[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3c6ccd2 by Salvatore Bonaccorso at 2022-03-19T21:37:13+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -146,7 +146,7 @@ CVE-2022-0993 CVE-2022-0992 RESERVED CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) - TODO: check + NOT-FOR-US: admidio CVE-2022-0990 RESERVED CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c6ccd2cb7bf261ee1918093ead3f32f6cedc16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c6ccd2cb7bf261ee1918093ead3f32f6cedc16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bf72c78a by security tracker role at 2022-03-19T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -145,8 +145,8 @@ CVE-2022-0993 RESERVED CVE-2022-0992 RESERVED -CVE-2022-0991 - RESERVED +CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) + TODO: check CVE-2022-0990 RESERVED CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...) @@ -133674,7 +133674,7 @@ CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_n [jessie] - iproute2 (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0) NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0) -CVE-2020-15591 [unspecified fexsrv security issue] +CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 a ...) - fex 20160919-2 [buster] - fex 20160919-2~deb10u1 [stretch] - fex 20160919-2~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf72c78a594cbdb8298c3d63df770fff657691e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf72c78a594cbdb8298c3d63df770fff657691e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take tiff and wordpress
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 43c55a02 by Utkarsh Gupta at 2022-03-19T22:06:03+05:30 Take tiff and wordpress - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -89,7 +89,7 @@ snapd NOTE: 20220308: seems vulnerable at least to setup_private_mount, NOTE: 20220308: but double check (pochu) -- -tiff +tiff (Utkarsh) -- thunderbird (Emilio) NOTE: 20220318: update prepared, but waiting for DSA (pochu) @@ -101,7 +101,7 @@ unzip -- wireshark (Markus Koschany) -- -wordpress +wordpress (Utkarsh) NOTE: 20220319: 4.7.23 was released on March 11,2022 and contains new security NOTE: 20220319: fixes -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43c55a02048f49ee03dcf4cce7450ce254884b63 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43c55a02048f49ee03dcf4cce7450ce254884b63 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Add abcm2ps to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 205885fd by Markus Koschany at 2022-03-19T17:01:07+01:00 Add abcm2ps to dla-needed.txt - - - - - 3930791d by Markus Koschany at 2022-03-19T17:13:20+01:00 CVE-2022-24599,audiofile: Stretch/no-dsa Minor issue. Can be fixed later. - - - - - a62e04a2 by Markus Koschany at 2022-03-19T17:24:20+01:00 CVE-2022-22909,hoteldruid: Stretch/no-dsa Minor issue. Requires the privilege to add a new room and can thus be mitigated. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -7290,6 +7290,7 @@ CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory le - audiofile [bullseye] - audiofile (Minor issue) [buster] - audiofile (Minor issue) + [stretch] - audiofile (Minor issue) NOTE: https://github.com/mpruett/audiofile/issues/60 CVE-2022-24598 RESERVED @@ -13137,6 +13138,7 @@ CVE-2022-22909 (HotelDruid v3.0.3 was discovered to contain a remote code execut - hoteldruid (bug #1006750) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/0z09e/CVE-2022-22909 CVE-2022-22908 (SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, ...) NOT-FOR-US: Sangfor VDI Client = data/dla-needed.txt = @@ -12,6 +12,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. +-- +abcm2ps -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95caeff17a0a8179d66c3abc338adee7108e5873...a62e04a225d9ade905c49cb02dbff1b5609e3406 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95caeff17a0a8179d66c3abc338adee7108e5873...a62e04a225d9ade905c49cb02dbff1b5609e3406 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add wordpress to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 95caeff1 by Markus Koschany at 2022-03-19T16:33:16+01:00 Add wordpress to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,5 +99,9 @@ unzip -- wireshark (Markus Koschany) -- +wordpress + NOTE: 20220319: 4.7.23 was released on March 11,2022 and contains new security + NOTE: 20220319: fixes +-- zabbix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95caeff17a0a8179d66c3abc338adee7108e5873 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95caeff17a0a8179d66c3abc338adee7108e5873 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tiff and unzip to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e708f4f8 by Markus Koschany at 2022-03-19T16:27:49+01:00 Add tiff and unzip to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -87,11 +87,16 @@ snapd NOTE: 20220308: seems vulnerable at least to setup_private_mount, NOTE: 20220308: but double check (pochu) -- +tiff +-- thunderbird (Emilio) NOTE: 20220318: update prepared, but waiting for DSA (pochu) -- tzdata (Emilio) -- +unzip + NOTE: 20220319: no patches yet but reproducible (apo) +-- wireshark (Markus Koschany) -- zabbix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e708f4f8811961007a8055a42753ca83dd1771a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e708f4f8811961007a8055a42753ca83dd1771a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2955-2 for bind9
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
555062ce by Markus Koschany at 2022-03-19T16:11:21+01:00
Reserve DLA-2955-2 for bind9
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[19 Mar 2022] DLA-2955-2 bind9 - regression update
+ [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u12
[18 Mar 2022] DLA-2955-1 bind9 - security update
{CVE-2021-25220}
[stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u11
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/555062ce96d34f240299e9369b7036828c87d21d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/555062ce96d34f240299e9369b7036828c87d21d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed phpliteadmin updates via {buster,bullseye}-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d070d621 by Salvatore Bonaccorso at 2022-03-19T10:59:00+01:00
Track proposed phpliteadmin updates via {buster,bullseye}-pu
- - - - -
2 changed files:
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=
data/next-oldstable-point-update.txt
=
@@ -326,3 +326,5 @@ CVE-2020-13253
[buster] - qemu 1:3.1+dfsg-8+deb10u9
CVE-2020-10001
[buster] - cups 2.2.10-6+deb10u5
+CVE-2021-46709
+ [buster] - phpliteadmin 1.9.7.1-2+deb10u1
=
data/next-point-update.txt
=
@@ -184,3 +184,5 @@ CVE-2021-45005
[bullseye] - mujs 1.1.0-1+deb11u1
CVE-2022-27240
[bullseye] - glewlwyd 2.5.2-2+deb11u3
+CVE-2021-46709
+ [bullseye] - phpliteadmin 1.9.8.2-1+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d070d621bf1adbb6458b7a841f88e2d3bb22804c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d070d621bf1adbb6458b7a841f88e2d3bb22804c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for cups via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b18c2e2 by Salvatore Bonaccorso at 2022-03-19T10:57:24+01:00 Track proposed update for cups via buster-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -324,3 +324,5 @@ CVE-2020-15859 [buster] - qemu 1:3.1+dfsg-8+deb10u9 CVE-2020-13253 [buster] - qemu 1:3.1+dfsg-8+deb10u9 +CVE-2020-10001 + [buster] - cups 2.2.10-6+deb10u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b18c2e23f5224fe510bbc37c36dd17802ba423f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b18c2e23f5224fe510bbc37c36dd17802ba423f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-15591/fex assigned
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ad02b9c by Salvatore Bonaccorso at 2022-03-19T10:12:27+01:00
CVE-2020-15591/fex assigned
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -126026,8 +126026,6 @@ CVE-2020-15593 (SteelCentral Aternity Agent
11.0.0.120 on Windows mishandles IPC
NOT-FOR-US: SteelCentral Aternity Agent
CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows
allows Privil ...)
NOT-FOR-US: SteelCentral Aternity Agent
-CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before
fex-20160919_2 a ...)
- TODO: check
CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN
Client for Li ...)
NOT-FOR-US: Private Internet Access client for Linux
CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle,
InternetSen ...)
@@ -133674,10 +133672,11 @@ CVE-2019-20795 (iproute2 before 5.1.0 has a
use-after-free in get_netnsid_from_n
[jessie] - iproute2 (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
(v5.1.0)
NOTE: Introduced in:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c
(v4.15.0)
-CVE-2020- [unspecified fexsrv security issue]
+CVE-2020-15591 [unspecified fexsrv security issue]
- fex 20160919-2
[buster] - fex 20160919-2~deb10u1
[stretch] - fex 20160919-2~deb9u1
+ NOTE: https://secfault-security.com/advisories/cve2020-15591.html
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11.
btree_gc_c ...)
{DLA-2420-1 DLA-2323-1}
- linux 5.7.6-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad02b9c450cb376651d3ea149c1ae0acf1d3990
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad02b9c450cb376651d3ea149c1ae0acf1d3990
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2626{6,7}/piwigo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62662b28 by Salvatore Bonaccorso at 2022-03-19T10:11:17+01:00
Add CVE-2022-2626{6,7}/piwigo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2684,9 +2684,9 @@ CVE-2022-26269
CVE-2022-26268
RESERVED
CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak
via the a ...)
- TODO: check
+ - piwigo
CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ - piwigo
CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a
remote comma ...)
NOT-FOR-US: Contao Managed Edition
CVE-2022-26264
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62662b28098d05d922c8e81eae83a841426426e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62662b28098d05d922c8e81eae83a841426426e0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 769461cc by Salvatore Bonaccorso at 2022-03-19T10:10:08+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -112,7 +112,7 @@ CVE-2022-27228 CVE-2022-27227 RESERVED CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...) - TODO: check + NOT-FOR-US: iRZ Mobile Routers CVE-2022-0999 RESERVED CVE-2022-0998 @@ -2688,7 +2688,7 @@ CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...) TODO: check CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote comma ...) - TODO: check + NOT-FOR-US: Contao Managed Edition CVE-2022-26264 RESERVED CVE-2022-26263 @@ -4492,13 +4492,13 @@ CVE-2022-25583 CVE-2022-25582 RESERVED CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...) - TODO: check + NOT-FOR-US: Classcms CVE-2022-25580 RESERVED CVE-2022-25579 RESERVED CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...) - TODO: check + NOT-FOR-US: taocms CVE-2022-25577 RESERVED CVE-2022-25576 @@ -4886,9 +4886,9 @@ CVE-2022-25392 CVE-2022-25391 RESERVED CVE-2022-25390 (DCN Firewall DCME-520 was discovered to contain a remote command execu ...) - TODO: check + NOT-FOR-US: DCN Firewall CVE-2022-25389 (DCN Firewall DCME-520 was discovered to contain an arbitrary file down ...) - TODO: check + NOT-FOR-US: DCN Firewall CVE-2022-25388 RESERVED CVE-2022-25387 @@ -16413,9 +16413,9 @@ CVE-2021-45837 CVE-2021-45836 RESERVED CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to ...) - TODO: check + NOT-FOR-US: Online Admission System CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...) - TODO: check + NOT-FOR-US: OpenDocMan CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...) - hdf5 NOTE: https://github.com/HDFGroup/hdf5/issues/1313 @@ -20083,7 +20083,7 @@ CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Seq CVE-2021-4096 RESERVED CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2022-21821 RESERVED CVE-2022-21820 @@ -21732,7 +21732,7 @@ CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in - linux (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) CVE-2021-4031 (Syltek application before its 10.22.00 version, does not correctly che ...) - TODO: check + NOT-FOR-US: Syltek CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of the Z ...) NOT-FOR-US: Zyxel CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...) @@ -22304,9 +22304,9 @@ CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online R CVE-2021-44089 RESERVED CVE-2021-44088 (An SQL Injection vulnerability exists in Sourcecodester Attendance and ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-44087 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester A ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-44086 RESERVED CVE-2021-44085 @@ -22708,7 +22708,7 @@ CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through CVE-2021-43962 RESERVED CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. ...) - TODO: check + NOT-FOR-US: Sonatype CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...) NOT-FOR-US: Lorensbergs Connect2 CVE-2021-3974 (vim is vulnerable to Use After Free ...) @@ -76627,7 +76627,7 @@ CVE-2021-23773 CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...) NOT-FOR-US: iris Go web framework CVE-2021-23771 (This affects all versions of package notevil; all versions of package ...) - TODO: check + NOT-FOR-US: notevil nodejs module CVE-2021-23770 RESERVED CVE-2021-23769 @@ -79426,7 +79426,7 @@ CVE-2021-22573 CVE-2021-22572 RESERVED CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...) - TODO: check + NOT-FOR-US: SA360 reports CVE-2021-22570 (Nullptr dereference
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-0547/openvpn
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f04fe029 by Salvatore Bonaccorso at 2022-03-19T10:02:06+01:00 Add CVE-2022-0547/openvpn - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7023,7 +7023,8 @@ CVE-2022-24670 CVE-2022-24669 RESERVED CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...) - TODO: check + - openvpn + NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...) - blender NOTE: Issue: https://developer.blender.org/T94572 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe02929af1ec03f4cdecab7e6ee4a381080f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe02929af1ec03f4cdecab7e6ee4a381080f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-100{2,3}/mattermost-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
377f4756 by Salvatore Bonaccorso at 2022-03-19T10:01:08+01:00
Add CVE-2022-100{2,3}/mattermost-server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -100,9 +100,9 @@ CVE-2022-1005
CVE-2022-1004
RESERVED
CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to
proper ...)
- TODO: check
+ - mattermost-server (bug #823556)
CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the
HTML conte ...)
- TODO: check
+ - mattermost-server (bug #823556)
CVE-2022-1001
RESERVED
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager
prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/377f47563243532461d4b375574998ce77e3dbd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/377f47563243532461d4b375574998ce77e3dbd8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1b3965e by Salvatore Bonaccorso at 2022-03-19T09:41:36+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain remot ...) - TODO: check + NOT-FOR-US: UNISOC CVE-2022-1030 RESERVED CVE-2022-1029 @@ -4744,39 +4744,39 @@ CVE-2022-25463 CVE-2022-25462 RESERVED CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25459 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25458 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25457 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25456 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25455 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25454 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25453 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25452 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25451 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25450 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25449 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25448 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25447 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25446 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25445 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25444 RESERVED CVE-2022-25443 @@ -4784,35 +4784,35 @@ CVE-2022-25443 CVE-2022-25442 RESERVED CVE-2022-25441 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25440 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25439 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25438 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25437 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25436 RESERVED CVE-2022-25435 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25434 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25433 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25432 RESERVED CVE-2022-25431 (Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25430 RESERVED CVE-2022-25429 (Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25428 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25427 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-25426 RESERVED CVE-2022-25425 View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ad6ac5f by security tracker role at 2022-03-19T08:10:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain remot ...) + TODO: check +CVE-2022-1030 + RESERVED +CVE-2022-1029 + RESERVED +CVE-2022-1028 + RESERVED CVE-2022-27249 RESERVED CVE-2022-27248 @@ -103,8 +111,8 @@ CVE-2022-27228 RESERVED CVE-2022-27227 RESERVED -CVE-2022-27226 - RESERVED +CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...) + TODO: check CVE-2022-0999 RESERVED CVE-2022-0998 @@ -2675,12 +2683,12 @@ CVE-2022-26269 RESERVED CVE-2022-26268 RESERVED -CVE-2022-26267 - RESERVED -CVE-2022-26266 - RESERVED -CVE-2022-26265 - RESERVED +CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...) + TODO: check +CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote comma ...) + TODO: check CVE-2022-26264 RESERVED CVE-2022-26263 @@ -4483,14 +4491,14 @@ CVE-2022-25583 RESERVED CVE-2022-25582 RESERVED -CVE-2022-25581 - RESERVED +CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...) + TODO: check CVE-2022-25580 RESERVED CVE-2022-25579 RESERVED -CVE-2022-25578 - RESERVED +CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...) + TODO: check CVE-2022-25577 RESERVED CVE-2022-25576 @@ -4735,76 +4743,76 @@ CVE-2022-25463 RESERVED CVE-2022-25462 RESERVED -CVE-2022-25461 - RESERVED -CVE-2022-25460 - RESERVED -CVE-2022-25459 - RESERVED -CVE-2022-25458 - RESERVED -CVE-2022-25457 - RESERVED -CVE-2022-25456 - RESERVED -CVE-2022-25455 - RESERVED -CVE-2022-25454 - RESERVED -CVE-2022-25453 - RESERVED -CVE-2022-25452 - RESERVED -CVE-2022-25451 - RESERVED -CVE-2022-25450 - RESERVED -CVE-2022-25449 - RESERVED -CVE-2022-25448 - RESERVED -CVE-2022-25447 - RESERVED -CVE-2022-25446 - RESERVED -CVE-2022-25445 - RESERVED +CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25459 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25458 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25457 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25456 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25455 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25454 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25453 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25452 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25451 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25450 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25449 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25448 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25447 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25446 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check +CVE-2022-25445 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + TODO: check CVE-2022-25444 RESERVED CVE-2022-25443 RESERVED CVE-2022-25442 RESERVED -CVE-2022-25441 - RESERVED -CVE-2022-25440 - RESERVED -CVE-2022-25439 - RESERVED -CVE-2022-25438 - RESERVED -CVE-2022-25437 - RESERVED +CVE-2022-25441 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) + TODO: check +CVE-2022-25440 (Tenda AC9 v15.03.2.21 was discovered to contain a
