[Git][security-tracker-team/security-tracker][master] lts: claim libraw
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d79b56a by Helmut Grohne at 2022-09-16T07:56:34+02:00 lts: claim libraw - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,7 +72,7 @@ kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- -libraw +libraw (Helmut Grohne) NOTE: 20220904: Programming language: C++. -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d79b56afbd7ee223071917277eb6191d31a898c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d79b56afbd7ee223071917277eb6191d31a898c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39209/cmark-gfm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a7ff1a9 by Salvatore Bonaccorso at 2022-09-16T06:43:28+02:00 Add CVE-2022-39209/cmark-gfm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3432,7 +3432,13 @@ CVE-2022-39211 CVE-2022-39210 RESERVED CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - TODO: check + - cmark-gfm + - python-cmarkgfm + - ghostwriter + - ruby-commonmarker + - r-cran-commonmark + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q + NOTE: https://github.com/github/cmark-gfm/commit/cfcaa0068bf319974fdec283416fcee5035c2d70 (0.29.0.gfm.6) CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) NOT-FOR-US: Onedev CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2998/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f8943c7 by Salvatore Bonaccorso at 2022-09-16T06:34:39+02:00 Add CVE-2022-2998/chromium - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -4704,6 +4704,9 @@ CVE-2022-2999 RESERVED CVE-2022-2998 RESERVED + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300 CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. ...) - snipe-it (bug #1005172) CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...) = data/DSA/list = @@ -53,7 +53,7 @@ {CVE-2022-2787} [bullseye] - schroot 1.6.10-12+deb11u1 [18 Aug 2022] DSA-5212-1 chromium - security update - {CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861} + {CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 CVE-2022-2998} [bullseye] - chromium 104.0.5112.101-1~deb11u1 [16 Aug 2022] DSA-5211-1 wpewebkit - security update {CVE-2022-32792 CVE-2022-32816} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8943c76c6d8fd4ab1b3652b1d35c4a4912b08a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8943c76c6d8fd4ab1b3652b1d35c4a4912b08a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4820ec8e by Salvatore Bonaccorso at 2022-09-16T06:30:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2022-3226 CVE-2022-3225 RESERVED CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...) - TODO: check + NOT-FOR-US: Node parse-url CVE-2022-3223 RESERVED CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) @@ -191,7 +191,7 @@ CVE-2022-3214 CVE-2022-3213 RESERVED CVE-2022-3212 (bytes::Bytes as axum_core::extract::FromRequest::from_request ...) - TODO: check + NOT-FOR-US: axum_core rust crate CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-30545 @@ -1065,7 +1065,7 @@ CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. driv - linux NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...) - TODO: check + NOT-FOR-US: ECi Printanista Hub CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 al ...) NOT-FOR-US: Canto Cumulus CVE-2022-40304 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4820ec8e8bc9701cb27a6e490d734995d7d6d43f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4820ec8e8bc9701cb27a6e490d734995d7d6d43f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2022-33068/harfbuzz
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57f57af1 by Salvatore Bonaccorso at 2022-09-16T06:19:10+02:00 Track fix via experimental for CVE-2022-33068/harfbuzz - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19682,6 +19682,7 @@ CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmeti CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...) NOT-FOR-US: Ethereum CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...) + [experimental] - harfbuzz 5.1.0-1 - harfbuzz (bug #1013673) [bullseye] - harfbuzz (Minor issue) [buster] - harfbuzz (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f57af17215bdcdf99d351146e09734bc70ad8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f57af17215bdcdf99d351146e09734bc70ad8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3111-1 for mod-wsgi
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: c50fa45b by Thorsten Alteholz at 2022-09-15T23:41:19+02:00 Reserve DLA-3111-1 for mod-wsgi - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Sep 2022] DLA-3111-1 mod-wsgi - security update + {CVE-2022-2255} + [buster] - mod-wsgi 4.6.5-1+deb10u1 [15 Sep 2022] DLA-3110-1 glib2.0 - security update {CVE-2021-3800} [buster] - glib2.0 2.58.3-2+deb10u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50fa45bc294fcf2f0fc00d963c46a606d45e9f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50fa45bc294fcf2f0fc00d963c46a606d45e9f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14c732ab by Salvatore Bonaccorso at 2022-09-15T22:38:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -183,7 +183,7 @@ CVE-2022-35238 CVE-2022-33978 RESERVED CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...) - TODO: check + NOT-FOR-US: Nintendo Game Boy Color CVE-2022-3215 RESERVED CVE-2022-3214 @@ -193,11 +193,11 @@ CVE-2022-3213 CVE-2022-3212 (bytes::Bytes as axum_core::extract::FromRequest::from_request ...) TODO: check CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) - TODO: check + NOT-FOR-US: pimcore CVE-2022-30545 RESERVED CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) - TODO: check + NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) - expat 2.4.8-2 (bug #1019761) NOTE: https://github.com/libexpat/libexpat/pull/629 @@ -220,65 +220,65 @@ CVE-2022-40665 CVE-2022-40664 RESERVED CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: NIKON CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40642 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40641 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40640 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Ansys SpaceClaim CVE-2022-40639 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3221/rdiffweb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b2f382a by Salvatore Bonaccorso at 2022-09-15T22:30:34+02:00 Add CVE-2022-3221/rdiffweb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,7 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2. NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - TODO: check + - rdiffweb (bug #969974) CVE-2022-3220 RESERVED CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b2f382a51d59b8fd3e94ae88d882f9a1c11076a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b2f382a51d59b8fd3e94ae88d882f9a1c11076a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3222/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2056046e by Salvatore Bonaccorso at 2022-09-15T22:24:33+02:00 Add CVE-2022-3222/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,9 @@ CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse CVE-2022-3223 RESERVED CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) - TODO: check + - gpac + NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ + NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) TODO: check CVE-2022-3220 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2056046e12f963aa2c4cede10c875bd1de9a9951 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2056046e12f963aa2c4cede10c875bd1de9a9951 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8707fdd by Salvatore Bonaccorso at 2022-09-15T22:13:46+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6157,9 +6157,9 @@ CVE-2022-38328 CVE-2022-38327 RESERVED CVE-2022-38326 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-38325 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-38324 RESERVED CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8707fdd140d3d35144122d4b8761642a1f2f81e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8707fdd140d3d35144122d4b8761642a1f2f81e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62e83737 by security tracker role at 2022-09-15T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2022-40742 + RESERVED +CVE-2022-40741 + RESERVED +CVE-2022-40740 + RESERVED +CVE-2022-40739 + RESERVED +CVE-2022-3227 + RESERVED +CVE-2022-3226 + RESERVED +CVE-2022-3225 + RESERVED +CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...) + TODO: check +CVE-2022-3223 + RESERVED +CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) + TODO: check +CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + TODO: check +CVE-2022-3220 + RESERVED CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) NOT-FOR-US: Bento4 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...) @@ -166,8 +190,8 @@ CVE-2022-3213 RESERVED CVE-2022-3212 (bytes::Bytes as axum_core::extract::FromRequest::from_request ...) TODO: check -CVE-2022-3211 - RESERVED +CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + TODO: check CVE-2022-30545 RESERVED CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) @@ -193,62 +217,62 @@ CVE-2022-40665 RESERVED CVE-2022-40664 RESERVED -CVE-2022-40663 - RESERVED -CVE-2022-40662 - RESERVED -CVE-2022-40661 - RESERVED -CVE-2022-40660 - RESERVED -CVE-2022-40659 - RESERVED -CVE-2022-40658 - RESERVED -CVE-2022-40657 - RESERVED -CVE-2022-40656 - RESERVED -CVE-2022-40655 - RESERVED -CVE-2022-40654 - RESERVED -CVE-2022-40653 - RESERVED -CVE-2022-40652 - RESERVED -CVE-2022-40651 - RESERVED -CVE-2022-40650 - RESERVED -CVE-2022-40649 - RESERVED -CVE-2022-40648 - RESERVED -CVE-2022-40647 - RESERVED -CVE-2022-40646 - RESERVED -CVE-2022-40645 - RESERVED -CVE-2022-40644 - RESERVED -CVE-2022-40643 - RESERVED -CVE-2022-40642 - RESERVED -CVE-2022-40641 - RESERVED -CVE-2022-40640 - RESERVED -CVE-2022-40639 - RESERVED -CVE-2022-40638 - RESERVED -CVE-2022-40637 - RESERVED -CVE-2022-40636 - RESERVED +CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for smarty issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abe5c6d7 by Salvatore Bonaccorso at 2022-09-15T22:01:05+02:00 Add Debian bug references for smarty issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,8 +69,8 @@ CVE-2022-3218 CVE-2022-3217 RESERVED CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) - - smarty3 - - smarty4 + - smarty3 (bug #1019897) + - smarty4 (bug #1019896) NOTE: https://github.com/smarty-php/smarty/issues/454 NOTE: https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47) NOTE: https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9 (v4.2.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe5c6d7ea19d3a99a15ba377fe9441c136911e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe5c6d7ea19d3a99a15ba377fe9441c136911e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-40674/expat via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c868e9b by Salvatore Bonaccorso at 2022-09-15T21:58:20+02:00 Track fixed version for CVE-2022-40674/expat via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -173,7 +173,7 @@ CVE-2022-30545 CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) TODO: check CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) - - expat (bug #1019761) + - expat 2.4.8-2 (bug #1019761) NOTE: https://github.com/libexpat/libexpat/pull/629 NOTE: https://github.com/libexpat/libexpat/pull/640 NOTE: https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c868e9ba5fc6875197460b4e021de4880826992 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c868e9ba5fc6875197460b4e021de4880826992 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-25047/smarty
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55fd71eb by Salvatore Bonaccorso at 2022-09-15T21:40:26+02:00 Add CVE-2018-25047/smarty - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,7 +69,11 @@ CVE-2022-3218 CVE-2022-3217 RESERVED CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) - TODO: check + - smarty3 + - smarty4 + NOTE: https://github.com/smarty-php/smarty/issues/454 + NOTE: https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47) + NOTE: https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9 (v4.2.1) CVE-2022-40706 RESERVED CVE-2022-40705 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fd71eb3d496a3cb6a865b3b38fb5c70f5e0a0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fd71eb3d496a3cb6a865b3b38fb5c70f5e0a0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix up two golang entries
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8be8be17 by Moritz Muehlenhoff at 2022-09-15T21:01:41+02:00 fix up two golang entries - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26609,7 +26609,8 @@ CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - - golang-1.15 + - golang-1.15 (Introduced in 1.16) + - golang-1.11 (Introduced in 1.16) NOTE: https://go.dev/issue/53415 NOTE: https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 (go1.19rc2) NOTE: https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (go1.18.4) @@ -2,8 +26667,7 @@ CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the HTTP/ - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 - - golang-1.11 - [buster] - golang-1.11 (Limited support) + - golang-1.11 (Introduced in 1.15) NOTE: https://go.dev/issue/53188 NOTE: https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1) NOTE: https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8be8be17db531b7be794037cf1d74f2aa77cc947 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8be8be17db531b7be794037cf1d74f2aa77cc947 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cbca0fec by Moritz Mühlenhoff at 2022-09-15T20:55:43+02:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[15 Sep 2022] DSA-5230-1 chromium - security update + {CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201} + [bullseye] - chromium 105.0.5195.125-1~deb11u1 [13 Sep 2022] DSA-5229-1 freecad - security update {CVE-2021-45844 CVE-2021-45845} [bullseye] - freecad 0.19.1+dfsg1-2+deb11u1 = data/dsa-needed.txt = @@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk (apo) -- -chromium --- commons-configuration -- connman (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbca0fec22fe56d15864910f91106feb87c12ce9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbca0fec22fe56d15864910f91106feb87c12ce9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: reclaim exiv2 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 441f90d9 by Roberto C. Sánchez at 2022-09-15T09:57:23-04:00 LTS: reclaim exiv2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,7 +35,7 @@ dovecot NOTE: 20220913: VCS: https://salsa.debian.org/lts-team/packages/dovecot.git NOTE: 20220913: Harmonize with bullseye: 1 CVE fixed in Debian 11.5 + 2 other postponed CVEs (Beuc/front-desk) -- -exiv2 +exiv2 (Roberto C. Sánchez) NOTE: 20220819: Programming language: C++. NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/441f90d999c7b3b38c3642c077f1ad77ade8defe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/441f90d999c7b3b38c3642c077f1ad77ade8defe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3110-1 for glib2.0
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: efc4c1da by Emilio Pozuelo Monfort at 2022-09-15T14:50:33+02:00 Reserve DLA-3110-1 for glib2.0 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Sep 2022] DLA-3110-1 glib2.0 - security update + {CVE-2021-3800} + [buster] - glib2.0 2.58.3-2+deb10u4 [15 Sep 2022] DLA-3093-2 rails - regression update [buster] - rails 2:5.2.2.1+dfsg-1+deb10u5 [15 Sep 2022] DLA-3109-1 nova - security update = data/dla-needed.txt = @@ -47,10 +47,6 @@ gdal (Utkarsh) NOTE: 20220913: Upcoming DSA (Beuc/front-desk) NOTE: 20220913: 2 CVEs already fixed in stretch (Beuc/front-desk) -- -glib2.0 (Emilio) - NOTE: 20220901: Programming language: C. - NOTE: 20220901: Special attention: High Popcon!. --- glibc NOTE: 20220913: Programming language: C, Assembly. NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and Debian 11.5 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc4c1dac1a5cb0b18cb34083a177b5c7d6612b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc4c1dac1a5cb0b18cb34083a177b5c7d6612b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: golang-websocket: update note
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 28d43909 by Sylvain Beucler at 2022-09-15T14:06:02+02:00 dla: golang-websocket: update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -62,6 +62,11 @@ golang-go.crypto NOTE: 20220915: Special attention: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1 NOTE: 20220915: Special attention: also check bullseye status -- +golang-websocket + NOTE: 20220915: Programming language: Go. + NOTE: 20220915: 1 CVE fixed in stretch and bullseye (golang-github-gorilla-websocket) (Beuc/front-desk) + NOTE: 20220915: Special attention: limited support; requires rebuilding reverse dependencies +-- imagemagick NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d439092595209cc74c7f0f96e09441d8d14c2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d439092595209cc74c7f0f96e09441d8d14c2e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add golang-go.crypto
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: c626c4aa by Sylvain Beucler at 2022-09-15T12:51:57+02:00 dla: add golang-go.crypto - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,6 +55,13 @@ glibc NOTE: 20220913: Programming language: C, Assembly. NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and Debian 11.5 (Beuc/front-desk) -- +golang-go.crypto + NOTE: 20220915: Programming language: Go. + NOTE: 20220915: 3 CVEs fixed in stretch and bullseye (Beuc/front-desk) + NOTE: 20220915: Special attention: limited support, cf. buster release notes + NOTE: 20220915: Special attention: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1 + NOTE: 20220915: Special attention: also check bullseye status +-- imagemagick NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c626c4aac10e061cfd3ec014a5e31204a61f1433 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c626c4aac10e061cfd3ec014a5e31204a61f1433 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c54b359 by Salvatore Bonaccorso at 2022-09-15T10:49:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40735 RESERVED CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...) @@ -747,9 +747,9 @@ CVE-2022-40441 CVE-2022-40440 RESERVED CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40437 RESERVED CVE-2022-40436 @@ -5199,9 +5199,9 @@ CVE-2022-38597 CVE-2022-38596 RESERVED CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Church Management System CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Church Management System CVE-2022-38593 RESERVED CVE-2022-38592 @@ -6070,7 +6070,7 @@ CVE-2022-38354 CVE-2022-38353 RESERVED CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...) - TODO: check + NOT-FOR-US: ThinkPHP CVE-2022-38351 RESERVED CVE-2022-38350 @@ -6128,7 +6128,7 @@ CVE-2022-38325 CVE-2022-38324 RESERVED CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...) - TODO: check + NOT-FOR-US: Event Management System CVE-2022-38322 RESERVED CVE-2022-38321 @@ -6158,7 +6158,7 @@ CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered t CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a comm ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...) NOT-FOR-US: LIEF CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...) @@ -6192,7 +6192,7 @@ CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which allows at ...) - TODO: check + NOT-FOR-US: Onedev CVE-2022-38300 RESERVED CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...) @@ -7629,7 +7629,7 @@ CVE-2022-37726 CVE-2022-37725 RESERVED CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary ...) - TODO: check + NOT-FOR-US: Project Wonder WebObjects CVE-2022-37723 RESERVED CVE-2022-37722 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c54b3593d11982386d893f3b4767856daa9401b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c54b3593d11982386d893f3b4767856daa9401b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2977/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44472113 by Salvatore Bonaccorso at 2022-09-15T10:37:03+02:00 Add CVE-2022-2977/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4820,7 +4820,10 @@ CVE-2022-38718 CVE-2022-38717 RESERVED CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...) - TODO: check + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/7e0438f83dc769465ee663bb5dcf8cc154940712 (5.18-rc1) CVE-2022-2976 RESERVED CVE-2022-2975 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444721137309d3943e670d0590436f11b478e5ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444721137309d3943e670d0590436f11b478e5ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40476/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57d23df3 by Salvatore Bonaccorso at 2022-09-15T10:27:57+02:00 Add CVE-2022-40476/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -671,7 +671,9 @@ CVE-2022-40478 CVE-2022-40477 RESERVED CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...) - TODO: check + - linux (Vulnerable code never released in Debian unstable) + NOTE: https://lore.kernel.org/lkml/cao4s-mdvw5gkodk0+vbqexnaajzopwzfj9acvrcj989fq4a...@mail.gmail.com/ + NOTE: https://git.kernel.org/linus/386e4fb6962b9f248a80f8870aea0870ca603e89 (5.19-rc4) CVE-2022-40475 RESERVED CVE-2022-40474 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d23df3dd2b5bccd49e573357c2b6c001ab4d07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d23df3dd2b5bccd49e573357c2b6c001ab4d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aae29227 by security tracker role at 2022-09-15T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,75 @@ +CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) + TODO: check +CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...) + TODO: check +CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) + TODO: check +CVE-2022-40735 + RESERVED +CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...) + TODO: check +CVE-2022-40733 + RESERVED +CVE-2022-40732 + RESERVED +CVE-2022-40731 + RESERVED +CVE-2022-40730 + RESERVED +CVE-2022-40729 + RESERVED +CVE-2022-40728 + RESERVED +CVE-2022-40727 + RESERVED +CVE-2022-40726 + RESERVED +CVE-2022-40725 + RESERVED +CVE-2022-40724 + RESERVED +CVE-2022-40723 + RESERVED +CVE-2022-40722 + RESERVED +CVE-2022-40721 + RESERVED +CVE-2022-40720 + RESERVED +CVE-2022-40719 + RESERVED +CVE-2022-40718 + RESERVED +CVE-2022-40717 + RESERVED +CVE-2022-40716 + RESERVED +CVE-2022-40715 + RESERVED +CVE-2022-40714 + RESERVED +CVE-2022-40713 + RESERVED +CVE-2022-40712 + RESERVED +CVE-2022-40711 + RESERVED +CVE-2022-40710 + RESERVED +CVE-2022-40709 + RESERVED +CVE-2022-40708 + RESERVED +CVE-2022-40707 + RESERVED +CVE-2022-3219 + RESERVED +CVE-2022-3218 + RESERVED +CVE-2022-3217 + RESERVED +CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) + TODO: check CVE-2022-40706 RESERVED CVE-2022-40705 @@ -80,8 +152,8 @@ CVE-2022-35238 RESERVED CVE-2022-33978 RESERVED -CVE-2022-3216 - RESERVED +CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...) + TODO: check CVE-2022-3215 RESERVED CVE-2022-3214 @@ -94,8 +166,8 @@ CVE-2022-3211 RESERVED CVE-2022-30545 RESERVED -CVE-2020-36603 - RESERVED +CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) + TODO: check CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) - expat (bug #1019761) NOTE: https://github.com/libexpat/libexpat/pull/629 @@ -175,8 +247,8 @@ CVE-2022-40636 RESERVED CVE-2022-3210 RESERVED -CVE-2022-31735 - RESERVED +CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...) + TODO: check CVE-2021-46838 RESERVED CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) @@ -598,8 +670,8 @@ CVE-2022-40478 RESERVED CVE-2022-40477 RESERVED -CVE-2022-40476 - RESERVED +CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...) + TODO: check CVE-2022-40475 RESERVED CVE-2022-40474 @@ -672,10 +744,10 @@ CVE-2022-40441 RESERVED CVE-2022-40440 RESERVED -CVE-2022-40439 - RESERVED -CVE-2022-40438 - RESERVED +CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...) + TODO: check +CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...) + TODO: check CVE-2022-40437 RESERVED CVE-2022-40436 @@ -820,8 +892,8 @@ CVE-2022-40367 RESERVED CVE-2022-40366 RESERVED -CVE-2022-40365 - RESERVED +CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...) + TODO: check CVE-2022-40364 RESERVED CVE-2022-40363 @@ -4745,8 +4817,8 @@ CVE-2022-38718 RESERVED CVE-2022-38717 RESERVED -CVE-2022-2977 - RESERVED +CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...) + TODO: check CVE-2022-2976 RESERVED CVE-2022-2975 @@ -5121,10 +5193,10 @@ CVE-2022-38597 RESERVED CVE-2022-38596 RESERVED -CVE-2022-38595 - RESERVED -CVE-2022-38594 - RESERVED +CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + TODO: check +CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + TODO: check CVE-2022-38593 RESERVED CVE-2022-38592 @@ -5992,8 +6064,8 @@ CVE-2022-38354 RESERVED CVE-2022-38353 RESERVED -CVE-2022-38352 - RESERVED +CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...) + TODO: check CVE-2022-38351
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 8963bb09 by Abhijith PA at 2022-09-15T13:37:02+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -131,6 +131,8 @@ rails (Abhijith PA) NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith) NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html (abhijith) NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 (abhijith) + NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression causing patch (abhijith) + NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith) -- rainloop NOTE: 20220913: Programming language: PHP, JavaScript. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] reserve DLA-3093-2 for rails
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 783ec94b by Abhijith PA at 2022-09-15T13:01:01+05:30 reserve DLA-3093-2 for rails - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[15 Sep 2022] DLA-3093-2 rails - regression update + [buster] - rails 2:5.2.2.1+dfsg-1+deb10u5 [15 Sep 2022] DLA-3109-1 nova - security update {CVE-2019-14433} [buster] - nova 2:18.1.0-6+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783ec94bee911f12b96f652dafe55dfb91e5e07c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783ec94bee911f12b96f652dafe55dfb91e5e07c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tag for CVE-2019-14433/nova
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 84ba6dcd by Emilio Pozuelo Monfort at 2022-09-15T08:49:17+02:00 Remove no-dsa tag for CVE-2019-14433/nova - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -222147,7 +222147,6 @@ CVE-2019-14434 RESERVED CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before ...) - nova 2:19.0.2-1 (low; bug #934114) - [buster] - nova (Minor issue) [stretch] - nova (Minor issue) [jessie] - nova (Minor issue) NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ba6dcd57e4866df1ac7226460bb3a533a702f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ba6dcd57e4866df1ac7226460bb3a533a702f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3109-1 for nova
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 03f9c73a by Emilio Pozuelo Monfort at 2022-09-15T08:47:42+02:00 Reserve DLA-3109-1 for nova - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Sep 2022] DLA-3109-1 nova - security update + {CVE-2019-14433} + [buster] - nova 2:18.1.0-6+deb10u1 [14 Sep 2022] DLA-3108-1 pcs - security update {CVE-2022-1049} [buster] - pcs 0.10.1-2+deb10u1 = data/dla-needed.txt = @@ -99,14 +99,6 @@ nodejs (Sylvain Beucler) NOTE: 20220801: one of the upstream fixes doesn't address the security issue (jmm) NOTE: 20220912: backporting patches and determining testing procedures (Beuc) -- -nova (Emilio) - NOTE: 20220912: Programming language: Python. - NOTE: 20220912: VCS: https://salsa.debian.org/openstack-team/services/nova - NOTE: 20220912: Maintainer notes: Contact original maintainer: zigo. - NOTE: 20220912: Please see: https://lists.debian.org/debian-lts/2022/09/msg00030.html. - NOTE: 20220912: Current branch to package: https://salsa.debian.org/openstack-team/services/nova/-/tree/debian/rocky/nova - NOTE: 20220913: will coordinate with maintainer (pochu) --- openexr NOTE: 20220904: Programming language: C++. NOTE: 20220904: Should be synced with Stretch. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f9c73ad57aa7fd24f860704339a69374aecdb1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03f9c73ad57aa7fd24f860704339a69374aecdb1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2566/ffmpeg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 465d2c21 by Salvatore Bonaccorso at 2022-09-15T08:43:58+02:00 Add CVE-2022-2566/ffmpeg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9487,6 +9487,9 @@ CVE-2022-2567 RESERVED CVE-2022-2566 RESERVED + - ffmpeg 7:5.1.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d (n5.1.1) CVE-2022-2565 (The Simple Payment Donations Subscriptions WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465d2c21e7386f4c4af81583999213bf850e1c6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465d2c21e7386f4c4af81583999213bf850e1c6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-36568/moodle
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15ed9348 by Salvatore Bonaccorso at 2022-09-15T08:39:25+02:00 Add CVE-2021-36568/moodle - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82860,7 +82860,7 @@ CVE-2021-36570 CVE-2021-36569 RESERVED CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to ...) - TODO: check + - moodle CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) NOT-FOR-US: ThinkPHP CVE-2021-36566 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15ed9348ed5a7019d208ae54e3786dd02f3c128e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15ed9348ed5a7019d208ae54e3786dd02f3c128e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits