[Git][security-tracker-team/security-tracker][master] Track fixes for firefox-esr issues from mfsa2022-21
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c96680f8 by Salvatore Bonaccorso at 2022-06-01T07:11:50+02:00 Track fixes for firefox-esr issues from mfsa2022-21 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1035,7 +1035,7 @@ CVE-2022-31748 CVE-2022-31747 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 @@ -1057,7 +1057,7 @@ CVE-2022-31743 CVE-2022-31742 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 @@ -1065,7 +1065,7 @@ CVE-2022-31742 CVE-2022-31741 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 @@ -1073,7 +1073,7 @@ CVE-2022-31741 CVE-2022-31740 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 @@ -1089,7 +1089,7 @@ CVE-2022-31739 CVE-2022-31738 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 @@ -1097,7 +1097,7 @@ CVE-2022-31738 CVE-2022-31737 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 @@ -1105,7 +1105,7 @@ CVE-2022-31737 CVE-2022-31736 RESERVED - firefox - - firefox-esr + - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96680f81bafcce3dc17368352988bd23fe11cd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96680f81bafcce3dc17368352988bd23fe11cd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track thunderbird fixes for mfsa2022-22 issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de11dd34 by Salvatore Bonaccorso at 2022-06-01T07:09:06+02:00 Track thunderbird fixes for mfsa2022-22 issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1036,7 +1036,7 @@ CVE-2022-31747 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747 @@ -1058,7 +1058,7 @@ CVE-2022-31742 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 @@ -1066,7 +1066,7 @@ CVE-2022-31741 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 @@ -1074,7 +1074,7 @@ CVE-2022-31740 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740 @@ -1090,7 +1090,7 @@ CVE-2022-31738 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 @@ -1098,7 +1098,7 @@ CVE-2022-31737 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 @@ -1106,7 +1106,7 @@ CVE-2022-31736 RESERVED - firefox - firefox-esr - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736 @@ -2352,7 +2352,7 @@ CVE-2022-1835 RESERVED CVE-2022-1834 RESERVED - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 CVE-2022-1833 RESERVED @@ -2489,7 +2489,7 @@ CVE-2022-1802 {DSA-5143-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1802 CVE-2020-36522 RESERVED @@ -6121,7 +6121,7 @@ CVE-2022-1529 {DSA-5143-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - - thunderbird + - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529 CVE-2022-1528 (The VikBooking Hotel Booking Engine PMS WordPress plugin before ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de11dd349871e5c2a905b8b31e5376496717e398 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de11dd349871e5c2a905b8b31e5376496717e398 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed and assign to jmm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7e23c49 by Salvatore Bonaccorso at 2022-06-01T07:07:34+02:00 Add firefox-esr to dsa-needed and assign to jmm - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -22,6 +22,8 @@ curl -- epiphany-browser -- +firefox-esr (jmm) +-- freecad (aron) -- libpgjava (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e23c49e80f258fbd3aedfe53581da4d3c70b3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e23c49e80f258fbd3aedfe53581da4d3c70b3b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2022-22
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ab1962c by Salvatore Bonaccorso at 2022-06-01T07:06:49+02:00 Add thunderbird issues from mfsa2022-22 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1036,8 +1036,10 @@ CVE-2022-31747 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747 CVE-2022-31746 RESERVED CVE-2022-31745 @@ -1056,44 +1058,58 @@ CVE-2022-31742 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 CVE-2022-31741 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 CVE-2022-31740 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740 CVE-2022-31739 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739 CVE-2022-31738 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 CVE-2022-31737 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 CVE-2022-31736 RESERVED - firefox - firefox-esr + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) - radare2 NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 @@ -2336,6 +2352,8 @@ CVE-2022-1835 RESERVED CVE-2022-1834 RESERVED + - thunderbird + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 CVE-2022-1833 RESERVED CVE-2022-1832 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab1962c04be6a715a6fa38987dc89c3c9c98fe1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab1962c04be6a715a6fa38987dc89c3c9c98fe1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e665b2bc by Salvatore Bonaccorso at 2022-06-01T05:03:53+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -850,7 +850,7 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037) NOTE: Crash in CLI tool, no security impact CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) - TODO: check + NOT-FOR-US: Trudesk CVE-2022-31793 RESERVED CVE-2022-31792 @@ -1861,7 +1861,7 @@ CVE-2022-31502 CVE-2022-31501 RESERVED CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...) - TODO: check + NOT-FOR-US: KNIME Analytics Platform CVE-2022-31499 RESERVED CVE-2022-31498 @@ -2181,13 +2181,13 @@ CVE-2022-31340 CVE-2022-31339 RESERVED CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31334 RESERVED CVE-2022-31333 @@ -2199,11 +2199,11 @@ CVE-2022-31331 CVE-2022-31330 RESERVED CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection ...) - TODO: check + NOT-FOR-US: Online Ordering System CVE-2022-31326 RESERVED CVE-2022-31325 @@ -3621,63 +3621,63 @@ CVE-2022-30838 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: Toll-tax-management-system CVE-2022-30836 (Wedding Management System v1.0 is vulnerable to SQL Injection. via Wed ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30835 (Wedding Management System v1.0 is vulnerable to SQL Injection. via /We ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30834 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30833 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30832 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30831 (Wedding Management System v1.0 is vulnerable to SQL Injection via Wedd ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30830 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30829 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30828 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30827 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30826 (Wedding Management System v1.0 is vulnerable to SQL Injection via admi ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30825 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30824 RESERVED CVE-2022-30823 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30822 (In Wedding Management System v1.0, there is an arbitrary file upload v ...) - TODO: check + NOT-FOR-US: Wedding Management System CVE-2022-30821 (In Wedding Management System v1.0, the editing function of the
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1942/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 524d2ad6 by Salvatore Bonaccorso at 2022-06-01T05:00:42+02:00 Add CVE-2022-1942/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -767,7 +767,9 @@ CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412 NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7) CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 + NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) CVE-2022-1941 RESERVED CVE-2022-1940 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524d2ad607bf53434e987c56c07a9e35de1d86ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524d2ad607bf53434e987c56c07a9e35de1d86ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57fd801f by Salvatore Bonaccorso at 2022-06-01T04:58:39+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29563,7 +29563,7 @@ CVE-2022-22363 CVE-2022-22362 RESERVED CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22360 RESERVED CVE-2022-22359 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57fd801f4855a050d499aa514025a6727d4b284e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57fd801f4855a050d499aa514025a6727d4b284e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: ceed33d3 by Emilio Pozuelo Monfort at 2022-06-01T01:33:09+02:00 lts: take firefox-esr and thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,6 +72,8 @@ exempi NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis NOTE: 20220517: is needed. -- +firefox-esr (Emilio) +-- firmware-nonfree (Markus Koschany) NOTE: 20220529: Programming language: binary blob. NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -323,7 +325,7 @@ systemd NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but at the NOTE: 20220524: same time is severe and was fixed in other old distros (Beuc/front-desk) -- -thunderbird +thunderbird (Emilio) NOTE: 20220529: Programming language: C++. NOTE: 20220527: DSA-5141-1 & DLA-3020-1 were just released, but thunderbird NOTE: 20220527: is back in dsa-needed.txt with 2 new CVEs (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceed33d393e62e3992e92393e239a9cd401d3406 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceed33d393e62e3992e92393e239a9cd401d3406 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5154-1 and wpewebkit DSA-5155-1
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c5c3044 by Alberto Garcia at 2022-06-01T01:26:16+02:00 webkit2gtk DSA-5154-1 and wpewebkit DSA-5155-1 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,10 @@ +[01 Jun 2022] DSA-5155-1 wpewebkit - security update + {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-30294} + [bullseye] - wpewebkit 2.36.3-1~deb11u1 +[01 Jun 2022] DSA-5154-1 webkit2gtk - security update + {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-30294} + [buster] - webkit2gtk 2.36.3-1~deb10u1 + [bullseye] - webkit2gtk 2.36.3-1~deb11u1 [30 May 2022] DSA-5153-1 trafficserver - security update {CVE-2021-37147 CVE-2021-37148 CVE-2021-37149 CVE-2021-38161 CVE-2021-44040 CVE-2021-44759} [buster] - trafficserver 8.0.2+ds-1+deb10u6 = data/dsa-needed.txt = @@ -62,7 +62,3 @@ unzip -- wordpress -- -webkit2gtk --- -wpewebkit --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5c3044f05ffc028ee68209d5a49efaf2954ba0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5c3044f05ffc028ee68209d5a49efaf2954ba0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ccdfe186 by security tracker role at 2022-05-31T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2022-32158 + RESERVED +CVE-2022-32157 + RESERVED +CVE-2022-32156 + RESERVED +CVE-2022-32155 + RESERVED +CVE-2022-32154 + RESERVED +CVE-2022-32153 + RESERVED +CVE-2022-32152 + RESERVED +CVE-2022-32151 + RESERVED +CVE-2022-32150 + RESERVED +CVE-2022-32149 + RESERVED +CVE-2022-32148 + RESERVED +CVE-2022-32147 + RESERVED +CVE-2022-32146 + RESERVED +CVE-2022-32145 + RESERVED +CVE-2022-32144 + RESERVED +CVE-2022-32143 + RESERVED +CVE-2022-32142 + RESERVED +CVE-2022-32141 + RESERVED +CVE-2022-32140 + RESERVED +CVE-2022-32139 + RESERVED +CVE-2022-32138 + RESERVED +CVE-2022-32137 + RESERVED +CVE-2022-32136 + RESERVED +CVE-2022-30997 + RESERVED +CVE-2022-29519 + RESERVED +CVE-2022-1962 + RESERVED +CVE-2022-1961 + RESERVED +CVE-2022-1960 + RESERVED +CVE-2022-1959 + RESERVED +CVE-2022-1958 + RESERVED +CVE-2022-1957 + RESERVED +CVE-2022-1956 + RESERVED +CVE-2022-1955 + RESERVED +CVE-2022-1954 + RESERVED +CVE-2022-1953 + RESERVED +CVE-2022-1952 + RESERVED +CVE-2022-1951 + RESERVED +CVE-2022-1950 + RESERVED +CVE-2022-1949 + RESERVED CVE-2022-32135 RESERVED CVE-2022-32134 @@ -688,8 +766,8 @@ CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse] [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412 NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7) -CVE-2022-1942 - RESERVED +CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1941 RESERVED CVE-2022-1940 @@ -769,8 +847,8 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777 NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037) NOTE: Crash in CLI tool, no security impact -CVE-2022-1926 - RESERVED +CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) + TODO: check CVE-2022-31793 RESERVED CVE-2022-31792 @@ -1780,8 +1858,8 @@ CVE-2022-31502 RESERVED CVE-2022-31501 RESERVED -CVE-2022-31500 - RESERVED +CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...) + TODO: check CVE-2022-31499 RESERVED CVE-2022-31498 @@ -2100,14 +2178,14 @@ CVE-2022-31340 RESERVED CVE-2022-31339 RESERVED -CVE-2022-31338 - RESERVED -CVE-2022-31337 - RESERVED -CVE-2022-31336 - RESERVED -CVE-2022-31335 - RESERVED +CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + TODO: check +CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + TODO: check +CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + TODO: check +CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + TODO: check CVE-2022-31334 RESERVED CVE-2022-31333 @@ -2118,12 +2196,12 @@ CVE-2022-31331 RESERVED CVE-2022-31330 RESERVED -CVE-2022-31329 - RESERVED -CVE-2022-31328 - RESERVED -CVE-2022-31327 - RESERVED +CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering ...) + TODO: check +CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection ...) + TODO: check CVE-2022-31326 RESERVED CVE-2022-31325 @@ -2879,8 +2957,8 @@ CVE-2022-31004 (CVEProject/cve-services is an open source project used to operat NOT-FOR-US: CVEProject/cve-services CVE-2022-31003 RESERVED -CVE-2022-31002 - RESERVED +CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + TODO: check CVE-2022-31001 RESERVED CVE-2022-31000 @@ -3021,8 +3099,8 @@ CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2. NOTE: Crash in CLI tool, no security impact CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) NOT-FOR-US: bvsatyaram/random_password_generator -CVE-2022-30973 - RESERVED
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 55c12562 by Markus Koschany at 2022-05-31T16:38:42+02:00 CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch - - - - - c912b00d by Markus Koschany at 2022-05-31T16:39:24+02:00 Reserve DLA-3037-1 for libjpeg-turbo - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -234641,7 +234641,6 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...) - libjpeg-turbo 1:2.0.5-1 (low) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 - [stretch] - libjpeg-turbo (Minor issue) [jessie] - libjpeg-turbo (No package in Debian jessie uses the TurboJPEG API) NOTE: https://source.android.com/security/bulletin/2019-11-01 NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff = data/DLA/list = @@ -1,3 +1,6 @@ +[31 May 2022] DLA-3037-1 libjpeg-turbo - security update + {CVE-2019-2201} + [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u2 [31 May 2022] DLA-3036-1 pjproject - security update {CVE-2022-24763 CVE-2022-24792 CVE-2022-24793} [stretch] - pjproject 2.5.5~dfsg-6+deb9u5 = data/dla-needed.txt = @@ -140,11 +140,6 @@ lemonldap-ng NOTE: 20220529: Programming language: Perl. NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk) -- -libjpeg-turbo (Markus Koschany) - NOTE: 20220529: Programming language: C. - NOTE: 20220523: Follow buster: harmonize with with Debian 10.7 (only 1 CVE but last - NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk) --- liblouis (Andreas Rönnquist) NOTE: 20220529: Programming language: C. NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2022-21
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c48ef05d by Salvatore Bonaccorso at 2022-05-31T16:13:10+02:00 Add firefox-esr issues from mfsa2022-21 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -955,7 +955,9 @@ CVE-2022-31748 CVE-2022-31747 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 CVE-2022-31746 RESERVED CVE-2022-31745 @@ -973,31 +975,45 @@ CVE-2022-31743 CVE-2022-31742 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 CVE-2022-31741 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 CVE-2022-31740 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 CVE-2022-31739 RESERVED - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739 CVE-2022-31738 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 CVE-2022-31737 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 CVE-2022-31736 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) - radare2 NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c48ef05dc9ad6bd1989b415abad91d76197e6086 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c48ef05dc9ad6bd1989b415abad91d76197e6086 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2022-20
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b8d4108 by Salvatore Bonaccorso at 2022-05-31T16:10:31+02:00 Add new firefox issues from mfsa2022-20 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -851,6 +851,8 @@ CVE-2022-1920 RESERVED CVE-2022-1919 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919 CVE-2022-1918 RESERVED CVE-2022-1917 @@ -948,30 +950,54 @@ CVE-2022-31749 RESERVED CVE-2022-31748 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748 CVE-2022-31747 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 CVE-2022-31746 RESERVED CVE-2022-31745 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745 CVE-2022-31744 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744 CVE-2022-31743 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743 CVE-2022-31742 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 CVE-2022-31741 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 CVE-2022-31740 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 CVE-2022-31739 RESERVED + - firefox (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739 CVE-2022-31738 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 CVE-2022-31737 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 CVE-2022-31736 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) - radare2 NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b8d410893429430dd7fd166d8e583e559056a27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b8d410893429430dd7fd166d8e583e559056a27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2021-40400/gerbv
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df5e5a3a by Salvatore Bonaccorso at 2022-05-31T13:56:59+02:00 Reference upstream commit for CVE-2021-40400/gerbv - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49780,6 +49780,7 @@ CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X apertu - gerbv NOTE: https://github.com/gerbv/gerbv/issues/79 NOTE: https://github.com/gerbv/gerbv/pull/124 + NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413 CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS Spreadsheets ...) NOT-FOR-US: WPS Office View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5e5a3abfbf245bc8955bd2210a23a8c5a16cea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5e5a3abfbf245bc8955bd2210a23a8c5a16cea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1852/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0abe4be5 by Salvatore Bonaccorso at 2022-05-31T13:37:23+02:00 Add CVE-2022-1852/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1496,8 +1496,12 @@ CVE-2022-1853 - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-1852 +CVE-2022-1852 [KVM: x86: avoid calling x86 emulator without a decoded instruction] RESERVED + - linux + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9 CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe4be5ad637bdd0c28a6e31921917106e625b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abe4be5ad637bdd0c28a6e31921917106e625b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim mailman
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 69c22bdc by Sylvain Beucler at 2022-05-31T11:26:19+02:00 dla: claim mailman - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -166,7 +166,7 @@ linux (Ben Hutchings) linux-4.19 (Ben Hutchings) NOTE: 20220529: Programming language: C. -- -mailman +mailman (Sylvain Beucler) NOTE: 20220529: Programming language: C. NOTE: 20220523: Follow buster: harmonize with with Debian 10.12 (3 CVEs, regression fixes) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c22bdca06509436a9bfab29ed5e6bebbdc81d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c22bdca06509436a9bfab29ed5e6bebbdc81d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim libmatio
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 2358bf94 by Abhijith PA at 2022-05-31T14:42:31+05:30 data/dla-needed.txt: claim libmatio - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -152,7 +152,7 @@ liblouis (Andreas Rönnquist) NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, NOTE: 20220503: Patch not applied upstream yet. -- -libmatio +libmatio (Abhijith PA) NOTE: 20220529: Programming language: C. NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2358bf94c3f97bccd1e452669ba03ce8db94641a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2358bf94c3f97bccd1e452669ba03ce8db94641a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3036-1 for pjproject
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: aa6d4125 by Abhijith PA at 2022-05-31T14:15:55+05:30 Reserve DLA-3036-1 for pjproject - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -20779,7 +20779,6 @@ CVE-2022-24763 (PJSIP is a free and open source multimedia communication library - asterisk [stretch] - asterisk (Vulnerable code not present) - pjproject - [stretch] - pjproject (Minor issue, infinite loop DoS) - ring NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4 NOTE: https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 = data/DLA/list = @@ -1,3 +1,6 @@ +[31 May 2022] DLA-3036-1 pjproject - security update + {CVE-2022-24763 CVE-2022-24792 CVE-2022-24793} + [stretch] - pjproject 2.5.5~dfsg-6+deb9u5 [30 May 2022] DLA-3035-1 libdbi-perl - security update {CVE-2014-10402} [stretch] - libdbi-perl 1.636-1+deb9u2 = data/dla-needed.txt = @@ -233,10 +233,6 @@ pdns pidgin (Andreas Rönnquist) NOTE: 20220529: Programming language: C. -- -pjproject (Abhijith PA) - NOTE: 20220529: Programming language: C. - NOTE: 20220527: Same CVE asterisk (abhijith) --- plinth NOTE: 20220529: Programming language: Python. NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.10 (2 CVEs) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6d4125ae9d9784e5916371f47c21203309df32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6d4125ae9d9784e5916371f47c21203309df32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1934/mruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 832c6f7c by Salvatore Bonaccorso at 2022-05-31T10:26:21+02:00 Add CVE-2022-1934/mruby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -736,7 +736,10 @@ CVE-2022-1936 CVE-2022-1935 RESERVED CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2. ...) - TODO: check + - mruby + NOTE: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f/ + NOTE: https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce + TODO: check details CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRe ...) - libjpeg (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/71 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c6f7ccfe2e7421f95c1819f6bc4aaa1bb8287 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c6f7ccfe2e7421f95c1819f6bc4aaa1bb8287 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b17b612 by Salvatore Bonaccorso at 2022-05-31T10:23:44+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -754,7 +754,7 @@ CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request bin - python-bottle 0.12.20-1 NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20) CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...) - TODO: check + NOT-FOR-US: Trudesk CVE-2022-1930 RESERVED CVE-2022-1929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b17b612ab60904914c4c530c2f012c51bcc46b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b17b612ab60904914c4c530c2f012c51bcc46b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a473725c by security tracker role at 2022-05-31T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,653 @@ +CVE-2022-32135 + RESERVED +CVE-2022-32134 + RESERVED +CVE-2022-32133 + RESERVED +CVE-2022-32132 + RESERVED +CVE-2022-32131 + RESERVED +CVE-2022-32130 + RESERVED +CVE-2022-32129 + RESERVED +CVE-2022-32128 + RESERVED +CVE-2022-32127 + RESERVED +CVE-2022-32126 + RESERVED +CVE-2022-32125 + RESERVED +CVE-2022-32124 + RESERVED +CVE-2022-32123 + RESERVED +CVE-2022-32122 + RESERVED +CVE-2022-32121 + RESERVED +CVE-2022-32120 + RESERVED +CVE-2022-32119 + RESERVED +CVE-2022-32118 + RESERVED +CVE-2022-32117 + RESERVED +CVE-2022-32116 + RESERVED +CVE-2022-32115 + RESERVED +CVE-2022-32114 + RESERVED +CVE-2022-32113 + RESERVED +CVE-2022-32112 + RESERVED +CVE-2022-32111 + RESERVED +CVE-2022-32110 + RESERVED +CVE-2022-32109 + RESERVED +CVE-2022-32108 + RESERVED +CVE-2022-32107 + RESERVED +CVE-2022-32106 + RESERVED +CVE-2022-32105 + RESERVED +CVE-2022-32104 + RESERVED +CVE-2022-32103 + RESERVED +CVE-2022-32102 + RESERVED +CVE-2022-32101 + RESERVED +CVE-2022-32100 + RESERVED +CVE-2022-32099 + RESERVED +CVE-2022-32098 + RESERVED +CVE-2022-32097 + RESERVED +CVE-2022-32096 + RESERVED +CVE-2022-32095 + RESERVED +CVE-2022-32094 + RESERVED +CVE-2022-32093 + RESERVED +CVE-2022-32092 + RESERVED +CVE-2022-32091 + RESERVED +CVE-2022-32090 + RESERVED +CVE-2022-32089 + RESERVED +CVE-2022-32088 + RESERVED +CVE-2022-32087 + RESERVED +CVE-2022-32086 + RESERVED +CVE-2022-32085 + RESERVED +CVE-2022-32084 + RESERVED +CVE-2022-32083 + RESERVED +CVE-2022-32082 + RESERVED +CVE-2022-32081 + RESERVED +CVE-2022-32080 + RESERVED +CVE-2022-32079 + RESERVED +CVE-2022-32078 + RESERVED +CVE-2022-32077 + RESERVED +CVE-2022-32076 + RESERVED +CVE-2022-32075 + RESERVED +CVE-2022-32074 + RESERVED +CVE-2022-32073 + RESERVED +CVE-2022-32072 + RESERVED +CVE-2022-32071 + RESERVED +CVE-2022-32070 + RESERVED +CVE-2022-32069 + RESERVED +CVE-2022-32068 + RESERVED +CVE-2022-32067 + RESERVED +CVE-2022-32066 + RESERVED +CVE-2022-32065 + RESERVED +CVE-2022-32064 + RESERVED +CVE-2022-32063 + RESERVED +CVE-2022-32062 + RESERVED +CVE-2022-32061 + RESERVED +CVE-2022-32060 + RESERVED +CVE-2022-32059 + RESERVED +CVE-2022-32058 + RESERVED +CVE-2022-32057 + RESERVED +CVE-2022-32056 + RESERVED +CVE-2022-32055 + RESERVED +CVE-2022-32054 + RESERVED +CVE-2022-32053 + RESERVED +CVE-2022-32052 + RESERVED +CVE-2022-32051 + RESERVED +CVE-2022-32050 + RESERVED +CVE-2022-32049 + RESERVED +CVE-2022-32048 + RESERVED +CVE-2022-32047 + RESERVED +CVE-2022-32046 + RESERVED +CVE-2022-32045 + RESERVED +CVE-2022-32044 + RESERVED +CVE-2022-32043 + RESERVED +CVE-2022-32042 + RESERVED +CVE-2022-32041 + RESERVED +CVE-2022-32040 + RESERVED +CVE-2022-32039 + RESERVED +CVE-2022-32038 + RESERVED +CVE-2022-32037 + RESERVED +CVE-2022-32036 + RESERVED +CVE-2022-32035 + RESERVED +CVE-2022-32034 + RESERVED +CVE-2022-32033 + RESERVED +CVE-2022-32032 + RESERVED +CVE-2022-32031 + RESERVED +CVE-2022-32030 + RESERVED +CVE-2022-32029 + RESERVED +CVE-2022-32028 + RESERVED +CVE-2022-32027 + RESERVED +CVE-2022-32026 + RESERVED +CVE-2022-32025 + RESERVED +CVE-2022-32024 + RESERVED +CVE-2022-32023 + RESERVED +CVE-2022-32022 + RESERVED +CVE-2022-32021 + RESERVED +CVE-2022-32020 + RESERVED +CVE-2022-32019 + RESERVED +CVE-2022-32018 + RESERVED +CVE-2022-32017 + RESERVED +CVE-2022-32016 + RESERVED +CVE-2022-32015 + RESERVED +CVE-2022-32014 + RESERVED +CVE-2022-32013 + RESERVED +CVE-2022-32012 + RESERVED +CVE-2022-32011 + RESERVED +CVE-2022-32010 + RESERVED +CVE-2022-32009 + RESERVED +CVE-2022-32008 + RESERVED +CVE-2022-32007 + RESERVED +CVE-2022-32006 + RESERVED +CVE-2022-32005 + RESERVED +CVE-2022-32004 + RESERVED +CVE-2022-32003 + RESERVED +CVE-2022-32002 + RESERVED +CVE-2022-32001 + RESERVED +CVE-2022-32000 + RESERVED +CVE-2022-31999 + RESERVED +CVE-2022-31998 + RESERVED +CVE-2022-31997 + RESERVED +CVE-2022-31996 + RESERVED +CVE-2022-31995 +
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1943/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b852d71 by Salvatore Bonaccorso at 2022-05-31T08:25:54+02:00 Add CVE-2022-1943/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30,8 +30,14 @@ CVE-2022-1945 RESERVED CVE-2022-1944 RESERVED -CVE-2022-1943 +CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse] RESERVED + - linux 5.17.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412 + NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7) CVE-2022-1942 RESERVED CVE-2022-1941 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b852d71a8a020adc334c6c5dabde92d6a43ebb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b852d71a8a020adc334c6c5dabde92d6a43ebb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits