[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-23853/kate via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f502be7 by Salvatore Bonaccorso at 2022-02-26T21:25:45+01:00 Track fixed version for CVE-2022-23853/kate via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6758,7 +6758,7 @@ CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EI CVE-2022-23854 RESERVED CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...) - - kate + - kate 4:21.12.2-1 [bullseye] - kate (Minor issue) [buster] - kate (Minor issue) [stretch] - kate (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f502be7bb3c95b6db811d06ed0810c5845bb57f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f502be7bb3c95b6db811d06ed0810c5845bb57f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ccb4586 by Salvatore Bonaccorso at 2022-02-26T21:21:11+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2022-26148 CVE-2022-26147 RESERVED CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) - TODO: check + NOT-FOR-US: Tricentis qTest CVE-2022-26145 RESERVED CVE-2022-26144 @@ -84,11 +84,11 @@ CVE-2022-25995 CVE-2022-0765 RESERVED CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...) - TODO: check + NOT-FOR-US: strapi CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0762 (Business Logic Errors in GitHub repository microweber/microweber prior ...) - TODO: check + NOT-FOR-US: microweber CVE-2021-4224 RESERVED CVE-2022-26111 @@ -1121,7 +1121,7 @@ CVE-2022-0725 [logs plain text passwords in system log when clearing the clipboa CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...) NOT-FOR-US: microweber CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0722 RESERVED CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ccb458629d43b02049c463f3304594df8e52f29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ccb458629d43b02049c463f3304594df8e52f29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e47dd0fd by security tracker role at 2022-02-26T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,8 +2,8 @@ CVE-2022-26148 RESERVED CVE-2022-26147 RESERVED -CVE-2022-26146 - RESERVED +CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) + TODO: check CVE-2022-26145 RESERVED CVE-2022-26144 @@ -83,12 +83,12 @@ CVE-2022-25995 RESERVED CVE-2022-0765 RESERVED -CVE-2022-0764 - RESERVED -CVE-2022-0763 - RESERVED -CVE-2022-0762 - RESERVED +CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...) + TODO: check +CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + TODO: check +CVE-2022-0762 (Business Logic Errors in GitHub repository microweber/microweber prior ...) + TODO: check CVE-2021-4224 RESERVED CVE-2022-26111 @@ -1120,8 +1120,8 @@ CVE-2022-0725 [logs plain text passwords in system log when clearing the clipboa NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/ CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...) NOT-FOR-US: microweber -CVE-2022-0723 - RESERVED +CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + TODO: check CVE-2022-0722 RESERVED CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...) @@ -3765,6 +3765,7 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM CVE-2022-0535 RESERVED CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...) + {DLA-2928-1} - htmldoc 1.9.15-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/463 NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15) @@ -12333,6 +12334,7 @@ CVE-2022-0078 CVE-2021-45959 REJECTED CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...) + {DLA-2929-1} - ujson (bug #1005140) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 NOTE: https://github.com/ultrajson/ultrajson/issues/501 @@ -21317,6 +21319,7 @@ CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D fi CVE-2021-43580 RESERVED CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC = 1.9 ...) + {DLA-2928-1} - htmldoc 1.9.13-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u1 NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13) @@ -30035,6 +30038,7 @@ CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovere CVE-2021-3800 RESERVED CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...) + {DLA-2928-1} - htmldoc 1.9.13-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u1 NOTE: https://github.com/michaelrsweet/htmldoc/issues/444 @@ -93707,8 +93711,8 @@ CVE-2020-27960 RESERVED CVE-2020-27959 RESERVED -CVE-2020-27958 - RESERVED +CVE-2020-27958 (The Job Composer app in Ohio Supercomputer Center Open OnDemand before ...) + TODO: check CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...) NOT-FOR-US: MediaWiki extension CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new gitlab issues from 2022-02-25 release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5252c923 by Salvatore Bonaccorso at 2022-02-26T20:41:36+01:00 Add new gitlab issues from 2022-02-25 release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -661,6 +661,8 @@ CVE-2022-0752 RESERVED CVE-2022-0751 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0750 RESERVED CVE-2022-0749 @@ -744,18 +746,24 @@ CVE-2022-0742 RESERVED CVE-2022-0741 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0740 RESERVED CVE-2022-0739 RESERVED CVE-2022-0738 RESERVED + - gitlab (Vulnerable code introduced later) + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0737 RESERVED CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...) NOT-FOR-US: mlflow CVE-2022-0735 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-4223 RESERVED CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th Generation Am ...) @@ -3642,6 +3650,8 @@ CVE-2022-0550 RESERVED CVE-2022-0549 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0548 RESERVED CVE-2022-24696 @@ -4472,6 +4482,8 @@ CVE-2022-0490 RESERVED CVE-2022-0489 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0488 RESERVED CVE-2022-24399 @@ -12518,6 +12530,8 @@ CVE-2021-4192 (vim is vulnerable to Use After Free ...) NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949) CVE-2021-4191 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) NOT-FOR-US: Netgear CVE-2022-22282 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5252c92311739f86ce2d6fc56be46ed8c32ce31e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5252c92311739f86ce2d6fc56be46ed8c32ce31e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update entry for CVE-2022-23639
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 616ff179 by Salvatore Bonaccorso at 2022-02-26T20:24:21+01:00 Update entry for CVE-2022-23639 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7365,8 +7365,10 @@ CVE-2022-23640 RESERVED CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) - rust-crossbeam + - rust-crossbeam-utils-0.7 NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926 NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781 + TODO: check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) NOT-FOR-US: darylldoyle svg-sanitizer CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/616ff1794118de004b1051caf8575f389bee6eb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/616ff1794118de004b1051caf8575f389bee6eb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] take cyrus-sasl2
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: a280cc86 by Thorsten Alteholz at 2022-02-26T17:10:20+01:00 take cyrus-sasl2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ ansible -- asterisk (Abhijith PA) -- -cyrus-sasl2 +cyrus-sasl2 (Thorsten Alteholz) NOTE: 20220225: Please wait for DSA and take if C-knowledge are sufficient. (Anton) -- debian-archive-keyring (Anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a280cc869023e18a8506258531f96a7dff4ca74e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a280cc869023e18a8506258531f96a7dff4ca74e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add link to fix in CVE-2021-45958
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: cc1d6e60 by Anton Gladky at 2022-02-26T16:05:14+01:00 Add link to fix in CVE-2021-45958 - - - - - 6eadca3a by Anton Gladky at 2022-02-26T16:06:17+01:00 Reserve DLA-2929-1 for ujson - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -12323,6 +12323,7 @@ CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer ove NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 NOTE: https://github.com/ultrajson/ultrajson/issues/501 NOTE: https://github.com/ultrajson/ultrajson/issues/502 + NOTE: https://github.com/ultrajson/ultrajson/pull/504 CVE-2021-45957 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Feb 2022] DLA-2929-1 ujson - security update + {CVE-2021-45958} + [stretch] - ujson 1.35-1+deb9u1 [26 Feb 2022] DLA-2928-1 htmldoc - security update {CVE-2021-40985 CVE-2021-43579 CVE-2022-0534} [stretch] - htmldoc 1.8.27-8+deb9u2 = data/dla-needed.txt = @@ -91,10 +91,5 @@ thunderbird (Emilio) -- tiff (Thorsten Alteholz) -- -ujson (Anton) - NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch - NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton) - NOTE: 20220221: WIP (Anton) --- vim -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1838a56cfe3d00c502193eb82c3b8cb6953279df...6eadca3aaed84dce314a0a6e62ef953f37e0f544 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1838a56cfe3d00c502193eb82c3b8cb6953279df...6eadca3aaed84dce314a0a6e62ef953f37e0f544 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed htmldoc update via buster-pu upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1838a56c by Salvatore Bonaccorso at 2022-02-26T15:13:29+01:00 Track proposed htmldoc update via buster-pu upload - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -244,3 +244,9 @@ CVE-2021- [SQL Server LIMIT / OFFSET SQL Injection] [buster] - php-illuminate-database 5.7.27-1+deb10u1 CVE-2021-21263 (Laravel is a web application framework. Versions of Laravel before 6.2 ...) [buster] - php-illuminate-database 5.7.27-1+deb10u1 +CVE-2022-0534 + [buster] - htmldoc 1.9.3-1+deb10u3 +CVE-2021-43579 + [buster] - htmldoc 1.9.3-1+deb10u3 +CVE-2021-40985 + [buster] - htmldoc 1.9.3-1+deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1838a56cfe3d00c502193eb82c3b8cb6953279df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1838a56cfe3d00c502193eb82c3b8cb6953279df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream tag information for pcf2bdf commits
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9199db1 by Salvatore Bonaccorso at 2022-02-26T14:14:33+01:00 Add upstream tag information for pcf2bdf commits - - - - - 14ce5aa8 by Salvatore Bonaccorso at 2022-02-26T15:08:16+01:00 Track proposed update for htmldoc via bullseye-pu upload - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -8206,13 +8206,13 @@ CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/5 NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68 - NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79 + NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79 (1.07) NOTE: Crash in CLI tool, no security impact CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions = 1.05 allows an attac ...) - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/4 NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49 - NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694 + NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694 (1.07) NOTE: Crash in CLI tool, no security impact CVE-2022-23317 (CobaltStrike =4.5 HTTP(S) listener does not determine whether the ...) NOT-FOR-US: CobaltStrike = data/next-point-update.txt = @@ -126,3 +126,5 @@ CVE-2021-39191 [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-1+deb11u1 CVE-2021-40874 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u1 +CVE-2022-0534 + [bullseye] - htmldoc 1.9.11-4+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2cf86ee2bc498b3fe01026add079b6e6e2eebaf2...14ce5aa88bd3c6a0e3ea3832b541d2c79a2c0fe8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2cf86ee2bc498b3fe01026add079b6e6e2eebaf2...14ce5aa88bd3c6a0e3ea3832b541d2c79a2c0fe8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pcf2bdf, connman fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cf86ee2 by Moritz Muehlenhoff at 2022-02-26T12:48:57+01:00 pcf2bdf, connman fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8203,13 +8203,13 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) NOT-FOR-US: XMPie uStore CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions = ...) - - pcf2bdf (unimportant) + - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/5 NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68 NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79 NOTE: Crash in CLI tool, no security impact CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions = 1.05 allows an attac ...) - - pcf2bdf (unimportant) + - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/4 NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49 NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694 @@ -9274,7 +9274,7 @@ CVE-2022-23099 RESERVED CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DLA-2915-1} - - connman (bug #1004935) + - connman 1.36-2.4 (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 @@ -9283,7 +9283,7 @@ CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...) {DLA-2915-1} - - connman (bug #1004935) + - connman 1.36-2.4 (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 @@ -9291,7 +9291,7 @@ CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DLA-2915-1} - - connman (bug #1004935) + - connman 1.36-2.4 (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cf86ee2bc498b3fe01026add079b6e6e2eebaf2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cf86ee2bc498b3fe01026add079b6e6e2eebaf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2928-1 for htmldoc
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: a1d5955b by Thorsten Alteholz at 2022-02-26T12:19:00+01:00 Reserve DLA-2928-1 for htmldoc - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Feb 2022] DLA-2928-1 htmldoc - security update + {CVE-2021-40985 CVE-2021-43579 CVE-2022-0534} + [stretch] - htmldoc 1.8.27-8+deb9u2 [19 Feb 2022] DLA-2927-1 twisted - security update {CVE-2020-10108 CVE-2020-10109 CVE-2022-21712} [stretch] - twisted 16.6.0-2+deb9u1 = data/dla-needed.txt = @@ -53,9 +53,6 @@ gpac (Roberto C. Sánchez) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) -- -htmldoc (Thorsten Alteholz) - NOTE: 20220225: testing package --- intel-microcode NOTE: 20220213: please recheck -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d5955bad9f2461e0a613fa39ca1dd626a7218c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d5955bad9f2461e0a613fa39ca1dd626a7218c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2022-24303/pillow via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edfee6e7 by Salvatore Bonaccorso at 2022-02-26T11:05:53+01:00 Add fixed version for CVE-2022-24303/pillow via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4725,7 +4725,7 @@ CVE-2022-24304 RESERVED CVE-2022-24303 RESERVED - - pillow + - pillow 9.0.1-1 [bullseye] - pillow (Minor issue) [buster] - pillow (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfee6e709c5d09bf0fd9b77b955e1bf6fa00cd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edfee6e709c5d09bf0fd9b77b955e1bf6fa00cd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-23308/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc6d9ece by Salvatore Bonaccorso at 2022-02-26T11:04:02+01:00 Add Debian bug reference for CVE-2022-23308/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8493,7 +8493,7 @@ CVE-2022-23310 CVE-2022-23309 RESERVED CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...) - - libxml2 + - libxml2 (bug #1006489) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/327 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e (v2.9.13) CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6d9ecee632cf00b91778560ee62909be202a55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6d9ecee632cf00b91778560ee62909be202a55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-23308/consul
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9f4a155 by Salvatore Bonaccorso at 2022-02-26T10:55:39+01:00 Add Debian bug reference for CVE-2022-23308/consul - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3663,7 +3663,7 @@ CVE-2022-24689 CVE-2022-24688 RESERVED CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, a ...) - - consul + - consul (bug #1006487) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) - nomad View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f4a155f54063950f8ef5e01c06e3933cc87f00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f4a155f54063950f8ef5e01c06e3933cc87f00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for fscrypt issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f8a7f25 by Salvatore Bonaccorso at 2022-02-26T10:39:59+01:00 Add Debian bug references for fscrypt issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1886,13 +1886,13 @@ CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProt CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a static cre ...) NOT-FOR-US: Trend Micro CVE-2022-25328 (The bash_completion script for fscrypt allows injection of commands vi ...) - - fscrypt + - fscrypt (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 NOTE: https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02 CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt metadat ...) - - fscrypt + - fscrypt (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 @@ -1900,7 +1900,7 @@ CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt m NOTE: https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576 NOTE: https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0 CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by default w ...) - - fscrypt + - fscrypt (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f8a7f25b635fe245be7b68860c8a8e869a78954 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f8a7f25b635fe245be7b68860c8a8e869a78954 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-21706/zulip-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92ab1af1 by Salvatore Bonaccorso at 2022-02-26T09:25:41+01:00 Add CVE-2022-21706/zulip-server, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19339,7 +19339,7 @@ CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In v CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...) NOT-FOR-US: wasmCloud Host Runtime CVE-2022-21706 (Zulip is an open-source team collaboration tool with topic-based threa ...) - TODO: check + - zulip-server (bug #800052) CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...) NOT-FOR-US: October CMS CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ab1af15157fbd3b6f999876c3d61225abef572 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ab1af15157fbd3b6f999876c3d61225abef572 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-23308/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd804af1 by Salvatore Bonaccorso at 2022-02-26T09:24:07+01:00 Add CVE-2022-23308/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8493,7 +8493,9 @@ CVE-2022-23310 CVE-2022-23309 RESERVED CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...) - TODO: check + - libxml2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/327 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e (v2.9.13) CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...) NOT-FOR-US: livehelperchat CVE-2022-0265 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd804af1b0835df0e12b77e5c3ca4ff321b4526f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd804af1b0835df0e12b77e5c3ca4ff321b4526f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e27ab837 by Salvatore Bonaccorso at 2022-02-26T09:23:24+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,7 @@ CVE-2022-0767 CVE-2022-0766 RESERVED CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...) - TODO: check + NOT-FOR-US: Tor Browser (on Windows) CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...) - linux NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884 @@ -1821,7 +1821,7 @@ CVE-2022-25361 CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...) - TODO: check + NOT-FOR-US: ICL ScadaFlex II SCADA Controller CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) NOT-FOR-US: awful-salmonella-tar CVE-2022-25357 @@ -2100,17 +2100,17 @@ CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may ha NOTE: Not considered a security flaw. If desired because no need for backward compatibility NOTE: can be mitigated through a LSM. CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...) - linux 5.16.10-1 NOTE: https://github.com/szymonh/d-os-descriptor @@ -2693,11 +2693,11 @@ CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insuffici CVE-2022-25097 RESERVED CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...) - TODO: check + NOT-FOR-US: Home Owners Collection Management System CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...) - TODO: check + NOT-FOR-US: Home Owners Collection Management System CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...) - TODO: check + NOT-FOR-US: Home Owners Collection Management System CVE-2022-25093 RESERVED CVE-2022-25092 @@ -2757,15 +2757,15 @@ CVE-2022-25066 CVE-2022-25065 RESERVED CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2022-25063 RESERVED CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2022-25059 RESERVED CVE-2022-25058 @@ -4293,7 +4293,7 @@ CVE-2022-2 CVE-2022-24443 RESERVED CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2022-24428 RESERVED CVE-2022-24427 @@ -18706,7 +18706,7 @@ CVE-2021-44134 CVE-2021-44133 RESERVED CVE-2021-44132 (A command injection vulnerability in the function formImportOMCIShell ...) - TODO: check + NOT-FOR-US: C-DATA ONU4FERW CVE-2021-44131 RESERVED CVE-2021-44130 @@ -24024,7 +24024,7 @@ CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from CVE-2021-42953 RESERVED CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...) - TODO: check + NOT-FOR-US: Zepl Notebooks CVE-2021-42951 RESERVED CVE-2021-42950 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27ab837fa54a429503ba7ce275604c608e84385 -- View
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-36516/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 057a0ff6 by Salvatore Bonaccorso at 2022-02-26T09:14:14+01:00 Add CVE-2020-36516/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,7 +39,8 @@ CVE-2022-0766 CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...) TODO: check CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...) - TODO: check + - linux + NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884 CVE-2022-26129 RESERVED CVE-2022-26128 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057a0ff63c65d3e5582209827b0445993aba2685 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057a0ff63c65d3e5582209827b0445993aba2685 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb75f822 by security tracker role at 2022-02-26T08:10:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2022-26148 + RESERVED +CVE-2022-26147 + RESERVED +CVE-2022-26146 + RESERVED +CVE-2022-26145 + RESERVED +CVE-2022-26144 + RESERVED +CVE-2022-26143 + RESERVED +CVE-2022-26142 + RESERVED +CVE-2022-26141 + RESERVED +CVE-2022-26140 + RESERVED +CVE-2022-26139 + RESERVED +CVE-2022-26138 + RESERVED +CVE-2022-26137 + RESERVED +CVE-2022-26136 + RESERVED +CVE-2022-26135 + RESERVED +CVE-2022-26134 + RESERVED +CVE-2022-26133 + RESERVED +CVE-2022-26132 + RESERVED +CVE-2022-0767 + RESERVED +CVE-2022-0766 + RESERVED +CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...) + TODO: check +CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...) + TODO: check CVE-2022-26129 RESERVED CVE-2022-26128 @@ -1777,8 +1819,8 @@ CVE-2022-25361 RESERVED CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard -CVE-2022-25359 - RESERVED +CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...) + TODO: check CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) NOT-FOR-US: awful-salmonella-tar CVE-2022-25357 @@ -2056,18 +2098,18 @@ CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may ha NOTE: https://github.com/x0reaxeax/exec-prot-bypass NOTE: Not considered a security flaw. If desired because no need for backward compatibility NOTE: can be mitigated through a LSM. -CVE-2022-25264 - RESERVED -CVE-2022-25263 - RESERVED -CVE-2022-25262 - RESERVED -CVE-2022-25261 - RESERVED -CVE-2022-25260 - RESERVED -CVE-2022-25259 - RESERVED +CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...) + TODO: check +CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...) + TODO: check +CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...) + TODO: check +CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. ...) + TODO: check +CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side ...) + TODO: check +CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. ...) + TODO: check CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...) - linux 5.16.10-1 NOTE: https://github.com/szymonh/d-os-descriptor @@ -2649,12 +2691,12 @@ CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insuffici NOT-FOR-US: ECTouch CVE-2022-25097 RESERVED -CVE-2022-25096 - RESERVED -CVE-2022-25095 - RESERVED -CVE-2022-25094 - RESERVED +CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check +CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...) + TODO: check +CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check CVE-2022-25093 RESERVED CVE-2022-25092 @@ -2713,16 +2755,16 @@ CVE-2022-25066 RESERVED CVE-2022-25065 RESERVED -CVE-2022-25064 - RESERVED +CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote ...) + TODO: check CVE-2022-25063 RESERVED -CVE-2022-25062 - RESERVED -CVE-2022-25061 - RESERVED -CVE-2022-25060 - RESERVED +CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...) + TODO: check +CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) + TODO: check +CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) + TODO: check CVE-2022-25059 RESERVED CVE-2022-25058 @@ -2869,8 +2911,7 @@ CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an NOT-FOR-US: galois_2p8 CVE-2022-24987 RESERVED -CVE-2022-24986 - RESERVED +CVE-2022-24986 (KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, b ...) - kcron [bullseye] - kcron (Minor issue) [buster] - kcron (Minor issue) @@ -3519,8 +3560,8 @@ CVE-2022-24712 RESERVED CVE-2022-24711 RESERVED