[Git][security-tracker-team/security-tracker][master] Add CVE-2022-190{7,8}/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c71149ce by Salvatore Bonaccorso at 2022-05-27T23:09:14+02:00 Add CVE-2022-190{7,8}/libmobi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67,9 +67,13 @@ CVE-2022-1910 CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) TODO: check CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - TODO: check + - libmobi + NOTE: https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8 + NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb1085097c5dba CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - TODO: check + - libmobi + NOTE: https://huntr.dev/bounties/4eb0fa3e-4480-4fb5-8ec0-fbcd71de6012 + NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb1085097c5dba CVE-2022-1906 RESERVED CVE-2022-1905 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71149ce58bf29c9c8d6d6f421e645c95800597b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71149ce58bf29c9c8d6d6f421e645c95800597b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-189{7,8}/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2da45f8 by Salvatore Bonaccorso at 2022-05-27T22:51:11+02:00 Add CVE-2022-189{7,8}/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -167,9 +167,17 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea + NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024) CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 + NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023) CVE-2022-1896 RESERVED CVE-2022-1895 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2da45f8c3cd87fa0402fd6c3504de05b221cfcc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2da45f8c3cd87fa0402fd6c3504de05b221cfcc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab8b2b9e by Salvatore Bonaccorso at 2022-05-27T22:23:15+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3715,7 +3715,7 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not fi CVE-2022-30426 RESERVED CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-30424 RESERVED CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab8b2b9e72ef8219dcbaae47342aefcd3f8ba948 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab8b2b9e72ef8219dcbaae47342aefcd3f8ba948 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9901a029 by security tracker role at 2022-05-27T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,85 @@ +CVE-2022-31780 + RESERVED +CVE-2022-31779 + RESERVED +CVE-2022-31778 + RESERVED +CVE-2022-31777 + RESERVED +CVE-2022-31776 + RESERVED +CVE-2022-31775 + RESERVED +CVE-2022-31774 + RESERVED +CVE-2022-31773 + RESERVED +CVE-2022-31772 + RESERVED +CVE-2022-31771 + RESERVED +CVE-2022-31770 + RESERVED +CVE-2022-31769 + RESERVED +CVE-2022-31768 + RESERVED +CVE-2022-31767 + RESERVED +CVE-2022-31766 + RESERVED +CVE-2022-31765 + RESERVED +CVE-2022-31764 + RESERVED +CVE-2022-1925 + RESERVED +CVE-2022-1924 + RESERVED +CVE-2022-1923 + RESERVED +CVE-2022-1922 + RESERVED +CVE-2022-1921 + RESERVED +CVE-2022-1920 + RESERVED +CVE-2022-1919 + RESERVED +CVE-2022-1918 + RESERVED +CVE-2022-1917 + RESERVED +CVE-2022-1916 + RESERVED +CVE-2022-1915 + RESERVED +CVE-2022-1914 + RESERVED +CVE-2022-1913 + RESERVED +CVE-2022-1912 + RESERVED +CVE-2022-1911 + RESERVED +CVE-2022-1910 + RESERVED +CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) + TODO: check +CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + TODO: check +CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + TODO: check +CVE-2022-1906 + RESERVED +CVE-2022-1905 + RESERVED +CVE-2022-1904 + RESERVED +CVE-2022-1903 + RESERVED +CVE-2020-36528 + RESERVED CVE-2022-31763 RESERVED CVE-2022-31762 @@ -84,10 +166,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t - radare2 NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d -CVE-2022-1898 - RESERVED -CVE-2022-1897 - RESERVED +CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1896 RESERVED CVE-2022-1895 @@ -3454,30 +3536,30 @@ CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the NOT-FOR-US: Hospital-Management-System CVE-2022-30515 RESERVED -CVE-2022-30514 - RESERVED -CVE-2022-30513 - RESERVED -CVE-2022-30512 - RESERVED -CVE-2022-30511 - RESERVED -CVE-2022-30510 - RESERVED +CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + TODO: check +CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + TODO: check +CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-30509 RESERVED CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...) NOT-FOR-US: DedeCMS CVE-2022-30507 RESERVED -CVE-2022-30506 - RESERVED +CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...) + TODO: check CVE-2022-30505 RESERVED CVE-2022-30504 RESERVED -CVE-2022-30503 - RESERVED +CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check CVE-2022-30502 RESERVED CVE-2022-30501 @@ -3632,12 +3714,12 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not fi TODO: check CVE-2022-30426 RESERVED -CVE-2022-30425 - RESERVED +CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) + TODO: check CVE-2022-30424 RESERVED -CVE-2022-30423 - RESERVED +CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...) + TODO: check CVE-2022-30422 RESERVED CVE-2022-30421 @@ -3778,14 +3860,14 @@ CVE-2022-30354 RESERVED CVE-2022-30353 RESERVED -CVE-2022-30352 - RESERVED +CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...) + TODO: check CVE-2022-30351 RESERVED CVE-2022-30350 RESERVED -CVE-2022-30349 - RESERVED +CVE-2022-30349
[Git][security-tracker-team/security-tracker][master] Add oss-security reference for CVE-2022-1462
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21c1f539 by Salvatore Bonaccorso at 2022-05-27T21:46:31+02:00 Add oss-security reference for CVE-2022-1462 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5601,6 +5601,7 @@ CVE-2022-1462 RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/27/2 CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...) NOT-FOR-US: OpenEMR CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21c1f53999b328aec70488e1f80f54acc0ceac62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21c1f53999b328aec70488e1f80f54acc0ceac62 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2022-21831
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b871cf4f by Salvatore Bonaccorso at 2022-05-27T21:34:33+02:00 Reference upstream commits for CVE-2022-21831 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33361,7 +33361,9 @@ CVE-2022-21832 CVE-2022-21831 (A code injection vulnerability exists in the Active Storage = v5.2 ...) - rails (bug #1011940) NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq - NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (6-1-stable) + NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (v6.1.4.7) + NOTE: https://github.com/rails/rails/commit/92f64fec3136baabbebac97073c5213ea055dc53 (v6.0.4.7) + NOTE: https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3) CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 ...) NOT-FOR-US: Rocket.Chat.Livechat CVE-2022-21829 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b871cf4fa9f53620fa8ba5c4d3ce5356fb18c10e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b871cf4fa9f53620fa8ba5c4d3ce5356fb18c10e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2022-22577
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cfe1ab89 by Salvatore Bonaccorso at 2022-05-27T21:30:34+02:00 Reference upstream commits for CVE-2022-22577 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27860,7 +27860,9 @@ CVE-2022-22578 (A logic issue was addressed with improved validation. This issue CVE-2022-22577 (An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that co ...) - rails (bug #1011941) NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 - NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (6-1-stable) + NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1) + NOTE: https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8) + NOTE: https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809 (v5.2.7.1) CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) - curl 7.83.0-1 (bug #1010295) NOTE: https://curl.se/docs/CVE-2022-22576.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfe1ab89b5e6814a491ebddaadb38c4cdc83983e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfe1ab89b5e6814a491ebddaadb38c4cdc83983e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2022-1586 commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b17c9967 by Salvatore Bonaccorso at 2022-05-27T21:19:33+02:00 Add upstream tag information for CVE-2022-1586 commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4107,7 +4107,7 @@ CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 l CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - pcre2 10.40-1 (bug #1011954) NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) - NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c + NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40) CVE-2022-1585 RESERVED CVE-2022-30259 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b17c9967065fb39ca5dae982db1b1598298ab5a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b17c9967065fb39ca5dae982db1b1598298ab5a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-428{59,60}/mxml
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81426cdd by Salvatore Bonaccorso at 2022-05-27T21:16:06+02:00 Add CVE-2021-428{59,60}/mxml - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41328,9 +41328,13 @@ CVE-2021-42862 CVE-2021-42861 RESERVED CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) - TODO: check + - mxml + NOTE: https://github.com/michaelrsweet/mxml/issues/286 + TODO: check, unclear details from reporter and upstream cannot reproduce on current master CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) - TODO: check + - mxml + NOTE: https://github.com/michaelrsweet/mxml/issues/286 + TODO: check, unclear details from reporter and upstream cannot reproduce on current master CVE-2021-42858 RESERVED CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81426cdd8707a789c77c0293c398d41fdaab6ed4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81426cdd8707a789c77c0293c398d41fdaab6ed4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for pcre2 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bfaa35f by Salvatore Bonaccorso at 2022-05-27T20:41:06+02:00 Add Debian bug reference for pcre2 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4102,10 +4102,10 @@ CVE-2022-30260 CVE-2022-1588 REJECTED CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - - pcre2 10.40-1 + - pcre2 10.40-1 (bug #1011954) NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40) CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - - pcre2 10.40-1 + - pcre2 10.40-1 (bug #1011954) NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c CVE-2022-1585 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bfaa35feefb7cf83e92d937a9a156a09e48ffab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bfaa35feefb7cf83e92d937a9a156a09e48ffab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ffdcddf by Moritz Muehlenhoff at 2022-05-27T19:22:07+02:00 buster/bullseye triage add one more patch needed for pcre issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2317,12 +2317,13 @@ CVE-2022-25932 RESERVED CVE-2022-1736 RESERVED - - gnome-remote-desktop 42.1.1-2 + - gnome-remote-desktop 42.1.1-2 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3 NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) - TODO: check, if we want to threat this as unimportant severity issue + NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately + NOTE: up to the local admin CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...) - vim (unimportant) NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 @@ -4047,6 +4048,8 @@ CVE-2022-30285 RESERVED CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...) - python-libnmap + [bullseye] - python-libnmap (Minor issue) + [buster] - python-libnmap (Minor issue) NOTE: https://www.swascan.com/security-advisory-libnmap-2/ CVE-2022-30283 RESERVED @@ -4104,6 +4107,7 @@ CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 l CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - pcre2 10.40-1 NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) + NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c CVE-2022-1585 RESERVED CVE-2022-30259 @@ -7995,6 +7999,8 @@ CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scr NOT-FOR-US: Baidu Tieba CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...) - dokuwiki (bug #1011056) + [bullseye] - dokuwiki (Minor issue) + [buster] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/3651 NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffdcddf525cecac62c1e2e1b5d1d8cdf35b741f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffdcddf525cecac62c1e2e1b5d1d8cdf35b741f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pillow fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c49ca40 by Moritz Muehlenhoff at 2022-05-27T15:57:29+02:00 pillow fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3089,7 +3089,7 @@ CVE-2022-30597 (A flaw was found in moodle where the description user field was CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...) - moodle CVE-2022-30595 (libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...) - - pillow + - pillow 9.1.1-1 [bullseye] - pillow (Vulnerable code introduce later) [buster] - pillow (Vulnerable code introduce later) [stretch] - pillow (Vulnerable code introduce later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c49ca40b651efaf0ac35d10ce18de158613e080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c49ca40b651efaf0ac35d10ce18de158613e080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-21831 & CVE-2022-22577 in rails
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: e51505dc by Neil Williams at 2022-05-27T12:58:17+01:00 CVE-2022-21831 CVE-2022-22577 in rails - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27852,7 +27852,9 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-22577 (An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that co ...) - TODO: check + - rails (bug #1011941) + NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 + NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (6-1-stable) CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) - curl 7.83.0-1 (bug #1010295) NOTE: https://curl.se/docs/CVE-2022-22576.html @@ -33349,7 +33351,9 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur CVE-2022-21832 RESERVED CVE-2022-21831 (A code injection vulnerability exists in the Active Storage = v5.2 ...) - TODO: check + - rails (bug #1011940) + NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq + NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (6-1-stable) CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 ...) NOT-FOR-US: Rocket.Chat.Livechat CVE-2022-21829 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e51505dc06f826df1da13c3c3a0fe5d8b2d6f373 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e51505dc06f826df1da13c3c3a0fe5d8b2d6f373 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 39f29214 by Neil Williams at 2022-05-27T12:38:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8606,7 +8606,7 @@ CVE-2022-1264 CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...) NOT-FOR-US: D-Link Routers CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...) - TODO: check + NOT-FOR-US: MatrikonOPC CVE-2022-1260 RESERVED CVE-2022-1259 @@ -33357,7 +33357,7 @@ CVE-2022-21829 CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...) NOT-FOR-US: Ivanti CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...) - TODO: check + NOT-FOR-US: Citrix CVE-2022-21826 RESERVED CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...) @@ -39932,7 +39932,7 @@ CVE-2022-20823 CVE-2022-20822 RESERVED CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20820 RESERVED CVE-2022-20819 @@ -39956,7 +39956,7 @@ CVE-2022-20811 CVE-2022-20810 RESERVED CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20808 RESERVED CVE-2022-20807 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39f2921417ec0564ccbcb59b8660c67f04f968f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39f2921417ec0564ccbcb59b8660c67f04f968f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3030-1 for zipios++
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 268504d1 by Thorsten Alteholz at 2022-05-27T13:28:50+02:00 Reserve DLA-3030-1 for zipios++ - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -201223,7 +201223,6 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...) - zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556) [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1 - [stretch] - zipios++ (Minor issue) [jessie] - zipios++ (Minor issue) NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/ NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch = data/DLA/list = @@ -1,3 +1,6 @@ +[27 May 2022] DLA-3030-1 zipios++ - security update + {CVE-2019-13453} + [stretch] - zipios++ 0.1.5.9+cvs.2007.04.28-6+deb9u1 [27 May 2022] DLA-3029-1 cups - security update {CVE-2022-26691} [stretch] - cups 2.2.1-8+deb9u8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/268504d176a3515e0e2bd8709ed15024c2b5aa93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/268504d176a3515e0e2bd8709ed15024c2b5aa93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 4108bdf6 by Neil Williams at 2022-05-27T12:27:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13933,7 +13933,7 @@ CVE-2022-26867 CVE-2022-26866 RESERVED CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...) - TODO: check + NOT-FOR-US: Dell SupportAssist CVE-2022-26864 RESERVED CVE-2022-26863 @@ -13949,7 +13949,7 @@ CVE-2022-26859 CVE-2022-26858 RESERVED CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...) - TODO: check + NOT-FOR-US: Dell OpenManage Enterprise CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...) NOT-FOR-US: EMC CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...) @@ -20801,7 +20801,7 @@ CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path travers CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...) NOT-FOR-US: EMC CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...) @@ -20809,9 +20809,9 @@ CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24418 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-24417 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...) @@ -27626,15 +27626,15 @@ CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher all CVE-2022-22677 RESERVED CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22674 (An out-of-bounds read issue existed that led to the disclosure of kern ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22673 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22672 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22671 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...) @@ -27652,9 +27652,9 @@ CVE-2022-22665 (A logic issue was addressed with improved validation. This issue CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22662 (A cookie management issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...) @@ -27770,7 +27770,7 @@ CVE-2022-22618 (This issue was addressed with improved checks. This issue is fix CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-22616 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4108bdf6fe924a4749a5356ead23c2e861f78dd2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4108bdf6fe924a4749a5356ead23c2e861f78dd2 You're receiving this email because
[Git][security-tracker-team/security-tracker][master] 2 commits: Process some Apple NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d0120aa by Neil Williams at 2022-05-27T12:00:21+01:00 Process some Apple NFUs - - - - - 78f25c1c by Neil Williams at 2022-05-27T12:09:01+01:00 Process some Apple NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14233,37 +14233,37 @@ CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior t NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/ NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa CVE-2022-26776 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26775 (An integer overflow was addressed with improved input validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26774 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26773 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26772 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26771 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26770 (An out-of-bounds read issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26769 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26768 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26767 (The issue was addressed with additional permissions checks. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26766 (A certificate parsing issue was addressed with improved checks. This i ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26765 (A race condition was addressed with improved state handling. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26764 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26763 (An out-of-bounds access issue was addressed with improved bounds check ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26762 RESERVED CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26760 RESERVED CVE-2022-26759 @@ -14271,11 +14271,11 @@ CVE-2022-26759 CVE-2022-26758 RESERVED CVE-2022-26757 (A use after free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input validat ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26755 (This issue was addressed with improved environment sanitization. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26754 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handling. T ...) @@ -14283,23 +14283,23 @@ CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handl CVE-2022-26752 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26751 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26750 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26749 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26748 (An out-of-bounds write issue was addressed with improved input validat ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26747 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26746 (This issue was addressed by removing the vulnerable code. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26745 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26744 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26743 (An out-of-bounds write issue was addressed with improved bounds checki ...) -
[Git][security-tracker-team/security-tracker][master] Undo incomplete change for CVE-2021-42859
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 73426cf4 by Neil Williams at 2022-05-27T11:51:31+01:00 Undo incomplete change for CVE-2021-42859 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41320,7 +41320,7 @@ CVE-2021-42861 CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) TODO: check CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) - - mxml + TODO: check CVE-2021-42858 RESERVED CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73426cf4c582421b2d5474b55b35a7f016efdb71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73426cf4c582421b2d5474b55b35a7f016efdb71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some Apple NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 97abd286 by Neil Williams at 2022-05-27T11:47:03+01:00 Process some Apple NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14277,17 +14277,17 @@ CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input v CVE-2022-26755 (This issue was addressed with improved environment sanitization. This ...) TODO: check CVE-2022-26754 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26752 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26751 (A memory corruption issue was addressed with improved input validation ...) TODO: check CVE-2022-26750 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26749 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26748 (An out-of-bounds write issue was addressed with improved input validat ...) TODO: check CVE-2022-26747 (This issue was addressed with improved checks. This issue is fixed in ...) @@ -14301,19 +14301,19 @@ CVE-2022-26744 (A memory corruption issue was addressed with improved state mana CVE-2022-26743 (An out-of-bounds write issue was addressed with improved bounds checki ...) TODO: check CVE-2022-26742 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26741 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26740 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26739 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26738 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26737 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26736 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26735 RESERVED CVE-2022-26734 @@ -14323,83 +14323,83 @@ CVE-2022-26733 CVE-2022-26732 RESERVED CVE-2022-26731 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26730 RESERVED CVE-2022-26729 RESERVED CVE-2022-26728 (This issue was addressed with improved entitlements. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26727 (This issue was addressed with improved entitlements. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26726 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26725 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26724 (An authentication issue was addressed with improved state management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26723 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26722 (A memory initialization issue was addressed. This issue is fixed in Se ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26721 (A memory initialization issue was addressed. This issue is fixed in Se ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26719 RESERVED CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26717 RESERVED CVE-2022-26716 RESERVED CVE-2022-26715 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26714 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26713 RESERVED CVE-2022-26712 (This issue was addressed by removing the vulnerable code. This issue
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2da96b by Neil Williams at 2022-05-27T11:15:03+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41320,7 +41320,7 @@ CVE-2021-42861 CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) TODO: check CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) - TODO: check + - mxml CVE-2021-42858 RESERVED CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) @@ -41783,7 +41783,7 @@ CVE-2021-42694 (** DISPUTED ** An issue was discovered in the character definiti CVE-2021-42693 RESERVED CVE-2021-42692 (There is a stack-overflow vulnerability in tinytoml v0.4 that can caus ...) - TODO: check + NOT-FOR-US: mayah/tinytoml CVE-2021-42691 RESERVED CVE-2021-42690 @@ -49053,7 +49053,7 @@ CVE-2021-40319 CVE-2021-40318 RESERVED CVE-2021-40317 (Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.p ...) - TODO: check + - piwigo CVE-2021-40316 RESERVED CVE-2021-40315 @@ -66976,11 +66976,11 @@ CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...) NOT-FOR-US: Philips CVE-2021-33016 (An attacker can gain full access (read/write/delete) to sensitive fold ...) - TODO: check + NOT-FOR-US: Kuka CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-33014 (An attacker can gain VxWorks Shell after login due to hard-coded crede ...) - TODO: check + NOT-FOR-US: Kuka CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) NOT-FOR-US: mySCADA myPRO CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2da96b1974599f1937f53a7e7297b329469a62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2da96b1974599f1937f53a7e7297b329469a62 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Angular is the replacement for angular.js
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cddbf30 by Neil Williams at 2022-05-27T10:47:50+01:00 Angular is the replacement for angular.js angular.js is not affected, vulnerable code is not present No ITP/RFP exists for angular/angular Angular is not a drop-in replacement for angular.js, migrations in reverse deps would be required. Node/NPM upstream ceased support for angularJS in Jan 2022. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -369,7 +369,8 @@ CVE-2022-1889 CVE-2022-1888 RESERVED CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...) - TODO: check + NOT-FOR-US: angular/angular - replacement for deprecated angularjs + NOTE: AngularJS upstream support has officially ended as of January 2022 CVE-2022-31619 RESERVED CVE-2022-1887 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cddbf30bc8450e059b0232f3810a9a35310b053 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cddbf30bc8450e059b0232f3810a9a35310b053 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Claim pjproject
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 28c922fd by Abhijith PA at 2022-05-27T14:53:49+05:30 dla-needed.txt: Claim pjproject - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -181,7 +181,8 @@ pdns NOTE: 20220506: package builds but does not run a test suite, and I lack the NOTE: 20220506: know-how for testing manually (enrico) -- -pjproject +pjproject (Abhijith PA) + NOTE: 20220527: Same CVE asterisk (abhijith) -- plinth NOTE: 20220524: Harmonize with Debian 10.7 and 10.10 (2 CVEs) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c922fddae42797c640ea2b6689aa77325decee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c922fddae42797c640ea2b6689aa77325decee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: d187fd97 by Neil Williams at 2022-05-27T10:20:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72255,39 +72255,39 @@ CVE-2021-31012 CVE-2021-31011 REJECTED CVE-2021-31010 (A deserialization issue was addressed through improved validation. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31009 (Multiple issues were addressed by removing HDF5. This issue is fixed i ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31008 (A type confusion issue was addressed with improved memory handling. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31007 (Description: A permissions issue was addressed with improved validatio ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31006 (Description: A permissions issue was addressed with improved validatio ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31005 (Description: A logic issue was addressed with improved state managemen ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31004 (A race condition was addressed with improved locking. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31003 REJECTED CVE-2021-31002 REJECTED CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30999 (The issue was addressed with improved permissions logic. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30998 (A S/MIME issue existed in the handling of encrypted email. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30997 (A S/MIME issue existed in the handling of encrypted email. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30994 (An access issue was addressed with improved access restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...) @@ -72355,7 +72355,7 @@ CVE-2021-30964 (An inherited permissions issue was addressed with additional res CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30962 (A memory initialization issue was addressed with improved memory handl ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...) @@ -72367,7 +72367,7 @@ CVE-2021-30958 (An out-of-bounds read was addressed with improved input validati CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30956 (A lock screen issue allowed access to contacts on a locked device. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...) @@ -72407,9 +72407,9 @@ CVE-2021-30946 (A logic issue was addressed with improved restrictions. This iss CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30944 (Description: A logic issue was addressed with improved state managemen ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30943 (An issue in the handling of group membership was resolved with improve ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...) NOT-FOR-US: Apple CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...) @@ -72437,7 +72437,7 @@ CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handl - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30933 (A race condition was addressed with improved state handling. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30932 (The issue was addressed with
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f5ecbd6 by Salvatore Bonaccorso at 2022-05-27T10:36:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -269,7 +269,7 @@ CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffst CVE-2022-31649 RESERVED CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...) - TODO: check + NOT-FOR-US: Talend Administration Center CVE-2022-31647 RESERVED CVE-2022-31646 @@ -5931,7 +5931,7 @@ CVE-2022-29634 CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to access th ...) TODO: check CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...) - TODO: check + NOT-FOR-US: Roncoo Education CVE-2022-29631 RESERVED CVE-2022-29630 @@ -7470,7 +7470,7 @@ CVE-2022-29093 CVE-2022-29092 RESERVED CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-29090 RESERVED CVE-2022-29089 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f5ecbd674dc30a405f40e8f41b230e806294963 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f5ecbd674dc30a405f40e8f41b230e806294963 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18508fd0 by Salvatore Bonaccorso at 2022-05-27T10:33:43+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2765,9 +2765,9 @@ CVE-2022-30703 CVE-2022-30702 RESERVED CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-30699 RESERVED CVE-2022-30698 @@ -2834,7 +2834,7 @@ CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privile NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-30686 RESERVED CVE-2022-30685 @@ -9310,7 +9310,7 @@ CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code execu CVE-2022-28395 RESERVED CVE-2022-28394 (EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-28393 RESERVED CVE-2022-28392 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18508fd0744d6111ad1fc6366f59b0d21a681f4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18508fd0744d6111ad1fc6366f59b0d21a681f4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-32627,CVE-2021-32628/redis: precise triage
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: c352801c by Sylvain Beucler at 2022-05-27T10:26:20+02:00 CVE-2021-32627,CVE-2021-32628/redis: precise triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67987,12 +67987,12 @@ CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecod CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...) {DSA-5001-1} - redis 5:6.0.16-1 - [stretch] - redis (Minor issue; invasive patch) + [stretch] - redis (Minor issue; invasive patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...) {DSA-5001-1} - redis 5:6.0.16-1 - [stretch] - redis (Minor issue; invasive patch) + [stretch] - redis (Minor issue; invasive patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...) {DSA-5001-1 DLA-2810-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c352801c1e6b7812bc0203bf0fa97a770958c8f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c352801c1e6b7812bc0203bf0fa97a770958c8f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f137f91f by security tracker role at 2022-05-27T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2022-31763 + RESERVED +CVE-2022-31762 + RESERVED +CVE-2022-31761 + RESERVED +CVE-2022-31760 + RESERVED +CVE-2022-31759 + RESERVED +CVE-2022-31758 + RESERVED +CVE-2022-31757 + RESERVED +CVE-2022-31756 + RESERVED +CVE-2022-31755 + RESERVED +CVE-2022-31754 + RESERVED +CVE-2022-31753 + RESERVED +CVE-2022-31752 + RESERVED +CVE-2022-31751 + RESERVED +CVE-2022-31750 + RESERVED +CVE-2022-1902 + RESERVED +CVE-2022-1901 + RESERVED +CVE-2022-1900 + RESERVED +CVE-2021-46815 + RESERVED +CVE-2021-46814 + RESERVED +CVE-2021-46813 + RESERVED +CVE-2021-46812 + RESERVED +CVE-2021-46811 + RESERVED +CVE-2020-36527 + RESERVED +CVE-2020-36526 + RESERVED +CVE-2020-36525 + RESERVED +CVE-2020-36524 + RESERVED +CVE-2020-36523 + RESERVED CVE-2022-31749 RESERVED CVE-2022-31748 @@ -214,8 +268,8 @@ CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffst NOTE: https://sourceforge.net/p/sox/bugs/360/ CVE-2022-31649 RESERVED -CVE-2022-31648 - RESERVED +CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...) + TODO: check CVE-2022-31647 RESERVED CVE-2022-31646 @@ -2710,10 +2764,10 @@ CVE-2022-30703 RESERVED CVE-2022-30702 RESERVED -CVE-2022-30701 - RESERVED -CVE-2022-30700 - RESERVED +CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex ...) + TODO: check +CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + TODO: check CVE-2022-30699 RESERVED CVE-2022-30698 @@ -2779,8 +2833,8 @@ CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privile - needrestart 3.6-1 (bug #1011154) NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 -CVE-2022-30687 - RESERVED +CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...) + TODO: check CVE-2022-30686 RESERVED CVE-2022-30685 @@ -3057,10 +3111,10 @@ CVE-2022-30587 RESERVED CVE-2022-30586 RESERVED -CVE-2022-30585 - RESERVED -CVE-2022-30584 - RESERVED +CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...) + TODO: check +CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...) + TODO: check CVE-2022-30583 RESERVED CVE-2022-30582 @@ -5866,18 +5920,18 @@ CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211 NOT-FOR-US: TOTOLINK CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK -CVE-2022-29637 - RESERVED +CVE-2022-29637 (An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows at ...) + TODO: check CVE-2022-29636 RESERVED CVE-2022-29635 RESERVED CVE-2022-29634 RESERVED -CVE-2022-29633 - RESERVED -CVE-2022-29632 - RESERVED +CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to access th ...) + TODO: check +CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...) + TODO: check CVE-2022-29631 RESERVED CVE-2022-29630 @@ -9255,8 +9309,8 @@ CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code execu NOT-FOR-US: Apostrophe CMS CVE-2022-28395 RESERVED -CVE-2022-28394 - RESERVED +CVE-2022-28394 (EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) ...) + TODO: check CVE-2022-28393 RESERVED CVE-2022-28392 @@ -14177,88 +14231,88 @@ CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior t [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/ NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa -CVE-2022-26776 - RESERVED -CVE-2022-26775 - RESERVED -CVE-2022-26774 - RESERVED -CVE-2022-26773 - RESERVED -CVE-2022-26772 - RESERVED -CVE-2022-26771 - RESERVED -CVE-2022-26770 - RESERVED -CVE-2022-26769 - RESERVED -CVE-2022-26768 - RESERVED -CVE-2022-26767 - RESERVED -CVE-2022-26766 - RESERVED -CVE-2022-26765 - RESERVED
[Git][security-tracker-team/security-tracker][master] 4 commits: dla: add thunderbird
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 08e3e4cc by Sylvain Beucler at 2022-05-27T10:02:22+02:00 dla: add thunderbird - - - - - e7f136de by Sylvain Beucler at 2022-05-27T10:02:22+02:00 dla: add smarty3 - - - - - a4d0aac5 by Sylvain Beucler at 2022-05-27T10:02:23+02:00 CVE-2022-1851/vim: stretch postponed - - - - - d2d6e354 by Sylvain Beucler at 2022-05-27T10:04:17+02:00 dla: add qemu - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -539,6 +539,7 @@ CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) + [stretch] - vim (Minor issue, OOB read) NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d NOTE: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013) CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...) = data/dla-needed.txt = @@ -198,6 +198,10 @@ postgresql-9.6 puppet-module-puppetlabs-firewall NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc/front-desk) -- +qemu + NOTE: 20220527: a few new CVEs since last DLA, and buster got no updates since 2 years, + NOTE: 20220527: so maybe coordinate to start anticipating the next LTS (Beuc/front-desk) +-- request-tracker4 NOTE: 20220524: Harmonize with Debian 10.11 (1 CVE) (Beuc/front-desk) -- @@ -230,6 +234,10 @@ sleuthkit slurm-llnl (Thorsten Alteholz) NOTE: 20220516: Checking the code it looks like the patches will apply so the code is clearly vulnerable. -- +smarty3 + NOTE: 20220527: upcoming DSA by apo, but last DLA is recent (this month); + NOTE: 20220527: sync or postpone depending on severity (Beuc/front-desk) +-- snapd NOTE: 20220308: seems vulnerable at least to setup_private_mount, NOTE: 20220308: but double check (pochu) @@ -254,6 +262,10 @@ systemd NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but at the NOTE: 20220524: same time is severe and was fixed in other old distros (Beuc/front-desk) -- +thunderbird + NOTE: 20220527: DSA-5141-1 & DLA-3020-1 were just released, but thunderbird + NOTE: 20220527: is back in dsa-needed.txt with 2 new CVEs (Beuc/front-desk) +-- tiff (Utkarsh) NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff. NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b5b6f74a1a28cfa8f6a06083cd7e7cfbf6a9d88...d2d6e354c6f6111c596effee91b9d4e666499742 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b5b6f74a1a28cfa8f6a06083cd7e7cfbf6a9d88...d2d6e354c6f6111c596effee91b9d4e666499742 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop redis from dla-needed.txt.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b5b6f74 by Chris Lamb at 2022-05-27T08:40:49+01:00 Drop redis from dla-needed.txt. Feel free to re-add if The Script suggests so. :) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -198,9 +198,6 @@ postgresql-9.6 puppet-module-puppetlabs-firewall NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc/front-desk) -- -redis (Chris Lamb) - NOTE: 20220510: Chris Lamb is the maintainer. Programming language C. (apo) --- request-tracker4 NOTE: 20220524: Harmonize with Debian 10.11 (1 CVE) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b5b6f74a1a28cfa8f6a06083cd7e7cfbf6a9d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b5b6f74a1a28cfa8f6a06083cd7e7cfbf6a9d88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2022-24735 in redis for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d79fd6fe by Chris Lamb at 2022-05-27T08:38:17+01:00 Triage CVE-2022-24735 in redis for stretch LTS. - - - - - e1c61434 by Chris Lamb at 2022-05-27T08:39:34+01:00 Triage CVE-2022-24736 in redis for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19854,11 +19854,13 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical c CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...) [experimental] - redis 5:7.0.0-1 - redis + [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...) [experimental] - redis 5:7.0.0-1 - redis + [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0bf259d626a3fc75e5de50a71a6fa259b43cafa...e1c61434f91d19c597632f9902b65e4ffdb4797e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0bf259d626a3fc75e5de50a71a6fa259b43cafa...e1c61434f91d19c597632f9902b65e4ffdb4797e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits