Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96f9432b by Moritz Mühlenhoff at 2022-12-28T19:11:18+01:00 bugnums record protobuf fix in sid mark png report as non issue - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -11178,7 +11178,7 @@ CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line NOT-FOR-US: WordPress plugin CVE-2022-3857 [Null pointer dereference leads to segmentation fault] RESERVED - - libpng1.6 <undetermined> + NOTE: Unreproducible libpng issue NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600 NOTE: https://sourceforge.net/p/libpng/bugs/300/ CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...) @@ -12287,11 +12287,10 @@ CVE-2022-3855 RESERVED CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends] RESERVED - - ceph <undetermined> + - ceph <unfixed> (bug #1027151) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025 NOTE: https://tracker.ceph.com/issues/55765 - TODO: check details, none provided in RHBZ#2139925, SuSE contains excerpt from the closed bugzilla entry CVE-2022-44664 RESERVED CVE-2022-44663 @@ -18754,7 +18753,8 @@ CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to dis CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...) NOT-FOR-US: WordPress plugin CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...) - - protobuf <unfixed> + [experimental] - protobuf 3.21.7-1 + - protobuf 3.21.9-3 [bullseye] - protobuf <no-dsa> (Minor issue) NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...) @@ -23100,7 +23100,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9. NOTE: Crash in CLI toool, no security impact CVE-2022-3277 [unrestricted creation of security groups] RESERVED - - neutron <unfixed> + - neutron <unfixed> (bug #1027150) [bullseye] - neutron <no-dsa> (Minor issue) [buster] - neutron <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193 @@ -23110,7 +23110,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin NOTE: https://github.com/hapijs/hoek/issues/352 NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3) CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to ...) - - puppet-module-puppetlabs-mysql <unfixed> + - puppet-module-puppetlabs-mysql <unfixed> (bug #1027154) NOTE: https://puppet.com/security/cve/CVE-2022-3276 NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0) NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0) @@ -73938,17 +73938,17 @@ CVE-2022-23522 CVE-2022-23521 RESERVED CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) - - ruby-rails-html-sanitizer <unfixed> + - ruby-rails-html-sanitizer <unfixed> (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) - - ruby-rails-html-sanitizer <unfixed> + - ruby-rails-html-sanitizer <unfixed> (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) - - ruby-rails-html-sanitizer <unfixed> + - ruby-rails-html-sanitizer <unfixed> (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/issues/135 NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) - - ruby-rails-html-sanitizer <unfixed> + - ruby-rails-html-sanitizer <unfixed> (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits