[Git][security-tracker-team/security-tracker][master] lts: claim libraw

[Helmut Grohne (@helmutg)]

Helmut Grohne pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d79b56a by Helmut Grohne at 2022-09-16T07:56:34+02:00
lts: claim libraw

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -72,7 +72,7 @@ kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
 --
-libraw
+libraw (Helmut Grohne)
   NOTE: 20220904: Programming language: C++.
 --
 linux (Ben Hutchings)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d79b56afbd7ee223071917277eb6191d31a898c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d79b56afbd7ee223071917277eb6191d31a898c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39209/cmark-gfm

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a7ff1a9 by Salvatore Bonaccorso at 2022-09-16T06:43:28+02:00
Add CVE-2022-39209/cmark-gfm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3432,7 +3432,13 @@ CVE-2022-39211
 CVE-2022-39210
RESERVED
 CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and 
renderin ...)
-   TODO: check
+   - cmark-gfm 
+   - python-cmarkgfm 
+   - ghostwriter 
+   - ruby-commonmarker 
+   - r-cran-commonmark 
+   NOTE: 
https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q
+   NOTE: 
https://github.com/github/cmark-gfm/commit/cfcaa0068bf319974fdec283416fcee5035c2d70
 (0.29.0.gfm.6)
 CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD 
and Kanban ...)
NOT-FOR-US: Onedev
 CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD 
and Kanban ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2998/chromium

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9f8943c7 by Salvatore Bonaccorso at 2022-09-16T06:34:39+02:00
Add CVE-2022-2998/chromium

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=
data/CVE/list
=
@@ -4704,6 +4704,9 @@ CVE-2022-2999
RESERVED
 CVE-2022-2998
RESERVED
+   - chromium 104.0.5112.101-1
+   [buster] - chromium  (see DSA 5046)
+   NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300
 CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 
6.0.10. ...)
- snipe-it  (bug #1005172)
 CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS 
connect ...)


=
data/DSA/list
=
@@ -53,7 +53,7 @@
{CVE-2022-2787}
[bullseye] - schroot 1.6.10-12+deb11u1
 [18 Aug 2022] DSA-5212-1 chromium - security update
-   {CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 
CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861}
+   {CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 
CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 
CVE-2022-2998}
[bullseye] - chromium 104.0.5112.101-1~deb11u1
 [16 Aug 2022] DSA-5211-1 wpewebkit - security update
{CVE-2022-32792 CVE-2022-32816}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8943c76c6d8fd4ab1b3652b1d35c4a4912b08a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8943c76c6d8fd4ab1b3652b1d35c4a4912b08a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4820ec8e by Salvatore Bonaccorso at 2022-09-16T06:30:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,7 +13,7 @@ CVE-2022-3226
 CVE-2022-3225
RESERVED
 CVE-2022-3224 (Misinterpretation of Input in GitHub repository 
ionicabizau/parse-url  ...)
-   TODO: check
+   NOT-FOR-US: Node parse-url
 CVE-2022-3223
RESERVED
 CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 
2.1.0-D ...)
@@ -191,7 +191,7 @@ CVE-2022-3214
 CVE-2022-3213
RESERVED
 CVE-2022-3212 (bytes::Bytes as 
axum_core::extract::FromRequest::from_request  ...)
-   TODO: check
+   NOT-FOR-US: axum_core rust crate
 CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
NOT-FOR-US: pimcore
 CVE-2022-30545
@@ -1065,7 +1065,7 @@ CVE-2022-40307 (An issue was discovered in the Linux 
kernel through 5.19.8. driv
- linux 
NOTE: 
https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
 CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit 
Printsc ...)
-   TODO: check
+   NOT-FOR-US: ECi Printanista Hub
 CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 
11.1.3 al ...)
NOT-FOR-US: Canto Cumulus
 CVE-2022-40304



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4820ec8e8bc9701cb27a6e490d734995d7d6d43f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4820ec8e8bc9701cb27a6e490d734995d7d6d43f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2022-33068/harfbuzz

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57f57af1 by Salvatore Bonaccorso at 2022-09-16T06:19:10+02:00
Track fix via experimental for CVE-2022-33068/harfbuzz

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19682,6 +19682,7 @@ CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to 
contain an invalid arithmeti
 CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via 
SMTEncoder ...)
NOT-FOR-US: Ethereum
 CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc 
of Harfbu ...)
+   [experimental] - harfbuzz 5.1.0-1
- harfbuzz  (bug #1013673)
[bullseye] - harfbuzz  (Minor issue)
[buster] - harfbuzz  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f57af17215bdcdf99d351146e09734bc70ad8b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f57af17215bdcdf99d351146e09734bc70ad8b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3111-1 for mod-wsgi

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c50fa45b by Thorsten Alteholz at 2022-09-15T23:41:19+02:00
Reserve DLA-3111-1 for mod-wsgi

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Sep 2022] DLA-3111-1 mod-wsgi - security update
+   {CVE-2022-2255}
+   [buster] - mod-wsgi 4.6.5-1+deb10u1
 [15 Sep 2022] DLA-3110-1 glib2.0 - security update
{CVE-2021-3800}
[buster] - glib2.0 2.58.3-2+deb10u4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50fa45bc294fcf2f0fc00d963c46a606d45e9f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50fa45bc294fcf2f0fc00d963c46a606d45e9f9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14c732ab by Salvatore Bonaccorso at 2022-09-15T22:38:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -183,7 +183,7 @@ CVE-2022-35238
 CVE-2022-33978
RESERVED
 CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and 
classifi ...)
-   TODO: check
+   NOT-FOR-US: Nintendo Game Boy Color
 CVE-2022-3215
RESERVED
 CVE-2022-3214
@@ -193,11 +193,11 @@ CVE-2022-3213
 CVE-2022-3212 (bytes::Bytes as 
axum_core::extract::FromRequest::from_request  ...)
TODO: check
 CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
-   TODO: check
+   NOT-FOR-US: pimcore
 CVE-2022-30545
RESERVED
 CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 
1.0.0.0 an ...)
-   TODO: check
+   NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
- expat 2.4.8-2 (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -220,65 +220,65 @@ CVE-2022-40665
 CVE-2022-40664
RESERVED
 CVE-2022-40663 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40662 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40661 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40660 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40659 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40658 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40657 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40656 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40655 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: NIKON
 CVE-2022-40654 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40653 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40652 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40651 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40650 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40649 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40648 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40647 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40646 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40645 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40644 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40643 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40642 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40641 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40640 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Ansys SpaceClaim
 CVE-2022-40639 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3221/rdiffweb

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3b2f382a by Salvatore Bonaccorso at 2022-09-15T22:30:34+02:00
Add CVE-2022-3221/rdiffweb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21,7 +21,7 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub repository 
gpac/gpac prior to 2.
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE: 
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
 CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
-   TODO: check
+   - rdiffweb  (bug #969974)
 CVE-2022-3220
RESERVED
 CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL 
pointer de ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b2f382a51d59b8fd3e94ae88d882f9a1c11076a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b2f382a51d59b8fd3e94ae88d882f9a1c11076a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3222/gpac

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2056046e by Salvatore Bonaccorso at 2022-09-15T22:24:33+02:00
Add CVE-2022-3222/gpac

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -17,7 +17,9 @@ CVE-2022-3224 (Misinterpretation of Input in GitHub 
repository ionicabizau/parse
 CVE-2022-3223
RESERVED
 CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 
2.1.0-D ...)
-   TODO: check
+   - gpac 
+   NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
+   NOTE: 
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
 CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
TODO: check
 CVE-2022-3220



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2056046e12f963aa2c4cede10c875bd1de9a9951

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2056046e12f963aa2c4cede10c875bd1de9a9951
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process two NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f8707fdd by Salvatore Bonaccorso at 2022-09-15T22:13:46+02:00
Process two NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6157,9 +6157,9 @@ CVE-2022-38328
 CVE-2022-38327
RESERVED
 CVE-2022-38326 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router 
V15.03. ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-38325 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router 
V15.03. ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-38324
RESERVED
 CVE-2022-38323 (Event Management System v1.0 was discovered to contain an 
arbitrary fi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8707fdd140d3d35144122d4b8761642a1f2f81e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8707fdd140d3d35144122d4b8761642a1f2f81e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
62e83737 by security tracker role at 2022-09-15T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,27 @@
+CVE-2022-40742
+   RESERVED
+CVE-2022-40741
+   RESERVED
+CVE-2022-40740
+   RESERVED
+CVE-2022-40739
+   RESERVED
+CVE-2022-3227
+   RESERVED
+CVE-2022-3226
+   RESERVED
+CVE-2022-3225
+   RESERVED
+CVE-2022-3224 (Misinterpretation of Input in GitHub repository 
ionicabizau/parse-url  ...)
+   TODO: check
+CVE-2022-3223
+   RESERVED
+CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 
2.1.0-D ...)
+   TODO: check
+CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
+   TODO: check
+CVE-2022-3220
+   RESERVED
 CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL 
pointer de ...)
NOT-FOR-US: Bento4
 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer 
over-rea ...)
@@ -166,8 +190,8 @@ CVE-2022-3213
RESERVED
 CVE-2022-3212 (bytes::Bytes as 
axum_core::extract::FromRequest::from_request  ...)
TODO: check
-CVE-2022-3211
-   RESERVED
+CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
+   TODO: check
 CVE-2022-30545
RESERVED
 CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 
1.0.0.0 an ...)
@@ -193,62 +217,62 @@ CVE-2022-40665
RESERVED
 CVE-2022-40664
RESERVED
-CVE-2022-40663
-   RESERVED
-CVE-2022-40662
-   RESERVED
-CVE-2022-40661
-   RESERVED
-CVE-2022-40660
-   RESERVED
-CVE-2022-40659
-   RESERVED
-CVE-2022-40658
-   RESERVED
-CVE-2022-40657
-   RESERVED
-CVE-2022-40656
-   RESERVED
-CVE-2022-40655
-   RESERVED
-CVE-2022-40654
-   RESERVED
-CVE-2022-40653
-   RESERVED
-CVE-2022-40652
-   RESERVED
-CVE-2022-40651
-   RESERVED
-CVE-2022-40650
-   RESERVED
-CVE-2022-40649
-   RESERVED
-CVE-2022-40648
-   RESERVED
-CVE-2022-40647
-   RESERVED
-CVE-2022-40646
-   RESERVED
-CVE-2022-40645
-   RESERVED
-CVE-2022-40644
-   RESERVED
-CVE-2022-40643
-   RESERVED
-CVE-2022-40642
-   RESERVED
-CVE-2022-40641
-   RESERVED
-CVE-2022-40640
-   RESERVED
-CVE-2022-40639
-   RESERVED
-CVE-2022-40638
-   RESERVED
-CVE-2022-40637
-   RESERVED
-CVE-2022-40636
-   RESERVED
+CVE-2022-40663 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40662 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40661 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40660 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40659 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40658 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40657 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40656 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40655 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40654 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40653 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40652 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40651 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40650 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40649 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40648 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40647 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40646 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40645 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40644 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2022-40643 (This vulnerability allows remote attackers to execute 
arbitrary 

[Git][security-tracker-team/security-tracker][master] Add Debian bug references for smarty issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
abe5c6d7 by Salvatore Bonaccorso at 2022-09-15T22:01:05+02:00
Add Debian bug references for smarty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -69,8 +69,8 @@ CVE-2022-3218
 CVE-2022-3217
RESERVED
 CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, 
libs/plugins/function.ma ...)
-   - smarty3 
-   - smarty4 
+   - smarty3  (bug #1019897)
+   - smarty4  (bug #1019896)
NOTE: https://github.com/smarty-php/smarty/issues/454
NOTE: 
https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938
 (v3.1.47)
NOTE: 
https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9
 (v4.2.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe5c6d7ea19d3a99a15ba377fe9441c136911e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe5c6d7ea19d3a99a15ba377fe9441c136911e6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-40674/expat via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c868e9b by Salvatore Bonaccorso at 2022-09-15T21:58:20+02:00
Track fixed version for CVE-2022-40674/expat via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -173,7 +173,7 @@ CVE-2022-30545
 CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 
1.0.0.0 an ...)
TODO: check
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
-   - expat  (bug #1019761)
+   - expat 2.4.8-2 (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
NOTE: https://github.com/libexpat/libexpat/pull/640
NOTE: 
https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c868e9ba5fc6875197460b4e021de4880826992

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c868e9ba5fc6875197460b4e021de4880826992
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2018-25047/smarty

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55fd71eb by Salvatore Bonaccorso at 2022-09-15T21:40:26+02:00
Add CVE-2018-25047/smarty

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -69,7 +69,11 @@ CVE-2022-3218
 CVE-2022-3217
RESERVED
 CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, 
libs/plugins/function.ma ...)
-   TODO: check
+   - smarty3 
+   - smarty4 
+   NOTE: https://github.com/smarty-php/smarty/issues/454
+   NOTE: 
https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938
 (v3.1.47)
+   NOTE: 
https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9
 (v4.2.1)
 CVE-2022-40706
RESERVED
 CVE-2022-40705



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fd71eb3d496a3cb6a865b3b38fb5c70f5e0a0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fd71eb3d496a3cb6a865b3b38fb5c70f5e0a0c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] fix up two golang entries

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8be8be17 by Moritz Muehlenhoff at 2022-09-15T21:01:41+02:00
fix up two golang entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -26609,7 +26609,8 @@ CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs 
before Go 1.17.12 and Go
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 1.17.13-1
-   - golang-1.15 
+   - golang-1.15  (Introduced in 1.16)
+   - golang-1.11  (Introduced in 1.16)
NOTE: https://go.dev/issue/53415
NOTE: 
https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 
(go1.19rc2)
NOTE: 
https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 
(go1.18.4)
@@ -2,8 +26667,7 @@ CVE-2022-1705 (Acceptance of some invalid 
Transfer-Encoding headers in the HTTP/
- golang-1.18 1.18.4-1
- golang-1.17 1.17.13-1
- golang-1.15 
-   - golang-1.11 
-   [buster] - golang-1.11  (Limited support)
+   - golang-1.11  (Introduced in 1.15)
NOTE: https://go.dev/issue/53188
NOTE: 
https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f 
(go1.19rc1)
NOTE: 
https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e 
(go1.18.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8be8be17db531b7be794037cf1d74f2aa77cc947

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8be8be17db531b7be794037cf1d74f2aa77cc947
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] chromium DSA

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbca0fec by Moritz Mühlenhoff at 2022-09-15T20:55:43+02:00
chromium DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[15 Sep 2022] DSA-5230-1 chromium - security update
+   {CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 
CVE-2022-3200 CVE-2022-3201}
+   [bullseye] - chromium 105.0.5195.125-1~deb11u1
 [13 Sep 2022] DSA-5229-1 freecad - security update
{CVE-2021-45844 CVE-2021-45845}
[bullseye] - freecad 0.19.1+dfsg1-2+deb11u1


=
data/dsa-needed.txt
=
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk (apo)
 --
-chromium
---
 commons-configuration
 --
 connman (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbca0fec22fe56d15864910f91106feb87c12ce9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbca0fec22fe56d15864910f91106feb87c12ce9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: reclaim exiv2 in dla-needed.txt

[@roberto]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
441f90d9 by Roberto C. Sánchez at 2022-09-15T09:57:23-04:00
LTS: reclaim exiv2 in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -35,7 +35,7 @@ dovecot
   NOTE: 20220913: VCS: https://salsa.debian.org/lts-team/packages/dovecot.git
   NOTE: 20220913: Harmonize with bullseye: 1 CVE fixed in Debian 11.5 + 2 
other postponed CVEs (Beuc/front-desk)
 --
-exiv2
+exiv2 (Roberto C. Sánchez)
   NOTE: 20220819: Programming language: C++.
   NOTE: 20220819: 
https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292
 does not directly apply, but a very quick glance suggests the earlier code may 
be equally vulnerable. (Chris Lamb)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/441f90d999c7b3b38c3642c077f1ad77ade8defe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/441f90d999c7b3b38c3642c077f1ad77ade8defe
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3110-1 for glib2.0

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
efc4c1da by Emilio Pozuelo Monfort at 2022-09-15T14:50:33+02:00
Reserve DLA-3110-1 for glib2.0

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Sep 2022] DLA-3110-1 glib2.0 - security update
+   {CVE-2021-3800}
+   [buster] - glib2.0 2.58.3-2+deb10u4
 [15 Sep 2022] DLA-3093-2 rails - regression update
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u5
 [15 Sep 2022] DLA-3109-1 nova - security update


=
data/dla-needed.txt
=
@@ -47,10 +47,6 @@ gdal (Utkarsh)
   NOTE: 20220913: Upcoming DSA (Beuc/front-desk)
   NOTE: 20220913: 2 CVEs already fixed in stretch (Beuc/front-desk)
 --
-glib2.0 (Emilio)
-  NOTE: 20220901: Programming language: C.
-  NOTE: 20220901: Special attention: High Popcon!.
---
 glibc
   NOTE: 20220913: Programming language: C, Assembly.
   NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and 
Debian 11.5 (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc4c1dac1a5cb0b18cb34083a177b5c7d6612b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc4c1dac1a5cb0b18cb34083a177b5c7d6612b8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: golang-websocket: update note

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
28d43909 by Sylvain Beucler at 2022-09-15T14:06:02+02:00
dla: golang-websocket: update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -62,6 +62,11 @@ golang-go.crypto
   NOTE: 20220915: Special attention: rebuild reverse-dependencies if needed, 
e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1
   NOTE: 20220915: Special attention: also check bullseye status
 --
+golang-websocket
+  NOTE: 20220915: Programming language: Go.
+  NOTE: 20220915: 1 CVE fixed in stretch and bullseye 
(golang-github-gorilla-websocket) (Beuc/front-desk)
+  NOTE: 20220915: Special attention: limited support; requires rebuilding 
reverse dependencies
+--
 imagemagick
   NOTE: 20220904: Programming language: C.
   NOTE: 20220904: VCS: 
https://salsa.debian.org/lts-team/packages/imagemagick.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d439092595209cc74c7f0f96e09441d8d14c2e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d439092595209cc74c7f0f96e09441d8d14c2e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: add golang-go.crypto

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c626c4aa by Sylvain Beucler at 2022-09-15T12:51:57+02:00
dla: add golang-go.crypto

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -55,6 +55,13 @@ glibc
   NOTE: 20220913: Programming language: C, Assembly.
   NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and 
Debian 11.5 (Beuc/front-desk)
 --
+golang-go.crypto
+  NOTE: 20220915: Programming language: Go.
+  NOTE: 20220915: 3 CVEs fixed in stretch and bullseye (Beuc/front-desk)
+  NOTE: 20220915: Special attention: limited support, cf. buster release notes
+  NOTE: 20220915: Special attention: rebuild reverse-dependencies if needed, 
e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1
+  NOTE: 20220915: Special attention: also check bullseye status
+--
 imagemagick
   NOTE: 20220904: Programming language: C.
   NOTE: 20220904: VCS: 
https://salsa.debian.org/lts-team/packages/imagemagick.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c626c4aac10e061cfd3ec014a5e31204a61f1433

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c626c4aac10e061cfd3ec014a5e31204a61f1433
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7c54b359 by Salvatore Bonaccorso at 2022-09-15T10:49:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL 
pointer de ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer 
over-rea ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie 
excessive memory ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2022-40735
RESERVED
 CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 
2.5.1 a ...)
@@ -747,9 +747,9 @@ CVE-2022-40441
 CVE-2022-40440
RESERVED
 CVE-2022-40439 (An memory leak issue was discovered in 
AP4_StdcFileByteStream::Create  ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2022-40438 (Buffer overflow vulnerability in function 
AP4_MemoryByteStream::WriteP ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2022-40437
RESERVED
 CVE-2022-40436
@@ -5199,9 +5199,9 @@ CVE-2022-38597
 CVE-2022-38596
RESERVED
 CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL 
injectio ...)
-   TODO: check
+   NOT-FOR-US: Church Management System
 CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL 
injectio ...)
-   TODO: check
+   NOT-FOR-US: Church Management System
 CVE-2022-38593
RESERVED
 CVE-2022-38592
@@ -6070,7 +6070,7 @@ CVE-2022-38354
 CVE-2022-38353
RESERVED
 CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization 
vulnerabi ...)
-   TODO: check
+   NOT-FOR-US: ThinkPHP
 CVE-2022-38351
RESERVED
 CVE-2022-38350
@@ -6128,7 +6128,7 @@ CVE-2022-38325
 CVE-2022-38324
RESERVED
 CVE-2022-38323 (Event Management System v1.0 was discovered to contain an 
arbitrary fi ...)
-   TODO: check
+   NOT-FOR-US: Event Management System
 CVE-2022-38322
RESERVED
 CVE-2022-38321
@@ -6158,7 +6158,7 @@ CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and 
v15.03.05.05 was discovered t
 CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered 
to cont ...)
NOT-FOR-US: Tenda
 CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to 
contain a comm ...)
-   TODO: check
+   NOT-FOR-US: TOTOLink
 CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation 
violation ...)
NOT-FOR-US: LIEF
 CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer 
overflow i ...)
@@ -6192,7 +6192,7 @@ CVE-2022-38303 (Online Leave Management System v1.0 was 
discovered to contain a
 CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain 
a SQL in ...)
NOT-FOR-US: Online Leave Management System
 CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which 
allows at ...)
-   TODO: check
+   NOT-FOR-US: Onedev
 CVE-2022-38300
RESERVED
 CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 
allows attack ...)
@@ -7629,7 +7629,7 @@ CVE-2022-37726
 CVE-2022-37725
RESERVED
 CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to 
Arbitrary ...)
-   TODO: check
+   NOT-FOR-US: Project Wonder WebObjects
 CVE-2022-37723
RESERVED
 CVE-2022-37722



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c54b3593d11982386d893f3b4767856daa9401b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c54b3593d11982386d893f3b4767856daa9401b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2977/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
44472113 by Salvatore Bonaccorso at 2022-09-15T10:37:03+02:00
Add CVE-2022-2977/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4820,7 +4820,10 @@ CVE-2022-38718
 CVE-2022-38717
RESERVED
 CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied 
virtual ...)
-   TODO: check
+   - linux 5.17.3-1
+   [bullseye] - linux 5.10.113-1
+   [buster] - linux 4.19.249-1
+   NOTE: 
https://git.kernel.org/linus/7e0438f83dc769465ee663bb5dcf8cc154940712 (5.18-rc1)
 CVE-2022-2976
RESERVED
 CVE-2022-2975



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444721137309d3943e670d0590436f11b478e5ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444721137309d3943e670d0590436f11b478e5ce
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40476/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57d23df3 by Salvatore Bonaccorso at 2022-09-15T10:27:57+02:00
Add CVE-2022-40476/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -671,7 +671,9 @@ CVE-2022-40478
 CVE-2022-40477
RESERVED
 CVE-2022-40476 (A null pointer dereference issue was discovered in 
fs/io_uring.c in th ...)
-   TODO: check
+   - linux  (Vulnerable code never released in Debian 
unstable)
+   NOTE: 
https://lore.kernel.org/lkml/cao4s-mdvw5gkodk0+vbqexnaajzopwzfj9acvrcj989fq4a...@mail.gmail.com/
+   NOTE: 
https://git.kernel.org/linus/386e4fb6962b9f248a80f8870aea0870ca603e89 (5.19-rc4)
 CVE-2022-40475
RESERVED
 CVE-2022-40474



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d23df3dd2b5bccd49e573357c2b6c001ab4d07

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d23df3dd2b5bccd49e573357c2b6c001ab4d07
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aae29227 by security tracker role at 2022-09-15T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,75 @@
+CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL 
pointer de ...)
+   TODO: check
+CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer 
over-rea ...)
+   TODO: check
+CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie 
excessive memory ...)
+   TODO: check
+CVE-2022-40735
+   RESERVED
+CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 
2.5.1 a ...)
+   TODO: check
+CVE-2022-40733
+   RESERVED
+CVE-2022-40732
+   RESERVED
+CVE-2022-40731
+   RESERVED
+CVE-2022-40730
+   RESERVED
+CVE-2022-40729
+   RESERVED
+CVE-2022-40728
+   RESERVED
+CVE-2022-40727
+   RESERVED
+CVE-2022-40726
+   RESERVED
+CVE-2022-40725
+   RESERVED
+CVE-2022-40724
+   RESERVED
+CVE-2022-40723
+   RESERVED
+CVE-2022-40722
+   RESERVED
+CVE-2022-40721
+   RESERVED
+CVE-2022-40720
+   RESERVED
+CVE-2022-40719
+   RESERVED
+CVE-2022-40718
+   RESERVED
+CVE-2022-40717
+   RESERVED
+CVE-2022-40716
+   RESERVED
+CVE-2022-40715
+   RESERVED
+CVE-2022-40714
+   RESERVED
+CVE-2022-40713
+   RESERVED
+CVE-2022-40712
+   RESERVED
+CVE-2022-40711
+   RESERVED
+CVE-2022-40710
+   RESERVED
+CVE-2022-40709
+   RESERVED
+CVE-2022-40708
+   RESERVED
+CVE-2022-40707
+   RESERVED
+CVE-2022-3219
+   RESERVED
+CVE-2022-3218
+   RESERVED
+CVE-2022-3217
+   RESERVED
+CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, 
libs/plugins/function.ma ...)
+   TODO: check
 CVE-2022-40706
RESERVED
 CVE-2022-40705
@@ -80,8 +152,8 @@ CVE-2022-35238
RESERVED
 CVE-2022-33978
RESERVED
-CVE-2022-3216
-   RESERVED
+CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and 
classifi ...)
+   TODO: check
 CVE-2022-3215
RESERVED
 CVE-2022-3214
@@ -94,8 +166,8 @@ CVE-2022-3211
RESERVED
 CVE-2022-30545
RESERVED
-CVE-2020-36603
-   RESERVED
+CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 
1.0.0.0 an ...)
+   TODO: check
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
- expat  (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -175,8 +247,8 @@ CVE-2022-40636
RESERVED
 CVE-2022-3210
RESERVED
-CVE-2022-31735
-   RESERVED
+CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM 
Consortium ...)
+   TODO: check
 CVE-2021-46838
RESERVED
 CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources 
vulnerability i ...)
@@ -598,8 +670,8 @@ CVE-2022-40478
RESERVED
 CVE-2022-40477
RESERVED
-CVE-2022-40476
-   RESERVED
+CVE-2022-40476 (A null pointer dereference issue was discovered in 
fs/io_uring.c in th ...)
+   TODO: check
 CVE-2022-40475
RESERVED
 CVE-2022-40474
@@ -672,10 +744,10 @@ CVE-2022-40441
RESERVED
 CVE-2022-40440
RESERVED
-CVE-2022-40439
-   RESERVED
-CVE-2022-40438
-   RESERVED
+CVE-2022-40439 (An memory leak issue was discovered in 
AP4_StdcFileByteStream::Create  ...)
+   TODO: check
+CVE-2022-40438 (Buffer overflow vulnerability in function 
AP4_MemoryByteStream::WriteP ...)
+   TODO: check
 CVE-2022-40437
RESERVED
 CVE-2022-40436
@@ -820,8 +892,8 @@ CVE-2022-40367
RESERVED
 CVE-2022-40366
RESERVED
-CVE-2022-40365
-   RESERVED
+CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron 
through 1.5 ...)
+   TODO: check
 CVE-2022-40364
RESERVED
 CVE-2022-40363
@@ -4745,8 +4817,8 @@ CVE-2022-38718
RESERVED
 CVE-2022-38717
RESERVED
-CVE-2022-2977
-   RESERVED
+CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied 
virtual ...)
+   TODO: check
 CVE-2022-2976
RESERVED
 CVE-2022-2975
@@ -5121,10 +5193,10 @@ CVE-2022-38597
RESERVED
 CVE-2022-38596
RESERVED
-CVE-2022-38595
-   RESERVED
-CVE-2022-38594
-   RESERVED
+CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL 
injectio ...)
+   TODO: check
+CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL 
injectio ...)
+   TODO: check
 CVE-2022-38593
RESERVED
 CVE-2022-38592
@@ -5992,8 +6064,8 @@ CVE-2022-38354
RESERVED
 CVE-2022-38353
RESERVED
-CVE-2022-38352
-   RESERVED
+CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization 
vulnerabi ...)
+   TODO: check
 CVE-2022-38351
   

[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt

[Abhijith PA (@abhijith)]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8963bb09 by Abhijith PA at 2022-09-15T13:37:02+05:30
update note in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -131,6 +131,8 @@ rails (Abhijith PA)
   NOTE: 20220909: Two issues 
https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith)
   NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html 
(abhijith)
   NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 
(abhijith)
+  NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression 
causing patch (abhijith)
+  NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith)
 --
 rainloop
   NOTE: 20220913: Programming language: PHP, JavaScript.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] reserve DLA-3093-2 for rails

[Abhijith PA (@abhijith)]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
783ec94b by Abhijith PA at 2022-09-15T13:01:01+05:30
reserve DLA-3093-2 for rails

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[15 Sep 2022] DLA-3093-2 rails - regression update
+   [buster] - rails 2:5.2.2.1+dfsg-1+deb10u5
 [15 Sep 2022] DLA-3109-1 nova - security update
{CVE-2019-14433}
[buster] - nova 2:18.1.0-6+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783ec94bee911f12b96f652dafe55dfb91e5e07c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783ec94bee911f12b96f652dafe55dfb91e5e07c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove no-dsa tag for CVE-2019-14433/nova

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84ba6dcd by Emilio Pozuelo Monfort at 2022-09-15T08:49:17+02:00
Remove no-dsa tag for CVE-2019-14433/nova

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -222147,7 +222147,6 @@ CVE-2019-14434
RESERVED
 CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x 
before  ...)
- nova 2:19.0.2-1 (low; bug #934114)
-   [buster] - nova  (Minor issue)
[stretch] - nova  (Minor issue)
[jessie] - nova  (Minor issue)
NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ba6dcd57e4866df1ac7226460bb3a533a702f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ba6dcd57e4866df1ac7226460bb3a533a702f0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3109-1 for nova

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
03f9c73a by Emilio Pozuelo Monfort at 2022-09-15T08:47:42+02:00
Reserve DLA-3109-1 for nova

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Sep 2022] DLA-3109-1 nova - security update
+   {CVE-2019-14433}
+   [buster] - nova 2:18.1.0-6+deb10u1
 [14 Sep 2022] DLA-3108-1 pcs - security update
{CVE-2022-1049}
[buster] - pcs 0.10.1-2+deb10u1


=
data/dla-needed.txt
=
@@ -99,14 +99,6 @@ nodejs (Sylvain Beucler)
   NOTE: 20220801: one of the upstream fixes doesn't address the security issue 
(jmm)
   NOTE: 20220912: backporting patches and determining testing procedures (Beuc)
 --
-nova (Emilio)
-  NOTE: 20220912: Programming language: Python.
-  NOTE: 20220912: VCS: https://salsa.debian.org/openstack-team/services/nova
-  NOTE: 20220912: Maintainer notes: Contact original maintainer: zigo.
-  NOTE: 20220912: Please see: 
https://lists.debian.org/debian-lts/2022/09/msg00030.html.
-  NOTE: 20220912: Current branch to package: 
https://salsa.debian.org/openstack-team/services/nova/-/tree/debian/rocky/nova
-  NOTE: 20220913: will coordinate with maintainer (pochu)
---
 openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f9c73ad57aa7fd24f860704339a69374aecdb1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f9c73ad57aa7fd24f860704339a69374aecdb1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2566/ffmpeg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
465d2c21 by Salvatore Bonaccorso at 2022-09-15T08:43:58+02:00
Add CVE-2022-2566/ffmpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9487,6 +9487,9 @@ CVE-2022-2567
RESERVED
 CVE-2022-2566
RESERVED
+   - ffmpeg 7:5.1.1-1
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833
+   NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d
 (n5.1.1)
 CVE-2022-2565 (The Simple Payment Donations  Subscriptions WordPress 
plugin befo ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose 
prior to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465d2c21e7386f4c4af81583999213bf850e1c6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465d2c21e7386f4c4af81583999213bf850e1c6e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-36568/moodle

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15ed9348 by Salvatore Bonaccorso at 2022-09-15T08:39:25+02:00
Add CVE-2021-36568/moodle

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -82860,7 +82860,7 @@ CVE-2021-36570
 CVE-2021-36569
RESERVED
 CVE-2021-36568 (In certain Moodle products after creating a course, it is 
possible to  ...)
-   TODO: check
+   - moodle 
 CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization 
vulnerabil ...)
NOT-FOR-US: ThinkPHP
 CVE-2021-36566



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15ed9348ed5a7019d208ae54e3786dd02f3c128e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15ed9348ed5a7019d208ae54e3786dd02f3c128e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits