based buffer overflow in PCI
NOTE:
https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017
(v3.4.1RC1)
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in
Imf_3_1 ...)
+ {DSA-5299-1}
[experimental] - openexr 3.1.4-1
- openexr 3.1.5-2 (bug #1014828)
[buster] - openexr <no-dsa> (Minor issue)
@@ -83540,6 +83552,7 @@ CVE-2021-3942 (Certain HP Print products and Digital
Sending products may be vul
CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses
$request_uri ...)
NOT-FOR-US: Apache Apisix
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some
division o ...)
+ {DSA-5299-1}
[experimental] - openexr 3.1.3-1
- openexr 3.1.5-2 (bug #1014828)
[stretch] - openexr <no-dsa> (Minor issue)
@@ -83727,6 +83740,7 @@ CVE-2021-3935 (When PgBouncer is configured to use
"cert" authentication, a man-
CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special
Elements u ...)
NOT-FOR-US: ohmyzsh
CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a
crafted file ...)
+ {DSA-5299-1}
[experimental] - openexr 3.1.3-1
- openexr 3.1.5-2 (bug #1014828)
[stretch] - openexr <not-affected> (Vulnerable code not present)
@@ -108196,7 +108210,7 @@ CVE-2021-34697 (A vulnerability in the Protection
Against Distributed Denial of
CVE-2021-34696 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in
versions pr ...)
- {DLA-2732-1}
+ {DSA-5299-1 DLA-2732-1}
- openexr 2.5.7-1 (bug #990899)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
@@ -108275,7 +108289,7 @@ CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows
authentication bypass for E
CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for
stored ...)
NOT-FOR-US: Basix NEX-Forms
CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile
functionality in ...)
- {DLA-2701-1}
+ {DSA-5299-1 DLA-2701-1}
- openexr 2.5.7-1 (bug #990450)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
@@ -116470,7 +116484,7 @@ CVE-2021-26945 (An integer overflow leading to a
heap-buffer overflow was found
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
NOTE: Only affects exrcheck, which isn't built into the binary packages
CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was
found in the ...)
- {DLA-2701-1}
+ {DSA-5299-1 DLA-2701-1}
- openexr 2.5.7-1 (bug #992703)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
@@ -116479,7 +116493,7 @@ CVE-2021-26260 (An integer overflow leading to a
heap-buffer overflow was found
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d
(2.5)
CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was
found in the ...)
- {DLA-2701-1}
+ {DSA-5299-1 DLA-2701-1}
- openexr 2.5.7-1
[buster] - openexr <ignored> (Minor issue, might change ABI)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e70af35a3da5fcc0cca289fe49697764990bcef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e70af35a3da5fcc0cca289fe49697764990bcef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
