[Git][security-tracker-team/security-tracker][master] Reserve DLA-3201-1 for ntfs-3g
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: a9491949 by Thorsten Alteholz at 2022-11-22T00:11:36+01:00 Reserve DLA-3201-1 for ntfs-3g - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[22 Nov 2022] DLA-3201-1 ntfs-3g - security update + {CVE-2022-40284} + [buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u3 [21 Nov 2022] DLA-3200-1 graphicsmagick - security update {CVE-2022-1270} [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u3 = data/dla-needed.txt = @@ -245,11 +245,6 @@ nodejs NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster. -- -ntfs-3g (Thorsten Alteholz) - NOTE: 20221031: Programming language: C. - NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/ntfs-3g.git - NOTE: 20221120: testing package --- openexr NOTE: 20220904: Programming language: C++. NOTE: 20220904: Should be synced with Stretch. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9491949d42d694b067094198d303e247fd3ca4c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9491949d42d694b067094198d303e247fd3ca4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b752470c by Salvatore Bonaccorso at 2022-11-21T22:44:52+01:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -956,7 +956,7 @@ CVE-2022-45424 CVE-2022-45423 RESERVED CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...) - TODO: check + NOT-FOR-US: LG CVE-2022-45122 RESERVED CVE-2022-45113 @@ -2378,17 +2378,17 @@ CVE-2022-45019 CVE-2022-45018 RESERVED CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview Page settin ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45016 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45015 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45014 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45013 (A cross-site scripting (XSS) vulnerability in the Show Advanced Option ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page module o ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45011 RESERVED CVE-2022-45010 @@ -2752,7 +2752,7 @@ CVE-2022-44832 CVE-2022-44831 RESERVED CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...) - TODO: check + NOT-FOR-US: Sourcecodester Event Registration App CVE-2022-44829 RESERVED CVE-2022-44828 @@ -9279,7 +9279,7 @@ CVE-2022-3591 CVE-2022-3590 RESERVED CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) - TODO: check + NOT-FOR-US: Miele's "AppWash" MobileApp CVE-2022-3588 RESERVED CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) @@ -9928,7 +9928,7 @@ CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS v20 CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allo ...) NOT-FOR-US: flatCore-CMS CVE-2022-43117 (Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 w ...) - TODO: check + NOT-FOR-US: Sourcecodester Password Storage Application in PHP/OOP and MySQL CVE-2022-43116 RESERVED CVE-2022-43115 @@ -12889,7 +12889,7 @@ CVE-2022-38143 CVE-2022-36354 RESERVED CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA P ...) - TODO: check + NOT-FOR-US: MicroSCADA CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b752470c8dcb8ddd353fafeea6fcc81dbff6679f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b752470c8dcb8ddd353fafeea6fcc81dbff6679f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed versions for protobuf via unstable for serveral CVEs
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: a2270498 by Laszlo Boszormenyi (GCS) at 2022-11-21T22:06:45+01:00 Add fixed versions for protobuf via unstable for serveral CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10577,7 +10577,7 @@ CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type E NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...) [experimental] - protobuf 3.21.7-1 - - protobuf + - protobuf 3.21.9-3 NOTE: https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 (v21.7, v3.21.7) CVE-2022-3508 RESERVED @@ -17067,7 +17067,7 @@ CVE-2022-3172 NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...) [experimental] - protobuf 3.21.7-1 - - protobuf + - protobuf 3.21.9-3 NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) - linux (Vulnerable code not present) @@ -39806,7 +39806,7 @@ CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) CVE-2022-1941 (A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...) [experimental] - protobuf 3.20.2-1 - - protobuf + - protobuf 3.21.9-3 NOTE: https://www.openwall.com/lists/oss-security/2022/09/27/1 NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf NOTE: https://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7 (v3.20.2) @@ -135105,14 +135105,14 @@ CVE-2021-22571 (A local attacker could read files from some other users' SA360 r NOT-FOR-US: SA360 reports CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...) [experimental] - protobuf 3.17.1-1 - - protobuf + - protobuf 3.21.9-3 [bullseye] - protobuf (Minor issue) [buster] - protobuf (Minor issue) [stretch] - protobuf (Minor issue; clean crash / Dos; patch needs to be isolated) NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...) [experimental] - protobuf 3.19.3-1 - - protobuf + - protobuf 3.21.9-3 [bullseye] - protobuf (Minor issue) [buster] - protobuf (Minor issue) [stretch] - protobuf (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2270498bbea7f4047b6c9bc42592834f6dccf65 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2270498bbea7f4047b6c9bc42592834f6dccf65 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2019-20417 (duplicate of CVE-2019-15011)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b22e837b by Salvatore Bonaccorso at 2022-11-21T21:48:06+01:00 Remove notes from CVE-2019-20417 (duplicate of CVE-2019-15011) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -203581,7 +203581,6 @@ CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2019-20417 REJECTED - NOT-FOR-US: Atlassian CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22e837bfd6b5b821e7980683ff36d847202a05b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22e837bfd6b5b821e7980683ff36d847202a05b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2022-2154 (duplicate of CVE-2022-34345)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d439cb3d by Salvatore Bonaccorso at 2022-11-21T21:46:35+01:00 Remove notes from CVE-2022-2154 (duplicate of CVE-2022-34345) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33747,7 +33747,6 @@ CVE-2022-2155 RESERVED CVE-2022-2154 REJECTED - NOT-FOR-US: Intel CVE-2022-2153 (A flaw was found in the Linux kernels KVM when attempting to se ...) {DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1} - linux 5.17.3-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d439cb3df9438c19be51a6d29004f8c662f2f730 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d439cb3df9438c19be51a6d29004f8c662f2f730 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes for some libcommons-jxpath-java CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 38da4a0d by Salvatore Bonaccorso at 2022-11-21T21:44:39+01:00 Remove notes for some libcommons-jxpath-java CVEs They are rejected by the assigning CNA. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17432,8 +17432,6 @@ CVE-2022-40162 RESERVED CVE-2022-40161 REJECTED - - libcommons-jxpath-java - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097 CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...) - libcommons-jxpath-java NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053 @@ -17442,12 +17440,8 @@ CVE-2022-40159 (** DISPUTED ** This record was originally reported by the oss-fu NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057 CVE-2022-40158 REJECTED - - libcommons-jxpath-java - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058 CVE-2022-40157 REJECTED - - libcommons-jxpath-java - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061 CVE-2022-40156 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...) - libxstream-java NOTE: https://github.com/x-stream/xstream/issues/304 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da4a0d00d04dd81076f967b31a2f315727546b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da4a0d00d04dd81076f967b31a2f315727546b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop notes from CVE-2022-41852 (withdrawn)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14e234f2 by Salvatore Bonaccorso at 2022-11-21T21:42:37+01:00 Drop notes from CVE-2022-41852 (withdrawn) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13191,13 +13191,6 @@ CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in NOTE: https://sourceforge.net/p/hsqldb/svn/6614/ CVE-2022-41852 REJECTED - - libcommons-jxpath-java (unimportant) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133 - NOTE: https://github.com/apache/commons-jxpath/pull/25 - NOTE: https://github.com/apache/commons-jxpath/pull/26 - NOTE: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1307567283 - NOTE: JEXL is NOT expected to safely handle untrusted input, not considered a - NOTE: vulnerability by upstream CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions V11.1.1 ...) NOT-FOR-US: JTTK CVE-2022-41836 (When an 'Attack Signature False Positive Mode' enabled security policy ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14e234f2b74aebd7165c241bfa4000cca7720842 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14e234f2b74aebd7165c241bfa4000cca7720842 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop several CVEs (originally assigned to exiv2)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d515e028 by Salvatore Bonaccorso at 2022-11-21T21:40:47+01:00 Drop several CVEs (originally assigned to exiv2) Furhter investigation has shown that they were not security issues and the assigning CNA has withrawn it. This impacts as well DLA 3186-1 list of CVE. - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -1923,11 +1923,6 @@ CVE-2022-3954 RESERVED CVE-2022-3953 REJECTED - - exiv2 - NOTE: https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1 - NOTE: https://github.com/Exiv2/exiv2/pull/2394 - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731 - TODO: check details CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and clas ...) NOT-FOR-US: ManyDesigns Portofino CVE-2022-3951 @@ -5853,21 +5848,10 @@ CVE-2022-43998 RESERVED CVE-2022-3757 REJECTED - - exiv2 (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378 CVE-2022-3756 REJECTED - {DLA-3186-1} - - exiv2 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e CVE-2022-3755 REJECTED - - exiv2 (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...) @@ -7774,21 +7758,10 @@ CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate NOT-FOR-US: WordPress plugin CVE-2022-3719 REJECTED - - exiv2 (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707 - NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/e4adf388aaaaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a CVE-2022-3718 REJECTED - - exiv2 (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf CVE-2022-3717 REJECTED - - exiv2 (Vulnerable code not present) - NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3 CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Medicine Ordering System CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform] = data/DLA/list = @@ -40,7 +40,7 @@ {CVE-2021-36369} [buster] - dropbear 2018.76-5+deb10u2 [10 Nov 2022] DLA-3186-1 exiv2 - security update - {CVE-2017-11683 CVE-2020-19716 CVE-2022-3756} + {CVE-2017-11683 CVE-2020-19716} [buster] - exiv2 0.25-4+deb10u3 [10 Nov 2022] DLA-3185-1 xorg-server - security update {CVE-2022-3550 CVE-2022-3551} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track ember as removed from every supported suite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8b6f922 by Salvatore Bonaccorso at 2022-11-21T21:16:00+01:00 Track ember as removed from every supported suite - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -926,3 +926,4 @@ xvt yarssr zonecheck postgresql-14 +ember View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8b6f922cff3273b0d540fbccf32815543dcc0d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8b6f922cff3273b0d540fbccf32815543dcc0d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6792b8e6 by Salvatore Bonaccorso at 2022-11-21T21:14:42+01:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3065,7 +3065,7 @@ CVE-2022-44715 CVE-2022-3862 RESERVED CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...) - TODO: check + NOT-FOR-US: Betheme theme for WordPress CVE-2022-3860 RESERVED CVE-2022-3859 @@ -4207,21 +4207,21 @@ CVE-2022-44656 CVE-2022-44655 RESERVED CVE-2022-44654 (Affected builds of Trend Micro Apex One and Apex One as a Service cont ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44653 (A security agent directory traversal vulnerability in Trend Micro Apex ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44652 (An improper handling of exceptional conditions vulnerability in Trend ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44651 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44650 (A memory corruption vulnerability in the Unauthorized Change Preventio ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44649 (An out-of-bounds access vulnerability in the Unauthorized Change Preve ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44648 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-44645 @@ -4928,9 +4928,9 @@ CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2022-3764 RESERVED CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3761 RESERVED CVE-2023-20853 @@ -5474,39 +5474,39 @@ CVE-2022-44185 CVE-2022-44184 RESERVED CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44182 RESERVED CVE-2022-44181 RESERVED CVE-2022-44180 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44179 RESERVED CVE-2022-44178 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44177 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44176 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44175 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44174 (Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44173 RESERVED CVE-2022-44172 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44171 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44170 RESERVED CVE-2022-44169 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44168 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44167 (Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44166 RESERVED CVE-2022-44165 @@ -5514,7 +5514,7 @@ CVE-2022-44165 CVE-2022-44164 RESERVED CVE-2022-44163 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44162 RESERVED CVE-2022-44161 @@ -5524,11 +5524,11 @@ CVE-2022-44160 CVE-2022-44159 RESERVED CVE-2022-44158 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-44157 RESERVED CVE-2022-44156 (Tenda AC15 V15.03.05.19
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-39052
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ea842a2 by Salvatore Bonaccorso at 2022-11-21T21:12:47+01:00 Add Debian bug reference for CVE-2022-39052 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20170,7 +20170,7 @@ CVE-2022-39054 (Cowell enterprise travel management system has insufficient filt CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...) NOT-FOR-US: Heimavista Rpage CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...) - - znuny + - znuny (bug #1024560) CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea842a2444bb5de1fba028ab868b7908f9a92c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea842a2444bb5de1fba028ab868b7908f9a92c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93cf03ab by security tracker role at 2022-11-21T20:10:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,617 @@ +CVE-2022-45781 + RESERVED +CVE-2022-45780 + RESERVED +CVE-2022-45779 + RESERVED +CVE-2022-45778 + RESERVED +CVE-2022-45777 + RESERVED +CVE-2022-45776 + RESERVED +CVE-2022-45775 + RESERVED +CVE-2022-45774 + RESERVED +CVE-2022-45773 + RESERVED +CVE-2022-45772 + RESERVED +CVE-2022-45771 + RESERVED +CVE-2022-45770 + RESERVED +CVE-2022-45769 + RESERVED +CVE-2022-45768 + RESERVED +CVE-2022-45767 + RESERVED +CVE-2022-45766 + RESERVED +CVE-2022-45765 + RESERVED +CVE-2022-45764 + RESERVED +CVE-2022-45763 + RESERVED +CVE-2022-45762 + RESERVED +CVE-2022-45761 + RESERVED +CVE-2022-45760 + RESERVED +CVE-2022-45759 + RESERVED +CVE-2022-45758 + RESERVED +CVE-2022-45757 + RESERVED +CVE-2022-45756 + RESERVED +CVE-2022-45755 + RESERVED +CVE-2022-45754 + RESERVED +CVE-2022-45753 + RESERVED +CVE-2022-45752 + RESERVED +CVE-2022-45751 + RESERVED +CVE-2022-45750 + RESERVED +CVE-2022-45749 + RESERVED +CVE-2022-45748 + RESERVED +CVE-2022-45747 + RESERVED +CVE-2022-45746 + RESERVED +CVE-2022-45745 + RESERVED +CVE-2022-45744 + RESERVED +CVE-2022-45743 + RESERVED +CVE-2022-45742 + RESERVED +CVE-2022-45741 + RESERVED +CVE-2022-45740 + RESERVED +CVE-2022-45739 + RESERVED +CVE-2022-45738 + RESERVED +CVE-2022-45737 + RESERVED +CVE-2022-45736 + RESERVED +CVE-2022-45735 + RESERVED +CVE-2022-45734 + RESERVED +CVE-2022-45733 + RESERVED +CVE-2022-45732 + RESERVED +CVE-2022-45731 + RESERVED +CVE-2022-45730 + RESERVED +CVE-2022-45729 + RESERVED +CVE-2022-45728 + RESERVED +CVE-2022-45727 + RESERVED +CVE-2022-45726 + RESERVED +CVE-2022-45725 + RESERVED +CVE-2022-45724 + RESERVED +CVE-2022-45723 + RESERVED +CVE-2022-45722 + RESERVED +CVE-2022-45721 + RESERVED +CVE-2022-45720 + RESERVED +CVE-2022-45719 + RESERVED +CVE-2022-45718 + RESERVED +CVE-2022-45717 + RESERVED +CVE-2022-45716 + RESERVED +CVE-2022-45715 + RESERVED +CVE-2022-45714 + RESERVED +CVE-2022-45713 + RESERVED +CVE-2022-45712 + RESERVED +CVE-2022-45711 + RESERVED +CVE-2022-45710 + RESERVED +CVE-2022-45709 + RESERVED +CVE-2022-45708 + RESERVED +CVE-2022-45707 + RESERVED +CVE-2022-45706 + RESERVED +CVE-2022-45705 + RESERVED +CVE-2022-45704 + RESERVED +CVE-2022-45703 + RESERVED +CVE-2022-45702 + RESERVED +CVE-2022-45701 + RESERVED +CVE-2022-45700 + RESERVED +CVE-2022-45699 + RESERVED +CVE-2022-45698 + RESERVED +CVE-2022-45697 + RESERVED +CVE-2022-45696 + RESERVED +CVE-2022-45695 + RESERVED +CVE-2022-45694 + RESERVED +CVE-2022-45693 + RESERVED +CVE-2022-45692 + RESERVED +CVE-2022-45691 + RESERVED +CVE-2022-45690 + RESERVED +CVE-2022-45689 + RESERVED +CVE-2022-45688 + RESERVED +CVE-2022-45687 + RESERVED +CVE-2022-45686 + RESERVED +CVE-2022-45685 + RESERVED +CVE-2022-45684 + RESERVED +CVE-2022-45683 + RESERVED +CVE-2022-45682 + RESERVED +CVE-2022-45681 + RESERVED +CVE-2022-45680 + RESERVED +CVE-2022-45679 + RESERVED +CVE-2022-45678 + RESERVED +CVE-2022-45677 + RESERVED +CVE-2022-45676 + RESERVED +CVE-2022-45675 + RESERVED +CVE-2022-45674 + RESERVED +CVE-2022-45673 + RESERVED +CVE-2022-45672 + RESERVED +CVE-2022-45671 + RESERVED +CVE-2022-45670 + RESERVED +CVE-2022-45669 + RESERVED +CVE-2022-45668 + RESERVED +CVE-2022-45667 + RESERVED +CVE-2022-45666 + RESERVED +CVE-2022-45665 + RESERVED +CVE-2022-45664 + RESERVED +CVE-2022-45663 + RESERVED +CVE-2022-45662 + RESERVED +CVE-2022-45661 + RESERVED +CVE-2022-45660 + RESERVED +CVE-2022-45659 + RESERVED +CVE-2022-45658 + RESERVED +CVE-2022-45657 + RESERVED +CVE-2022-45656 + RESERVED +CVE-2022-45655 + RESERVED +CVE-2022-45654 + RESERVED +CVE-2022-45653 + RESERVED +CVE-2022-45652 + RESERVED +CVE-2022-45651 + RESERVED +CVE-2022-45650 + RESERVED +CVE-2022-45649 + RESERVED +CVE-2022-45648 + RESERVED +CVE-2022-45647 + RESERVED +CVE-2022-45646 + RESERVED +CVE-2022-45645 + RESERVED +CVE-2022-45644 + RESERVED +CVE-2022-45643 + RESERVED +CVE-2022-45642 + RESERVED +CVE-2022-45641 +
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2022-4065/testng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec4e9735 by Salvatore Bonaccorso at 2022-11-21T21:08:51+01:00 Update information on CVE-2022-4065/testng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,7 @@ CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) - libonion (bug #744119) CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...) - - testng + - testng (Vulnerable code introduced later) NOTE: https://github.com/cbeust/testng/pull/2806 NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e97356f7e8a1451415de41e0c9002a4450ff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e97356f7e8a1451415de41e0c9002a4450ff3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Directly reference fixing commit for CVE-2022-4065
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0459d42d by Salvatore Bonaccorso at 2022-11-21T20:57:33+01:00 Directly reference fixing commit for CVE-2022-4065 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67,7 +67,7 @@ CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...) - testng NOTE: https://github.com/cbeust/testng/pull/2806 - NOTE: https://github.com/cbeust/testng/commit/9150736cd2c123a6a3b60e6193630859f9f0422b + NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) - ruby-dalli (Vulnerable code introduced later) NOTE: https://github.com/petergoldstein/dalli/issues/932 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0459d42dd23edb189eaf6f3829fe45400e429922 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0459d42dd23edb189eaf6f3829fe45400e429922 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-37026: Add followup commit references correcting guard check
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9104af55 by Salvatore Bonaccorso at 2022-11-21T20:50:56+01:00 CVE-2022-37026: Add followup commit references correcting guard check Markus did already pinpoint the fixing commit needed for the OTP-23.3 branch. Apparently later on there was a followup commit to correct the guard check. Add those as well for any potential stable and older release to make sure we do not hit a regression. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25314,7 +25314,10 @@ CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x b [bullseye] - erlang (Minor issue) [buster] - erlang (Minor issue) NOTE: https://erlangforums.com/t/otp-25-1-released/1854 - NOTE: Possible fix according to Red Hat: https://github.com/erlang/otp/commit/cd5024867e + NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15) + NOTE: Followup: https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 (OTP-23.3.4.17) + NOTE: Fixed by: https://github.com/erlang/otp/commit/254f2728902bc7e80a67726ebbc1a0b3ab7742eb (OTP-24.3.4.2) + NOTE: Followup: https://github.com/erlang/otp/commit/33e7570e075e0b84efef91b2f307fcf938517b1c (OTP-24.3.4.3) CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...) NOT-FOR-US: McAfee CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9104af55346686c0dbb7f5c4c17eb13ca12c2ca6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9104af55346686c0dbb7f5c4c17eb13ca12c2ca6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 91cd8e14 by Moritz Muehlenhoff at 2022-11-21T14:27:57+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -106,6 +106,7 @@ CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when NOT-FOR-US: JetBrains Hub CVE-2022-45470 RESERVED + NOT-FOR-US: Apache Hama CVE-2022-44456 RESERVED CVE-2022-4061 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd8e146499a40cdc09f0d96d396413c21e2b45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c71feb9f by Moritz Muehlenhoff at 2022-11-21T14:03:38+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48655,7 +48655,7 @@ CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R) AMT CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software ...) NOT-FOR-US: Intel CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless WiFi, Inte ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...) NOT-FOR-US: Intel CVE-2022-25868 @@ -96044,7 +96044,7 @@ CVE-2021-37938 (It was discovered that on Windows operating systems specifically CVE-2021-37937 RESERVED CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...) - TODO: check + - kibana (bug #700337) CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...) NOT-FOR-US: Huntflow Enterprise CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...) @@ -98494,7 +98494,7 @@ CVE-2021-36907 CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR) vulnerabilities in E ...) NOT-FOR-US: WordPress plugin CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36904 RESERVED CVE-2021-36903 @@ -105682,7 +105682,7 @@ CVE-2021-33899 CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...) NOT-FOR-US: Invoice Ninja CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a non-Latin loca ...) - TODO: check + NOT-FOR-US: Synthesia CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...) - dino-im 0.2.0-3 [buster] - dino-im (Minor issue) @@ -111565,7 +111565,7 @@ CVE-2021-31741 CVE-2021-31740 RESERVED CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...) - TODO: check + NOT-FOR-US: SEPPmail CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...) NOT-FOR-US: Adiscon LogAnalyzer CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...) @@ -111835,7 +111835,7 @@ CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...) NOT-FOR-US: Silicon Labs Bluetooth CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Se ...) - TODO: check + NOT-FOR-US: Proofpoint Enterprise Protection CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) {DLA-2815-1} - salt 3002.6+dfsg1-2 (bug #987496) @@ -125183,11 +125183,11 @@ CVE-2021-26395 CVE-2021-26394 RESERVED CVE-2021-26393 (Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26392 (Insufficient verification of missing size check in 'LoadModule' may le ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26391 (Insufficient verification of multiple header signatures while loading ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the bootloader into ...) NOT-FOR-US: AMD CVE-2021-26389 @@ -125249,7 +125249,7 @@ CVE-2021-26362 (A malicious or compromised UApp or ABL may be used by an attacke CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA Boot Loade ...) NOT-FOR-US: AMD CVE-2021-26360 (An attacker with local access to the system can make unauthorized modi ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26359 RESERVED CVE-2021-26358 @@ -180482,7 +180482,7 @@ CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6 CVE-2020-15854 RESERVED CVE-2020-15853 (supybot-fedora implements the command 'refresh', that refreshes the ca ...) - TODO: check + NOT-FOR-US: supybot-fedora CVE-2020- [mpv insecure lua loadpath] - mpv 0.32.0-2 (bug #950816) [buster] - mpv (Minor issue) @@ -188487,9 +188487,9 @@ CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape han CVE-2020-12932 RESERVED CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP) kernel ...) - TODO: check + NOT-FOR-US: AMD CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP) drivers may ...) -
[Git][security-tracker-team/security-tracker][master] new maradns issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 496dd385 by Moritz Muehlenhoff at 2022-11-21T14:00:21+01:00 new maradns issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44102,7 +44102,8 @@ CVE-2022-30258 CVE-2022-30257 RESERVED CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) - TODO: check + - maradns + NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 CVE-2022-30255 RESERVED CVE-2022-30254 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496dd385bb12c0ae2907a996b22f9170140308af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496dd385bb12c0ae2907a996b22f9170140308af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new zoneminder issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a51411d by Moritz Muehlenhoff at 2022-11-21T13:55:14+01:00 new zoneminder issues new potential otrs/znuny issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19545,7 +19545,7 @@ CVE-2022-39054 (Cowell enterprise travel management system has insufficient filt CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...) NOT-FOR-US: Heimavista Rpage CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...) - TODO: check + - znuny CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out @@ -42572,9 +42572,13 @@ CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM corruption CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...) NOT-FOR-US: Terminalfour CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an attacker c ...) - TODO: check + - zoneminder (unimportant) + NOTE: https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3 + NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows ...) - TODO: check + - zoneminder (unimportant) + NOTE: https://medium.com/@dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31 + NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and throu ...) [experimental] - u-boot 2022.07~rc4+dfsg-1 - u-boot 2022.07+dfsg-1 (bug #1014471) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: new gitlab issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 78a7a183 by Moritz Muehlenhoff at 2022-11-21T13:40:20+01:00 new gitlab issues - - - - - f31d24af by Moritz Muehlenhoff at 2022-11-21T13:49:50+01:00 two additional CVEs from August Nvidia advisory, copy over existing entries for older suites - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20240,7 +20240,7 @@ CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...) - TODO: check + - gitlab CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...) - routinator (bug #929024) CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...) @@ -21867,7 +21867,7 @@ CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal i CVE-2022-2827 RESERVED CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...) - TODO: check + - gitlab CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...) - airflow (bug #819700) CVE-2022-38361 @@ -31714,9 +31714,43 @@ CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow v [buster] - nvidia-cuda-toolkit (Minor issue) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373 CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - TODO: check + - nvidia-graphics-drivers 470.141.03-1 + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - TODO: check + - nvidia-graphics-drivers 470.141.03-1 + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 CVE-2022-34664 RESERVED CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29...f31d24af95fd6c3933e507152be88b85d49902f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29...f31d24af95fd6c3933e507152be88b85d49902f8 You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] new testng issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4736cf4b by Moritz Muehlenhoff at 2022-11-21T13:37:29+01:00 new testng issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,9 @@ CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) - libonion (bug #744119) CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...) - TODO: check + - testng + NOTE: https://github.com/cbeust/testng/pull/2806 + NOTE: https://github.com/cbeust/testng/commit/9150736cd2c123a6a3b60e6193630859f9f0422b CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) - ruby-dalli (Vulnerable code introduced later) NOTE: https://github.com/petergoldstein/dalli/issues/932 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ca0332c by Moritz Muehlenhoff at 2022-11-21T12:46:34+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...) - TODO: check + NOT-FOR-US: appsmith CVE-2022-4095 RESERVED CVE-2022-4094 @@ -63,7 +63,7 @@ CVE-2022-4068 (A user is able to enable their own account if it was disabled by CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) - TODO: check + - libonion (bug #744119) CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...) TODO: check CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) @@ -12405,9 +12405,9 @@ CVE-2022-41941 CVE-2022-41940 RESERVED CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) - TODO: check + NOT-FOR-US: knative.dev/func CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) - TODO: check + NOT-FOR-US: Flarum CVE-2022-41937 RESERVED CVE-2022-41936 @@ -13135,13 +13135,13 @@ CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions CVE-2022-41656 RESERVED CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41650 RESERVED CVE-2022-41647 RESERVED CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41640 RESERVED CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin ...) @@ -20020,7 +20020,7 @@ CVE-2022-38873 CVE-2022-38872 RESERVED CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. ...) - TODO: check + NOT-FOR-US: free5GC CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...) NOT-FOR-US: free5GC CVE-2022-38869 @@ -21582,7 +21582,7 @@ CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc CVE-2022-38396 RESERVED CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...) - TODO: check + NOT-FOR-US: HP CVE-2022-38393 RESERVED CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...) @@ -22343,7 +22343,7 @@ CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the J NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a potential deni ...) - TODO: check + NOT-FOR-US: HP CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) @@ -24930,7 +24930,7 @@ CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/ CVE-2022-37198 RESERVED CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. ...) - TODO: check + NOT-FOR-US: IOBit CVE-2022-37196 RESERVED CVE-2022-37195 @@ -31257,7 +31257,7 @@ CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial CVE-2022-34828 RESERVED CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control. ...) - TODO: check + NOT-FOR-US: Carel Boss Mini CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...) NOT-FOR-US: Couchbase Server CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...) @@ -39681,7 +39681,7 @@ CVE-2022-31696 CVE-2022-31695 RESERVED CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...) - TODO: check + NOT-FOR-US: InstallBuilder Qt installers CVE-2022-31693 RESERVED CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...) @@ -39972,9 +39972,9 @@ CVE-2022-1877 CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31616
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a2d84d6d by Moritz Muehlenhoff at 2022-11-21T11:57:04+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12536,6 +12536,7 @@ CVE-2022-41878 (Parse Server is an open source backend that can be deployed to a NOT-FOR-US: Node parse-server CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba @@ -18704,6 +18705,7 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1) CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d @@ -18766,24 +18768,29 @@ CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a NOT-FOR-US: GitHub Actions Runner CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...) - freerdp2 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 @@ -53747,10 +53754,10 @@ CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in Gi NOT-FOR-US: sqlpad CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...) {DLA-3182-1 DLA-3053-1} - - vim 2:8.2.4659-1 - [bullseye] - vim (Minor issue) + - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563) + NOTE: Crash in CLI tool, no security impact CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in ...) - liblouis 3.22.0-1 (bug #1008009) [bullseye] - liblouis (Minor issue) @@ -57409,10 +57416,10 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypass NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x) CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) {DLA-3182-1 DLA-2947-1} - - vim 2:8.2.4659-1 - [bullseye] - vim (Minor issue) + - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440) + NOTE: Crash in CLI tool, no security impact CVE-2022-0728 (The Easy Smooth Scroll
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4087/ipxe
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f048e82 by Salvatore Bonaccorso at 2022-11-21T09:46:38+01:00 Add CVE-2022-4087/ipxe - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,9 @@ CVE-2022-4089 CVE-2022-4088 RESERVED CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as problematic ...) - TODO: check + - ipxe + NOTE: Fixed by: https://github.com/ipxe/ipxe/commit/186306d6199096b7a7c4b4574d4be8cdb8426729 + TODO: check, might be introduced later than the packaged version CVE-2022-4086 REJECTED CVE-2022-4085 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f048e824089c55d13863135811244fcc0e8943d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f048e824089c55d13863135811244fcc0e8943d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4093/dolibarr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf59fe3a by Salvatore Bonaccorso at 2022-11-21T09:45:05+01:00 Add CVE-2022-4093/dolibarr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2022-4095 CVE-2022-4094 RESERVED CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...) - TODO: check + - dolibarr CVE-2022-4092 RESERVED CVE-2022-44608 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf59fe3ae0617e5ce32427501eea6b8a60a98994 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf59fe3ae0617e5ce32427501eea6b8a60a98994 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d7f0d61 by security tracker role at 2022-11-21T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...) + TODO: check +CVE-2022-4095 + RESERVED +CVE-2022-4094 + RESERVED +CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...) + TODO: check +CVE-2022-4092 + RESERVED CVE-2022-44608 RESERVED CVE-2022-4091 @@ -8,8 +18,8 @@ CVE-2022-4089 RESERVED CVE-2022-4088 RESERVED -CVE-2022-4087 - RESERVED +CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as problematic ...) + TODO: check CVE-2022-4086 REJECTED CVE-2022-4085 @@ -48634,6 +48644,7 @@ CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the CVE-2022-1272 RESERVED CVE-2022-1270 (In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. ...) + {DLA-3200-1} - graphicsmagick 1.4+really1.3.38-1 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/664/ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/94f4bcf448ad View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7f0d6122238ce93331958d9fb9b528fb182cf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d7f0d6122238ce93331958d9fb9b528fb182cf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits