[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d64d643 by Salvatore Bonaccorso at 2022-10-07T06:38:10+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3670,7 +3670,7 @@ CVE-2022-40897 CVE-2022-40896 RESERVED CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of NeDi login ...) - TODO: check + NOT-FOR-US: NeDi CVE-2022-40894 RESERVED CVE-2022-40893 @@ -4062,7 +4062,7 @@ CVE-2022-40723 CVE-2022-40722 RESERVED CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...) - TODO: check + NOT-FOR-US: php uploader CVE-2022-40720 RESERVED CVE-2022-40719 @@ -5147,13 +5147,13 @@ CVE-2022-40279 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) NOT-FOR-US: Samsung TizenRT CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: Joplin CVE-2022-40276 RESERVED CVE-2022-40275 RESERVED CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: Gridea CVE-2022-40273 RESERVED CVE-2022-40272 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d64d643f63362b133d10ea27aae4f860ede3faa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d64d643f63362b133d10ea27aae4f860ede3faa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process three new rdiffweb issues, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b32d6795 by Salvatore Bonaccorso at 2022-10-06T23:08:05+02:00 Process three new rdiffweb issues, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -941,7 +941,7 @@ CVE-2022-3390 CVE-2022-42009 RESERVED CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. ...) - TODO: check + - rdiffweb (bug #969974) CVE-2022-42008 RESERVED CVE-2022-42007 @@ -1289,7 +1289,7 @@ CVE-2022-3378 CVE-2022-3377 RESERVED CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - TODO: check + - rdiffweb (bug #969974) CVE-2022-3375 RESERVED CVE-2022-3374 @@ -2692,7 +2692,7 @@ CVE-2022-3275 CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3273 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - TODO: check + - rdiffweb (bug #969974) CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) - rdiffweb (bug #969974) CVE-2022-3271 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32d6795de74f881b99f636c0b106ab6d42902f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32d6795de74f881b99f636c0b106ab6d42902f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39988/centreon-web, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a397624 by Salvatore Bonaccorso at 2022-10-06T23:08:47+02:00 Add CVE-2022-39988/centreon-web, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5826,7 +5826,7 @@ CVE-2022-39990 CVE-2022-39989 RESERVED CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows ...) - TODO: check + - centreon-web (bug #913903) CVE-2022-39987 RESERVED CVE-2022-39986 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a3976244fa38c421dda5cb133859d754828b2bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a3976244fa38c421dda5cb133859d754828b2bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 641bcacc by Salvatore Bonaccorso at 2022-10-06T23:06:16+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2022-42457 (Generex CS141 before 2.08 allows remote command execution by administr ...) - TODO: check + NOT-FOR-US: Generex CS141 CVE-2022-42456 RESERVED CVE-2022-42455 @@ -425,11 +425,11 @@ CVE-2022-3400 CVE-2022-3399 RESERVED CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) - TODO: check + NOT-FOR-US: OMRON CX-Programmer CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) - TODO: check + NOT-FOR-US: OMRON CX-Programmer CVE-2022-3396 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) - TODO: check + NOT-FOR-US: OMRON CX-Programmer CVE-2022-3395 RESERVED CVE-2022-3394 @@ -443,9 +443,9 @@ CVE-2022-3391 CVE-2022-42251 RESERVED CVE-2022-42250 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42249 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42248 RESERVED CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...) @@ -457,11 +457,11 @@ CVE-2022-42245 CVE-2022-42244 RESERVED CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42242 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42241 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42240 RESERVED CVE-2022-42239 @@ -2535,7 +2535,7 @@ CVE-2022-41357 CVE-2022-41356 RESERVED CVE-2022-41355 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) - TODO: check + NOT-FOR-US: Online Leave Management System CVE-2022-41354 RESERVED CVE-2022-41353 @@ -2759,7 +2759,7 @@ CVE-2022-41303 CVE-2022-41302 RESERVED CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-41300 RESERVED CVE-2022-41299 @@ -7386,7 +7386,7 @@ CVE-2022-39267 CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...) NOT-FOR-US: isolated-vm CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Settings_ ...) - TODO: check + NOT-FOR-US: MyBB CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...) - nheko 0.10.2-1 NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641bcacc1584fd25c5e4811f5ddc7f15c9df58a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641bcacc1584fd25c5e4811f5ddc7f15c9df58a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4a73dbf by Salvatore Bonaccorso at 2022-10-06T23:00:49+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2187,29 +2187,29 @@ CVE-2022-41530 CVE-2022-41529 RESERVED CVE-2022-41528 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41527 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41526 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41525 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41524 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41523 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41522 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an u ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41521 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41520 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41519 RESERVED CVE-2022-41518 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-41516 RESERVED CVE-2022-41515 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4a73dbf42f9e5db575d050511f1e65dc9270582 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4a73dbf42f9e5db575d050511f1e65dc9270582 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e832020f by Salvatore Bonaccorso at 2022-10-06T22:52:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2773,7 +2773,7 @@ CVE-2022-41296 CVE-2022-41295 RESERVED CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21. ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-41293 RESERVED CVE-2022-41292 @@ -9014,7 +9014,7 @@ CVE-2022-38711 CVE-2022-38710 RESERVED CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-38708 RESERVED CVE-2022-38707 @@ -14329,7 +14329,7 @@ CVE-2022-36776 CVE-2022-36775 RESERVED CVE-2022-36774 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2022-36772 @@ -56822,7 +56822,7 @@ CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contai CVE-2022-22504 RESERVED CVE-2022-22503 (IBM Robotic Process Automation 21.0.0 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2022-22501 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e832020f0981f0a68d386835b348b48639f203e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e832020f0981f0a68d386835b348b48639f203e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Ignore all pluxml issues in buster"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ce52c58 by Salvatore Bonaccorso at 2022-10-06T22:49:20+02:00 Revert Ignore all pluxml issues in buster This reverts commit c5768503adc6f0129b960b73b20616b22bd16585. The format should be with a note in ()-brackets and sorting top down per suite. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -480117,10 +480117,8 @@ CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain priv CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...) NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) - [buster] - pluxml Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) - [buster] - pluxml Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice @@ -558680,7 +558678,6 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 - wordpress 2.2.1-1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) - [buster] - pluxml Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd @@ -559018,7 +559015,6 @@ CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attacker CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...) NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) - [buster] - pluxml Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ce52c58c810240cadc11fd0f34d8311c633fd9b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ce52c58c810240cadc11fd0f34d8311c633fd9b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing fe280448e1117137cdf8440a17b03b8014989874 failed
The error message was: data/CVE/list:480120: expected package entry, got: '[buster] - pluxml Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06).' make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: LTS: triage gajim
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c8184c6 by Anton Gladky at 2022-10-06T22:28:36+02:00 LTS: triage gajim - - - - - c5768503 by Anton Gladky at 2022-10-06T22:28:38+02:00 Ignore all pluxml issues in buster - - - - - 3ba8c53e by Anton Gladky at 2022-10-06T22:30:34+02:00 LTS: triage joblib - - - - - fe280448 by Anton Gladky at 2022-10-06T22:38:49+02:00 LTS: triage modsecurity-crs - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -480117,8 +480117,10 @@ CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain priv CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...) NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) + [buster] - pluxml Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) + [buster] - pluxml Issue is 10 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice @@ -558678,6 +558680,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 - wordpress 2.2.1-1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) + [buster] - pluxml Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd @@ -559015,6 +559018,7 @@ CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attacker CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...) NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) + [buster] - pluxml Issue is 15 years old. Package exists only in this suite. Popcon: 4 (2022.10.06). - pluxml CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger = data/dla-needed.txt = @@ -46,6 +46,9 @@ frr (Thorsten Alteholz) fwupd NOTE: 20221003: Programming language: C++. -- +gajim + NOTE: 20221006: Programming language: Python. +-- gerbv NOTE: 20220923: Programming language: C. -- @@ -76,6 +79,9 @@ imagemagick NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git NOTE: 20220904: Should be synced with Stretch. (apo) -- +joblib + NOTE: 20221006: Programming language: Python. +-- knot-resolver (Chris Lamb) NOTE: 20221003: Programming language: C. -- @@ -96,6 +102,10 @@ man2html mbedtls NOTE: 20220821: Programming language: C. -- +modsecurity-crs + NOTE: 20221006: Programming language: Other. + NOTE: 20221006: Maintainer notes: Please contact maintainer. Consider uploading of newer version. +-- netatalk NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0275d7b22983483569b602b2e41e62c16cd16b21...fe280448e1117137cdf8440a17b03b8014989874 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0275d7b22983483569b602b2e41e62c16cd16b21...fe280448e1117137cdf8440a17b03b8014989874 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0275d7b2 by security tracker role at 2022-10-06T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2022-42457 (Generex CS141 before 2.08 allows remote command execution by administr ...) + TODO: check +CVE-2022-42456 + RESERVED +CVE-2022-42455 + RESERVED +CVE-2022-42454 + RESERVED +CVE-2022-42453 + RESERVED +CVE-2022-42452 + RESERVED +CVE-2022-42451 + RESERVED +CVE-2022-42450 + RESERVED +CVE-2022-42449 + RESERVED +CVE-2022-42448 + RESERVED +CVE-2022-42447 + RESERVED +CVE-2022-42446 + RESERVED +CVE-2022-42445 + RESERVED +CVE-2022-42444 + RESERVED +CVE-2022-42443 + RESERVED +CVE-2022-42442 + RESERVED +CVE-2022-42441 + RESERVED +CVE-2022-42440 + RESERVED +CVE-2022-42439 + RESERVED +CVE-2022-42438 + RESERVED +CVE-2022-42437 + RESERVED +CVE-2022-42436 + RESERVED +CVE-2022-42435 + RESERVED CVE-2022-42433 RESERVED CVE-2022-42432 @@ -378,12 +424,12 @@ CVE-2022-3400 RESERVED CVE-2022-3399 RESERVED -CVE-2022-3398 - RESERVED -CVE-2022-3397 - RESERVED -CVE-2022-3396 - RESERVED +CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + TODO: check +CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + TODO: check +CVE-2022-3396 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + TODO: check CVE-2022-3395 RESERVED CVE-2022-3394 @@ -396,10 +442,10 @@ CVE-2022-3391 RESERVED CVE-2022-42251 RESERVED -CVE-2022-42250 - RESERVED -CVE-2022-42249 - RESERVED +CVE-2022-42250 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + TODO: check +CVE-2022-42249 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + TODO: check CVE-2022-42248 RESERVED CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...) @@ -410,12 +456,12 @@ CVE-2022-42245 RESERVED CVE-2022-42244 RESERVED -CVE-2022-42243 - RESERVED -CVE-2022-42242 - RESERVED -CVE-2022-42241 - RESERVED +CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + TODO: check +CVE-2022-42242 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + TODO: check +CVE-2022-42241 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + TODO: check CVE-2022-42240 RESERVED CVE-2022-42239 @@ -874,16 +920,19 @@ CVE-2022-42013 RESERVED CVE-2022-42012 RESERVED + {DSA-5250-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44 CVE-2022-42011 RESERVED + {DSA-5250-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69 CVE-2022-42010 RESERVED + {DSA-5250-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916 @@ -891,8 +940,8 @@ CVE-2022-3390 RESERVED CVE-2022-42009 RESERVED -CVE-2022-3389 - RESERVED +CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. ...) + TODO: check CVE-2022-42008 RESERVED CVE-2022-42007 @@ -1191,10 +1240,10 @@ CVE-2022-41855 RESERVED CVE-2022-41854 RESERVED -CVE-2022-41853 - RESERVED -CVE-2022-41852 - RESERVED +CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...) + TODO: check +CVE-2022-41852 (Those using JXPath to interpret untrusted XPath expressions may be vul ...) + TODO: check CVE-2022-41851 RESERVED CVE-2022-41836 @@ -1239,8 +1288,8 @@ CVE-2022-3378 RESERVED CVE-2022-3377 RESERVED -CVE-2022-3376 - RESERVED +CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) + TODO: check CVE-2022-3375 RESERVED CVE-2022-3374 @@ -1986,8 +2035,7 @@ CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. Th NOT-FOR-US: Advantech iView CVE-2022-41557 RESERVED -CVE-2022-41556 [handle RDHUP when collecting chunked body] - RESERVED +CVE-2022-41556 (A
[Git][security-tracker-team/security-tracker][master] Adjust version for protobuf version in experimental for CVE-2022-3171
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c178c86a by Salvatore Bonaccorso at 2022-10-06T21:59:17+02:00 Adjust version for protobuf version in experimental for CVE-2022-3171 There is not version 3.21.7 upstream but upstream version 3.21.7 fixes the CVE-2022-3171. 3.21.7-1 landed accordingly in experimental. Link: https://tracker.debian.org/news/1370218/accepted-protobuf-3217-1-source-into-experimental/ Fixes: 22cdd6b06d59 (Add CVE-2022-3171/protobuf) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5023,7 +5023,7 @@ CVE-2022-3172 NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3171 [potential denial of service issue in the Java Protobuf runtime] RESERVED - [experimental] - protobuf 3.27.1-1 + [experimental] - protobuf 3.21.7-1 - protobuf NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c178c86afce4a3df2ffbbe6c4d507ab2ca4613e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c178c86afce4a3df2ffbbe6c4d507ab2ca4613e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track upstream commits for dbus issues CVE-2022-4201{0,1,2}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f5468e9 by Salvatore Bonaccorso at 2022-10-06T21:57:52+02:00 Track upstream commits for dbus issues CVE-2022-4201{0,1,2} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -876,14 +876,17 @@ CVE-2022-42012 RESERVED - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44 CVE-2022-42011 RESERVED - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69 CVE-2022-42010 RESERVED - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916 CVE-2022-3390 RESERVED CVE-2022-42009 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5468e91ecac474eb1c0dda4120d96bb609b9fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5468e91ecac474eb1c0dda4120d96bb609b9fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3171/protobuf
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: 22cdd6b0 by Laszlo Boszormenyi (GCS) at 2022-10-06T21:35:49+02:00 Add CVE-2022-3171/protobuf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5018,8 +5018,11 @@ CVE-2022-3172 - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here -CVE-2022-3171 +CVE-2022-3171 [potential denial of service issue in the Java Protobuf runtime] RESERVED + [experimental] - protobuf 3.27.1-1 + - protobuf + NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22cdd6b06d5918b4e315469217ac8f8d05beb9da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22cdd6b06d5918b4e315469217ac8f8d05beb9da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim knot-resolver.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 719ce418 by Chris Lamb at 2022-10-06T12:11:43-07:00 data/dla-needed.txt: Claim knot-resolver. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,7 +76,7 @@ imagemagick NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git NOTE: 20220904: Should be synced with Stretch. (apo) -- -knot-resolver +knot-resolver (Chris Lamb) NOTE: 20221003: Programming language: C. -- kopanocore View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ce41845ee275d564ce201f2fd4fad9f451840 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ce41845ee275d564ce201f2fd4fad9f451840 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim libpgjava.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a9d7ce5 by Chris Lamb at 2022-10-06T12:09:52-07:00 data/dla-needed.txt: Claim libpgjava. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -83,7 +83,7 @@ kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- -libpgjava +libpgjava (Chris Lamb) NOTE: 20221003: Programming language: Java. -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d7ce52d018dec6615e718d079f00c7063e5e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d7ce52d018dec6615e718d079f00c7063e5e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim strongswan.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bc8787a by Chris Lamb at 2022-10-06T12:08:37-07:00 data/dla-needed.txt: Claim strongswan. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -179,7 +179,7 @@ squid (Abhijith PA) NOTE: 20220923: Programming language: C. NOTE: 20220923: CVE-2022-41317 should be not-affected, but CVE-2022-41318 should be an issue, pleae recheck -- -strongswan +strongswan (Chris Lamb) NOTE: 20221004: Programming language: C. NOTE: 20221004: VCS: https://salsa.debian.org/lts-team/packages/strongswan.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc8787a5c6ef096d151b5aef577ecdeef57ab43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc8787a5c6ef096d151b5aef577ecdeef57ab43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for isc-dhcp update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d0f6c1d by Salvatore Bonaccorso at 2022-10-06T20:58:19+02:00 Reserve DSA number for isc-dhcp update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Oct 2022] DSA-5251-1 isc-dhcp - security update + {CVE-2022-2928 CVE-2022-2929} + [bullseye] - isc-dhcp 4.4.1-2.3+deb11u1 [06 Oct 2022] DSA-5250-1 dbus - security update {CVE-2022-42010 CVE-2022-42011 CVE-2022-42012} [bullseye] - dbus 1.12.24-0+deb11u1 = data/dsa-needed.txt = @@ -20,8 +20,6 @@ frr -- gerbv (aron) -- -isc-dhcp (carnil) --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0f6c1d759ab7b07a5ab48b743dfa883abe582c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0f6c1d759ab7b07a5ab48b743dfa883abe582c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dbus DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 86884dee by Moritz Mühlenhoff at 2022-10-06T20:43:00+02:00 dbus DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Oct 2022] DSA-5250-1 dbus - security update + {CVE-2022-42010 CVE-2022-42011 CVE-2022-42012} + [bullseye] - dbus 1.12.24-0+deb11u1 [06 Oct 2022] DSA-5249-1 strongswan - security update {CVE-2022-40617} [bullseye] - strongswan 5.9.1-1+deb11u3 = data/dsa-needed.txt = @@ -16,9 +16,6 @@ asterisk (apo) -- commons-configuration2 -- -dbus (jmm) - Maintainer prepared updates --- frr -- gerbv (aron) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86884dee83db4ed296237c5865f3888a637212f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86884dee83db4ed296237c5865f3888a637212f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] allocate DSA for strongSwan
Yves-Alexis Perez pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c9de616 by Yves-Alexis Perez at 2022-10-06T17:58:49+02:00 allocate DSA for strongSwan - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Oct 2022] DSA-5249-1 strongswan - security update + {CVE-2022-40617} + [bullseye] - strongswan 5.9.1-1+deb11u3 [05 Oct 2022] DSA-5248-1 php-twig - security update {CVE-2022-39261} [bullseye] - php-twig 2.14.3-1+deb11u2 = data/dsa-needed.txt = @@ -63,5 +63,3 @@ sox -- squid (carnil) -- -strongswan (corsac) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c9de616f58435427e40e3725b9d4bb815c5fe60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c9de616f58435427e40e3725b9d4bb815c5fe60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 621c5b8b by Moritz Muehlenhoff at 2022-10-06T15:43:50+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2518,7 +2518,7 @@ CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows re CVE-2022-36368 RESERVED CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...) - TODO: check + NOT-FOR-US: Node secp256k1-js CVE-2022-41339 RESERVED CVE-2022-41338 @@ -3206,7 +3206,7 @@ CVE-2022-41084 CVE-2022-41083 RESERVED CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-41081 RESERVED CVE-2022-41080 @@ -3290,7 +3290,7 @@ CVE-2022-41042 CVE-2022-41041 RESERVED CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-41039 RESERVED CVE-2022-41038 @@ -3565,7 +3565,7 @@ CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerab CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...) NOT-FOR-US: LIEF CVE-2022-40922 (A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse funct ...) - TODO: check + NOT-FOR-US: LIEF CVE-2022-40921 RESERVED CVE-2022-40920 @@ -3637,7 +3637,7 @@ CVE-2022-40888 CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...) NOT-FOR-US: SourceCodester Best Student Result Management System CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background. ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2022-40885 RESERVED CVE-2022-40884 @@ -3882,7 +3882,7 @@ CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login- CVE-2022-40765 RESERVED CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting ...) - TODO: check + NOT-FOR-US: Snyk CLI CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...) NOT-FOR-US: Sophos CVE-2022-40763 @@ -4941,7 +4941,7 @@ CVE-2022-40343 CVE-2022-40342 RESERVED CVE-2022-40341 (mojoPortal v2.7 was discovered to contain an arbitrary file upload vul ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2022-40340 RESERVED CVE-2022-40339 @@ -5495,7 +5495,7 @@ CVE-2022-40125 CVE-2022-40124 RESERVED CVE-2022-40123 (mojoPortal v2.7 was discovered to contain a path traversal vulnerabili ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) @@ -7365,7 +7365,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according CVE-2022-39253 RESERVED CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) - TODO: check + NOT-FOR-US: matrix-rust-sdk CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c @@ -7395,7 +7395,7 @@ CVE-2022-39244 CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...) TODO: check CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...) - TODO: check + NOT-FOR-US: Frontier CVE-2022-39241 RESERVED CVE-2022-39240 (MyGraph is a permission management system. Versions prior to 1.0.4 are ...) @@ -7422,7 +7422,7 @@ CVE-2022-39232 (Discourse is an open source discussion platform. Starting with v CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...) - TODO: check + NOT-FOR-US: fhir-works-on-aws-authz-smart CVE-2022-39229 RESERVED CVE-2022-39228 @@ -7444,7 +7444,7 @@ CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraf CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...) NOT-FOR-US: SFTPGo CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...) - TODO: check + NOT-FOR-US: Bifrost CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute@Edge platform provides the ...) NOT-FOR-US: Fastly CVE-2022-39217
[Git][security-tracker-team/security-tracker][master] add dbus references
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 746e95e2 by Moritz Muehlenhoff at 2022-10-06T15:22:05+02:00 add dbus references - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -875,12 +875,15 @@ CVE-2022-42013 CVE-2022-42012 RESERVED - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 CVE-2022-42011 RESERVED - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 CVE-2022-42010 RESERVED - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 CVE-2022-3390 RESERVED CVE-2022-42009 = data/dsa-needed.txt = @@ -16,7 +16,7 @@ asterisk (apo) -- commons-configuration2 -- -dbus +dbus (jmm) Maintainer prepared updates -- frr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746e95e23e0016433acd0c2c05ad37b261e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746e95e23e0016433acd0c2c05ad37b261e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits