date:20220531

[Git][security-tracker-team/security-tracker][master] Track fixes for firefox-esr issues from mfsa2022-21

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c96680f8 by Salvatore Bonaccorso at 2022-06-01T07:11:50+02:00
Track fixes for firefox-esr issues from mfsa2022-21

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1035,7 +1035,7 @@ CVE-2022-31748
 CVE-2022-31747
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
@@ -1057,7 +1057,7 @@ CVE-2022-31743
 CVE-2022-31742
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742
@@ -1065,7 +1065,7 @@ CVE-2022-31742
 CVE-2022-31741
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741
@@ -1073,7 +1073,7 @@ CVE-2022-31741
 CVE-2022-31740
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740
@@ -1089,7 +1089,7 @@ CVE-2022-31739
 CVE-2022-31738
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738
@@ -1097,7 +1097,7 @@ CVE-2022-31738
 CVE-2022-31737
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737
@@ -1105,7 +1105,7 @@ CVE-2022-31737
 CVE-2022-31736
RESERVED
- firefox 
-   - firefox-esr 
+   - firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96680f81bafcce3dc17368352988bd23fe11cd8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96680f81bafcce3dc17368352988bd23fe11cd8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track thunderbird fixes for mfsa2022-22 issues via unstable

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de11dd34 by Salvatore Bonaccorso at 2022-06-01T07:09:06+02:00
Track thunderbird fixes for mfsa2022-22 issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1036,7 +1036,7 @@ CVE-2022-31747
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747
@@ -1058,7 +1058,7 @@ CVE-2022-31742
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742
@@ -1066,7 +1066,7 @@ CVE-2022-31741
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741
@@ -1074,7 +1074,7 @@ CVE-2022-31740
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740
@@ -1090,7 +1090,7 @@ CVE-2022-31738
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738
@@ -1098,7 +1098,7 @@ CVE-2022-31737
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737
@@ -1106,7 +1106,7 @@ CVE-2022-31736
RESERVED
- firefox 
- firefox-esr 
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736
@@ -2352,7 +2352,7 @@ CVE-2022-1835
RESERVED
 CVE-2022-1834
RESERVED
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
 CVE-2022-1833
RESERVED
@@ -2489,7 +2489,7 @@ CVE-2022-1802
{DSA-5143-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1802
 CVE-2020-36522
RESERVED
@@ -6121,7 +6121,7 @@ CVE-2022-1529
{DSA-5143-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
-   - thunderbird 
+   - thunderbird 1:91.10.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529
 CVE-2022-1528 (The VikBooking Hotel Booking Engine  PMS WordPress plugin 
before  ...)
NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de11dd349871e5c2a905b8b31e5376496717e398

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de11dd349871e5c2a905b8b31e5376496717e398
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed and assign to jmm

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d7e23c49 by Salvatore Bonaccorso at 2022-06-01T07:07:34+02:00
Add firefox-esr to dsa-needed and assign to jmm

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -22,6 +22,8 @@ curl
 --
 epiphany-browser
 --
+firefox-esr (jmm)
+--
 freecad (aron)
 --
 libpgjava (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e23c49e80f258fbd3aedfe53581da4d3c70b3b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e23c49e80f258fbd3aedfe53581da4d3c70b3b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2022-22

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5ab1962c by Salvatore Bonaccorso at 2022-06-01T07:06:49+02:00
Add thunderbird issues from mfsa2022-22

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1036,8 +1036,10 @@ CVE-2022-31747
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747
 CVE-2022-31746
RESERVED
 CVE-2022-31745
@@ -1056,44 +1058,58 @@ CVE-2022-31742
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742
 CVE-2022-31741
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741
 CVE-2022-31740
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740
 CVE-2022-31739
RESERVED
- firefox  (Only affects Windows)
- firefox-esr  (Only affects Windows)
+   - thunderbird  (Only affects Windows)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739
 CVE-2022-31738
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738
 CVE-2022-31737
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737
 CVE-2022-31736
RESERVED
- firefox 
- firefox-esr 
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736
 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior 
to 5.7 ...)
- radare2 
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
@@ -2336,6 +2352,8 @@ CVE-2022-1835
RESERVED
 CVE-2022-1834
RESERVED
+   - thunderbird 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
 CVE-2022-1833
RESERVED
 CVE-2022-1832



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab1962c04be6a715a6fa38987dc89c3c9c98fe1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab1962c04be6a715a6fa38987dc89c3c9c98fe1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e665b2bc by Salvatore Bonaccorso at 2022-06-01T05:03:53+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -850,7 +850,7 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository 
vim/vim prior to 8.2. ...)
NOTE: 
https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 
(v8.2.5037)
NOTE: Crash in CLI tool, no security impact
 CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository 
polonel/trudesk pr ...)
-   TODO: check
+   NOT-FOR-US: Trudesk
 CVE-2022-31793
RESERVED
 CVE-2022-31792
@@ -1861,7 +1861,7 @@ CVE-2022-31502
 CVE-2022-31501
RESERVED
 CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer 
sets im ...)
-   TODO: check
+   NOT-FOR-US: KNIME Analytics Platform
 CVE-2022-31499
RESERVED
 CVE-2022-31498
@@ -2181,13 +2181,13 @@ CVE-2022-31340
 CVE-2022-31339
RESERVED
 CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31334
RESERVED
 CVE-2022-31333
@@ -2199,11 +2199,11 @@ CVE-2022-31331
 CVE-2022-31330
RESERVED
 CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL 
Injection  ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via 
/ordering ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL 
Injection  ...)
-   TODO: check
+   NOT-FOR-US: Online Ordering System
 CVE-2022-31326
RESERVED
 CVE-2022-31325
@@ -3621,63 +3621,63 @@ CVE-2022-30838 (Covid-19 Travel Pass Management System 
v1.0 is vulnerable to SQL
 CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site 
Scripting  ...)
NOT-FOR-US: Toll-tax-management-system
 CVE-2022-30836 (Wedding Management System v1.0 is vulnerable to SQL Injection. 
via Wed ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30835 (Wedding Management System v1.0 is vulnerable to SQL Injection. 
via /We ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30834 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via /Wed ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30833 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via /Wed ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30832 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via /Wed ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30831 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via Wedd ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30830 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30829 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30828 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30827 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30826 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via admi ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30825 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30824
RESERVED
 CVE-2022-30823 (Wedding Management System v1.0 is vulnerable to SQL Injection 
via \adm ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30822 (In Wedding Management System v1.0, there is an arbitrary file 
upload v ...)
-   TODO: check
+   NOT-FOR-US: Wedding Management System
 CVE-2022-30821 (In Wedding Management System v1.0, the editing function of the

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1942/vim

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
524d2ad6 by Salvatore Bonaccorso at 2022-06-01T05:00:42+02:00
Add CVE-2022-1942/vim

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -767,7 +767,9 @@ CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by: 
https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
 CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 8.2. ...)
-   TODO: check
+   - vim 
+   NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
+   NOTE: 
https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d 
(v8.2.5043)
 CVE-2022-1941
RESERVED
 CVE-2022-1940



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524d2ad607bf53434e987c56c07a9e35de1d86ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524d2ad607bf53434e987c56c07a9e35de1d86ef
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one NFU

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57fd801f by Salvatore Bonaccorso at 2022-06-01T04:58:39+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29563,7 +29563,7 @@ CVE-2022-22363
 CVE-2022-22362
RESERVED
 CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 
21.0.3, 20 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22360
RESERVED
 CVE-2022-22359



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57fd801f4855a050d499aa514025a6727d4b284e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57fd801f4855a050d499aa514025a6727d4b284e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird

2022-05-31 Thread Emilio Pozuelo Monfort (@pochu)



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ceed33d3 by Emilio Pozuelo Monfort at 2022-06-01T01:33:09+02:00
lts: take firefox-esr and thunderbird

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -72,6 +72,8 @@ exempi
   NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further 
analysis
   NOTE: 20220517: is needed.
 --
+firefox-esr (Emilio)
+--
 firmware-nonfree (Markus Koschany)
   NOTE: 20220529: Programming language: binary blob.
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
@@ -323,7 +325,7 @@ systemd
   NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but 
at the
   NOTE: 20220524: same time is severe and was fixed in other old distros 
(Beuc/front-desk)
 --
-thunderbird
+thunderbird (Emilio)
   NOTE: 20220529: Programming language: C++.
   NOTE: 20220527: DSA-5141-1 & DLA-3020-1 were just released, but thunderbird
   NOTE: 20220527: is back in dsa-needed.txt with 2 new CVEs (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceed33d393e62e3992e92393e239a9cd401d3406

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceed33d393e62e3992e92393e239a9cd401d3406
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5154-1 and wpewebkit DSA-5155-1

2022-05-31 Thread Alberto Garcia (@berto)



Alberto Garcia pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c5c3044 by Alberto Garcia at 2022-06-01T01:26:16+02:00
webkit2gtk DSA-5154-1 and wpewebkit DSA-5155-1

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,10 @@
+[01 Jun 2022] DSA-5155-1 wpewebkit - security update
+   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293 CVE-2022-30294}
+   [bullseye] - wpewebkit 2.36.3-1~deb11u1
+[01 Jun 2022] DSA-5154-1 webkit2gtk - security update
+   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293 CVE-2022-30294}
+   [buster] - webkit2gtk 2.36.3-1~deb10u1
+   [bullseye] - webkit2gtk 2.36.3-1~deb11u1
 [30 May 2022] DSA-5153-1 trafficserver - security update
{CVE-2021-37147 CVE-2021-37148 CVE-2021-37149 CVE-2021-38161 
CVE-2021-44040 CVE-2021-44759}
[buster] - trafficserver 8.0.2+ds-1+deb10u6


=
data/dsa-needed.txt
=
@@ -62,7 +62,3 @@ unzip
 --
 wordpress
 --
-webkit2gtk
---
-wpewebkit
---



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5c3044f05ffc028ee68209d5a49efaf2954ba0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5c3044f05ffc028ee68209d5a49efaf2954ba0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ccdfe186 by security tracker role at 2022-05-31T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,81 @@
+CVE-2022-32158
+   RESERVED
+CVE-2022-32157
+   RESERVED
+CVE-2022-32156
+   RESERVED
+CVE-2022-32155
+   RESERVED
+CVE-2022-32154
+   RESERVED
+CVE-2022-32153
+   RESERVED
+CVE-2022-32152
+   RESERVED
+CVE-2022-32151
+   RESERVED
+CVE-2022-32150
+   RESERVED
+CVE-2022-32149
+   RESERVED
+CVE-2022-32148
+   RESERVED
+CVE-2022-32147
+   RESERVED
+CVE-2022-32146
+   RESERVED
+CVE-2022-32145
+   RESERVED
+CVE-2022-32144
+   RESERVED
+CVE-2022-32143
+   RESERVED
+CVE-2022-32142
+   RESERVED
+CVE-2022-32141
+   RESERVED
+CVE-2022-32140
+   RESERVED
+CVE-2022-32139
+   RESERVED
+CVE-2022-32138
+   RESERVED
+CVE-2022-32137
+   RESERVED
+CVE-2022-32136
+   RESERVED
+CVE-2022-30997
+   RESERVED
+CVE-2022-29519
+   RESERVED
+CVE-2022-1962
+   RESERVED
+CVE-2022-1961
+   RESERVED
+CVE-2022-1960
+   RESERVED
+CVE-2022-1959
+   RESERVED
+CVE-2022-1958
+   RESERVED
+CVE-2022-1957
+   RESERVED
+CVE-2022-1956
+   RESERVED
+CVE-2022-1955
+   RESERVED
+CVE-2022-1954
+   RESERVED
+CVE-2022-1953
+   RESERVED
+CVE-2022-1952
+   RESERVED
+CVE-2022-1951
+   RESERVED
+CVE-2022-1950
+   RESERVED
+CVE-2022-1949
+   RESERVED
 CVE-2022-32135
RESERVED
 CVE-2022-32134
@@ -688,8 +766,8 @@ CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse]
[stretch] - linux  (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by: 
https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
-CVE-2022-1942
-   RESERVED
+CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 8.2. ...)
+   TODO: check
 CVE-2022-1941
RESERVED
 CVE-2022-1940
@@ -769,8 +847,8 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository 
vim/vim prior to 8.2. ...)
NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777
NOTE: 
https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 
(v8.2.5037)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1926
-   RESERVED
+CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository 
polonel/trudesk pr ...)
+   TODO: check
 CVE-2022-31793
RESERVED
 CVE-2022-31792
@@ -1780,8 +1858,8 @@ CVE-2022-31502
RESERVED
 CVE-2022-31501
RESERVED
-CVE-2022-31500
-   RESERVED
+CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer 
sets im ...)
+   TODO: check
 CVE-2022-31499
RESERVED
 CVE-2022-31498
@@ -2100,14 +2178,14 @@ CVE-2022-31340
RESERVED
 CVE-2022-31339
RESERVED
-CVE-2022-31338
-   RESERVED
-CVE-2022-31337
-   RESERVED
-CVE-2022-31336
-   RESERVED
-CVE-2022-31335
-   RESERVED
+CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
+   TODO: check
+CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
+   TODO: check
+CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
+   TODO: check
+CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection 
via /order ...)
+   TODO: check
 CVE-2022-31334
RESERVED
 CVE-2022-31333
@@ -2118,12 +2196,12 @@ CVE-2022-31331
RESERVED
 CVE-2022-31330
RESERVED
-CVE-2022-31329
-   RESERVED
-CVE-2022-31328
-   RESERVED
-CVE-2022-31327
-   RESERVED
+CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL 
Injection  ...)
+   TODO: check
+CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via 
/ordering ...)
+   TODO: check
+CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL 
Injection  ...)
+   TODO: check
 CVE-2022-31326
RESERVED
 CVE-2022-31325
@@ -2879,8 +2957,8 @@ CVE-2022-31004 (CVEProject/cve-services is an open source 
project used to operat
NOT-FOR-US: CVEProject/cve-services
 CVE-2022-31003
RESERVED
-CVE-2022-31002
-   RESERVED
+CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) 
User-Age ...)
+   TODO: check
 CVE-2022-31001
RESERVED
 CVE-2022-31000
@@ -3021,8 +3099,8 @@ CVE-2022-1771 (Uncontrolled Recursion in GitHub 
repository vim/vim prior to 8.2.
NOTE: Crash in CLI tool, no security impact
 CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) 
gem throug ...)
NOT-FOR-US: bvsatyaram/random_password_generator
-CVE-2022-30973
-   RESERVED

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch

2022-05-31 Thread Markus Koschany (@apo)



Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55c12562 by Markus Koschany at 2022-05-31T16:38:42+02:00
CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch

- - - - -
c912b00d by Markus Koschany at 2022-05-31T16:39:24+02:00
Reserve DLA-3037-1 for libjpeg-turbo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -234641,7 +234641,6 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of 
CryptoPlugin.cpp, there is a possible
 CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, 
there is ...)
- libjpeg-turbo 1:2.0.5-1 (low)
[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-   [stretch] - libjpeg-turbo  (Minor issue)
[jessie] - libjpeg-turbo  (No package in Debian jessie uses 
the TurboJPEG API)
NOTE: https://source.android.com/security/bulletin/2019-11-01
NOTE: 
https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 May 2022] DLA-3037-1 libjpeg-turbo - security update
+   {CVE-2019-2201}
+   [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u2
 [31 May 2022] DLA-3036-1 pjproject - security update
{CVE-2022-24763 CVE-2022-24792 CVE-2022-24793}
[stretch] - pjproject 2.5.5~dfsg-6+deb9u5


=
data/dla-needed.txt
=
@@ -140,11 +140,6 @@ lemonldap-ng
   NOTE: 20220529: Programming language: Perl.
   NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 
10.5 (regression fix) (Beuc/front-desk)
 --
-libjpeg-turbo (Markus Koschany)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.7 (only 1 CVE 
but last
-  NOTE: 20220523: stretch update back in 2020 and possible RCE) 
(Beuc/front-desk)
---
 liblouis (Andreas Rönnquist)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2022-21

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c48ef05d by Salvatore Bonaccorso at 2022-05-31T16:13:10+02:00
Add firefox-esr issues from mfsa2022-21

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -955,7 +955,9 @@ CVE-2022-31748
 CVE-2022-31747
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
 CVE-2022-31746
RESERVED
 CVE-2022-31745
@@ -973,31 +975,45 @@ CVE-2022-31743
 CVE-2022-31742
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742
 CVE-2022-31741
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741
 CVE-2022-31740
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740
 CVE-2022-31739
RESERVED
- firefox  (Only affects Windows)
+   - firefox-esr  (Only affects Windows)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739
 CVE-2022-31738
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738
 CVE-2022-31737
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737
 CVE-2022-31736
RESERVED
- firefox 
+   - firefox-esr 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736
 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior 
to 5.7 ...)
- radare2 
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c48ef05dc9ad6bd1989b415abad91d76197e6086

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c48ef05dc9ad6bd1989b415abad91d76197e6086
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2022-20

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b8d4108 by Salvatore Bonaccorso at 2022-05-31T16:10:31+02:00
Add new firefox issues from mfsa2022-20

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -851,6 +851,8 @@ CVE-2022-1920
RESERVED
 CVE-2022-1919
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919
 CVE-2022-1918
RESERVED
 CVE-2022-1917
@@ -948,30 +950,54 @@ CVE-2022-31749
RESERVED
 CVE-2022-31748
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
 CVE-2022-31747
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
 CVE-2022-31746
RESERVED
 CVE-2022-31745
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745
 CVE-2022-31744
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744
 CVE-2022-31743
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743
 CVE-2022-31742
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
 CVE-2022-31741
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
 CVE-2022-31740
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
 CVE-2022-31739
RESERVED
+   - firefox  (Only affects Windows)
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739
 CVE-2022-31738
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
 CVE-2022-31737
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
 CVE-2022-31736
RESERVED
+   - firefox 
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736
 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior 
to 5.7 ...)
- radare2 
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b8d410893429430dd7fd166d8e583e559056a27

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b8d410893429430dd7fd166d8e583e559056a27
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2021-40400/gerbv

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df5e5a3a by Salvatore Bonaccorso at 2022-05-31T13:56:59+02:00
Reference upstream commit for CVE-2021-40400/gerbv

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -49780,6 +49780,7 @@ CVE-2021-40400 (An out-of-bounds read vulnerability 
exists in the RS-274X apertu
- gerbv 
NOTE: https://github.com/gerbv/gerbv/issues/79
NOTE: https://github.com/gerbv/gerbv/pull/124
+   NOTE: Fixed by: 
https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6
NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
 CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS 
Spreadsheets ...)
NOT-FOR-US: WPS Office



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5e5a3abfbf245bc8955bd2210a23a8c5a16cea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5e5a3abfbf245bc8955bd2210a23a8c5a16cea
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1852/linux

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0abe4be5 by Salvatore Bonaccorso at 2022-05-31T13:37:23+02:00
Add CVE-2022-1852/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1496,8 +1496,12 @@ CVE-2022-1853
- chromium 102.0.5005.61-1
[buster] - chromium  (see DSA 5046)
[stretch] - chromium  (see DSA 4562)
-CVE-2022-1852
+CVE-2022-1852 [KVM: x86: avoid calling x86 emulator without a decoded 
instruction]
RESERVED
+   - linux 
+   [buster] - linux  (Vulnerable code not present)
+   [stretch] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
 CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 
...)
- vim 
[bullseye] - vim  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe4be5ad637bdd0c28a6e31921917106e625b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe4be5ad637bdd0c28a6e31921917106e625b2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: claim mailman

2022-05-31 Thread Sylvain Beucler (@beuc)



Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
69c22bdc by Sylvain Beucler at 2022-05-31T11:26:19+02:00
dla: claim mailman

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -166,7 +166,7 @@ linux (Ben Hutchings)
 linux-4.19 (Ben Hutchings)
   NOTE: 20220529: Programming language: C.
 --
-mailman
+mailman (Sylvain Beucler)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220523: Follow buster: harmonize with with Debian 10.12 (3 CVEs, 
regression fixes) (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c22bdca06509436a9bfab29ed5e6bebbdc81d1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c22bdca06509436a9bfab29ed5e6bebbdc81d1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim libmatio

2022-05-31 Thread Abhijith PA (@abhijith)



Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2358bf94 by Abhijith PA at 2022-05-31T14:42:31+05:30
data/dla-needed.txt: claim libmatio

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -152,7 +152,7 @@ liblouis (Andreas Rönnquist)
   NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo,
   NOTE: 20220503: Patch not applied upstream yet.
 --
-libmatio
+libmatio (Abhijith PA)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch 
security upload, supported package (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2358bf94c3f97bccd1e452669ba03ce8db94641a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2358bf94c3f97bccd1e452669ba03ce8db94641a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3036-1 for pjproject

2022-05-31 Thread Abhijith PA (@abhijith)



Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa6d4125 by Abhijith PA at 2022-05-31T14:15:55+05:30
Reserve DLA-3036-1 for pjproject

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -20779,7 +20779,6 @@ CVE-2022-24763 (PJSIP is a free and open source 
multimedia communication library
- asterisk 
[stretch] - asterisk  (Vulnerable code not present)
- pjproject 
-   [stretch] - pjproject  (Minor issue, infinite loop DoS)
- ring 
NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
NOTE: 
https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[31 May 2022] DLA-3036-1 pjproject - security update
+   {CVE-2022-24763 CVE-2022-24792 CVE-2022-24793}
+   [stretch] - pjproject 2.5.5~dfsg-6+deb9u5
 [30 May 2022] DLA-3035-1 libdbi-perl - security update
{CVE-2014-10402}
[stretch] - libdbi-perl 1.636-1+deb9u2


=
data/dla-needed.txt
=
@@ -233,10 +233,6 @@ pdns
 pidgin (Andreas Rönnquist)
   NOTE: 20220529: Programming language: C.
 --
-pjproject (Abhijith PA)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220527: Same CVE asterisk (abhijith)
---
 plinth
   NOTE: 20220529: Programming language: Python.
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.10 (2 
CVEs) (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6d4125ae9d9784e5916371f47c21203309df32

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6d4125ae9d9784e5916371f47c21203309df32
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1934/mruby

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
832c6f7c by Salvatore Bonaccorso at 2022-05-31T10:26:21+02:00
Add CVE-2022-1934/mruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -736,7 +736,10 @@ CVE-2022-1936
 CVE-2022-1935
RESERVED
 CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2. 
...)
-   TODO: check
+   - mruby 
+   NOTE: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f/
+   NOTE: 
https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce
+   TODO: check details
 CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer over-read in 
HierarchicalBitmapRe ...)
- libjpeg  (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/71



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c6f7ccfe2e7421f95c1819f6bc4aaa1bb8287

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c6f7ccfe2e7421f95c1819f6bc4aaa1bb8287
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one NFU

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b17b612 by Salvatore Bonaccorso at 2022-05-31T10:23:44+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -754,7 +754,7 @@ CVE-2022-31799 (Bottle before 0.12.20 mishandles errors 
during early request bin
- python-bottle 0.12.20-1
NOTE: Fixed by: 
https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
 (0.12.20)
 CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk 
prior t ...)
-   TODO: check
+   NOT-FOR-US: Trudesk
 CVE-2022-1930
RESERVED
 CVE-2022-1929



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b17b612ab60904914c4c530c2f012c51bcc46b0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b17b612ab60904914c4c530c2f012c51bcc46b0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a473725c by security tracker role at 2022-05-31T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,653 @@
+CVE-2022-32135
+   RESERVED
+CVE-2022-32134
+   RESERVED
+CVE-2022-32133
+   RESERVED
+CVE-2022-32132
+   RESERVED
+CVE-2022-32131
+   RESERVED
+CVE-2022-32130
+   RESERVED
+CVE-2022-32129
+   RESERVED
+CVE-2022-32128
+   RESERVED
+CVE-2022-32127
+   RESERVED
+CVE-2022-32126
+   RESERVED
+CVE-2022-32125
+   RESERVED
+CVE-2022-32124
+   RESERVED
+CVE-2022-32123
+   RESERVED
+CVE-2022-32122
+   RESERVED
+CVE-2022-32121
+   RESERVED
+CVE-2022-32120
+   RESERVED
+CVE-2022-32119
+   RESERVED
+CVE-2022-32118
+   RESERVED
+CVE-2022-32117
+   RESERVED
+CVE-2022-32116
+   RESERVED
+CVE-2022-32115
+   RESERVED
+CVE-2022-32114
+   RESERVED
+CVE-2022-32113
+   RESERVED
+CVE-2022-32112
+   RESERVED
+CVE-2022-32111
+   RESERVED
+CVE-2022-32110
+   RESERVED
+CVE-2022-32109
+   RESERVED
+CVE-2022-32108
+   RESERVED
+CVE-2022-32107
+   RESERVED
+CVE-2022-32106
+   RESERVED
+CVE-2022-32105
+   RESERVED
+CVE-2022-32104
+   RESERVED
+CVE-2022-32103
+   RESERVED
+CVE-2022-32102
+   RESERVED
+CVE-2022-32101
+   RESERVED
+CVE-2022-32100
+   RESERVED
+CVE-2022-32099
+   RESERVED
+CVE-2022-32098
+   RESERVED
+CVE-2022-32097
+   RESERVED
+CVE-2022-32096
+   RESERVED
+CVE-2022-32095
+   RESERVED
+CVE-2022-32094
+   RESERVED
+CVE-2022-32093
+   RESERVED
+CVE-2022-32092
+   RESERVED
+CVE-2022-32091
+   RESERVED
+CVE-2022-32090
+   RESERVED
+CVE-2022-32089
+   RESERVED
+CVE-2022-32088
+   RESERVED
+CVE-2022-32087
+   RESERVED
+CVE-2022-32086
+   RESERVED
+CVE-2022-32085
+   RESERVED
+CVE-2022-32084
+   RESERVED
+CVE-2022-32083
+   RESERVED
+CVE-2022-32082
+   RESERVED
+CVE-2022-32081
+   RESERVED
+CVE-2022-32080
+   RESERVED
+CVE-2022-32079
+   RESERVED
+CVE-2022-32078
+   RESERVED
+CVE-2022-32077
+   RESERVED
+CVE-2022-32076
+   RESERVED
+CVE-2022-32075
+   RESERVED
+CVE-2022-32074
+   RESERVED
+CVE-2022-32073
+   RESERVED
+CVE-2022-32072
+   RESERVED
+CVE-2022-32071
+   RESERVED
+CVE-2022-32070
+   RESERVED
+CVE-2022-32069
+   RESERVED
+CVE-2022-32068
+   RESERVED
+CVE-2022-32067
+   RESERVED
+CVE-2022-32066
+   RESERVED
+CVE-2022-32065
+   RESERVED
+CVE-2022-32064
+   RESERVED
+CVE-2022-32063
+   RESERVED
+CVE-2022-32062
+   RESERVED
+CVE-2022-32061
+   RESERVED
+CVE-2022-32060
+   RESERVED
+CVE-2022-32059
+   RESERVED
+CVE-2022-32058
+   RESERVED
+CVE-2022-32057
+   RESERVED
+CVE-2022-32056
+   RESERVED
+CVE-2022-32055
+   RESERVED
+CVE-2022-32054
+   RESERVED
+CVE-2022-32053
+   RESERVED
+CVE-2022-32052
+   RESERVED
+CVE-2022-32051
+   RESERVED
+CVE-2022-32050
+   RESERVED
+CVE-2022-32049
+   RESERVED
+CVE-2022-32048
+   RESERVED
+CVE-2022-32047
+   RESERVED
+CVE-2022-32046
+   RESERVED
+CVE-2022-32045
+   RESERVED
+CVE-2022-32044
+   RESERVED
+CVE-2022-32043
+   RESERVED
+CVE-2022-32042
+   RESERVED
+CVE-2022-32041
+   RESERVED
+CVE-2022-32040
+   RESERVED
+CVE-2022-32039
+   RESERVED
+CVE-2022-32038
+   RESERVED
+CVE-2022-32037
+   RESERVED
+CVE-2022-32036
+   RESERVED
+CVE-2022-32035
+   RESERVED
+CVE-2022-32034
+   RESERVED
+CVE-2022-32033
+   RESERVED
+CVE-2022-32032
+   RESERVED
+CVE-2022-32031
+   RESERVED
+CVE-2022-32030
+   RESERVED
+CVE-2022-32029
+   RESERVED
+CVE-2022-32028
+   RESERVED
+CVE-2022-32027
+   RESERVED
+CVE-2022-32026
+   RESERVED
+CVE-2022-32025
+   RESERVED
+CVE-2022-32024
+   RESERVED
+CVE-2022-32023
+   RESERVED
+CVE-2022-32022
+   RESERVED
+CVE-2022-32021
+   RESERVED
+CVE-2022-32020
+   RESERVED
+CVE-2022-32019
+   RESERVED
+CVE-2022-32018
+   RESERVED
+CVE-2022-32017
+   RESERVED
+CVE-2022-32016
+   RESERVED
+CVE-2022-32015
+   RESERVED
+CVE-2022-32014
+   RESERVED
+CVE-2022-32013
+   RESERVED
+CVE-2022-32012
+   RESERVED
+CVE-2022-32011
+   RESERVED
+CVE-2022-32010
+   RESERVED
+CVE-2022-32009
+   RESERVED
+CVE-2022-32008
+   RESERVED
+CVE-2022-32007
+   RESERVED
+CVE-2022-32006
+   RESERVED
+CVE-2022-32005
+   RESERVED
+CVE-2022-32004
+   RESERVED
+CVE-2022-32003
+   RESERVED
+CVE-2022-32002
+   RESERVED
+CVE-2022-32001
+   RESERVED
+CVE-2022-32000
+   RESERVED
+CVE-2022-31999
+   RESERVED
+CVE-2022-31998
+   RESERVED
+CVE-2022-31997
+   RESERVED
+CVE-2022-31996
+   RESERVED
+CVE-2022-31995
+

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1943/linux

2022-05-31 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b852d71 by Salvatore Bonaccorso at 2022-05-31T08:25:54+02:00
Add CVE-2022-1943/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -30,8 +30,14 @@ CVE-2022-1945
RESERVED
 CVE-2022-1944
RESERVED
-CVE-2022-1943
+CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse]
RESERVED
+   - linux 5.17.11-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   [stretch] - linux  (Vulnerable code not present)
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
+   NOTE: Fixed by: 
https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
 CVE-2022-1942
RESERVED
 CVE-2022-1941



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b852d71a8a020adc334c6c5dabde92d6a43ebb7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b852d71a8a020adc334c6c5dabde92d6a43ebb7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixes for firefox-esr issues from mfsa2022-21

[Git][security-tracker-team/security-tracker][master] Track thunderbird fixes for mfsa2022-22 issues via unstable

[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed and assign to jmm

[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2022-22

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1942/vim

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird

[Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5154-1 and wpewebkit DSA-5155-1

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch

[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2022-21

[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2022-20

[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2021-40400/gerbv

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1852/linux

[Git][security-tracker-team/security-tracker][master] dla: claim mailman

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim libmatio

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3036-1 for pjproject

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1934/mruby

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1943/linux

22 matches

Site Navigation

Mail list logo

Footer information