Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: eb904674 by Moritz Muehlenhoff at 2022-07-15T18:07:08+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3985,7 +3985,7 @@ CVE-2022-34302 CVE-2022-34301 RESERVED CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...) - - tinyexr <unfixed> + - tinyexr <unfixed> (bug #1014980) [bullseye] - tinyexr <no-dsa> (Minor issue) NOTE: https://github.com/syoyo/tinyexr/issues/167 CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...) @@ -19006,9 +19006,8 @@ CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub reposi CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...) - furnace <itp> (bug #1008592) CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...) - - apache-jena <undetermined> + - apache-jena <unfixed> (bug #1014982) NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1 - TODO: check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check CVE-2021-4226 RESERVED CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...) @@ -19593,7 +19592,7 @@ CVE-2022-1255 (The Import and export users and customers WordPress plugin before CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...) NOT-FOR-US: Skyhigh SWG CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <no-dsa> (Minor issue) @@ -63107,7 +63106,7 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) - - apache-jena <undetermined> + - apache-jena <unfixed> (bug #1014982) NOTE: https://lists.apache.org/thread/qpbfrdty7jt3yfm39hx4p9dp151sd6gm CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...) NOT-FOR-US: HP @@ -70154,14 +70153,14 @@ CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in G NOTE: https://github.com/gpac/gpac/issues/1838 NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0) CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <no-dsa> (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/302 NOTE: https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <no-dsa> (Minor issue) @@ -70170,14 +70169,14 @@ CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-m CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) NOT-FOR-US: Bitdefender CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <no-dsa> (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/300 NOTE: https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <no-dsa> (Minor issue) @@ -72629,7 +72628,7 @@ CVE-2021-35454 CVE-2021-35453 RESERVED CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...) - - libde265 <unfixed> + - libde265 <unfixed> (bug #1014977) [bullseye] - libde265 <no-dsa> (Minor issue) [buster] - libde265 <no-dsa> (Minor issue) [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream) @@ -73529,7 +73528,7 @@ CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, a CVE-2021-35044 RESERVED CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...) - - libowasp-antisamy-java <unfixed> + - libowasp-antisamy-java <unfixed> (bug #1014981) [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) @@ -77999,7 +77998,7 @@ CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...) - - apache-jena <undetermined> + - apache-jena <unfixed> (bug #1014982) NOTE: https://lists.apache.org/thread/sq6q94q0prqwr9vdm2wptglcq1kv98k8 CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...) NOT-FOR-US: Apache NiFi @@ -129403,7 +129402,7 @@ CVE-2020-25634 (A flaw was found in Red Hat 3scale’s API docs URL, where i NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - resteasy <unfixed> (bug #970585) - - resteasy3.0 <unfixed> + - resteasy3.0 <unfixed> (bug #1014983) [bullseye] - resteasy3.0 <ignored> (Minor issue) [buster] - resteasy3.0 <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 @@ -268755,7 +268754,7 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186 NOTE: and disputed as security issue. Should be properly rejected by MITRE. CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...) - - tinyexr <unfixed> + - tinyexr <unfixed> (bug #1014980) [bullseye] - tinyexr <no-dsa> (Minor issue) NOTE: https://github.com/syoyo/tinyexr/issues/83 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...) @@ -270816,7 +270815,7 @@ CVE-2018-12067 (The sell function of a smart contract implementation for Substra CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in C ...) NOT-FOR-US: wityCMS CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...) - - tinyexr <undetermined> + - tinyexr <unfixed> (bug #1014980) NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...) NOT-FOR-US: Internet Node Token @@ -312995,7 +312994,7 @@ CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementati CVE-2017-14736 RESERVED CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...) - - libowasp-antisamy-java <unfixed> + - libowasp-antisamy-java <unfixed> (bug #1014981) [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) @@ -346742,7 +346741,7 @@ CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content T CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in do ...) NOT-FOR-US: dotCMS CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...) - - libowasp-antisamy-java <unfixed> + - libowasp-antisamy-java <unfixed> (bug #1014981) [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb904674080e0c29949c3bc5c9953c8df545fae9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb904674080e0c29949c3bc5c9953c8df545fae9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits