[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f55ebfc9 by Salvatore Bonaccorso at 2022-08-22T22:25:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75,7 +75,7 @@ CVE-2022-2929 CVE-2022-2928 RESERVED CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) - TODO: check + NOT-FOR-US: NotrinosERP CVE-2022-2926 RESERVED CVE-2022-38647 @@ -675,7 +675,7 @@ CVE-2022-38397 CVE-2022-2891 RESERVED CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) - TODO: check + NOT-FOR-US: yetiforcecrm CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...) - vim 2:9.0.0229-1 NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa @@ -894,7 +894,7 @@ CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedu CVE-2022-2842 RESERVED CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...) - TODO: check + NOT-FOR-US: CrowdStrike Falcon CVE-2022-2840 RESERVED CVE-2022-2839 @@ -4006,9 +4006,9 @@ CVE-2022-37136 CVE-2022-37135 RESERVED CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...) - TODO: check + NOT-FOR-US: D-link CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...) - TODO: check + NOT-FOR-US: D-link CVE-2022-37132 RESERVED CVE-2022-37131 @@ -5785,7 +5785,7 @@ CVE-2022-36371 CVE-2022-36357 RESERVED CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...) NOT-FOR-US: JustSystems CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) @@ -5811,7 +5811,7 @@ CVE-2022-34868 CVE-2022-34867 RESERVED CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-34658 RESERVED CVE-2022-34656 @@ -7672,11 +7672,11 @@ CVE-2022-35658 CVE-2022-35657 RESERVED CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated ...) - TODO: check + NOT-FOR-US: Pega Platform CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a m ...) - TODO: check + NOT-FOR-US: Pega Platform CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an ...) - TODO: check + NOT-FOR-US: Pega Platform CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of Moodle. The ...) - moodle CVE-2022-35652 (An open redirect issue was found in Moodle due to improper sanitizatio ...) @@ -8920,7 +8920,7 @@ CVE-2022-35152 CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...) NOT-FOR-US: kkFileview CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload vulnera ...) - TODO: check + NOT-FOR-US: Baijicms CVE-2022-35149 RESERVED CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain ...) @@ -9645,7 +9645,7 @@ CVE-2022-34871 (This vulnerability allows remote attackers to escalate privilege CVE-2022-34870 RESERVED CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...) NOT-FOR-US: WordPress plugin CVE-2022-34847 @@ -9665,11 +9665,11 @@ CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...) NOT-FOR-US: WordPress plugin CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-34155 RESERVED CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-34148 RESERVED CVE-2022-33974 @@ -9683,7 +9683,7 @@ CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Inje CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...) NOT-FOR-US: WordPress plugin CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads plugin ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2930/octoprint
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ffc91999 by Salvatore Bonaccorso at 2022-08-22T22:24:37+02:00 Add CVE-2022-2930/octoprint - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,7 +69,7 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustl CVE-2022-2931 RESERVED CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) - TODO: check + - octoprint (bug #718591) CVE-2022-2929 RESERVED CVE-2022-2928 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc91999cac27ba0a408affe6a88501e439a21b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc91999cac27ba0a408affe6a88501e439a21b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82861f93 by Salvatore Bonaccorso at 2022-08-22T22:19:11+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3655,7 +3655,7 @@ CVE-2022-37300 CVE-2022-2601 RESERVED CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2599 RESERVED CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...) @@ -3672,9 +3672,9 @@ CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prio CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...) NOT-FOR-US: Titra CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-37299 RESERVED CVE-2022-37298 @@ -4569,9 +4569,9 @@ CVE-2022-2560 CVE-2022-2559 RESERVED CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...) NOT-FOR-US: GoAnywhere MFT CVE-2022-36943 @@ -4619,7 +4619,7 @@ CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Netw CVE-2022-2556 RESERVED CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2554 RESERVED CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...) @@ -4627,9 +4627,9 @@ CVE-2022-2553 (The authfile directive in the booth config file is ignored, preve - booth 1.0-268-gdce51f9-1 NOTE: https://github.com/ClusterLabs/booth/issues/114 CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7.1 does not authenticate o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...) @@ -4939,7 +4939,7 @@ CVE-2022-2546 CVE-2022-2545 RESERVED CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2543 RESERVED CVE-2022-2542 @@ -5624,7 +5624,7 @@ CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-2533 RESERVED CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-2530 @@ -7225,7 +7225,7 @@ CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...) - mattermost-server (bug #823556) CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...) - mattermost-server (bug #823556) CVE-2022-2405 @@ -7699,15 +7699,15 @@ CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a c - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046 CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...) NOT-FOR-US: WordPress plugin CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...) NOT-FOR-US: Apps developed with Google Play Services SDK CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newslet ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f7a83ca by security tracker role at 2022-08-22T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,83 @@ +CVE-2022-38666 + RESERVED +CVE-2022-38665 + RESERVED +CVE-2022-38664 + RESERVED +CVE-2022-38663 + RESERVED +CVE-2022-38662 + RESERVED +CVE-2022-38661 + RESERVED +CVE-2022-38660 + RESERVED +CVE-2022-38659 + RESERVED +CVE-2022-38658 + RESERVED +CVE-2022-38657 + RESERVED +CVE-2022-38656 + RESERVED +CVE-2022-38655 + RESERVED +CVE-2022-38654 + RESERVED +CVE-2022-38653 + RESERVED +CVE-2022-38652 + RESERVED +CVE-2022-38651 + RESERVED +CVE-2022-38650 + RESERVED +CVE-2022-38649 + RESERVED +CVE-2022-38648 + RESERVED +CVE-2022-2946 + RESERVED +CVE-2022-2945 + RESERVED +CVE-2022-2944 + RESERVED +CVE-2022-2943 + RESERVED +CVE-2022-2942 + RESERVED +CVE-2022-2941 + RESERVED +CVE-2022-2940 + RESERVED +CVE-2022-2939 + RESERVED +CVE-2022-2938 + RESERVED +CVE-2022-2937 + RESERVED +CVE-2022-2936 + RESERVED +CVE-2022-2935 + RESERVED +CVE-2022-2934 + RESERVED +CVE-2022-2933 + RESERVED +CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...) + TODO: check +CVE-2022-2931 + RESERVED +CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) + TODO: check +CVE-2022-2929 + RESERVED +CVE-2022-2928 + RESERVED +CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) + TODO: check +CVE-2022-2926 + RESERVED CVE-2022-38647 RESERVED CVE-2022-38646 @@ -594,8 +674,8 @@ CVE-2022-38397 RESERVED CVE-2022-2891 RESERVED -CVE-2022-2890 - RESERVED +CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + TODO: check CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...) - vim 2:9.0.0229-1 NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa @@ -646,8 +726,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9. NOTE: https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79 NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224) NOTE: Crash in CLI tool, no security impact -CVE-2022-2873 - RESERVED +CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...) - linux 5.18.2-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) @@ -814,8 +893,8 @@ CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedu NOT-FOR-US: WordPress plugin CVE-2022-2842 RESERVED -CVE-2022-2841 - RESERVED +CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...) + TODO: check CVE-2022-2840 RESERVED CVE-2022-2839 @@ -3575,8 +3654,8 @@ CVE-2022-37300 RESERVED CVE-2022-2601 RESERVED -CVE-2022-2600 - RESERVED +CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...) + TODO: check CVE-2022-2599 RESERVED CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...) @@ -3592,10 +3671,10 @@ CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prio NOTE: https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d (v3.2.10) CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...) NOT-FOR-US: Titra -CVE-2022-2594 - RESERVED -CVE-2022-2593 - RESERVED +CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...) + TODO: check +CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...) + TODO: check CVE-2022-37299 RESERVED CVE-2022-37298 @@ -3926,10 +4005,10 @@ CVE-2022-37136 RESERVED CVE-2022-37135 RESERVED -CVE-2022-37134 - RESERVED -CVE-2022-37133 - RESERVED +CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...) + TODO: check +CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...) + TODO: check CVE-2022-37132 RESERVED CVE-2022-37131 @@ -4489,10 +4568,10 @@ CVE-2022-2560 RESERVED CVE-2022-2559 RESERVED -CVE-2022-2558 - RESERVED -CVE-2022-2557 - RESERVED +CVE-2022-2558 (The Simple Job Board WordPress
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2019-9081 which is now rejected
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ccfbe770 by Salvatore Bonaccorso at 2022-08-22T21:57:04+02:00 Remove notes from CVE-2019-9081 which is now rejected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -233638,8 +233638,6 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and othe NOT-FOR-US: ThinkPHP CVE-2019-9081 REJECTED - - php-laravel-framework (Fixed before initial upload to archive) - NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...) NOT-FOR-US: DomainMOD CVE-2019-9079 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccfbe7701d20495613825859712e1eda923be90b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccfbe7701d20495613825859712e1eda923be90b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take libxslt from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca1fbed8 by Salvatore Bonaccorso at 2022-08-22T21:22:33+02:00 Take libxslt from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -18,7 +18,7 @@ freecad (aron) -- gdk-pixbuf (carnil) -- -libxslt +libxslt (carnil) -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca1fbed84e0142ead3a61d8ccdb4b7cd3ac46cd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca1fbed84e0142ead3a61d8ccdb4b7cd3ac46cd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim exim4
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f9fbc44 by Sylvain Beucler at 2022-08-22T18:26:08+02:00 dla: claim exim4 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ curl (Markus Koschany) NOTE: 20220802: Programming language: C. NOTE: 20220821: VCS: https://salsa.debian.org/lts-team/packages/curl -- -exim4 +exim4 (Sylvain Beucler) NOTE: 20220820: Programming language: C. -- exiv2 (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f9fbc44c9df3859d2e75433edf8ca8e71ec7daf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f9fbc44c9df3859d2e75433edf8ca8e71ec7daf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dcmtk fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6535cf67 by Moritz Muehlenhoff at 2022-08-22T18:18:50+02:00 dcmtk fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12197,13 +12197,13 @@ CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer de NOTE: https://support.dcmtk.org/redmine/issues/1021 NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7) CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...) - - dcmtk (bug #1017743) + - dcmtk 3.6.7-6 (bug #1017743) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/1021 NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...) - - dcmtk (bug #1017743) + - dcmtk 3.6.7-6 (bug #1017743) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/1021 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6535cf67a0bd95cc2d04a47a8e1b2c98d6409c21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6535cf67a0bd95cc2d04a47a8e1b2c98d6409c21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e95043f by Moritz Muehlenhoff at 2022-08-22T17:57:45+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -682,15 +682,18 @@ CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as proble NOTE: Additional misreport for laravel, likely to be rejected CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...) - tiff 4.4.0~rc1-1 + [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...) - tiff 4.4.0~rc1-1 + [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...) - tiff 4.4.0~rc1-1 + [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) @@ -6508,6 +6511,7 @@ CVE-2022-2448 CVE-2022-2447 RESERVED - keystone + [bullseye] - keystone (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419 CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: Itech Movie Portal Script @@ -86691,6 +86695,7 @@ CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online off CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) + [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx @@ -86698,6 +86703,7 @@ CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framewo CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) + [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 @@ -174030,6 +174036,7 @@ CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where i CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...) - resteasy (bug #970328) - resteasy3.0 (bug #1015001) + [bullseye] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) = data/dsa-needed.txt = @@ -18,6 +18,8 @@ freecad (aron) -- gdk-pixbuf (carnil) -- +libxslt +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e95043fea4796f62114c98630e3266d1ac6e3ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e95043fea4796f62114c98630e3266d1ac6e3ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take exiv2 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: fb9544ae by Roberto C. Sánchez at 2022-08-22T11:08:43-04:00 LTS: take exiv2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -33,7 +33,7 @@ curl (Markus Koschany) exim4 NOTE: 20220820: Programming language: C. -- -exiv2 +exiv2 (Roberto C. Sánchez) NOTE: 20220819: Programming language: C++. NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb9544ae786824b3f21a0a4fe9a6e1441cf19973 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb9544ae786824b3f21a0a4fe9a6e1441cf19973 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b4819afe by Moritz Muehlenhoff at 2022-08-22T16:43:21+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -316,6 +316,7 @@ CVE-2022-38494 RESERVED CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA priva ...) - rhonabwy 1.1.7-1 + [bullseye] - rhonabwy (Vulnerable code not present) NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399 CVE-2022-38492 RESERVED @@ -6423,28 +6424,36 @@ CVE-2022-36148 (fdkaac commit 53fe239 was discovered to contain a floating point CVE-2022-36147 RESERVED CVE-2022-36146 (SWFMill commit 53d7690 was discovered to contain a memory allocation i ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/65 + NOTE: Crash in CLI tool, no security impact CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/64 + NOTE: Crash in CLI tool, no security impact CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill + [bullseye] - swfmill (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/63 CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/62 + NOTE: Crash in CLI tool, no security impact CVE-2022-36142 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/61 + NOTE: Crash in CLI tool, no security impact CVE-2022-36141 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/58 + NOTE: Crash in CLI tool, no security impact CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - - swfmill + - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/57 + NOTE: Crash in CLI tool, no security impact CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill + [bullseye] - swfmill (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/56 CVE-2022-36138 RESERVED @@ -34931,6 +34940,7 @@ CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular - node-scss-tokenizer (bug #885456) CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...) - ruby-git (bug #1009926) + [bullseye] - ruby-git (Minor issue) NOTE: https://github.com/ruby-git/ruby-git/pull/569 NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0) NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270 @@ -35647,6 +35657,7 @@ CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository micro CVE-2022-0718 RESERVED - python-oslo.utils 4.10.1-1 + [bullseye] - python-oslo.utils (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850 NOTE: https://bugs.launchpad.net/oslo.utils/+bug/1949623 NOTE: Fixed by: https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa (4.12.1) @@ -57174,6 +57185,7 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $reques CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...) [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) + [bullseye] - openexr (Minor issue) [stretch] - openexr (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 @@ -57361,6 +57373,7 @@ CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Eleme CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...) [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) + [bullseye] - openexr (Minor issue) [stretch] - openexr (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 =
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 84bffc47 by Moritz Muehlenhoff at 2022-08-22T12:04:20+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -604,7 +604,7 @@ CVE-2022-2888 CVE-2022-2887 RESERVED CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...) - TODO: check + NOTE: Additional misreport for laravel, likely to be rejected CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-38396 @@ -1138,9 +1138,9 @@ CVE-2022-38236 (XPDF commit ffaf11c was discovered to contain a global-buffer ov CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - TODO: check + - xpdf (Debian uses poppler, which is not affected) CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - TODO: check + - xpdf (Debian uses poppler, which is not affected) CVE-2022-38232 RESERVED CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) @@ -1165,7 +1165,7 @@ CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in [buster] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/242 CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...) - TODO: check + - xpdf (Debian uses poppler, which is not affected) CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...) NOT-FOR-US: The Isle Evrima CVE-2022-38220 @@ -6753,7 +6753,7 @@ CVE-2022-36010 (This library allows strings to be parsed as functions and stored CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...) NOT-FOR-US: gomatrixserverlib CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...) - TODO: check + NOT-FOR-US: Frontier CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) NOT-FOR-US: Venice CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) @@ -7878,7 +7878,7 @@ CVE-2022-35542 CVE-2022-35541 RESERVED CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote att ...) - TODO: check + NOT-FOR-US: AgileConfig CVE-2022-35539 RESERVED CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) @@ -30394,7 +30394,7 @@ CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the applic CVE-2022-26024 RESERVED CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...) NOT-FOR-US: Intel CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...) @@ -31101,7 +31101,7 @@ CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 doe CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository chatwoo ...) - TODO: check + NOT-FOR-US: chatwoot CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...) @@ -38728,7 +38728,7 @@ CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, d [stretch] - redis (Lua support plus packaging issue introduced later) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) - TODO: check + NOT-FOR-US: chatwoot CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...) NOT-FOR-US: WordPress plugin CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] two blender issues fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5569e853 by Moritz Muehlenhoff at 2022-08-22T11:09:19+02:00 two blender issues fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -830,7 +830,7 @@ CVE-2022-2835 CVE-2022-2834 RESERVED CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs. ...) - - blender + - blender 3.2.2+dfsg-1 NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512 NOTE: https://developer.blender.org/T99711 CVE-2022-2832 (When rendering with headless builds, show an error instead of crashing ...) @@ -839,7 +839,7 @@ CVE-2022-2832 (When rendering with headless builds, show an error instead of cra NOTE: https://developer.blender.org/D15463 NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c CVE-2022-2831 (A loaded (and valid) image can be crafted such that an out-of-bounds r ...) - - blender + - blender 3.2.2+dfsg-1 NOTE: https://developer.blender.org/T99705 NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 NOTE: https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5569e8537acadfaa542e06fe0fd3275e853475e5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5569e8537acadfaa542e06fe0fd3275e853475e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac58155a by Salvatore Bonaccorso at 2022-08-22T10:59:05+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6200,7 +6200,7 @@ CVE-2022-36253 CVE-2022-36252 RESERVED CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross Site Sc ...) - TODO: check + NOT-FOR-US: Clinic's Patient Management System CVE-2022-36250 RESERVED CVE-2022-36249 @@ -6306,7 +6306,7 @@ CVE-2022-36200 CVE-2022-36199 RESERVED CVE-2022-36198 (Multiple SQL injections detected in Bus Pass Management System 1.0 via ...) - TODO: check + NOT-FOR-US: Bus Pass Management System CVE-2022-36197 (BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: BigTree CMS CVE-2022-36196 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac58155a94b1d142547f210e08b9674113321a8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac58155a94b1d142547f210e08b9674113321a8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3759957f by security tracker role at 2022-08-22T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,317 @@ +CVE-2022-38647 + RESERVED +CVE-2022-38646 + RESERVED +CVE-2022-38645 + RESERVED +CVE-2022-38644 + RESERVED +CVE-2022-38643 + RESERVED +CVE-2022-38642 + RESERVED +CVE-2022-38641 + RESERVED +CVE-2022-38640 + RESERVED +CVE-2022-38639 + RESERVED +CVE-2022-38638 + RESERVED +CVE-2022-38637 + RESERVED +CVE-2022-38636 + RESERVED +CVE-2022-38635 + RESERVED +CVE-2022-38634 + RESERVED +CVE-2022-38633 + RESERVED +CVE-2022-38632 + RESERVED +CVE-2022-38631 + RESERVED +CVE-2022-38630 + RESERVED +CVE-2022-38629 + RESERVED +CVE-2022-38628 + RESERVED +CVE-2022-38627 + RESERVED +CVE-2022-38626 + RESERVED +CVE-2022-38625 + RESERVED +CVE-2022-38624 + RESERVED +CVE-2022-38623 + RESERVED +CVE-2022-38622 + RESERVED +CVE-2022-38621 + RESERVED +CVE-2022-38620 + RESERVED +CVE-2022-38619 + RESERVED +CVE-2022-38618 + RESERVED +CVE-2022-38617 + RESERVED +CVE-2022-38616 + RESERVED +CVE-2022-38615 + RESERVED +CVE-2022-38614 + RESERVED +CVE-2022-38613 + RESERVED +CVE-2022-38612 + RESERVED +CVE-2022-38611 + RESERVED +CVE-2022-38610 + RESERVED +CVE-2022-38609 + RESERVED +CVE-2022-38608 + RESERVED +CVE-2022-38607 + RESERVED +CVE-2022-38606 + RESERVED +CVE-2022-38605 + RESERVED +CVE-2022-38604 + RESERVED +CVE-2022-38603 + RESERVED +CVE-2022-38602 + RESERVED +CVE-2022-38601 + RESERVED +CVE-2022-38600 + RESERVED +CVE-2022-38599 + RESERVED +CVE-2022-38598 + RESERVED +CVE-2022-38597 + RESERVED +CVE-2022-38596 + RESERVED +CVE-2022-38595 + RESERVED +CVE-2022-38594 + RESERVED +CVE-2022-38593 + RESERVED +CVE-2022-38592 + RESERVED +CVE-2022-38591 + RESERVED +CVE-2022-38590 + RESERVED +CVE-2022-38589 + RESERVED +CVE-2022-38588 + RESERVED +CVE-2022-38587 + RESERVED +CVE-2022-38586 + RESERVED +CVE-2022-38585 + RESERVED +CVE-2022-38584 + RESERVED +CVE-2022-38583 + RESERVED +CVE-2022-38582 + RESERVED +CVE-2022-38581 + RESERVED +CVE-2022-38580 + RESERVED +CVE-2022-38579 + RESERVED +CVE-2022-38578 + RESERVED +CVE-2022-38577 + RESERVED +CVE-2022-38576 + RESERVED +CVE-2022-38575 + RESERVED +CVE-2022-38574 + RESERVED +CVE-2022-38573 + RESERVED +CVE-2022-38572 + RESERVED +CVE-2022-38571 + RESERVED +CVE-2022-38570 + RESERVED +CVE-2022-38569 + RESERVED +CVE-2022-38568 + RESERVED +CVE-2022-38567 + RESERVED +CVE-2022-38566 + RESERVED +CVE-2022-38565 + RESERVED +CVE-2022-38564 + RESERVED +CVE-2022-38563 + RESERVED +CVE-2022-38562 + RESERVED +CVE-2022-38561 + RESERVED +CVE-2022-38560 + RESERVED +CVE-2022-38559 + RESERVED +CVE-2022-38558 + RESERVED +CVE-2022-38557 + RESERVED +CVE-2022-38556 + RESERVED +CVE-2022-38555 + RESERVED +CVE-2022-38554 + RESERVED +CVE-2022-38553 + RESERVED +CVE-2022-38552 + RESERVED +CVE-2022-38551 + RESERVED +CVE-2022-38550 + RESERVED +CVE-2022-38549 + RESERVED +CVE-2022-38548 + RESERVED +CVE-2022-38547 + RESERVED +CVE-2022-38546 + RESERVED +CVE-2022-38545 + RESERVED +CVE-2022-38544 + RESERVED +CVE-2022-38543 + RESERVED +CVE-2022-38542 + RESERVED +CVE-2022-38541 + RESERVED +CVE-2022-38540 + RESERVED +CVE-2022-38539 + RESERVED +CVE-2022-38538 + RESERVED +CVE-2022-38537 + RESERVED +CVE-2022-38536 + RESERVED +CVE-2022-38535 + RESERVED +CVE-2022-38534 + RESERVED +CVE-2022-38533 + RESERVED +CVE-2022-38532 + RESERVED +CVE-2022-38531 + RESERVED +CVE-2022-38530 + RESERVED +CVE-2022-38529 + RESERVED +CVE-2022-38528 + RESERVED +CVE-2022-38527 + RESERVED +CVE-2022-38526 + RESERVED +CVE-2022-38525 + RESERVED +CVE-2022-38524 + RESERVED +CVE-2022-38523 + RESERVED +CVE-2022-38522 + RESERVED +CVE-2022-38521 + RESERVED +CVE-2022-38520 + RESERVED +CVE-2022-38519 + RESERVED +CVE-2022-38518 + RESERVED +CVE-2022-38517 + RESERVED +CVE-2022-38516 + RESERVED +CVE-2022-38515 + RESERVED +CVE-2022-38514 + RESERVED +CVE-2022-38513 + RESERVED +CVE-2022-38512 + RESERVED +CVE-2022-38511 + RESERVED +CVE-2022-38510 + RESERVED +CVE-2022-38509 + RESERVED +CVE-2022-38508 + RESERVED +CVE-2022-38507 +
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-2308/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf10f91f by Salvatore Bonaccorso at 2022-08-22T09:41:00+02:00
Update status for CVE-2022-2308/linux
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -8373,7 +8373,9 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers
to cause a denial of se
NOTE:
https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
(lxml-4.9.1)
CVE-2022-2308
RESERVED
- - linux
+ - linux
+ [bullseye] - linux (Vulnerable code not present)
+ [buster] - linux (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2103900
CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer
handler in ne ...)
{DSA-5191-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf10f91f8ee24d925c379a63331ba6289735ac51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf10f91f8ee24d925c379a63331ba6289735ac51
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-1882/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bddc86f5 by Salvatore Bonaccorso at 2022-08-22T09:39:21+02:00 Update information for CVE-2022-1882/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17933,7 +17933,8 @@ CVE-2022-1884 CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...) NOT-FOR-US: camptocamp/terraboard CVE-2022-1882 (A use-after-free flaw was found in the Linux kernels pipes func ...) - - linux + - linux 5.18.16-1 + [bullseye] - linux 5.10.136-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2089701 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bddc86f5e8fd6b9bb577891e14172d2b94b9c52e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bddc86f5e8fd6b9bb577891e14172d2b94b9c52e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-1462/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d587745 by Salvatore Bonaccorso at 2022-08-22T09:38:10+02:00 Update information for CVE-2022-1462/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23514,7 +23514,8 @@ CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: Booking Calendar plugin for WordPress CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernels TeleT ...) - - linux + - linux 5.18.14-1 + [bullseye] - linux 5.10.136-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466 NOTE: https://www.openwall.com/lists/oss-security/2022/05/27/2 CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5877451662ba16b31b6866ecf1df8c41335d2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5877451662ba16b31b6866ecf1df8c41335d2d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fb08ea by Abhijith PA at 2022-08-22T12:06:49+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -87,6 +87,7 @@ qemu (Abhijith PA) NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) + NOTE: 20220822: Merged new build at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc (abhijith) -- rails NOTE: 20220817: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fb08ea58c6b01909479b53078a89df7253a21e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fb08ea58c6b01909479b53078a89df7253a21e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new keystone issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 89b17bbd by Moritz Muehlenhoff at 2022-08-22T08:31:31+02:00 new keystone issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1359,8 +1359,10 @@ CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2739 RESERVED + NOT-FOR-US: Red Hat specific release error CVE-2022-2738 RESERVED + NOT-FOR-US: Red Hat specific release error CVE-2022-2737 RESERVED CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) @@ -6182,6 +6184,8 @@ CVE-2022-2448 RESERVED CVE-2022-2447 RESERVED + - keystone + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419 CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: Itech Movie Portal Script CVE-2017-20142 (A vulnerability classified as critical was found in Itech Movie Portal ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b17bbd7f8f61d78181b9a9ebdbda8a2ecb6236 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b17bbd7f8f61d78181b9a9ebdbda8a2ecb6236 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
