Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0205320 by Moritz Mühlenhoff at 2022-12-28T00:09:34+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -115,9 +115,10 @@ CVE-2021-4289 (A vulnerability classified as problematic
was found in OpenMRS op
CVE-2021-4288 (A vulnerability was found in OpenMRS
openmrs-module-referenceapplicati ...)
NOT-FOR-US: OpenMRS
CVE-2021-4287 (A vulnerability, which was classified as problematic, was found
in ReF ...)
- - binwalk 2.3.3+dfsg1-1
+ - binwalk 2.3.3+dfsg1-1 (unimportant)
NOTE:
https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd
(v2.3.3)
NOTE: https://github.com/ReFirmLabs/binwalk/pull/556
+ NOTE: This is not a security vulnerability, but only adds a
security-related feature
CVE-2021-4286 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: cocagne pysrp
CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios
NCPA. Th ...)
@@ -2691,10 +2692,12 @@ CVE-2022-4559 (A vulnerability was found in INEX
IPX-Manager up to 6.2.0. It has
NOT-FOR-US: INEX IPX-Manager
CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has
been clas ...)
- sogo 5.8.0-1
+ [bullseye] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
(SOGo-5.8.0)
CVE-2022-4557
RESERVED
CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
+ [bullseye] - CVE-2022-4556 <no-dsa> (Minor issue)
- sogo 5.8.0-1
NOTE:
https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e
(SOGo-5.8.0)
CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to
authorization bypa ...)
@@ -6910,6 +6913,7 @@ CVE-2022-46176
RESERVED
CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that
aims to be ...)
- node-json5 <unfixed>
+ [bullseye] - node-json5 <no-dsa> (Minor issue)
NOTE:
https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
NOTE: https://github.com/json5/json5/issues/199
NOTE: https://github.com/json5/json5/issues/295
@@ -7679,9 +7683,7 @@ CVE-2022-4134
NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
CVE-2022-4133 [reflected XSS]
RESERVED
- - horizon <unfixed>
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147389
- NOTE: check, unclear if specific to Red Hat OpenStack Platform dashboard
+ NOT-FOR-US: Red Hat OpenStack Platform dashboard
CVE-2022-4132
RESERVED
CVE-2021-46855
@@ -25384,6 +25386,7 @@ CVE-2022-3172
CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite
versio ...)
[experimental] - protobuf 3.21.7-1
- protobuf 3.21.9-3
+ [bullseye] - protobuf <no-dsa> (Minor issue)
NOTE:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel
sound subs ...)
- linux <not-affected> (Vulnerable code not present)
@@ -112100,6 +112103,7 @@ CVE-2021-35066 (An XXE vulnerability exists in
ConnectWise Automate before 2021.
NOT-FOR-US: ConnectWise Automate
CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS
(regular ...)
- node-glob-parent 6.0.2+~5.1.1-1
+ [bullseye] - node-glob-parent <no-dsa> (Minor issue)
NOTE:
https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
(v6.0.1)
NOTE: https://github.com/gulpjs/glob-parent/pull/49
CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege
escalation thro ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ curl
--
frr
--
+hsqldb
+--
lava
--
linux (carnil)
@@ -59,3 +61,5 @@ sox
--
tiff
--
+trafficserver
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02053201d55bb287d69686ddff7fa56596f37b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02053201d55bb287d69686ddff7fa56596f37b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
