[Git][security-tracker-team/security-tracker][master] Ignore all pluxml issues in buster. Second try
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d2441fe1 by Anton Gladky at 2022-10-07T23:24:47+02:00 Ignore all pluxml issues in buster. Second try - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -480261,8 +480261,10 @@ CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) - pluxml + [buster] - pluxml (Issue is 10 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) - pluxml + [buster] - pluxml (Issue is 10 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...) @@ -558822,6 +558824,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) - pluxml + [buster] - pluxml (Issue is 15 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...) @@ -559159,6 +559162,7 @@ CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) - pluxml + [buster] - pluxml (Issue is 15 years old. Package exists only in this suite. Popcon: 4 on 2022.10.06) CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2441fe1836a30c09bd805353e3775727d9d0327 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2441fe1836a30c09bd805353e3775727d9d0327 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39237/golang-github-sylabs-sif
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d340057e by Salvatore Bonaccorso at 2022-10-07T22:48:14+02:00 Add CVE-2022-39237/golang-github-sylabs-sif Explicitly tracking as well singularity-container as it uses AFAIC the vendored copy and is unfixed as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7588,7 +7588,11 @@ CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) NOT-FOR-US: Arvados CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...) - TODO: check + - golang-github-sylabs-sif + - singularity-container + NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 + NOTE: https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1) + NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1) CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad0a77a3 by Salvatore Bonaccorso at 2022-10-07T22:32:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,7 +71,7 @@ CVE-2022-3424 CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...) TODO: check CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) - TODO: check + NOT-FOR-US: ToolJet CVE-2022-3421 RESERVED CVE-2022-3420 @@ -885,7 +885,7 @@ CVE-2022-42094 CVE-2022-42093 RESERVED CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) - TODO: check + NOT-FOR-US: Backdrop CMS CVE-2022-42091 RESERVED CVE-2022-42090 @@ -919,11 +919,11 @@ CVE-2022-42077 CVE-2022-42076 RESERVED CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code execution. ...) - TODO: check + NOT-FOR-US: Wedding Planner CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42072 RESERVED CVE-2022-42071 @@ -2338,13 +2338,13 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contai CVE-2022-41516 RESERVED CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) - TODO: check + NOT-FOR-US: Open Source SACCO Management System CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) - TODO: check + NOT-FOR-US: Open Source SACCO Management System CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) - TODO: check + NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41511 RESERVED CVE-2022-41510 @@ -2542,7 +2542,7 @@ CVE-2022-41416 CVE-2022-41415 RESERVED CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) - TODO: check + NOT-FOR-US: Liferay CVE-2022-41413 RESERVED CVE-2022-41412 @@ -2586,7 +2586,7 @@ CVE-2022-41394 CVE-2022-41393 RESERVED CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) - TODO: check + NOT-FOR-US: TotalJS CMS CVE-2022-41391 RESERVED CVE-2022-41390 @@ -2612,11 +2612,11 @@ CVE-2022-41381 CVE-2022-41380 RESERVED CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) - TODO: check + NOT-FOR-US: Online Leave Management System CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Online Pet Shop We App CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Online Pet Shop We App CVE-2022-41376 RESERVED CVE-2022-41375 @@ -3843,7 +3843,7 @@ CVE-2022-40874 CVE-2022-40873 RESERVED CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...) - TODO: check + NOT-FOR-US: Sourcecodester Simple E-Learning System CVE-2022-40871 RESERVED CVE-2022-40870 @@ -6191,69 +6191,69 @@ CVE-2022-39880 CVE-2022-39879 RESERVED CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39876 (Insertion of Sensitive Information into Log in PushRegIdUpdateClient o ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39875 (Improper component protection vulnerability in Samsung Account prior t ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung Account pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2022-39871 (Improper access control vulnerability cloudNotificationManager.java in ...)
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a49f162 by Salvatore Bonaccorso at 2022-10-07T22:16:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2906,7 +2906,7 @@ CVE-2022-41293 CVE-2022-41292 RESERVED CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-41290 RESERVED CVE-2022-41289 @@ -14459,7 +14459,7 @@ CVE-2022-36774 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2022-36772 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2022-36770 @@ -21097,7 +21097,7 @@ CVE-2022-34310 CVE-2022-34309 RESERVED CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) NOT-FOR-US: IBM CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...) @@ -31233,7 +31233,7 @@ CVE-2022-30615 CVE-2022-30614 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a den ...) NOT-FOR-US: IBM CVE-2022-30613 (IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-30612 RESERVED CVE-2022-30611 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) @@ -56974,7 +56974,7 @@ CVE-2022-22495 (IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote CVE-2022-22494 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could ...) NOT-FOR-US: IBM CVE-2022-22493 (IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulne ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22492 RESERVED CVE-2022-22491 @@ -57000,7 +57000,7 @@ CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0 CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...) NOT-FOR-US: IBM CVE-2022-22480 (IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function co ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a49f162042d75e3ade3e4a80850cc9f83a62072 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a49f162042d75e3ade3e4a80850cc9f83a62072 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2aea3214 by security tracker role at 2022-10-07T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,83 @@ +CVE-2022-42493 + RESERVED +CVE-2022-42492 + RESERVED +CVE-2022-42491 + RESERVED +CVE-2022-42490 + RESERVED +CVE-2022-42484 + RESERVED +CVE-2022-42483 + RESERVED +CVE-2022-42482 + RESERVED +CVE-2022-42481 + RESERVED +CVE-2022-42478 + RESERVED +CVE-2022-42477 + RESERVED +CVE-2022-42476 + RESERVED +CVE-2022-42475 + RESERVED +CVE-2022-42474 + RESERVED +CVE-2022-42473 + RESERVED +CVE-2022-42472 + RESERVED +CVE-2022-42471 + RESERVED +CVE-2022-42470 + RESERVED +CVE-2022-42469 + RESERVED +CVE-2022-41999 + RESERVED +CVE-2022-41991 + RESERVED +CVE-2022-41988 + RESERVED +CVE-2022-41838 + RESERVED +CVE-2022-41837 + RESERVED +CVE-2022-41632 + RESERVED +CVE-2022-41630 + RESERVED +CVE-2022-41154 + RESERVED +CVE-2022-40222 + RESERVED +CVE-2022-38451 + RESERVED +CVE-2022-38091 + RESERVED +CVE-2022-3429 + RESERVED +CVE-2022-3428 + RESERVED +CVE-2022-3427 + RESERVED +CVE-2022-3426 + RESERVED +CVE-2022-3425 + RESERVED +CVE-2022-3424 + RESERVED +CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...) + TODO: check +CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) + TODO: check +CVE-2022-3421 + RESERVED +CVE-2022-3420 + RESERVED +CVE-2022-3419 + RESERVED CVE-2022-42468 RESERVED CVE-2022-42467 @@ -804,8 +884,8 @@ CVE-2022-42094 RESERVED CVE-2022-42093 RESERVED -CVE-2022-42092 - RESERVED +CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) + TODO: check CVE-2022-42091 RESERVED CVE-2022-42090 @@ -838,12 +918,12 @@ CVE-2022-42077 RESERVED CVE-2022-42076 RESERVED -CVE-2022-42075 - RESERVED -CVE-2022-42074 - RESERVED -CVE-2022-42073 - RESERVED +CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code execution. ...) + TODO: check +CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + TODO: check +CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + TODO: check CVE-2022-42072 RESERVED CVE-2022-42071 @@ -2257,14 +2337,14 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contai NOT-FOR-US: TOTOLINK CVE-2022-41516 RESERVED -CVE-2022-41515 - RESERVED -CVE-2022-41514 - RESERVED -CVE-2022-41513 - RESERVED -CVE-2022-41512 - RESERVED +CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + TODO: check +CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + TODO: check +CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + TODO: check +CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) + TODO: check CVE-2022-41511 RESERVED CVE-2022-41510 @@ -2461,8 +2541,8 @@ CVE-2022-41416 RESERVED CVE-2022-41415 RESERVED -CVE-2022-41414 - RESERVED +CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) + TODO: check CVE-2022-41413 RESERVED CVE-2022-41412 @@ -2505,8 +2585,8 @@ CVE-2022-41394 RESERVED CVE-2022-41393 RESERVED -CVE-2022-41392 - RESERVED +CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) + TODO: check CVE-2022-41391 RESERVED CVE-2022-41390 @@ -2531,12 +2611,12 @@ CVE-2022-41381 RESERVED CVE-2022-41380 RESERVED -CVE-2022-41379 - RESERVED -CVE-2022-41378 - RESERVED -CVE-2022-41377 - RESERVED +CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) + TODO: check +CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + TODO: check CVE-2022-41376 RESERVED CVE-2022-41375 @@ -2825,8 +2905,8 @@ CVE-2022-41293 RESERVED CVE-2022-41292 RESERVED -CVE-2022-41291 - RESERVED +CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) + TODO: check CVE-2022-41290 RESERVED CVE-2022-41289 @@ -3762,8 +3842,8 @@ CVE-2022-40874
[Git][security-tracker-team/security-tracker][master] ignore CVE-2020-1751 in glibc as LTS does not support powerpc
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 28563bd5 by Helmut Grohne at 2022-10-07T21:04:18+02:00 ignore CVE-2020-1751 in glibc as LTS does not support powerpc Please dont scream at me for updating stretch and jessie in the main tracker. If I were to leave these untouched here and change them in the elts tracker, in the best case, it would ignore the updates and keep displaying no-dsa. In the worst case, it would reject the data failing some uniqueness check. Been there on Tuesday... - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -208287,9 +208287,9 @@ CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream versi NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...) - glibc 2.30-3 - [buster] - glibc (Minor issue) - [stretch] - glibc (Minor issue) - [jessie] - glibc (Minor issue) + [buster] - glibc (powerpc is not supported by LTS) + [stretch] - glibc (powerpc is not supported by ELTS) + [jessie] - glibc (powerpc is not supported by ELTS) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 (A flaw was found in the machine-config-operator that causes an OpenShi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28563bd510f9a698beddd397d9cae53586a0a5da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28563bd510f9a698beddd397d9cae53586a0a5da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3140-1 for libpgjava
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: f4381446 by Chris Lamb at 2022-10-07T10:48:41-07:00 Reserve DLA-3140-1 for libpgjava - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Oct 2022] DLA-3140-1 libpgjava - security update + {CVE-2022-31197} + [buster] - libpgjava 42.2.5-2+deb10u2 [07 Oct 2022] DLA-3139-1 knot-resolver - security update {CVE-2022-40188} [buster] - knot-resolver 3.2.1-3+deb10u1 = data/dla-needed.txt = @@ -86,9 +86,6 @@ kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- -libpgjava (Chris Lamb) - NOTE: 20221003: Programming language: Java. --- linux (Ben Hutchings) -- man2html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4381446fc71b85860d9f59ce9e70dbe14b83942 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4381446fc71b85860d9f59ce9e70dbe14b83942 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3139-1 for knot-resolver
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 72d0c7ad by Chris Lamb at 2022-10-07T10:20:40-07:00 Reserve DLA-3139-1 for knot-resolver - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Oct 2022] DLA-3139-1 knot-resolver - security update + {CVE-2022-40188} + [buster] - knot-resolver 3.2.1-3+deb10u1 [05 Oct 2022] DLA-3138-1 bind9 - security update {CVE-2022-2795 CVE-2022-38177 CVE-2022-38178} [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u8 = data/dla-needed.txt = @@ -82,9 +82,6 @@ imagemagick joblib NOTE: 20221006: Programming language: Python. -- -knot-resolver (Chris Lamb) - NOTE: 20221003: Programming language: C. --- kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72d0c7adb2391e7646f4713bc9460cc7379ed5f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72d0c7adb2391e7646f4713bc9460cc7379ed5f4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-292{8,9}/isc-dhcp via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8d5b68e by Salvatore Bonaccorso at 2022-10-07T17:28:40+02:00 Track fixed version for CVE-2022-292{8,9}/isc-dhcp via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9309,14 +9309,14 @@ CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octopri - octoprint (bug #718591) CVE-2022-2929 (In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1 ...) {DSA-5251-1} - - isc-dhcp (bug #1021320) + - isc-dhcp 4.4.3-2.1 (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ NOTE: https://kb.isc.org/docs/cve-2022-2929 CVE-2022-2928 (In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P ...) {DSA-5251-1} - - isc-dhcp (bug #1021320) + - isc-dhcp 4.4.3-2.1 (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d5b68eb209c23ee64ccd2c5d51f1d75d5fd840 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d5b68eb209c23ee64ccd2c5d51f1d75d5fd840 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2022-20409 with kernel-sec tracking
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dfe2d27 by Salvatore Bonaccorso at 2022-10-07T14:57:10+02:00 Sync status for CVE-2022-20409 with kernel-sec tracking - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71511,9 +71511,11 @@ CVE-2022-20411 RESERVED CVE-2022-20410 RESERVED -CVE-2022-20409 +CVE-2022-20409 [io_uring: Use original task for req identity in io_identity_cow()] RESERVED - - linux (Android-specific) + - linux 5.14.6-1 + [bullseye] - linux 5.10.136-1 + [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dfe2d279d06d95b40f6aaafca6c72b52344347e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dfe2d279d06d95b40f6aaafca6c72b52344347e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] linux n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ddcd2597 by Moritz Muehlenhoff at 2022-10-07T14:39:19+02:00 linux n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71513,6 +71513,9 @@ CVE-2022-20410 RESERVED CVE-2022-20409 RESERVED + - linux (Android-specific) + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) NOT-FOR-US: Android CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcd259729f165e2cfb9f4e8e939bb4ecc3d8258 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcd259729f165e2cfb9f4e8e939bb4ecc3d8258 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3782/wayland
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f6b0cf1f by Salvatore Bonaccorso at 2022-10-07T10:27:48+02:00 Add CVE-2021-3782/wayland - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76734,7 +76734,9 @@ CVE-2021-3784 CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...) - TODO: check + - wayland 1.21.0-1 + NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 + NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2 (1.20.91) CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b0cf1fe9052a66b5265b72f8a2247eb11d4587 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b0cf1fe9052a66b5265b72f8a2247eb11d4587 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39284/codeigniter
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43d2cf9e by Salvatore Bonaccorso at 2022-10-07T10:22:31+02:00 Add CVE-2022-39284/codeigniter - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7395,7 +7395,7 @@ CVE-2022-39286 CVE-2022-39285 RESERVED CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...) - TODO: check + - codeigniter (bug #471583) CVE-2022-39283 RESERVED CVE-2022-39282 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43d2cf9e6fc690b531b8a944b31f942d96b198f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43d2cf9e6fc690b531b8a944b31f942d96b198f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26fa1937 by Salvatore Bonaccorso at 2022-10-07T10:19:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,7 @@ CVE-2022-3416 CVE-2022-3415 RESERVED CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) - TODO: check + NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3413 RESERVED CVE-2022-3412 @@ -7405,7 +7405,7 @@ CVE-2022-39281 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...) TODO: check CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...) - TODO: check + NOT-FOR-US: discourse-chat plugin for Discourse CVE-2022-39278 RESERVED CVE-2022-39277 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26fa19370e3974fe35979baacddcb3e5fb97014e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26fa19370e3974fe35979baacddcb3e5fb97014e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9dc26baf by security tracker role at 2022-10-07T08:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2022-42468 + RESERVED +CVE-2022-42467 + RESERVED +CVE-2022-42466 + RESERVED +CVE-2022-42458 + RESERVED +CVE-2022-42001 + RESERVED +CVE-2022-42000 + RESERVED +CVE-2022-41986 + RESERVED +CVE-2022-41814 + RESERVED +CVE-2022-41796 + RESERVED +CVE-2022-41789 + RESERVED +CVE-2022-41611 + RESERVED +CVE-2022-3418 + RESERVED +CVE-2022-3417 + RESERVED +CVE-2022-3416 + RESERVED +CVE-2022-3415 + RESERVED +CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) + TODO: check +CVE-2022-3413 + RESERVED +CVE-2022-3412 + RESERVED +CVE-2022-3411 + RESERVED +CVE-2022-3410 + RESERVED +CVE-2022-3409 + RESERVED +CVE-2022-3408 + RESERVED +CVE-2022-3407 + RESERVED CVE-2022-42457 (Generex CS141 before 2.08 allows remote command execution by administr ...) NOT-FOR-US: Generex CS141 CVE-2022-42456 @@ -1722,8 +1768,7 @@ CVE-2022-41674 RESERVED CVE-2022-41673 RESERVED -CVE-2022-41672 - RESERVED +CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...) - airflow (bug #819700) CVE-2022-41671 RESERVED @@ -4683,8 +4728,8 @@ CVE-2022-40496 RESERVED CVE-2022-40495 RESERVED -CVE-2022-40494 - RESERVED +CVE-2022-40494 (NPS before v0.26.10 was discovered to contain an authentication bypass ...) + TODO: check CVE-2022-40493 RESERVED CVE-2022-40492 @@ -7349,8 +7394,8 @@ CVE-2022-39286 RESERVED CVE-2022-39285 RESERVED -CVE-2022-39284 - RESERVED +CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...) + TODO: check CVE-2022-39283 RESERVED CVE-2022-39282 @@ -7359,8 +7404,8 @@ CVE-2022-39281 RESERVED CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...) TODO: check -CVE-2022-39279 - RESERVED +CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...) + TODO: check CVE-2022-39278 RESERVED CVE-2022-39277 @@ -9262,16 +9307,14 @@ CVE-2022-2931 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) - octoprint (bug #718591) -CVE-2022-2929 [DHCP memory leak] - RESERVED +CVE-2022-2929 (In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1 ...) {DSA-5251-1} - isc-dhcp (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ NOTE: https://kb.isc.org/docs/cve-2022-2929 -CVE-2022-2928 [An option refcount overflow exists in dhcpd] - RESERVED +CVE-2022-2928 (In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P ...) {DSA-5251-1} - isc-dhcp (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 @@ -39594,8 +39637,8 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via she NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13 NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5) NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5) -CVE-2022-27810 - RESERVED +CVE-2022-27810 (It was possible to trigger an infinite recursion condition in the erro ...) + TODO: check CVE-2022-27809 RESERVED CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) @@ -44038,12 +44081,12 @@ CVE-2022-26240 (The default privileges for the running service Normand Message B NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26239 (The default privileges for the running service Normand License Manager ...) NOT-FOR-US: Beckman Coulter Remisol Advance -CVE-2022-26238 - RESERVED +CVE-2022-26238 (The default privileges for the running service Normand Service Manager ...) + TODO: check CVE-2022-26237 (The default privileges for the running service Normand Viewer Service ...) NOT-FOR-US: Beckman Coulter Remisol Advance -CVE-2022-26236 - RESERVED +CVE-2022-26236 (The default privileges for the running service Normand Remisol Advance ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-21222/node-css-what
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78898522 by Salvatore Bonaccorso at 2022-10-07T09:59:10+02:00 Add CVE-2022-21222/node-css-what - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45096,7 +45096,9 @@ CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Ser CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...) NOT-FOR-US: cocoapods-downloader CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...) - TODO: check + - node-css-what + NOTE: https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 + TODO: isolate fixing commit, as the one in v2.1.3 does not seem to be correct CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...) NOT-FOR-US: github.com/valyala/fasthttp CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78898522745a6f3a7be4827109fa58e49dbb2dbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78898522745a6f3a7be4827109fa58e49dbb2dbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim glib.
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 12ee2b42 by Helmut Grohne at 2022-10-07T09:29:56+02:00 data/dla-needed.txt: Claim glib. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,7 +52,7 @@ gajim gerbv NOTE: 20220923: Programming language: C. -- -glibc +glibc (Helmut Grohne) NOTE: 20220913: Programming language: C, Assembly. NOTE: 20220913: Harmonize with bullseye: 4 CVEs fixed in Debian 11.3 and Debian 11.5 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ee2b4223ac0ba3c267b5aa567938cbc31c37d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ee2b4223ac0ba3c267b5aa567938cbc31c37d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32166/openvswitch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95dfc58a by Salvatore Bonaccorso at 2022-10-07T09:20:17+02:00 Add CVE-2022-32166/openvswitch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26538,7 +26538,8 @@ CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijack CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...) TODO: check CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...) - TODO: check + - openvswitch 2.13.0+dfsg1-1 + NOTE: https://github.com/openvswitch/ovs/commit/2ed650cdcb46f9b1f0329d1491b75290fc73 (v2.12.0) CVE-2022-32165 RESERVED CVE-2022-32164 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95dfc58a9ee92297bae13700dcf087e48d0c2508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95dfc58a9ee92297bae13700dcf087e48d0c2508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3276/puppet-module-puppetlabs-mysql
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fdac35fc by Salvatore Bonaccorso at 2022-10-07T09:03:53+02:00 Add CVE-2022-3276/puppet-module-puppetlabs-mysql - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2687,6 +2687,8 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3) CVE-2022-3276 RESERVED + - puppet-module-puppetlabs-mysql + NOTE: https://puppet.com/security/cve/CVE-2022-3276 CVE-2022-3275 RESERVED CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdac35fcc28b627638f2d5adc32621c465bb40eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdac35fcc28b627638f2d5adc32621c465bb40eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-31008/rabbitmq-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a0056d0 by Salvatore Bonaccorso at 2022-10-07T08:47:14+02:00 Add CVE-2022-31008/rabbitmq-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29856,7 +29856,9 @@ CVE-2022-31010 CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging application. I ...) NOT-FOR-US: wire-ios CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...) - TODO: check + - rabbitmq-server 3.10.8-1 + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841 CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...) NOT-FOR-US: eLabFTW CVE-2022-31006 (indy-node is the server portion of Hyperledger Indy, a distributed led ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0056d07c362baaeffca24d436a5736c2d0ef57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0056d07c362baaeffca24d436a5736c2d0ef57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad1a1edf by Salvatore Bonaccorso at 2022-10-07T08:41:20+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7366,7 +7366,7 @@ CVE-2022-39277 CVE-2022-39276 RESERVED CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...) - TODO: check + NOT-FOR-US: Saleor CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...) TODO: check CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...) @@ -7376,7 +7376,7 @@ CVE-2022-39272 CVE-2022-39271 RESERVED CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...) - TODO: check + NOT-FOR-US: DiscoTOC Discourse theme CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) TODO: check CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...) @@ -8779,7 +8779,7 @@ CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc CVE-2022-3003 RESERVED CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) - TODO: check + NOT-FOR-US: yetiforcecrm CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...) NOT-FOR-US: Milesight Video Management Systems (VMS) CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) @@ -8996,7 +8996,7 @@ CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied vi CVE-2022-2976 RESERVED CVE-2022-2975 (A vulnerability related to weak permissions was detected in Avaya Aura ...) - TODO: check + NOT-FOR-US: Avaya CVE-2022-2974 RESERVED CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...) @@ -10771,11 +10771,11 @@ CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF CVE-2022-2784 RESERVED CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...) - TODO: check + NOT-FOR-US: Octopus CVE-2022-2782 RESERVED CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...) - TODO: check + NOT-FOR-US: Octopus CVE-2022-2780 RESERVED CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...) @@ -11474,7 +11474,7 @@ CVE-2022-37890 CVE-2022-37889 RESERVED CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: Aruba CVE-2022-37887 RESERVED CVE-2022-37886 @@ -12748,7 +12748,7 @@ CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel mod CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...) @@ -14802,7 +14802,7 @@ CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contai CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...) NOT-FOR-US: Tenda CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...) - TODO: check + NOT-FOR-US: Heartex CVE-2022-36550 RESERVED CVE-2022-36549 @@ -4,21 +4,21 @@ CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via th CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...) TODO: check CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk