[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Wed, 28 Dec 2022 10:12:16 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
96f9432b by Moritz Mühlenhoff at 2022-12-28T19:11:18+01:00
bugnums
record protobuf fix in sid
mark png report as non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11178,7 +11178,7 @@ CVE-2022-3858 (The Floating Chat Widget: Contact Chat 
Icons, Telegram Chat, Line
        NOT-FOR-US: WordPress plugin
 CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
        RESERVED
-       - libpng1.6 <undetermined>
+       NOTE: Unreproducible libpng issue
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
        NOTE: https://sourceforge.net/p/libpng/bugs/300/
 CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 
does no ...)
@@ -12287,11 +12287,10 @@ CVE-2022-3855
        RESERVED
 CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
        RESERVED
-       - ceph <undetermined>
+       - ceph <unfixed> (bug #1027151)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025
        NOTE: https://tracker.ceph.com/issues/55765
-       TODO: check details, none provided in RHBZ#2139925, SuSE contains 
excerpt from the closed bugzilla entry
 CVE-2022-44664
        RESERVED
 CVE-2022-44663
@@ -18754,7 +18753,8 @@ CVE-2022-3512 (Using warp-cli command 
"add-trusted-ssid", a user was able to dis
 CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not 
ensure that ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type 
Extens ...)
-       - protobuf <unfixed>
+       [experimental] - protobuf 3.21.7-1
+       - protobuf 3.21.9-3
        [bullseye] - protobuf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat 
in proto ...)
@@ -23100,7 +23100,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 9.
        NOTE: Crash in CLI toool, no security impact
 CVE-2022-3277 [unrestricted creation of security groups]
        RESERVED
-       - neutron <unfixed>
+       - neutron <unfixed> (bug #1027150)
        [bullseye] - neutron <no-dsa> (Minor issue)
        [buster] - neutron <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
@@ -23110,7 +23110,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 
allows prototype poisonin
        NOTE: https://github.com/hapijs/hoek/issues/352
        NOTE: Fixed by: 
https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 
(v9.0.3)
 CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module 
prior to  ...)
-       - puppet-module-puppetlabs-mysql <unfixed>
+       - puppet-module-puppetlabs-mysql <unfixed> (bug #1027154)
        NOTE: https://puppet.com/security/cve/CVE-2022-3276
        NOTE: 
https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d
 (v13.0.0)
        NOTE: 
https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071
 (v13.0.0)
@@ -73938,17 +73938,17 @@ CVE-2022-23522
 CVE-2022-23521
        RESERVED
 CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
-       - ruby-rails-html-sanitizer <unfixed>
+       - ruby-rails-html-sanitizer <unfixed> (bug #1027153)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
 CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
-       - ruby-rails-html-sanitizer <unfixed>
+       - ruby-rails-html-sanitizer <unfixed> (bug #1027153)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
 CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
-       - ruby-rails-html-sanitizer <unfixed>
+       - ruby-rails-html-sanitizer <unfixed> (bug #1027153)
        NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
 CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
-       - ruby-rails-html-sanitizer <unfixed>
+       - ruby-rails-html-sanitizer <unfixed> (bug #1027153)
        NOTE: 
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
        NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming 
HTML/XML ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to