[Git][security-tracker-team/security-tracker][master] Ignore all pluxml issues in buster. Second try
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d2441fe1 by Anton Gladky at 2022-10-07T23:24:47+02:00 Ignore all pluxml issues in buster. Second try - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -480261,8 +480261,10 @@ CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) - pluxml + [buster] - pluxml (Issue is 10 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) - pluxml + [buster] - pluxml (Issue is 10 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...) @@ -558822,6 +558824,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) - pluxml + [buster] - pluxml (Issue is 15 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...) @@ -559159,6 +559162,7 @@ CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) - pluxml + [buster] - pluxml (Issue is 15 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2441fe1836a30c09bd805353e3775727d9d0327 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2441fe1836a30c09bd805353e3775727d9d0327 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39237/golang-github-sylabs-sif
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d340057e by Salvatore Bonaccorso at 2022-10-07T22:48:14+02:00 Add CVE-2022-39237/golang-github-sylabs-sif Explicitly tracking as well singularity-container as it uses AFAIC the vendored copy and is unfixed as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7588,7 +7588,11 @@ CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) NOT-FOR-US: Arvados CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...) - TODO: check + - golang-github-sylabs-sif + - singularity-container + NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 + NOTE: https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1) + NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1) CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad0a77a3 by Salvatore Bonaccorso at 2022-10-07T22:32:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,7 +71,7 @@ CVE-2022-3424 CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...) TODO: check CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) - TODO: check + NOT-FOR-US: ToolJet CVE-2022-3421 RESERVED CVE-2022-3420 @@ -885,7 +885,7 @@ CVE-2022-42094 CVE-2022-42093 RESERVED CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) - TODO: check + NOT-FOR-US: Backdrop CMS CVE-2022-42091 RESERVED CVE-2022-42090 @@ -919,11 +919,11 @@ CVE-2022-42077 CVE-2022-42076 RESERVED CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code execution. ...) - TODO: check + NOT-FOR-US: Wedding Planner CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42072 RESERVED CVE-2022-42071 @@ -2338,13 +2338,13 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contai CVE-2022-41516 RESERVED CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) - TODO: check + NOT-FOR-US: Open Source SACCO Management System CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) - TODO: check + NOT-FOR-US: Open Source SACCO Management System CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41511 RESERVED CVE-2022-41510 @@ -2542,7 +2542,7 @@ CVE-2022-41416 CVE-2022-41415 RESERVED CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) - TODO: check + NOT-FOR-US: Liferay CVE-2022-41413 RESERVED CVE-2022-41412 @@ -2586,7 +2586,7 @@ CVE-2022-41394 CVE-2022-41393 RESERVED CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) - TODO: check + NOT-FOR-US: TotalJS CMS CVE-2022-41391 RESERVED CVE-2022-41390 @@ -2612,11 +2612,11 @@ CVE-2022-41381 CVE-2022-41380 RESERVED CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) - TODO: check + NOT-FOR-US: Online Leave Management System CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Online Pet Shop We App CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Online Pet Shop We App CVE-2022-41376 RESERVED CVE-2022-41375 @@ -3843,7 +3843,7 @@ CVE-2022-40874 CVE-2022-40873 RESERVED CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...) - TODO: check + NOT-FOR-US: Sourcecodester Simple E-Learning System CVE-2022-40871 RESERVED CVE-2022-40870 @@ -6191,69 +6191,69 @@ CVE-2022-39880 CVE-2022-39879 RESERVED CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39876 (Insertion of Sensitive Information into Log in PushRegIdUpdateClient o ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39875 (Improper component protection vulnerability in Samsung Account prior t ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung Account pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39871 (Improper access control vulnerability cloudNotificationManager.java in ...)
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a49f162 by Salvatore Bonaccorso at 2022-10-07T22:16:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2906,7 +2906,7 @@ CVE-2022-41293 CVE-2022-41292 RESERVED CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-41290 RESERVED CVE-2022-41289 @@ -14459,7 +14459,7 @@ CVE-2022-36774 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2022-36772 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2022-36770 @@ -21097,7 +21097,7 @@ CVE-2022-34310 CVE-2022-34309 RESERVED CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) NOT-FOR-US: IBM CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...) @@ -31233,7 +31233,7 @@ CVE-2022-30615 CVE-2022-30614 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a den ...) NOT-FOR-US: IBM CVE-2022-30613 (IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-30612 RESERVED CVE-2022-30611 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) @@ -56974,7 +56974,7 @@ CVE-2022-22495 (IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote CVE-2022-22494 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could ...) NOT-FOR-US: IBM CVE-2022-22493 (IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulne ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22492 RESERVED CVE-2022-22491 @@ -57000,7 +57000,7 @@ CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0 CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...) NOT-FOR-US: IBM CVE-2022-22480 (IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function co ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a49f162042d75e3ade3e4a80850cc9f83a62072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a49f162042d75e3ade3e4a80850cc9f83a62072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2aea3214 by security tracker role at 2022-10-07T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,83 @@ +CVE-2022-42493 + RESERVED +CVE-2022-42492 + RESERVED +CVE-2022-42491 + RESERVED +CVE-2022-42490 + RESERVED +CVE-2022-42484 + RESERVED +CVE-2022-42483 + RESERVED +CVE-2022-42482 + RESERVED +CVE-2022-42481 + RESERVED +CVE-2022-42478 + RESERVED +CVE-2022-42477 + RESERVED +CVE-2022-42476 + RESERVED +CVE-2022-42475 + RESERVED +CVE-2022-42474 + RESERVED +CVE-2022-42473 + RESERVED +CVE-2022-42472 + RESERVED +CVE-2022-42471 + RESERVED +CVE-2022-42470 + RESERVED +CVE-2022-42469 + RESERVED +CVE-2022-41999 + RESERVED +CVE-2022-41991 + RESERVED +CVE-2022-41988 + RESERVED +CVE-2022-41838 + RESERVED +CVE-2022-41837 + RESERVED +CVE-2022-41632 + RESERVED +CVE-2022-41630 + RESERVED +CVE-2022-41154 + RESERVED +CVE-2022-40222 + RESERVED +CVE-2022-38451 + RESERVED +CVE-2022-38091 + RESERVED +CVE-2022-3429 + RESERVED +CVE-2022-3428 + RESERVED +CVE-2022-3427 + RESERVED +CVE-2022-3426 + RESERVED +CVE-2022-3425 + RESERVED +CVE-2022-3424 + RESERVED +CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...) + TODO: check +CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) + TODO: check +CVE-2022-3421 + RESERVED +CVE-2022-3420 + RESERVED +CVE-2022-3419 + RESERVED CVE-2022-42468 RESERVED CVE-2022-42467 @@ -804,8 +884,8 @@ CVE-2022-42094 RESERVED CVE-2022-42093 RESERVED -CVE-2022-42092 - RESERVED +CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) + TODO: check CVE-2022-42091 RESERVED CVE-2022-42090 @@ -838,12 +918,12 @@ CVE-2022-42077 RESERVED CVE-2022-42076 RESERVED -CVE-2022-42075 - RESERVED -CVE-2022-42074 - RESERVED -CVE-2022-42073 - RESERVED +CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code execution. ...) + TODO: check +CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + TODO: check +CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + TODO: check CVE-2022-42072 RESERVED CVE-2022-42071 @@ -2257,14 +2337,14 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contai NOT-FOR-US: TOTOLINK CVE-2022-41516 RESERVED -CVE-2022-41515 - RESERVED -CVE-2022-41514 - RESERVED -CVE-2022-41513 - RESERVED -CVE-2022-41512 - RESERVED +CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + TODO: check +CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + TODO: check +CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + TODO: check +CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) + TODO: check CVE-2022-41511 RESERVED CVE-2022-41510 @@ -2461,8 +2541,8 @@ CVE-2022-41416 RESERVED CVE-2022-41415 RESERVED -CVE-2022-41414 - RESERVED +CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) + TODO: check CVE-2022-41413 RESERVED CVE-2022-41412 @@ -2505,8 +2585,8 @@ CVE-2022-41394 RESERVED CVE-2022-41393 RESERVED -CVE-2022-41392 - RESERVED +CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) + TODO: check CVE-2022-41391 RESERVED CVE-2022-41390 @@ -2531,12 +2611,12 @@ CVE-2022-41381 RESERVED CVE-2022-41380 RESERVED -CVE-2022-41379 - RESERVED -CVE-2022-41378 - RESERVED -CVE-2022-41377 - RESERVED +CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) + TODO: check +CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + TODO: check CVE-2022-41376 RESERVED CVE-2022-41375 @@ -2825,8 +2905,8 @@ CVE-2022-41293 RESERVED CVE-2022-41292 RESERVED -CVE-2022-41291 - RESERVED +CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) + TODO: check CVE-2022-41290 RESERVED CVE-2022-41289 @@ -3762,8 +3842,8 @@ CVE-2022-40874
[Git][security-tracker-team/security-tracker][master] ignore CVE-2020-1751 in glibc as LTS does not support powerpc
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 28563bd5 by Helmut Grohne at 2022-10-07T21:04:18+02:00 ignore CVE-2020-1751 in glibc as LTS does not support powerpc Please dont scream at me for updating stretch and jessie in the main tracker. If I were to leave these untouched here and change them in the elts tracker, in the best case, it would ignore the updates and keep displaying no-dsa. In the worst case, it would reject the data failing some uniqueness check. Been there on Tuesday... - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -208287,9 +208287,9 @@ CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream versi NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...) - glibc 2.30-3 - [buster] - glibc (Minor issue) - [stretch] - glibc (Minor issue) - [jessie] - glibc (Minor issue) + [buster] - glibc (powerpc is not supported by LTS) + [stretch] - glibc (powerpc is not supported by ELTS) + [jessie] - glibc (powerpc is not supported by ELTS) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 (A flaw was found in the machine-config-operator that causes an OpenShi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28563bd510f9a698beddd397d9cae53586a0a5da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28563bd510f9a698beddd397d9cae53586a0a5da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3140-1 for libpgjava
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4381446 by Chris Lamb at 2022-10-07T10:48:41-07:00
Reserve DLA-3140-1 for libpgjava
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Oct 2022] DLA-3140-1 libpgjava - security update
+ {CVE-2022-31197}
+ [buster] - libpgjava 42.2.5-2+deb10u2
[07 Oct 2022] DLA-3139-1 knot-resolver - security update
{CVE-2022-40188}
[buster] - knot-resolver 3.2.1-3+deb10u1
=
data/dla-needed.txt
=
@@ -86,9 +86,6 @@ kopanocore
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
-libpgjava (Chris Lamb)
- NOTE: 20221003: Programming language: Java.
---
linux (Ben Hutchings)
--
man2html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4381446fc71b85860d9f59ce9e70dbe14b83942
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4381446fc71b85860d9f59ce9e70dbe14b83942
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3139-1 for knot-resolver
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72d0c7ad by Chris Lamb at 2022-10-07T10:20:40-07:00
Reserve DLA-3139-1 for knot-resolver
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Oct 2022] DLA-3139-1 knot-resolver - security update
+ {CVE-2022-40188}
+ [buster] - knot-resolver 3.2.1-3+deb10u1
[05 Oct 2022] DLA-3138-1 bind9 - security update
{CVE-2022-2795 CVE-2022-38177 CVE-2022-38178}
[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u8
=
data/dla-needed.txt
=
@@ -82,9 +82,6 @@ imagemagick
joblib
NOTE: 20221006: Programming language: Python.
--
-knot-resolver (Chris Lamb)
- NOTE: 20221003: Programming language: C.
---
kopanocore
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72d0c7adb2391e7646f4713bc9460cc7379ed5f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72d0c7adb2391e7646f4713bc9460cc7379ed5f4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-292{8,9}/isc-dhcp via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8d5b68e by Salvatore Bonaccorso at 2022-10-07T17:28:40+02:00
Track fixed version for CVE-2022-292{8,9}/isc-dhcp via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9309,14 +9309,14 @@ CVE-2022-2930 (Unverified Password Change in GitHub
repository octoprint/octopri
- octoprint (bug #718591)
CVE-2022-2929 (In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 -
4.1-ESV-R16-P1 ...)
{DSA-5251-1}
- - isc-dhcp (bug #1021320)
+ - isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
NOTE: https://kb.isc.org/docs/cve-2022-2929
CVE-2022-2928 (In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 -
4.1-ESV-R16-P ...)
{DSA-5251-1}
- - isc-dhcp (bug #1021320)
+ - isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d5b68eb209c23ee64ccd2c5d51f1d75d5fd840
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d5b68eb209c23ee64ccd2c5d51f1d75d5fd840
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2022-20409 with kernel-sec tracking
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dfe2d27 by Salvatore Bonaccorso at 2022-10-07T14:57:10+02:00 Sync status for CVE-2022-20409 with kernel-sec tracking - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71511,9 +71511,11 @@ CVE-2022-20411 RESERVED CVE-2022-20410 RESERVED -CVE-2022-20409 +CVE-2022-20409 [io_uring: Use original task for req identity in io_identity_cow()] RESERVED - - linux (Android-specific) + - linux 5.14.6-1 + [bullseye] - linux 5.10.136-1 + [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dfe2d279d06d95b40f6aaafca6c72b52344347e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dfe2d279d06d95b40f6aaafca6c72b52344347e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] linux n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ddcd2597 by Moritz Muehlenhoff at 2022-10-07T14:39:19+02:00 linux n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71513,6 +71513,9 @@ CVE-2022-20410 RESERVED CVE-2022-20409 RESERVED + - linux (Android-specific) + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) NOT-FOR-US: Android CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcd259729f165e2cfb9f4e8e939bb4ecc3d8258 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcd259729f165e2cfb9f4e8e939bb4ecc3d8258 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3782/wayland
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6b0cf1f by Salvatore Bonaccorso at 2022-10-07T10:27:48+02:00
Add CVE-2021-3782/wayland
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -76734,7 +76734,9 @@ CVE-2021-3784
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3782 (An internal reference count is held on the buffer pool,
incremented ev ...)
- TODO: check
+ - wayland 1.21.0-1
+ NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/issues/224
+ NOTE:
https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2
(1.20.91)
CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape
flaw was ...)
{DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b0cf1fe9052a66b5265b72f8a2247eb11d4587
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b0cf1fe9052a66b5265b72f8a2247eb11d4587
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39284/codeigniter
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43d2cf9e by Salvatore Bonaccorso at 2022-10-07T10:22:31+02:00 Add CVE-2022-39284/codeigniter - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7395,7 +7395,7 @@ CVE-2022-39286 CVE-2022-39285 RESERVED CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...) - TODO: check + - codeigniter (bug #471583) CVE-2022-39283 RESERVED CVE-2022-39282 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43d2cf9e6fc690b531b8a944b31f942d96b198f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43d2cf9e6fc690b531b8a944b31f942d96b198f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26fa1937 by Salvatore Bonaccorso at 2022-10-07T10:19:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,7 @@ CVE-2022-3416 CVE-2022-3415 RESERVED CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) - TODO: check + NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3413 RESERVED CVE-2022-3412 @@ -7405,7 +7405,7 @@ CVE-2022-39281 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...) TODO: check CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...) - TODO: check + NOT-FOR-US: discourse-chat plugin for Discourse CVE-2022-39278 RESERVED CVE-2022-39277 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26fa19370e3974fe35979baacddcb3e5fb97014e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26fa19370e3974fe35979baacddcb3e5fb97014e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9dc26baf by security tracker role at 2022-10-07T08:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2022-42468
+ RESERVED
+CVE-2022-42467
+ RESERVED
+CVE-2022-42466
+ RESERVED
+CVE-2022-42458
+ RESERVED
+CVE-2022-42001
+ RESERVED
+CVE-2022-42000
+ RESERVED
+CVE-2022-41986
+ RESERVED
+CVE-2022-41814
+ RESERVED
+CVE-2022-41796
+ RESERVED
+CVE-2022-41789
+ RESERVED
+CVE-2022-41611
+ RESERVED
+CVE-2022-3418
+ RESERVED
+CVE-2022-3417
+ RESERVED
+CVE-2022-3416
+ RESERVED
+CVE-2022-3415
+ RESERVED
+CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
+ TODO: check
+CVE-2022-3413
+ RESERVED
+CVE-2022-3412
+ RESERVED
+CVE-2022-3411
+ RESERVED
+CVE-2022-3410
+ RESERVED
+CVE-2022-3409
+ RESERVED
+CVE-2022-3408
+ RESERVED
+CVE-2022-3407
+ RESERVED
CVE-2022-42457 (Generex CS141 before 2.08 allows remote command execution by
administr ...)
NOT-FOR-US: Generex CS141
CVE-2022-42456
@@ -1722,8 +1768,7 @@ CVE-2022-41674
RESERVED
CVE-2022-41673
RESERVED
-CVE-2022-41672
- RESERVED
+CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user
wouldn' ...)
- airflow (bug #819700)
CVE-2022-41671
RESERVED
@@ -4683,8 +4728,8 @@ CVE-2022-40496
RESERVED
CVE-2022-40495
RESERVED
-CVE-2022-40494
- RESERVED
+CVE-2022-40494 (NPS before v0.26.10 was discovered to contain an
authentication bypass ...)
+ TODO: check
CVE-2022-40493
RESERVED
CVE-2022-40492
@@ -7349,8 +7394,8 @@ CVE-2022-39286
RESERVED
CVE-2022-39285
RESERVED
-CVE-2022-39284
- RESERVED
+CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions
prior to 4. ...)
+ TODO: check
CVE-2022-39283
RESERVED
CVE-2022-39282
@@ -7359,8 +7404,8 @@ CVE-2022-39281
RESERVED
CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in
versions bef ...)
TODO: check
-CVE-2022-39279
- RESERVED
+CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board
which adds ...)
+ TODO: check
CVE-2022-39278
RESERVED
CVE-2022-39277
@@ -9262,16 +9307,14 @@ CVE-2022-2931
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2930 (Unverified Password Change in GitHub repository
octoprint/octoprint pr ...)
- octoprint (bug #718591)
-CVE-2022-2929 [DHCP memory leak]
- RESERVED
+CVE-2022-2929 (In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 -
4.1-ESV-R16-P1 ...)
{DSA-5251-1}
- isc-dhcp (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
NOTE: https://kb.isc.org/docs/cve-2022-2929
-CVE-2022-2928 [An option refcount overflow exists in dhcpd]
- RESERVED
+CVE-2022-2928 (In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 -
4.1-ESV-R16-P ...)
{DSA-5251-1}
- isc-dhcp (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
@@ -39594,8 +39637,8 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS
command injection via she
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
NOTE:
https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e
(0.8.5)
NOTE:
https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef
(0.8.5)
-CVE-2022-27810
- RESERVED
+CVE-2022-27810 (It was possible to trigger an infinite recursion condition in
the erro ...)
+ TODO: check
CVE-2022-27809
RESERVED
CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier),
20.005.3031x (a ...)
@@ -44038,12 +44081,12 @@ CVE-2022-26240 (The default privileges for the
running service Normand Message B
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26239 (The default privileges for the running service Normand License
Manager ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
-CVE-2022-26238
- RESERVED
+CVE-2022-26238 (The default privileges for the running service Normand Service
Manager ...)
+ TODO: check
CVE-2022-26237 (The default privileges for the running service Normand Viewer
Service ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
-CVE-2022-26236
- RESERVED
+CVE-2022-26236 (The default privileges for the running service Normand Remisol
Advance ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-21222/node-css-what
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78898522 by Salvatore Bonaccorso at 2022-10-07T09:59:10+02:00 Add CVE-2022-21222/node-css-what - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45096,7 +45096,9 @@ CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Ser CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...) NOT-FOR-US: cocoapods-downloader CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...) - TODO: check + - node-css-what + NOTE: https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 + TODO: isolate fixing commit, as the one in v2.1.3 does not seem to be correct CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...) NOT-FOR-US: github.com/valyala/fasthttp CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78898522745a6f3a7be4827109fa58e49dbb2dbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78898522745a6f3a7be4827109fa58e49dbb2dbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim glib.
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 12ee2b42 by Helmut Grohne at 2022-10-07T09:29:56+02:00 data/dla-needed.txt: Claim glib. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,7 +52,7 @@ gajim gerbv NOTE: 20220923: Programming language: C. -- -glibc +glibc (Helmut Grohne) NOTE: 20220913: Programming language: C, Assembly. NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and Debian 11.5 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ee2b4223ac0ba3c267b5aa567938cbc31c37d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ee2b4223ac0ba3c267b5aa567938cbc31c37d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32166/openvswitch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95dfc58a by Salvatore Bonaccorso at 2022-10-07T09:20:17+02:00 Add CVE-2022-32166/openvswitch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26538,7 +26538,8 @@ CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijack CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...) TODO: check CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...) - TODO: check + - openvswitch 2.13.0+dfsg1-1 + NOTE: https://github.com/openvswitch/ovs/commit/2ed650cdcb46f9b1f0329d1491b75290fc73 (v2.12.0) CVE-2022-32165 RESERVED CVE-2022-32164 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95dfc58a9ee92297bae13700dcf087e48d0c2508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95dfc58a9ee92297bae13700dcf087e48d0c2508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3276/puppet-module-puppetlabs-mysql
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fdac35fc by Salvatore Bonaccorso at 2022-10-07T09:03:53+02:00 Add CVE-2022-3276/puppet-module-puppetlabs-mysql - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2687,6 +2687,8 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3) CVE-2022-3276 RESERVED + - puppet-module-puppetlabs-mysql + NOTE: https://puppet.com/security/cve/CVE-2022-3276 CVE-2022-3275 RESERVED CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdac35fcc28b627638f2d5adc32621c465bb40eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdac35fcc28b627638f2d5adc32621c465bb40eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-31008/rabbitmq-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a0056d0 by Salvatore Bonaccorso at 2022-10-07T08:47:14+02:00 Add CVE-2022-31008/rabbitmq-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29856,7 +29856,9 @@ CVE-2022-31010 CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging application. I ...) NOT-FOR-US: wire-ios CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...) - TODO: check + - rabbitmq-server 3.10.8-1 + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841 CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...) NOT-FOR-US: eLabFTW CVE-2022-31006 (indy-node is the server portion of Hyperledger Indy, a distributed led ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0056d07c362baaeffca24d436a5736c2d0ef57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0056d07c362baaeffca24d436a5736c2d0ef57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad1a1edf by Salvatore Bonaccorso at 2022-10-07T08:41:20+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7366,7 +7366,7 @@ CVE-2022-39277 CVE-2022-39276 RESERVED CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...) - TODO: check + NOT-FOR-US: Saleor CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...) TODO: check CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...) @@ -7376,7 +7376,7 @@ CVE-2022-39272 CVE-2022-39271 RESERVED CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...) - TODO: check + NOT-FOR-US: DiscoTOC Discourse theme CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) TODO: check CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...) @@ -8779,7 +8779,7 @@ CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc CVE-2022-3003 RESERVED CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) - TODO: check + NOT-FOR-US: yetiforcecrm CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...) NOT-FOR-US: Milesight Video Management Systems (VMS) CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) @@ -8996,7 +8996,7 @@ CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied vi CVE-2022-2976 RESERVED CVE-2022-2975 (A vulnerability related to weak permissions was detected in Avaya Aura ...) - TODO: check + NOT-FOR-US: Avaya CVE-2022-2974 RESERVED CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...) @@ -10771,11 +10771,11 @@ CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF CVE-2022-2784 RESERVED CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...) - TODO: check + NOT-FOR-US: Octopus CVE-2022-2782 RESERVED CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...) - TODO: check + NOT-FOR-US: Octopus CVE-2022-2780 RESERVED CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...) @@ -11474,7 +11474,7 @@ CVE-2022-37890 CVE-2022-37889 RESERVED CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: Aruba CVE-2022-37887 RESERVED CVE-2022-37886 @@ -12748,7 +12748,7 @@ CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel mod CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...) @@ -14802,7 +14802,7 @@ CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contai CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...) NOT-FOR-US: Tenda CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...) - TODO: check + NOT-FOR-US: Heartex CVE-2022-36550 RESERVED CVE-2022-36549 @@ -4,21 +4,21 @@ CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via th CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...) TODO: check CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk
