[Git][security-tracker-team/security-tracker][master] Update records for CVE-2022-33981
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad3e1484 by Salvatore Bonaccorso at 2022-06-20T06:54:12+02:00 Update records for CVE-2022-33981 Unfortunately the CVE-2022-33981 is kept in favour of CVE-2022-1836. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75,7 +75,10 @@ CVE-2022-29895 CVE-2022-29871 RESERVED CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) - NOTE: Duplicate of CVE-2022-1836, checking with MITRE for rejection + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 + NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5) CVE-2022-33980 RESERVED CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) @@ -6891,12 +6894,8 @@ CVE-2022-28690 (The affected product is vulnerable to an out-of-bounds write via NOT-FOR-US: Horner Automation CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, which ma ...) NOT-FOR-US: Horner Automation -CVE-2022-1836 [floppy: disable FDRAWCMD by default] +CVE-2022-1836 RESERVED - - linux 5.17.6-1 - [bullseye] - linux 5.10.113-1 - NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 - NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5) CVE-2022-1835 RESERVED CVE-2022-1834 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad3e1484c11aa87346aa03d7224b8277b8bdc8f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad3e1484c11aa87346aa03d7224b8277b8bdc8f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags of cyrus-imapd/stretch
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 088ac34e by Markus Koschany at 2022-06-20T00:14:36+02:00 Remove no-dsa tags of cyrus-imapd/stretch - - - - - a3261ec2 by Markus Koschany at 2022-06-20T00:29:37+02:00 Reserve DLA-3052-1 cyrus-imapd - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -71561,7 +71561,6 @@ CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denia - cyrus-imapd 3.4.2-1 (bug #993433) [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 [buster] - cyrus-imapd 3.0.8-6+deb10u6 - [stretch] - cyrus-imapd (Minor issue; can be fixed via point release) - cyrus-imapd-2.4 NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master) @@ -186580,7 +186579,6 @@ CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege ...) - cyrus-imapd 3.0.12-1 [buster] - cyrus-imapd 3.0.8-6+deb10u3 - [stretch] - cyrus-imapd (Minor issue; can be fixed via point release) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/e675bf7b0e9c6e160516d274bffaec6f9dccaef7 (cyrus-imapd-3.0.12) NOTE: Fixed in 3.0.12 and 2.5.14 upstream CVE-2019-18927 = data/DLA/list = @@ -1,3 +1,6 @@ +[20 Jun 2022] DLA-3052-1 cyrus-imapd - security update + {CVE-2019-18928 CVE-2021-33582} + [stretch] - cyrus-imapd 2.5.10-3+deb9u3 [15 Jun 2022] DLA-3051-1 tzdata - new timezone database [stretch] - tzdata 2021a-0+deb9u4 [10 Jun 2022] DLA-3050-1 vlc - security update = data/dla-needed.txt = @@ -52,10 +52,6 @@ curl (Emilio) NOTE: 20220615: made some progress on the test regressions, some are due to flaky tests apparently, NOTE: 20220615: but at least one seems to be caused by one of the fixes (pochu) -- -cyrus-imapd (Markus Koschany) - NOTE: 20220529: Programming language: C. - NOTE: 20220523: Follow buster: harmonize with with DSA-4590-1 and Debian 10.11 (2 CVEs) (Beuc/front-desk) --- exempi NOTE: 20220529: Programming language: C++. NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d2d71db by Thorsten Alteholz at 2022-06-19T23:59:21+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -153,7 +153,7 @@ libmatio (Abhijith PA) -- libvirt (Thorsten Alteholz) NOTE: 20220529: Programming language: C. - NOTE: 20220606: testing package + NOTE: 20220620: testing package -- linux (Ben Hutchings) NOTE: 20220529: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d2d71dbc632f680f2ee92645fe40e0468923cc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d2d71dbc632f680f2ee92645fe40e0468923cc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add some new vim issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 729176b6 by Salvatore Bonaccorso at 2022-06-19T22:14:00+02:00 Add some new vim issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -79,17 +79,25 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln CVE-2022-33980 RESERVED CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 + NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) CVE-2022-2128 RESERVED CVE-2022-2127 RESERVED CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e + NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123) CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 + NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122) CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 + NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120) CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...) - python-ldap 3.4.0-1 NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729176b694284c423f12ce2c1dcbe5f15b1edef3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729176b694284c423f12ce2c1dcbe5f15b1edef3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f850e91b by security tracker role at 2022-06-19T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2022-33999 + RESERVED +CVE-2022-33998 + RESERVED +CVE-2022-33997 + RESERVED +CVE-2022-33996 + RESERVED +CVE-2022-33995 + RESERVED +CVE-2022-33994 + RESERVED +CVE-2017-20091 + RESERVED +CVE-2017-20090 + RESERVED +CVE-2017-20089 + RESERVED +CVE-2017-20088 + RESERVED +CVE-2017-20087 + RESERVED +CVE-2017-20086 + RESERVED +CVE-2017-20085 + RESERVED +CVE-2017-20084 + RESERVED +CVE-2017-20083 + RESERVED +CVE-2017-20082 + RESERVED CVE-2022-33993 RESERVED CVE-2022-33992 @@ -46,18 +78,18 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln NOTE: Duplicate of CVE-2022-1836, checking with MITRE for rejection CVE-2022-33980 RESERVED -CVE-2022-2129 - RESERVED +CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-2128 RESERVED CVE-2022-2127 RESERVED -CVE-2022-2126 - RESERVED -CVE-2022-2125 - RESERVED -CVE-2022-2124 - RESERVED +CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...) - python-ldap 3.4.0-1 NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm @@ -31867,8 +31899,8 @@ CVE-2022-23073 RESERVED CVE-2022-23072 RESERVED -CVE-2022-23071 - RESERVED +CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...) + TODO: check CVE-2022-23070 RESERVED CVE-2022-23069 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f850e91b207ea461c3529b6471660de24b07b4ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f850e91b207ea461c3529b6471660de24b07b4ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several ancient ffmpeg issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27025b44 by Salvatore Bonaccorso at 2022-06-19T21:39:39+02:00 Process several ancient ffmpeg issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -207,21 +207,29 @@ CVE-2022-2119 CVE-2022-2118 RESERVED CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9dbc13836cd52cda594f819d17af9afa2 (n2.2-rc1) CVE-2014-125024 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee35fdcc5ffdb28782050164b4623c0b (n2.2-rc1) CVE-2014-125023 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2240e2078d53d3cfce8ff1dda64e58fa72038602 (n2.2-rc1) CVE-2014-125022 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1713eec29add37b654ec6bf262b843d139c1ffc6 (n2.2-rc1) CVE-2014-125021 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5430839144c6da0160e8e0cfb0c8db01de432e94 (n2.2-rc1) CVE-2014-125020 (A vulnerability has been found in FFmpeg 2.0 and classified as critica ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f097d168d9cad473dd44010a337c1413a9cd198 (n2.2-rc1) CVE-2014-125019 (A vulnerability, which was classified as problematic, was found in FFm ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b25e84b7399bd91605596b67d761d3464dbe8a6e (n2.2-rc1) CVE-2014-125018 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa (n2.2-rc1) CVE-2014-125017 (A vulnerability classified as critical was found in FFmpeg 2.0. This v ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599 (n2.2-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27025b4452f1c81a1d59bb34d56e267fcea79b95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27025b4452f1c81a1d59bb34d56e267fcea79b95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-46822/libjpeg-turbo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5d19407 by Salvatore Bonaccorso at 2022-06-19T21:23:04+02:00 Add CVE-2021-46822/libjpeg-turbo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62,7 +62,8 @@ CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service wh - python-ldap 3.4.0-1 NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...) - TODO: check + - libjpeg-turbo 1:2.1.1-1 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 (2.1.0) CVE-2017-20081 RESERVED CVE-2017-20080 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d1940799c061e1446bc419e0734d41c110a4b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d1940799c061e1446bc419e0734d41c110a4b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-46823/python-ldap
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39ce449d by Salvatore Bonaccorso at 2022-06-19T21:18:08+02:00 Add CVE-2021-46823/python-ldap - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,8 @@ CVE-2022-2125 CVE-2022-2124 RESERVED CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...) - TODO: check + - python-ldap 3.4.0-1 + NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...) TODO: check CVE-2017-20081 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39ce449d3e2dd86705d1f67f12d9bf012f3eedb0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39ce449d3e2dd86705d1f67f12d9bf012f3eedb0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2022-33981
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42bf030f by Salvatore Bonaccorso at 2022-06-19T21:11:33+02:00 Add note for CVE-2022-33981 - - - - - c24aef55 by Salvatore Bonaccorso at 2022-06-19T21:12:51+02:00 Add note for CVE-2022-33981 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,7 +43,7 @@ CVE-2022-29895 CVE-2022-29871 RESERVED CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) - TODO: check + NOTE: Duplicate of CVE-2022-1836, checking with MITRE for rejection CVE-2022-33980 RESERVED CVE-2022-2129 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3de83f8c1b2ede771a03b9d3b508acf8f4aeab0c...c24aef55dad70e8dcde9fc82b1be68893afb97e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3de83f8c1b2ede771a03b9d3b508acf8f4aeab0c...c24aef55dad70e8dcde9fc82b1be68893afb97e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update date for exo DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3de83f8c by Salvatore Bonaccorso at 2022-06-19T20:54:40+02:00 Update date for exo DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,4 +1,4 @@ -[18 Jun 2022] DSA-5164-1 exo - security update +[19 Jun 2022] DSA-5164-1 exo - security update {CVE-2022-32278} [buster] - exo 0.12.4-1+deb10u1 [bullseye] - exo 4.16.0-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de83f8c1b2ede771a03b9d3b508acf8f4aeab0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de83f8c1b2ede771a03b9d3b508acf8f4aeab0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim vim in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e236886d by Markus Koschany at 2022-06-19T18:59:43+02:00 Claim vim in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -335,3 +335,5 @@ unzip NOTE: 20220429: CVE-2022-0530: reported #1010355 with a proposed patch (enrico) NOTE: 20220429: CVE-2022-0529: sent a proposed patch to sanvila and team@s.d.o (enrico) -- +vim (Markus Koschany) +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e236886d1310f146be584a8e6ca867a8bde9eee8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e236886d1310f146be584a8e6ca867a8bde9eee8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fe6ea97f by security tracker role at 2022-06-19T08:10:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2022-33993 + RESERVED +CVE-2022-33992 + RESERVED +CVE-2022-33991 + RESERVED +CVE-2022-33990 + RESERVED +CVE-2022-33989 + RESERVED +CVE-2022-33988 + RESERVED +CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to a UNIX ...) + TODO: check +CVE-2022-33986 + RESERVED +CVE-2022-33985 + RESERVED +CVE-2022-33984 + RESERVED +CVE-2022-33983 + RESERVED +CVE-2022-33982 + RESERVED +CVE-2022-33976 + RESERVED +CVE-2022-33973 + RESERVED +CVE-2022-33898 + RESERVED +CVE-2022-32764 + RESERVED +CVE-2022-32582 + RESERVED +CVE-2022-32577 + RESERVED +CVE-2022-32576 + RESERVED +CVE-2022-30530 + RESERVED +CVE-2022-29895 + RESERVED +CVE-2022-29871 + RESERVED CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) TODO: check CVE-2022-33980 @@ -160,22 +204,22 @@ CVE-2022-2119 RESERVED CVE-2022-2118 RESERVED -CVE-2014-125025 - RESERVED -CVE-2014-125024 - RESERVED -CVE-2014-125023 - RESERVED -CVE-2014-125022 - RESERVED -CVE-2014-125021 - RESERVED -CVE-2014-125020 - RESERVED -CVE-2014-125019 - RESERVED -CVE-2014-125018 - RESERVED +CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) + TODO: check +CVE-2014-125024 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) + TODO: check +CVE-2014-125023 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) + TODO: check +CVE-2014-125022 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) + TODO: check +CVE-2014-125021 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) + TODO: check +CVE-2014-125020 (A vulnerability has been found in FFmpeg 2.0 and classified as critica ...) + TODO: check +CVE-2014-125019 (A vulnerability, which was classified as problematic, was found in FFm ...) + TODO: check +CVE-2014-125018 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check CVE-2014-125017 (A vulnerability classified as critical was found in FFmpeg 2.0. This v ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599 (n2.2-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6ea97f92c967442a3e55316a4037a044741456 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6ea97f92c967442a3e55316a4037a044741456 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits