[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fb5242a by Moritz Muehlenhoff at 2022-08-12T00:16:58+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -6836,6 +6836,7 @@ CVE-2022-2348 CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU] RESERVED - u-boot (bug #1014959) + [bullseye] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2 CVE-2022-35399 REJECTED @@ -19437,10 +19438,12 @@ CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro NOT-FOR-US: Trend Micro CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...) - unbound (bug #1016493) + [bullseye] - unbound (Minor issue) NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...) - unbound (bug #1016493) + [bullseye] - unbound (Minor issue) NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...) @@ -63241,6 +63244,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cros NOT-FOR-US: Sofico CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...) - squirrel3 (bug #1016212) + [bullseye] - squirrel3 (Minor issue) NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2) NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/ CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) = data/dsa-needed.txt = @@ -48,6 +48,8 @@ ruby-tzinfo -- salt -- +sofia-sip +-- sox patch needed for CVE-2021-40426, check with upstream -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] more Linux refs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 64ca1660 by Moritz Muehlenhoff at 2022-08-11T23:47:21+02:00 more Linux refs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -126719,6 +126719,8 @@ CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after fr [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca NOTE: https://source.android.com/security/bulletin/2021-11-01 + NOTE: https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html + NOTE: https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-0920.html CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...) NOT-FOR-US: Android CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ca1660aa5a050b0c68f75b1535abf23b65b114 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ca1660aa5a050b0c68f75b1535abf23b65b114 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 95d31930 by Moritz Muehlenhoff at 2022-08-11T23:41:25+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1653,8 +1653,11 @@ CVE-2022-37452 (Exim before 4.95 has a heap-based buffer overflow for the alias NOTE: https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 (exim-4.95-RC0) CVE-2022-37451 (Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...) - exim4 4.95-4 + [bullseye] - exim4 (Vulnerable code not present) + [buster] - exim4 (Vulnerable code not present) NOTE: https://github.com/ivd38/exim_invalid_free NOTE: https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42 (exim-4.96-RC0) + NOTE: Introduced in https://github.com/Exim/exim/commit/1e30b0199daf7a7a882458251a3dc10d45d4c7d1 (exim-4.95-RC0) CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to increase re ...) - golang-github-go-ethereum (bug #890541) CVE-2022-37449 @@ -1915,6 +1918,7 @@ CVE-2022-37395 RESERVED CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...) - nova (bug #1016980) + [bullseye] - nova (Minor issue) NOTE: https://bugs.launchpad.net/ossa/+bug/1981813 NOTE: https://review.opendev.org/c/openstack/nova/+/849985 NOTE: https://review.opendev.org/c/openstack/nova/+/850003 @@ -2113,6 +2117,7 @@ CVE-2022-2625 [extension scripts replace objects not owned by the extension] {DLA-3072-1} - postgresql-14 14.5-1 - postgresql-13 + [bullseye] - postgresql-13 (Minor issue, fix along in next update) - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/ CVE-2022-2624 @@ -2808,6 +2813,7 @@ CVE-2022-37036 RESERVED CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...) - frr (bug #1016978) + [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/11698 CVE-2022-37034 RESERVED @@ -5732,6 +5738,7 @@ CVE-2022-35864 (This vulnerability allows remote attackers to disclose sensitive NOT-FOR-US: BMC Track-It! CVE-2022-2414 (Access to external entities when parsing XML documents can lead to XML ...) - dogtag-pki (bug #1014957) + [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676 NOTE: https://github.com/dogtagpki/pki/pull/4021 NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055 @@ -6746,6 +6753,7 @@ CVE-2022-35415 RESERVED CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized r ...) - qemu (bug #1014958) + [bullseye] - qemu (Minor issue) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065 NOTE: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c NOTE: https://sick.codes/sick-2022-113 @@ -7880,9 +7888,10 @@ CVE-2022-34929 CVE-2022-34928 (JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: JFinal CMS CVE-2022-34927 (MilkyTracker v1.03.00 was discovered to contain a stack overflow via t ...) - - milkytracker (bug #1016578) + - milkytracker (unimportant; bug #1016578) NOTE: https://github.com/milkytracker/MilkyTracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b NOTE: https://github.com/milkytracker/MilkyTracker/issues/275 + NOTE: Crash in GUI tool, no security impact CVE-2022-34926 RESERVED CVE-2022-34925 @@ -8468,6 +8477,7 @@ CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma l NOT-FOR-US: MediaWiki extension WikiBase CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is implemented by u ...) - mistune 2.0.3-1 (bug #1016089) + [bullseye] - mistune (Minor issue) NOTE: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 (v2.0.3) CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All versions & ...) NOT-FOR-US: Siemens @@ -9063,6 +9073,7 @@ CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a comm NOT-FOR-US: D-Link CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...) - tiff 4.4.0-4 + [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990 CVE-2022-34525 @@ -25712,6 +25723,7 @@ CVE-2022-1228 (The
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac054100 by Salvatore Bonaccorso at 2022-08-11T22:18:52+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,7 @@ CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Bo CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...) @@ -45,7 +45,7 @@ CVE-2022-2767 (A vulnerability classified as problematic has been found in Sourc CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2764 RESERVED CVE-2022-2763 @@ -6151,33 +6151,33 @@ CVE-2022-35680 CVE-2022-35679 RESERVED CVE-2022-35678 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35677 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35676 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35675 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35674 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35673 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...) NOT-FOR-US: Adobe CVE-2022-35671 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35670 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) NOT-FOR-US: Adobe CVE-2022-35668 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35667 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-35664 RESERVED CVE-2022-35663 @@ -9854,15 +9854,15 @@ CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 befo NOTE: https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492 (4.0.6) NOTE: https://github.com/django/django/commit/a9010fee6086a9d9ae50069579400ef0685e (3.2.14) CVE-2022-34264 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34263 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34262 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34261 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34260 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34259 RESERVED CVE-2022-34258 @@ -9912,7 +9912,7 @@ CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005 CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34235 (Adobe Premiere Elements version 2020v20 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34234 (Adobe Acrobat Reader versions
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c3e99d6 by Salvatore Bonaccorso at 2022-08-11T22:16:10+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,29 +21,29 @@ CVE-2022-2779 CVE-2022-2778 RESERVED CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2775 RESERVED CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...) - TODO: check + NOT-FOR-US: SourceCodester Library Management System CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2772 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Book St ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Library Management System CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Online Admission System CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...) - TODO: check + NOT-FOR-US: SourceCodester Loan Management System CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...) TODO: check CVE-2022-2764 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c3e99d6114103b81a7d4565726cfd4112df9ea2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c3e99d6114103b81a7d4565726cfd4112df9ea2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d1b7901 by Salvatore Bonaccorso at 2022-08-11T22:11:27+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6451,19 +6451,19 @@ CVE-2022-35563 CVE-2022-35562 RESERVED CVE-2022-35561 (A stack overflow vulnerability exists in /goform/WifiMacFilterSet in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35560 (A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35559 (A stack overflow vulnerability exists in /goform/setAutoPing in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35558 (A stack overflow vulnerability exists in /goform/WifiMacFilterGet in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35557 (A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35556 RESERVED CVE-2022-3 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-35554 RESERVED CVE-2022-35553 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1b7901ae8d64594bbe7959d8ef3192195d8f78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1b7901ae8d64594bbe7959d8ef3192195d8f78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a5fc868e by security tracker role at 2022-08-11T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,61 @@ +CVE-2022-38170 + RESERVED +CVE-2022-38082 + RESERVED +CVE-2022-2786 + RESERVED +CVE-2022-2785 + RESERVED +CVE-2022-2784 + RESERVED +CVE-2022-2783 + RESERVED +CVE-2022-2782 + RESERVED +CVE-2022-2781 + RESERVED +CVE-2022-2780 + RESERVED +CVE-2022-2779 + RESERVED +CVE-2022-2778 + RESERVED +CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + TODO: check +CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-2775 + RESERVED +CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...) + TODO: check +CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) + TODO: check +CVE-2022-2772 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) + TODO: check +CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Book St ...) + TODO: check +CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...) + TODO: check +CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...) + TODO: check +CVE-2022-2764 + RESERVED +CVE-2022-2763 + RESERVED +CVE-2022-2762 + RESERVED +CVE-2022-2761 + RESERVED +CVE-2022-2760 + RESERVED CVE-2022-38169 RESERVED CVE-2022-38168 @@ -2052,6 +2110,7 @@ CVE-2022-33940 RESERVED CVE-2022-2625 [extension scripts replace objects not owned by the extension] RESERVED + {DLA-3072-1} - postgresql-14 14.5-1 - postgresql-13 - postgresql-11 @@ -4378,7 +4437,7 @@ CVE-2022-32570 CVE-2022-32232 RESERVED CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...) - {DSA-5203-1} + {DSA-5203-1 DLA-3070-1} - gnutls28 3.7.7-1 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) @@ -4559,7 +4618,7 @@ CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...) NOT-FOR-US: WAVLINK CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...) - {DSA-5200-1} + {DSA-5200-1 DLA-3071-1} - libtirpc 1.3.2-2.1 (bug #1015873) NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1) NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3) @@ -6091,34 +6150,34 @@ CVE-2022-35680 RESERVED CVE-2022-35679 RESERVED -CVE-2022-35678 - RESERVED -CVE-2022-35677 - RESERVED -CVE-2022-35676 - RESERVED -CVE-2022-35675 - RESERVED -CVE-2022-35674 - RESERVED -CVE-2022-35673 - RESERVED +CVE-2022-35678 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + TODO: check +CVE-2022-35677 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + TODO: check +CVE-2022-35676 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + TODO: check +CVE-2022-35675 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + TODO: check +CVE-2022-35674 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + TODO: check +CVE-2022-35673 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + TODO: check CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...) NOT-FOR-US: Adobe -CVE-2022-35671 - RESERVED -CVE-2022-35670 - RESERVED +CVE-2022-35671 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + TODO: check +CVE-2022-35670 (Adobe Acrobat Reader versions 22.001.20169 (and
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add epiphany-browser
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: eb5282fc by Anton Gladky at 2022-08-11T21:49:59+02:00 LTS: add epiphany-browser - - - - - c4e446e7 by Anton Gladky at 2022-08-11T21:49:59+02:00 LTS: add kicad - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -31,10 +31,18 @@ curl (Markus Koschany) NOTE: 20220802: Programming language: C. NOTE: 20220802: Added -- +epiphany-browser + NOTE: 20220811: Programming language: C. + NOTE: 20220811: Added +-- jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. NOTE: 20220802: Added -- +kicad + NOTE: 20220811: Programming language: C++. + NOTE: 20220811: Added +-- kopanocore (Andreas Rönnquist) NOTE: 20220801: Programming language: C++. NOTE: 20220801: Added View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/755aa767b5ca8339ababcd1d95fefea27f0fc7a2...c4e446e7822100a3d7a3e59bf45fe3512ef1a22a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/755aa767b5ca8339ababcd1d95fefea27f0fc7a2...c4e446e7822100a3d7a3e59bf45fe3512ef1a22a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add trafficserver to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 755aa767 by Salvatore Bonaccorso at 2022-08-11T21:23:29+02:00 Add trafficserver to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -49,6 +49,8 @@ salt sox patch needed for CVE-2021-40426, check with upstream -- +trafficserver (jmm) +-- webkit2gtk (berto) -- wpewebkit (berto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755aa767b5ca8339ababcd1d95fefea27f0fc7a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755aa767b5ca8339ababcd1d95fefea27f0fc7a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for samba update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e14a2735 by Salvatore Bonaccorso at 2022-08-11T21:10:31+02:00 Reserve DSA number for samba update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[11 Aug 2022] DSA-5205-1 samba - security update + {CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746} + [bullseye] - samba 2:4.13.13+dfsg-1~deb11u5 [09 Aug 2022] DSA-5204-1 gst-plugins-good1.0 - security update {CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122} [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u1 = data/dsa-needed.txt = @@ -46,8 +46,6 @@ ruby-tzinfo -- salt -- -samba (carnil) --- sox patch needed for CVE-2021-40426, check with upstream -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e14a273509c9bdb2ec1ec60b0836c28475f021f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e14a273509c9bdb2ec1ec60b0836c28475f021f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Revert "CVE-2022-2625/postgresql: replace link with CVE-specific one"
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: c84aab0a by Emilio Pozuelo Monfort at 2022-08-11T18:17:19+02:00 Revert CVE-2022-2625/postgresql: replace link with CVE-specific one This reverts commit 8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86. - - - - - 9b5df4cc by Emilio Pozuelo Monfort at 2022-08-11T18:17:55+02:00 CVE-2022-2625/postgresql: replace link with CVE-specific one - - - - - 153865ba by Emilio Pozuelo Monfort at 2022-08-11T18:18:35+02:00 Reserve DLA-3072-1 for postgresql-11 - - - - - 0 changed files: Changes: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86...153865ba2252dbbda101ab6e555c002aa9d37fda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86...153865ba2252dbbda101ab6e555c002aa9d37fda You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-2625/postgresql: replace link with CVE-specific one
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d02c2ff by Emilio Pozuelo Monfort at 2022-08-11T17:57:08+02:00 CVE-2022-2625/postgresql: replace link with CVE-specific one - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -2055,7 +2055,7 @@ CVE-2022-2625 [extension scripts replace objects not owned by the extension] - postgresql-14 14.5-1 - postgresql-13 - postgresql-11 - NOTE: https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/ + NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/ CVE-2022-2624 RESERVED {DSA-5201-1} = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Aug 2022] DLA-3072-1 postgresql-11 - security update + {CVE-2022-2625} + [buster] - postgresql-11 11.17-0+deb10u1 [11 Aug 2022] DLA-3071-1 libtirpc - security update {CVE-2021-46828} [buster] - libtirpc 1.1.4-0.4+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information for CVE-2022-2625/postgresql
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b0cf418 by Emilio Pozuelo Monfort at 2022-08-11T17:55:21+02:00 Add information for CVE-2022-2625/postgresql - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2050,8 +2050,12 @@ CVE-2022-36281 RESERVED CVE-2022-33940 RESERVED -CVE-2022-2625 +CVE-2022-2625 [extension scripts replace objects not owned by the extension] RESERVED + - postgresql-14 14.5-1 + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/ CVE-2022-2624 RESERVED {DSA-5201-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b0cf4184ad3c7e7f398d263bd5ae588b5682d8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b0cf4184ad3c7e7f398d263bd5ae588b5682d8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim kopanocore
Andreas Rönnquist pushed to branch master at Debian Security Tracker / security-tracker Commits: 8dfe1f68 by Andreas Rönnquist at 2022-08-11T17:04:12+02:00 Claim kopanocore - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,9 +35,10 @@ jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. NOTE: 20220802: Added -- -kopanocore +kopanocore (Andreas Rönnquist) NOTE: 20220801: Programming language: C++. NOTE: 20220801: Added + NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfe1f689445d9df0789dc8e5f6cee2a00b396e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfe1f689445d9df0789dc8e5f6cee2a00b396e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: lts: gpac is EOL on buster
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d998e6e by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: gpac is EOL on buster - - - - - 9a3c63d9 by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: libspring-java is EOL on buster - - - - - 1af0be2a by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: ckeditor3 is EOL on buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18510,6 +18510,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. .. NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) - gpac (bug #1016443) + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 @@ -18568,6 +18569,7 @@ CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPr NOT-FOR-US: WordPress plugin CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - gpac (bug #1016443) + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2179 NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e2117831ca143d78 @@ -22785,6 +22787,7 @@ CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmwar NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) - gpac (bug #1016443) + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2175 NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb @@ -25654,6 +25657,7 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio - phpipam (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...) - gpac (bug #1016443) + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 @@ -29510,6 +29514,7 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) - gpac (bug #1016443) + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 @@ -30068,21 +30073,25 @@ CVE-2022-27149 REJECTED CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2067 NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2109 NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0) CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2120 NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/2108 @@ -36909,11 +36918,13 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1
[Git][security-tracker-team/security-tracker][master] Pick up rsync
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: 233bf106 by Stefano Rivera at 2022-08-11T14:14:20+02:00 Pick up rsync - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -58,7 +58,7 @@ puma NOTE: 20220801: Programming language: Ruby. NOTE: 20220801: Added -- -rsync +rsync (Stefano Rivera) NOTE: 20220811: Programming language: C. NOTE: 20220811: Added NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233bf106ff105938cf31f3dd30eac5ca19d5197d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233bf106ff105938cf31f3dd30eac5ca19d5197d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3071-1 for libtirpc
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: a7fd4a05 by Emilio Pozuelo Monfort at 2022-08-11T12:58:33+02:00 Reserve DLA-3071-1 for libtirpc - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Aug 2022] DLA-3071-1 libtirpc - security update + {CVE-2021-46828} + [buster] - libtirpc 1.1.4-0.4+deb10u1 [11 Aug 2022] DLA-3070-1 gnutls28 - security update {CVE-2021-4209 CVE-2022-2509} [buster] - gnutls28 3.6.7-4+deb10u9 = data/dla-needed.txt = @@ -39,10 +39,6 @@ kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220801: Added -- -libtirpc (Emilio) - NOTE: 20220810: Programming language: C. - NOTE: 20220810: Added --- linux (Ben Hutchings) -- mediawiki (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7fd4a051a4f0786195a57ec289f59ca2b4dfd41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7fd4a051a4f0786195a57ec289f59ca2b4dfd41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3070-1 for gnutls28
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: c99c5a1a by Emilio Pozuelo Monfort at 2022-08-11T12:46:27+02:00 Reserve DLA-3070-1 for gnutls28 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -40354,7 +40354,6 @@ CVE-2021-4209 RESERVED - gnutls28 3.7.3-2 [bullseye] - gnutls28 3.7.1-5+deb11u1 - [buster] - gnutls28 (Minor issue) [stretch] - gnutls28 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044156 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1306 = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Aug 2022] DLA-3070-1 gnutls28 - security update + {CVE-2021-4209 CVE-2022-2509} + [buster] - gnutls28 3.6.7-4+deb10u9 [09 Aug 2022] DLA-3069-1 gst-plugins-good1.0 - security update {CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122} [buster] - gst-plugins-good1.0 1.14.4-1+deb10u2 = data/dla-needed.txt = @@ -31,12 +31,6 @@ curl (Markus Koschany) NOTE: 20220802: Programming language: C. NOTE: 20220802: Added -- -gnutls28 (Emilio) - NOTE: 20220810: Programming language: C. - NOTE: 20220810: Added - NOTE: 20220810: there's an update in opu, checked with SRM, will upload with higher - NOTE: 20220810: version and including the changes in opu to -security (pochu) --- jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. NOTE: 20220802: Added View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c99c5a1ae4a500c95fadb49998079067d64b3700 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c99c5a1ae4a500c95fadb49998079067d64b3700 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process 2 NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: f11651e7 by Neil Williams at 2022-08-11T10:22:29+01:00 Process 2 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2022-38163 CVE-2022-38162 RESERVED CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...) - TODO: check + NOT-FOR-US: Gumstix Overo SBC CVE-2022-38160 RESERVED CVE-2022-38159 @@ -27,7 +27,7 @@ CVE-2022-38157 CVE-2022-38156 RESERVED CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...) - TODO: check + NOT-FOR-US: Samsung mTower CVE-2022-38154 RESERVED CVE-2022-38153 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11651e7270a4482941a5fe59a47cfbed5c333f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11651e7270a4482941a5fe59a47cfbed5c333f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for mysql-8.0 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d06745f6 by Salvatore Bonaccorso at 2022-08-11T11:16:54+02:00 Track fixes for mysql-8.0 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54263,7 +54263,7 @@ CVE-2022-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt CVE-2022-21570 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2022-21569 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21568 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2022-21567 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) @@ -54289,13 +54289,13 @@ CVE-2022-21558 (Vulnerability in the Oracle Crystal Ball product of Oracle Const CVE-2022-21557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21556 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21555 (Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL ( ...) NOT-FOR-US: MySQL Shell for VS Code CVE-2022-21554 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.36-dfsg-1 CVE-2022-21553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21552 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2022-21551 (Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate). The ...) @@ -54308,7 +54308,7 @@ CVE-2022-21549 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21546 RESERVED CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) @@ -54330,41 +54330,41 @@ CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 CVE-2022-21539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21538 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21536 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21535 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) NOT-FOR-US: MySQL Shell CVE-2022-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21533 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21532 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) NOT-FOR-US: Oracle CVE-2022-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21530 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21529 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21528 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21527 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21526 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - - mysql-8.0 (bug #1015789) + - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21525 (Vulnerability in the
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 98bf5cef by Neil Williams at 2022-08-11T10:13:40+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53,9 +53,9 @@ CVE-2022-38132 CVE-2022-38131 RESERVED CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...) - TODO: check + NOT-FOR-US: Keysight Sensor Management Server CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...) - TODO: check + NOT-FOR-US: Keysight Sensor Management Server CVE-2022-38128 RESERVED CVE-2022-38127 @@ -6492,7 +6492,7 @@ CVE-2022-35511 CVE-2022-35510 RESERVED CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulne ...) - TODO: check + NOT-FOR-US: Eyoucms CVE-2022-35508 RESERVED CVE-2022-35507 @@ -8552,7 +8552,7 @@ CVE-2022-34718 CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-34716 (.NET Spoofing Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) @@ -8662,9 +8662,9 @@ CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All CVE-2022-34662 RESERVED CVE-2022-34661 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-34660 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...) NOT-FOR-US: Cloudflare Warp CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...) @@ -8723,7 +8723,7 @@ CVE-2017-20110 (A vulnerability, which was classified as problematic, has been f CVE-2017-20109 (A vulnerability classified as problematic was found in Teleopti WFM up ...) NOT-FOR-US: Teleopti WFM CVE-2022-34659 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-34647 RESERVED CVE-2022-34646 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98bf5cef2acc328ced0af2e3f92828eae25b684a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98bf5cef2acc328ced0af2e3f92828eae25b684a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 6533052b by Neil Williams at 2022-08-11T10:04:49+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9497,7 +9497,7 @@ CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4 CVE-2022-34366 RESERVED CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. An atta ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-34364 RESERVED CVE-2022-34363 @@ -19805,9 +19805,9 @@ CVE-2022-30576 CVE-2022-30575 RESERVED CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) NOT-FOR-US: TIBCO CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) @@ -33158,7 +33158,7 @@ CVE-2022-25975 CVE-2022-25974 RESERVED CVE-2022-25973 (All versions of package mc-kill-port are vulnerable to Arbitrary Comma ...) - TODO: check + NOT-FOR-US: Node mc-kill-port CVE-2022-25971 RESERVED CVE-2022-25970 @@ -33763,7 +33763,7 @@ CVE-2022-25795 (A maliciously crafted PDF file can be used to dereference for a CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) NOT-FOR-US: Autodesk CVE-2022-25793 (A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) NOT-FOR-US: Autodesk CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in Autodesk A ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6533052b0bfe50ff253fdf879d3cd621b2f9c7c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6533052b0bfe50ff253fdf879d3cd621b2f9c7c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 29010636 by Neil Williams at 2022-08-11T09:50:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -111,7 +111,7 @@ CVE-2022-2758 CVE-2022-2757 RESERVED CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...) - TODO: check + NOT-FOR-US: Kareadita/Kavita CVE-2022-2755 RESERVED CVE-2022-2754 @@ -8437,7 +8437,7 @@ CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...) - gitlab CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...) - TODO: check + NOT-FOR-US: Kuka CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...) @@ -42457,7 +42457,7 @@ CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5 CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2021-46304 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) {DSA-5050-1} - linux 5.15.15-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29010636662b64f9fde392f504f00dba0d03b318 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29010636662b64f9fde392f504f00dba0d03b318 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b30bdb20 by Salvatore Bonaccorso at 2022-08-11T10:40:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,7 @@ CVE-2022-38146 CVE-2022-38145 RESERVED CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2022-38132 RESERVED CVE-2022-38131 @@ -14318,7 +14318,7 @@ CVE-2022-32431 CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers ...) NOT-FOR-US: Lin CMS CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEIP/cgi- ...) - TODO: check + NOT-FOR-US: Mega System Technologies Inc MSNSwitch CVE-2022-32428 RESERVED CVE-2022-32427 @@ -42387,7 +42387,7 @@ CVE-2022-23240 CVE-2022-23239 RESERVED CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...) - TODO: check + NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale) CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...) @@ -45292,7 +45292,7 @@ CVE-2022-22492 CVE-2022-22491 RESERVED CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22489 RESERVED CVE-2022-22488 @@ -45450,7 +45450,7 @@ CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-22411 (IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...) NOT-FOR-US: IBM CVE-2022-22409 @@ -45534,7 +45534,7 @@ CVE-2022-22371 CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...) NOT-FOR-US: IBM CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwri ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...) NOT-FOR-US: IBM CVE-2022-22367 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 co ...) @@ -46557,7 +46557,7 @@ CVE-2022-0030 CVE-2022-0029 RESERVED CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...) NOT-FOR-US: Palo Alto Networks software CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...) @@ -56912,7 +56912,7 @@ CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco I CVE-2022-20915 RESERVED CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2022-20912 (Multiple vulnerabilities in the web-based management interface of Cisc ...) @@ -57002,13 +57002,13 @@ CVE-2022-20871 CVE-2022-20870 RESERVED CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20868 RESERVED CVE-2022-20867 RESERVED CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running Cisco A ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20865 RESERVED CVE-2022-20864 @@ -57036,7 +57036,7 @@ CVE-2022-20854 CVE-2022-20853 RESERVED CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20851 RESERVED CVE-2022-20850 @@ -57056,9 +57056,9 @@ CVE-2022-20844 CVE-2022-20843 RESERVED CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20840 RESERVED CVE-2022-20839 @@ -57086,7 +57086,7 @@ CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Devi CVE-2022-20828 (A vulnerability in the CLI parser of Cisco
[Git][security-tracker-team/security-tracker][master] CVE-2022-31031/asterisk & ring - both pkgs provide STUN support via PJSIP
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 3567264e by Neil Williams at 2022-08-11T09:34:41+01:00 CVE-2022-31031/asterisk ring - both pkgs provide STUN support via PJSIP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18372,10 +18372,11 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we CVE-2022-31032 (Tuleap is a Free Open Source Suite to improve management of soft ...) NOT-FOR-US: Tuleap CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk (bug #1017004) - pjproject + - ring (bug #1017005) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj NOTE: https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202 - TODO: check impact for src:asterisk and src:ring and update entry CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...) {DSA-5162-1} - containerd 1.6.6~ds1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3567264ee4da511d6af3b3811fd76e1b9ca4e900 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3567264ee4da511d6af3b3811fd76e1b9ca4e900 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for trafficserver advisory
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69354781 by Salvatore Bonaccorso at 2022-08-11T10:27:40+02:00 Add references for trafficserver advisory - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16132,6 +16132,7 @@ CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Exp NOT-FOR-US: Apache Tapestry CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...) - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...) - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 @@ -27134,6 +27135,7 @@ CVE-2022-28130 RESERVED CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...) - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...) - gitlab CVE-2022-1147 @@ -33813,6 +33815,7 @@ CVE-2022-25768 RESERVED CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...) - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-0734 (A cross-site scripting vulnerability was identified in the CGI program ...) @@ -74324,6 +74327,7 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) {DSA-5153-1} - trafficserver 9.1.1+ds-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6935478119493b92eb2b30966884540285ae4d6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6935478119493b92eb2b30966884540285ae4d6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3177{8,9}/trafficserver
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 747ac9df by Salvatore Bonaccorso at 2022-08-11T10:26:01+02:00 Add CVE-2022-3177{8,9}/trafficserver - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16133,9 +16133,11 @@ CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Exp CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...) - trafficserver 9.1.3+ds-1 CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...) - TODO: check + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31778 (Improper Input Validation vulnerability in handling the Transfer-Encod ...) - TODO: check + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31777 RESERVED CVE-2022-31776 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747ac9df522a0fa52817402440aaa543fafbf2ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747ac9df522a0fa52817402440aaa543fafbf2ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9080df85 by Salvatore Bonaccorso at 2022-08-11T10:22:32+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3393,7 +3393,7 @@ CVE-2022-36803 CVE-2022-36802 RESERVED CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...) @@ -3502,7 +3502,7 @@ CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write CVE-2022-36751 RESERVED CVE-2022-36750 (Clinic's Patient Management System v1.0 is vulnerable to SQL injection ...) - TODO: check + NOT-FOR-US: Clinic's Patient Management System CVE-2022-36749 RESERVED CVE-2022-36748 @@ -4483,11 +4483,11 @@ CVE-2022-36327 CVE-2022-36326 RESERVED CVE-2022-36325 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-36324 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-36323 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...) @@ -4744,7 +4744,7 @@ CVE-2022-36272 CVE-2022-36271 RESERVED CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...) - TODO: check + NOT-FOR-US: Clinic's Patient Management System CVE-2022-36269 RESERVED CVE-2022-36268 @@ -5990,7 +5990,7 @@ CVE-2022-35717 CVE-2022-35716 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7 ...) NOT-FOR-US: IBM CVE-2022-35715 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-35714 RESERVED CVE-2022-34861 @@ -7036,7 +7036,7 @@ CVE-2022-35282 CVE-2022-35281 RESERVED CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-35279 RESERVED CVE-2022-35278 @@ -10793,21 +10793,21 @@ CVE-2022-33933 CVE-2022-33932 RESERVED CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33929 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33928 (Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Pass ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33927 (Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33926 (Dell Wyse Management Suite 3.6.1 and below contains an improper access ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33925 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...) NOT-FOR-US: Dell CVE-2022-33922 @@ -24246,7 +24246,7 @@ CVE-2022-29092 (Dell SupportAssist Client Consumer versions (3.11.0 and versions CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...) NOT-FOR-US: Dell CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...) - TODO: check + NOT-FOR-US: Dell Wyse Management Suite CVE-2022-29089 RESERVED CVE-2022-29088 @@ -24863,7 +24863,7 @@ CVE-2022-28883 CVE-2022-28882 RESERVED CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...) NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac62305c by Salvatore Bonaccorso at 2022-08-11T10:19:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -121,21 +121,21 @@ CVE-2022-2753 CVE-2022-2752 RESERVED CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2749 (A vulnerability was found in SourceCodester Gym Management System. It ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2748 (A vulnerability was found in SourceCodester Simple Online Book Store S ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2747 (A vulnerability was found in SourceCodester Simple Online Book Store a ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2746 (A vulnerability has been found in SourceCodester Simple Online Book St ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2745 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2744 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...) - varnish [bullseye] - varnish (Vulnerable code not present) @@ -273,7 +273,7 @@ CVE-2022-2742 CVE-2022-2741 RESERVED CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2739 RESERVED CVE-2022-2738 @@ -281,7 +281,7 @@ CVE-2022-2738 CVE-2022-2737 RESERVED CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2735 RESERVED CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) @@ -3126,7 +3126,7 @@ CVE-2022-36925 CVE-2022-36924 RESERVED CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2022-2556 RESERVED CVE-2022-2555 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac62305c3752da43f8675adc1b01f596ef9f80f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac62305c3752da43f8675adc1b01f596ef9f80f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9370d219 by security tracker role at 2022-08-11T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,142 @@ -CVE-2022-38150 [VSV9: Varnish Denial of Service] +CVE-2022-38169 + RESERVED +CVE-2022-38168 + RESERVED +CVE-2022-38167 + RESERVED +CVE-2022-38166 + RESERVED +CVE-2022-38165 + RESERVED +CVE-2022-38164 + RESERVED +CVE-2022-38163 + RESERVED +CVE-2022-38162 + RESERVED +CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...) + TODO: check +CVE-2022-38160 + RESERVED +CVE-2022-38159 + RESERVED +CVE-2022-38158 + RESERVED +CVE-2022-38157 + RESERVED +CVE-2022-38156 + RESERVED +CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...) + TODO: check +CVE-2022-38154 + RESERVED +CVE-2022-38153 + RESERVED +CVE-2022-38152 + RESERVED +CVE-2022-38151 + RESERVED +CVE-2022-38149 + RESERVED +CVE-2022-38148 + RESERVED +CVE-2022-38147 + RESERVED +CVE-2022-38146 + RESERVED +CVE-2022-38145 + RESERVED +CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...) + TODO: check +CVE-2022-38132 + RESERVED +CVE-2022-38131 + RESERVED +CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...) + TODO: check +CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...) + TODO: check +CVE-2022-38128 + RESERVED +CVE-2022-38127 + RESERVED +CVE-2022-38126 + RESERVED +CVE-2022-38125 + RESERVED +CVE-2022-38124 + RESERVED +CVE-2022-38123 + RESERVED +CVE-2022-38122 + RESERVED +CVE-2022-38121 + RESERVED +CVE-2022-38120 + RESERVED +CVE-2022-38119 + RESERVED +CVE-2022-38118 + RESERVED +CVE-2022-38117 + RESERVED +CVE-2022-38116 + RESERVED +CVE-2022-38103 + RESERVED +CVE-2022-38092 + RESERVED +CVE-2022-38087 + RESERVED +CVE-2022-38076 + RESERVED +CVE-2022-38060 + RESERVED +CVE-2022-38056 + RESERVED +CVE-2022-37336 + RESERVED +CVE-2022-37329 + RESERVED +CVE-2022-36406 + RESERVED +CVE-2022-36351 + RESERVED +CVE-2022-33893 + RESERVED +CVE-2022-2759 + RESERVED +CVE-2022-2758 + RESERVED +CVE-2022-2757 + RESERVED +CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...) + TODO: check +CVE-2022-2755 + RESERVED +CVE-2022-2754 + RESERVED +CVE-2022-2753 + RESERVED +CVE-2022-2752 + RESERVED +CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) + TODO: check +CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-2749 (A vulnerability was found in SourceCodester Gym Management System. It ...) + TODO: check +CVE-2022-2748 (A vulnerability was found in SourceCodester Simple Online Book Store S ...) + TODO: check +CVE-2022-2747 (A vulnerability was found in SourceCodester Simple Online Book Store a ...) + TODO: check +CVE-2022-2746 (A vulnerability has been found in SourceCodester Simple Online Book St ...) + TODO: check +CVE-2022-2745 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-2744 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...) - varnish [bullseye] - varnish (Vulnerable code not present) [buster] - varnish (Vulnerable code not present) @@ -134,16 +272,16 @@ CVE-2022-2742 RESERVED CVE-2022-2741 RESERVED -CVE-2022-2740 - RESERVED +CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) + TODO: check CVE-2022-2739 RESERVED CVE-2022-2738 RESERVED CVE-2022-2737 RESERVED -CVE-2022-2736 - RESERVED +CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) + TODO: check CVE-2022-2735 RESERVED CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) @@ -2987,8 +3125,8 @@ CVE-2022-36925 RESERVED CVE-2022-36924 RESERVED -CVE-2022-36923 - RESERVED +CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) + TODO: check CVE-2022-2556 RESERVED CVE-2022-2555 @@ -3254,8 +3392,8 @@ CVE-2022-36803 RESERVED CVE-2022-36802 RESERVED
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: de018a28 by Neil Williams at 2022-08-11T09:01:47+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59763,35 +59763,35 @@ CVE-2022-20363 CVE-2022-20362 RESERVED CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerabil ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20359 (In various methods of NotificationManagerService.java, there is a poss ...) - TODO: check + TODO: check - not listed in linked bulletin CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20356 (In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, th ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20355 (In get of PacProxyService.java, there is a possible system service cra ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20354 (In onDefaultNetworkChanged of Vpn.java, there is a possible way to dis ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a possib ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20351 RESERVED CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20348 (In updateState of LocationServicesWifiScanningPreferenceController.jav ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, ther ...) NOT-FOR-US: Android CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de018a28454d2b8ae8328444b81cca095bc77494 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de018a28454d2b8ae8328444b81cca095bc77494 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: c7fcae9e by Neil Williams at 2022-08-11T08:39:50+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1739,7 +1739,7 @@ CVE-2022-2635 CVE-2022-37393 RESERVED CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...) - TODO: check + NOT-FOR-US: Digi ConnectPort X2D CVE-2022-37392 RESERVED CVE-2022-37391 @@ -59793,11 +59793,11 @@ CVE-2022-20348 (In updateState of LocationServicesWifiScanningPreferenceControll CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) TODO: check CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, ther ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible way to ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20343 RESERVED CVE-2022-20342 @@ -60007,7 +60007,7 @@ CVE-2022-20241 CVE-2022-20240 RESERVED CVE-2022-20239 ('remap_pfn_range' here may map out of size kernel memory (for example, ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...) NOT-FOR-US: Unisoc CVE-2022-20237 @@ -66872,7 +66872,7 @@ CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huaw CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...) NOT-FOR-US: Huawei CVE-2021-40040 (Vulnerability of writing data to an arbitrary address in the HW_KEYMAS ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...) NOT-FOR-US: Huawei CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...) @@ -66884,7 +66884,7 @@ CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. Succe CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...) NOT-FOR-US: Huawei CVE-2021-40034 (The video framework has the memory overwriting vulnerability caused by ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...) NOT-FOR-US: Huawei CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...) @@ -66892,7 +66892,7 @@ CVE-2021-40032 (The bone voice ID TA has a vulnerability in information manageme CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...) NOT-FOR-US: Huawei CVE-2021-40030 (The My HUAWEI app has a defect in the design. Successful exploitation ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...) NOT-FOR-US: Huawei CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...) @@ -67628,7 +67628,7 @@ CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory c CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-39696 (In Task.java, there is a possible escalation of privilege due to a con ...) - TODO: check + NOT-FOR-US: Android CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...) NOT-FOR-US: Android CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...) @@ -82595,13 +82595,13 @@ CVE-2021-33648 (When performing the inference shape operation of Affine, Concat, CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33646 (The th_read() function doesnt free a variable t-th_buf.gnu_ ...) - TODO: check + NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33645 (The th_read() function doesnt free a variable t-th_buf.gnu_ ...) - TODO: check + NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33644 (An attacker who submits a crafted tar file with size in header struct ...) - TODO: check + NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...) - TODO: check + NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33642 RESERVED CVE-2021-33641 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7fcae9e0822e0d01e9cc18f32eb926c2ad53ec6