[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 05 Apr 2023 01:10:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
09dbcfe3 by security tracker role at 2023-04-05T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2023-29383
+       RESERVED
+CVE-2023-29382
+       RESERVED
+CVE-2023-29381
+       RESERVED
+CVE-2023-29380
+       RESERVED
+CVE-2023-29379
+       RESERVED
+CVE-2023-29378
+       RESERVED
+CVE-2023-29377
+       RESERVED
+CVE-2023-29376
+       RESERVED
+CVE-2023-29375
+       RESERVED
+CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows 
prompt inj ...)
+       TODO: check
+CVE-2023-29373
+       RESERVED
+CVE-2023-29372
+       RESERVED
+CVE-2023-29371
+       RESERVED
+CVE-2023-29370
+       RESERVED
+CVE-2023-29369
+       RESERVED
+CVE-2023-29368
+       RESERVED
+CVE-2023-29367
+       RESERVED
+CVE-2023-29366
+       RESERVED
+CVE-2023-29365
+       RESERVED
+CVE-2023-29364
+       RESERVED
+CVE-2023-29363
+       RESERVED
+CVE-2023-29362
+       RESERVED
+CVE-2023-29361
+       RESERVED
+CVE-2023-29360
+       RESERVED
+CVE-2023-29359
+       RESERVED
+CVE-2023-29358
+       RESERVED
+CVE-2023-29357
+       RESERVED
+CVE-2023-29356
+       RESERVED
+CVE-2023-29355
+       RESERVED
+CVE-2023-29354
+       RESERVED
+CVE-2023-29353
+       RESERVED
+CVE-2023-29352
+       RESERVED
+CVE-2023-29351
+       RESERVED
+CVE-2023-29350
+       RESERVED
+CVE-2023-29349
+       RESERVED
+CVE-2023-29348
+       RESERVED
+CVE-2023-29347
+       RESERVED
+CVE-2023-29346
+       RESERVED
+CVE-2023-29345
+       RESERVED
+CVE-2023-29344
+       RESERVED
+CVE-2023-29343
+       RESERVED
+CVE-2023-29342
+       RESERVED
+CVE-2023-29341
+       RESERVED
+CVE-2023-29340
+       RESERVED
+CVE-2023-29339
+       RESERVED
+CVE-2023-29338
+       RESERVED
+CVE-2023-29337
+       RESERVED
+CVE-2023-29336
+       RESERVED
+CVE-2023-29335
+       RESERVED
+CVE-2023-29334
+       RESERVED
+CVE-2023-29333
+       RESERVED
+CVE-2023-29332
+       RESERVED
+CVE-2023-29331
+       RESERVED
+CVE-2023-29330
+       RESERVED
+CVE-2023-29329
+       RESERVED
+CVE-2023-29328
+       RESERVED
+CVE-2023-29327
+       RESERVED
+CVE-2023-29326
+       RESERVED
+CVE-2023-29325
+       RESERVED
+CVE-2023-29324
+       RESERVED
+CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 
and 7.2  ...)
+       TODO: check
+CVE-2023-29322
+       RESERVED
+CVE-2023-29321
+       RESERVED
+CVE-2023-29320
+       RESERVED
+CVE-2023-29319
+       RESERVED
+CVE-2023-29318
+       RESERVED
+CVE-2023-29317
+       RESERVED
+CVE-2023-29316
+       RESERVED
+CVE-2023-29315
+       RESERVED
+CVE-2023-29314
+       RESERVED
+CVE-2023-29313
+       RESERVED
+CVE-2023-29312
+       RESERVED
+CVE-2023-29311
+       RESERVED
+CVE-2023-29310
+       RESERVED
+CVE-2023-29309
+       RESERVED
+CVE-2023-29308
+       RESERVED
+CVE-2023-29307
+       RESERVED
+CVE-2023-29306
+       RESERVED
+CVE-2023-29305
+       RESERVED
+CVE-2023-29304
+       RESERVED
+CVE-2023-29303
+       RESERVED
+CVE-2023-29302
+       RESERVED
+CVE-2023-29301
+       RESERVED
+CVE-2023-29300
+       RESERVED
+CVE-2023-29299
+       RESERVED
+CVE-2023-29298
+       RESERVED
+CVE-2023-29297
+       RESERVED
+CVE-2023-29296
+       RESERVED
+CVE-2023-29295
+       RESERVED
+CVE-2023-29294
+       RESERVED
+CVE-2023-29293
+       RESERVED
+CVE-2023-29292
+       RESERVED
+CVE-2023-29291
+       RESERVED
+CVE-2023-29290
+       RESERVED
+CVE-2023-29289
+       RESERVED
+CVE-2023-29288
+       RESERVED
+CVE-2023-29287
+       RESERVED
+CVE-2023-29286
+       RESERVED
+CVE-2023-29285
+       RESERVED
+CVE-2023-29284
+       RESERVED
+CVE-2023-29283
+       RESERVED
+CVE-2023-29282
+       RESERVED
+CVE-2023-29281
+       RESERVED
+CVE-2023-29280
+       RESERVED
+CVE-2023-29279
+       RESERVED
+CVE-2023-29278
+       RESERVED
+CVE-2023-29277
+       RESERVED
+CVE-2023-29276
+       RESERVED
+CVE-2023-29275
+       RESERVED
+CVE-2023-29274
+       RESERVED
+CVE-2023-29273
+       RESERVED
+CVE-2023-1860
+       RESERVED
+CVE-2023-1859
+       RESERVED
+CVE-2023-1858
+       RESERVED
+CVE-2023-1857
+       RESERVED
+CVE-2023-1856
+       RESERVED
+CVE-2023-1855
+       RESERVED
+CVE-2023-1854
+       RESERVED
+CVE-2023-1853
+       RESERVED
+CVE-2023-1852
+       RESERVED
+CVE-2023-1851
+       RESERVED
+CVE-2023-1850
+       RESERVED
+CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll 
System 1.0. ...)
+       TODO: check
+CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll 
System 1.0. ...)
+       TODO: check
+CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll 
System 1.0  ...)
+       TODO: check
+CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll 
System ...)
+       TODO: check
+CVE-2023-1845 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-1844
+       RESERVED
+CVE-2023-1843
+       RESERVED
+CVE-2023-1842
+       RESERVED
+CVE-2023-1841
+       RESERVED
 CVE-2023-29272
        RESERVED
 CVE-2023-29271
@@ -150,34 +412,34 @@ CVE-2023-28384
        RESERVED
 CVE-2023-1824
        RESERVED
-CVE-2023-1823
-       RESERVED
-CVE-2023-1822
-       RESERVED
-CVE-2023-1821
-       RESERVED
-CVE-2023-1820
-       RESERVED
-CVE-2023-1819
-       RESERVED
-CVE-2023-1818
-       RESERVED
-CVE-2023-1817
-       RESERVED
-CVE-2023-1816
-       RESERVED
-CVE-2023-1815
-       RESERVED
-CVE-2023-1814
-       RESERVED
-CVE-2023-1813
-       RESERVED
-CVE-2023-1812
-       RESERVED
-CVE-2023-1811
-       RESERVED
-CVE-2023-1810
-       RESERVED
+CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 
112.0. ...)
+       TODO: check
+CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 
112.0.56 ...)
+       TODO: check
+CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior 
to 112 ...)
+       TODO: check
+CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior 
to 112. ...)
+       TODO: check
+CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 
112.0.56 ...)
+       TODO: check
+CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 
112.0.5615.49 allow ...)
+       TODO: check
+CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on 
Android ...)
+       TODO: check
+CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome 
prior to  ...)
+       TODO: check
+CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 
112.0.5615 ...)
+       TODO: check
+CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in 
Google  ...)
+       TODO: check
+CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome 
prior to 1 ...)
+       TODO: check
+CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome 
prior to  ...)
+       TODO: check
+CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 
112.0.5615.49 allow ...)
+       TODO: check
+CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 
112.0.5615.4 ...)
+       TODO: check
 CVE-2023-1809
        RESERVED
 CVE-2023-1808
@@ -794,8 +1056,8 @@ CVE-2023-29005
        RESERVED
 CVE-2023-29004
        RESERVED
-CVE-2023-29003
-       RESERVED
+CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit 
framework offe ...)
+       TODO: check
 CVE-2023-29002
        RESERVED
 CVE-2023-29001
@@ -1348,8 +1610,8 @@ CVE-2023-28855
        RESERVED
 CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is 
vulnera ...)
        NOT-FOR-US: nophp
-CVE-2023-28853
-       RESERVED
+CVE-2023-28853 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
 CVE-2023-28852
        RESERVED
 CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple 
silverst ...)
@@ -1370,12 +1632,12 @@ CVE-2023-28844 (Nextcloud server is an open source home 
cloud implementation. In
        - nextcloud-server <itp> (bug #941708)
 CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop 
web comm ...)
        NOT-FOR-US: PrestaShop
-CVE-2023-28842
-       RESERVED
-CVE-2023-28841
-       RESERVED
-CVE-2023-28840
-       RESERVED
+CVE-2023-28842 (Moby) is an open source container framework developed by 
Docker Inc. t ...)
+       TODO: check
+CVE-2023-28841 (Moby is an open source container framework developed by Docker 
Inc. th ...)
+       TODO: check
+CVE-2023-28840 (Moby is an open source container framework developed by Docker 
Inc. th ...)
+       TODO: check
 CVE-2023-28839
        RESERVED
 CVE-2023-28838
@@ -5803,14 +6065,14 @@ CVE-2023-1131 (A vulnerability has been found in 
SourceCodester Computer Parts S
        NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
 CVE-2023-1130 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
-CVE-2023-27496
-       RESERVED
+CVE-2023-27496 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
+       TODO: check
 CVE-2023-27495
        RESERVED
 CVE-2023-27494 (Streamlit, software for turning data scripts into web 
applications, ha ...)
        NOT-FOR-US: Streamlit
-CVE-2023-27493
-       RESERVED
+CVE-2023-27493 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
+       TODO: check
 CVE-2023-27492 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2023-27491 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
@@ -6140,7 +6402,8 @@ CVE-2023-1105 (External Control of File Name or Path in 
GitHub repository flatpr
        NOT-FOR-US: flatpressblog
 CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository 
flatpressblog ...)
        NOT-FOR-US: flatpressblog
-CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository 
flatpressblog ...)
+CVE-2023-1103
+       REJECTED
        NOT-FOR-US: flatpressblog
 CVE-2023-1102
        RESERVED
@@ -10259,8 +10522,8 @@ CVE-2023-0836 (An information leak vulnerability was 
discovered in HAProxy 2.1,
        NOTE: 
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5
 (v2.6.8)
        NOTE: 
https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1
 (v2.2.27)
        NOTE: Introduced by: 
https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553
 (v2.1-dev2)
-CVE-2023-0835
-       RESERVED
+CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to 
remotely ob ...)
+       TODO: check
 CVE-2023-0834
        RESERVED
 CVE-2023-25181
@@ -11085,8 +11348,8 @@ CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in 
GitHub repository answerde
        NOT-FOR-US: Answer
 CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper 
Synchronizati ...)
        NOT-FOR-US: Answer
-CVE-2023-0738
-       RESERVED
+CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to 
obtain arbit ...)
+       TODO: check
 CVE-2023-0737
        RESERVED
 CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository 
wallabag/wall ...)
@@ -14146,8 +14409,8 @@ CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in 
GitHub repository pyload/p
        - pyload <itp> (bug #1001980)
 CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not 
properly ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-0486
-       RESERVED
+CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external 
attacker t ...)
+       TODO: check
 CVE-2023-0485
        RESERVED
 CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &amp; 
Gutenberg B ...)
@@ -14164,8 +14427,8 @@ CVE-2023-0482 (In RESTEasy the insecure 
File.createTempFile() is used in the Dat
        NOTE: 
https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b
 CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure 
File.creat ...)
        NOT-FOR-US: Quarkus
-CVE-2023-0480
-       RESERVED
+CVE-2023-0480 (VitalPBX version 3.2.3-8 allows an unauthenticated external 
attacker t ...)
+       TODO: check
 CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values 
in the  ...)
        {DSA-5367-1 DLA-3347-1}
        - spip 4.1.8+dfsg-1
@@ -16031,8 +16294,8 @@ CVE-2023-0384
        RESERVED
 CVE-2023-0383
        RESERVED
-CVE-2023-0382
-       RESERVED
+CVE-2023-0382 (User-controlled operations could have allowed Denial of Service 
in M-F ...)
+       TODO: check
 CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does 
not va ...)
@@ -16155,8 +16418,8 @@ CVE-2023-0358 (Use After Free in GitHub repository 
gpac/gpac prior to 2.3.0-DEV.
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
        NOTE: 
https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
-CVE-2023-0357
-       RESERVED
+CVE-2023-0357 (Helpy version 2.8.0 allows an unauthenticated remote attacker 
to explo ...)
+       TODO: check
 CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack 
strong encry ...)
        NOT-FOR-US: SOCOMEC MODULYS GP Netvision
 CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could 
allow an a ...)
@@ -16645,8 +16908,8 @@ CVE-2023-0327 (A vulnerability was found in saemorris 
TheRadSystem. It has been
        NOT-FOR-US: saemorris TheRadSystem
 CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner 
affecting all  ...)
        NOT-FOR-US: GitLab DAST API scanner
-CVE-2023-0325
-       RESERVED
+CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker 
to expl ...)
+       TODO: check
 CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours &amp; 
Travels ...)
        NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
@@ -17085,8 +17348,8 @@ CVE-2023-0266 (A use after free vulnerability exists in 
the ALSA PCM package in
        {DSA-5324-1 DLA-3349-1}
        - linux 6.1.7-1
        NOTE: 
https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
-CVE-2023-0265
-       RESERVED
+CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to 
execut ...)
+       TODO: check
 CVE-2023-0264
        RESERVED
        NOT-FOR-US: Keycloak
@@ -38510,51 +38773,63 @@ CVE-2022-43605 (An out-of-bounds write vulnerability 
exists in the SetAttributeL
 CVE-2022-43604 (An out-of-bounds write vulnerability exists in the 
GetAttributeList at ...)
        NOT-FOR-US: EIP Stack Group OpENer
 CVE-2022-43603 (A denial of service vulnerability exists in the 
ZfileOutput::close() f ...)
+       {DLA-3382-1}
        [experimental] - openimageio 2.4.7.1+dfsg-1
        - openimageio 2.4.7.1+dfsg-2 (bug #1027808)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657
        NOTE: https://github.com/OpenImageIO/oiio/pull/3670
 CVE-2022-43602 (Multiple code execution vulnerabilities exist in the 
IFFOutput::close( ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43601 (Multiple code execution vulnerabilities exist in the 
IFFOutput::close( ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43600 (Multiple code execution vulnerabilities exist in the 
IFFOutput::close( ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43599 (Multiple code execution vulnerabilities exist in the 
IFFOutput::close( ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the 
IFFOutput alig ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the 
IFFOutput alig ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43596 (An information disclosure vulnerability exists in the 
IFFOutput channe ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654
        NOTE: https://github.com/OpenImageIO/oiio/pull/3676
 CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image 
output c ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
        NOTE: https://github.com/OpenImageIO/oiio/pull/3673
 CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image 
output c ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653
        NOTE: https://github.com/OpenImageIO/oiio/pull/3673
 CVE-2022-43593 (A denial of service vulnerability exists in the 
DPXOutput::close() fun ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
        NOTE: https://github.com/OpenImageIO/oiio/pull/3672
 CVE-2022-43592 (An information disclosure vulnerability exists in the 
DPXOutput::close ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
        NOTE: https://github.com/OpenImageIO/oiio/pull/3672
@@ -41742,6 +42017,7 @@ CVE-2022-42470
 CVE-2022-42469
        RESERVED
 CVE-2022-41999 (A denial of service vulnerability exists in the DDS native 
tile readin ...)
+       {DLA-3382-1}
        [experimental] - openimageio 2.4.7.1+dfsg-1
        - openimageio 2.4.7.1+dfsg-2 (bug #1027808)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
@@ -41750,11 +42026,13 @@ CVE-2022-41999 (A denial of service vulnerability 
exists in the DDS native tile
 CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m 
DELETE_FI ...)
        NOT-FOR-US: Siretta
 CVE-2022-41988 (An information disclosure vulnerability exists in the 
OpenImageIO::dec ...)
+       {DLA-3382-1}
        - openimageio 2.3.21.0+dfsg-1 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118
        NOTE: https://github.com/OpenImageIO/oiio/pull/3632
 CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline 
parsing func ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b
@@ -43054,11 +43332,13 @@ CVE-2022-42003 (In FasterXML jackson-databind before 
2.14.0-rc1, resource exhaus
 CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the 
following muta ...)
        NOT-FOR-US: SonicJS
 CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA 
file for ...)
+       {DLA-3382-1}
        - openimageio 2.4.7.1+dfsg-2 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
        NOTE: Prerequisite: 
https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249
 CVE-2022-41977 (An out of bounds read vulnerability exists in the way 
OpenImageIO vers ...)
+       {DLA-3382-1}
        - openimageio 2.3.21.0+dfsg-1 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
        NOTE: https://github.com/OpenImageIO/oiio/pull/3628
@@ -43075,6 +43355,7 @@ CVE-2022-41649 (A heap out of bounds read vulnerability 
exists in the handling o
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b
 CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile 
decoding cod ...)
+       {DLA-3382-1}
        - openimageio 2.3.21.0+dfsg-1 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633
        NOTE: https://github.com/OpenImageIO/oiio/pull/3632
@@ -43084,6 +43365,7 @@ CVE-2022-38143 (A heap out-of-bounds write 
vulnerability exists in the way OpenI
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
        NOTE: https://github.com/OpenImageIO/oiio/pull/3620
 CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA 
format parse ...)
+       {DLA-3382-1}
        - openimageio 2.3.21.0+dfsg-1 (bug #1027143)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629
        NOTE: https://github.com/OpenImageIO/oiio/pull/3624



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbcfe3de8f91d2fe9644ce08e5aeb6c32c79e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbcfe3de8f91d2fe9644ce08e5aeb6c32c79e3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to