Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bb64f0e by security tracker role at 2022-02-12T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-0570
+ RESERVED
+CVE-2022-0569
+ RESERVED
CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not
mention the ...)
- git <unfixed> (unimportant)
NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
@@ -4235,10 +4239,9 @@ CVE-2022-23636
RESERVED
CVE-2022-23635
RESERVED
-CVE-2022-23634
- RESERVED
-CVE-2022-23633
- RESERVED
+CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to
`puma` ...)
+ TODO: check
+CVE-2022-23633 (Action Pack is a framework for handling and responding to web
requests ...)
- rails <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
NOTE: Fixed by:
https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545
(v6.1.4.5)
@@ -4673,50 +4676,42 @@ CVE-2022-23438
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
- libxerces2-java <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
-CVE-2022-0311
- RESERVED
+CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to
97.0.46 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0310
- RESERVED
+CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to
97.0.46 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0309
- RESERVED
+CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior
to 97. ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0308
- RESERVED
+CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS
prior to ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0307
- RESERVED
+CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to
97.0.46 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0306
- RESERVED
+CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to
97.0.4692.99 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0305
- RESERVED
+CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google
Chrome pr ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0304
- RESERVED
+CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to
97.0.4692.99 all ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -4727,80 +4722,67 @@ CVE-2022-0303
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0302
- RESERVED
+CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to
97.0.4692.99 allow ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0301
- RESERVED
+CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to
97.0.4692.9 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0300
- RESERVED
+CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on
Android ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0298
- RESERVED
+CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to
97.0.4692.99 al ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0297
- RESERVED
+CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99
allowe ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0296
- RESERVED
+CVE-2022-0296 (Use after free in Printing in Google Chrome prior to
97.0.4692.99 allo ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0295
- RESERVED
+CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to
97.0.4692.99 allow ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0294
- RESERVED
+CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome
prior ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0293
- RESERVED
+CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to
97.0.4692.99 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0292
- RESERVED
+CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome
prior t ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0291
- RESERVED
+CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior
to 97.0 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0290
- RESERVED
+CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to
97.0.4692.9 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0289
- RESERVED
+CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to
97.0.4692.99 ...)
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -5176,18 +5158,18 @@ CVE-2021-46368
RESERVED
CVE-2021-46367
RESERVED
-CVE-2021-46366
- RESERVED
-CVE-2021-46365
- RESERVED
-CVE-2021-46364
- RESERVED
-CVE-2021-46363
- RESERVED
-CVE-2021-46362
- RESERVED
-CVE-2021-46361
- RESERVED
+CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below
allows att ...)
+ TODO: check
+CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below
allows at ...)
+ TODO: check
+CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS
v6.2.3 and be ...)
+ TODO: check
+CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below
allows at ...)
+ TODO: check
+CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the
Registrat ...)
+ TODO: check
+CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and
below allo ...)
+ TODO: check
CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS
10.0.39 and e ...)
NOT-FOR-US: Composr-CMS
CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service
vulnerabilit ...)
@@ -7261,8 +7243,8 @@ CVE-2022-22767
RESERVED
CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products.
If explo ...)
NOT-FOR-US: BD Pyxis
-CVE-2022-22765
- RESERVED
+CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded
credent ...)
+ TODO: check
CVE-2022-22764
RESERVED
{DSA-5069-1 DLA-2916-1}
@@ -8040,148 +8022,124 @@ CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE)
- version 16.0, installatio
NOT-FOR-US: SAP
CVE-2022-22527
RESERVED
-CVE-2022-0120
- RESERVED
+CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome
prior to 97 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0119
RESERVED
-CVE-2022-0118
- RESERVED
+CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior
to 97. ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0117
- RESERVED
+CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71
allowed ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0116
- RESERVED
+CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome
prior to ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0115
- RESERVED
+CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to
97.0.4692.71 a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0114
- RESERVED
+CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google
Chrome prior ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0113
- RESERVED
+CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to
97.0.4 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0112
- RESERVED
+CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to
97.0.469 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0111
- RESERVED
+CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome
prior to 9 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0110
- RESERVED
+CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to
97.0.4692. ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0109
- RESERVED
+CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior
to 97. ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0108
- RESERVED
+CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome
prior to 9 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0107
- RESERVED
+CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome
OS prior ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0106
- RESERVED
+CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to
97.0.4692.71 allo ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0105
- RESERVED
+CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to
97.0.469 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0104
- RESERVED
+CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to
97.0.4692.71 a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0103
- RESERVED
+CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to
97.0.4692.71 a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0102
- RESERVED
+CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71
allowed a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0101
- RESERVED
+CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to
97.0.4692. ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0100
- RESERVED
+CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome
prior to 97 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0099
- RESERVED
+CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to
97.0.4692.71 allow ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0098
- RESERVED
+CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS
prior t ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0097
- RESERVED
+CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior
to 97. ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0096
- RESERVED
+CVE-2022-0096 (Use after free in Storage in Google Chrome prior to
97.0.4692.71 allow ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -13378,32 +13336,27 @@ CVE-2021-44797
RESERVED
CVE-2021-44796
RESERVED
-CVE-2021-4102
- RESERVED
+CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110
allowed a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4101
- RESERVED
+CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to
96.0.466 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4100
- RESERVED
+CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to
96.0.4664.11 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4099
- RESERVED
+CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to
96.0.4664.110 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4098
- RESERVED
+CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to
96.0.46 ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -70214,8 +70167,8 @@ CVE-2021-23557
RESERVED
CVE-2021-23556
RESERVED
-CVE-2021-23555
- RESERVED
+CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass
via dire ...)
+ TODO: check
CVE-2021-23554
RESERVED
CVE-2021-23553
@@ -80793,9 +80746,8 @@ CVE-2021-20003
REJECTED
CVE-2021-20002
REJECTED
-CVE-2021-20001
- RESERVED
- {DSA-5072-1}
+CVE-2021-20001 (It was discovered, that debian-edu-config, a set of
configuration file ...)
+ {DSA-5072-1 DLA-2918-1}
- debian-edu-config 2.12.16
NOTE:
https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
CVE-2020-35488 (The fileop module of the NXLog service in NXLog Community
Edition 2.10 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb64f0e6dc2f5de00353b102f0f6fbf58d2988d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb64f0e6dc2f5de00353b102f0f6fbf58d2988d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
