[Git][security-tracker-team/security-tracker][master] Change programming language for elang.
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c8b4c79 by Anton Gladky at 2022-12-01T07:01:08+01:00 Change programming language for elang. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,7 +35,7 @@ curl (Roberto C. Sánchez) NOTE: 20220904: Special attention: high popcon!. -- erlang - NOTE: 20221119: Programming language: C. + NOTE: 20221119: Programming language: Erlang. NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) -- exiv2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8b4c79f404271b4159bad4abbfe4495541c7da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8b4c79f404271b4159bad4abbfe4495541c7da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2022-3697/ansible
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb01f9f4 by Salvatore Bonaccorso at 2022-12-01T06:49:24+01:00 Add fixed version via unstable for CVE-2022-3697/ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9749,7 +9749,7 @@ CVE-2022-3699 CVE-2022-3698 RESERVED CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) - - ansible + - ansible 7.0.0+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664 NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199 CVE-2022-3696 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb01f9f421dbe3f31747c96e23a87be69bdda4f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb01f9f421dbe3f31747c96e23a87be69bdda4f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-3328/snapd: Reference oss-security post
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1099eea8 by Salvatore Bonaccorso at 2022-12-01T06:37:06+01:00 CVE-2022-3328/snapd: Reference oss-security post - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15584,6 +15584,7 @@ CVE-2022-3328 NOTE: https://github.com/snapcore/snapd/commit/d9d8c2f6f6c0310bd10e3061030e8bf9e9e49949 (2.57.6) NOTE: https://github.com/snapcore/snapd/commit/1816f8dd9e33c252b6aa6c7e6205baa9161c2d4c (2.57.6) NOTE: https://github.com/snapcore/snapd/releases/tag/2.57.6 + NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/2 CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...) - rdiffweb (bug #969974) CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1099eea8d57b06d09a6294f1050e4a6187d945ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1099eea8d57b06d09a6294f1050e4a6187d945ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2022-46338
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa581c70 by Salvatore Bonaccorso at 2022-12-01T06:34:23+01:00 Track upstream commit for CVE-2022-46338 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -179,6 +179,7 @@ CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keybo - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) NOTE: https://github.com/MatMoul/g810-led/pull/297 + NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3) CVE-2022-46309 RESERVED CVE-2022-46308 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa581c7043dddb0eb082d6aeb10e7d35a63c7966 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa581c7043dddb0eb082d6aeb10e7d35a63c7966 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-46338: Indent note with tab
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 959c8d39 by Salvatore Bonaccorso at 2022-12-01T06:32:20+01:00 CVE-2022-46338: Indent note with tab - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -178,7 +178,7 @@ CVE-2021-46856 CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) - NOTE: https://github.com/MatMoul/g810-led/pull/297 + NOTE: https://github.com/MatMoul/g810-led/pull/297 CVE-2022-46309 RESERVED CVE-2022-46308 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/959c8d39a7754601704300d4bcaffbe663a8771d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/959c8d39a7754601704300d4bcaffbe663a8771d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Add link to the CVE-2022-46338
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b1d1a68 by Anton Gladky at 2022-12-01T05:33:19+01:00 Add link to the CVE-2022-46338 - - - - - c3fc4813 by Anton Gladky at 2022-12-01T05:33:19+01:00 LTS: add g810-led to dla-needed.txt - - - - - 272dbee4 by Anton Gladky at 2022-12-01T05:33:20+01:00 LTS: add node-xmldom to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -178,6 +178,7 @@ CVE-2021-46856 CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) + NOTE: https://github.com/MatMoul/g810-led/pull/297 CVE-2022-46309 RESERVED CVE-2022-46308 = data/dla-needed.txt = @@ -47,6 +47,12 @@ firmware-nonfree (Markus Koschany) fwupd (Stefano Rivera) NOTE: 20221003: Programming language: C++. -- +g810-led + NOTE: 20221130: Programming language: C++. + NOTE: 20221130: VCS: https://salsa.debian.org/lts-team/packages/g810-led.git + NOTE: 20221130: The issue in the udev-rules, not in the package itself (gladk). + NOTE: 20221130: https://gitlab.com/qemu-project/qemu/-/issues/1268 (gladk). +-- git NOTE: 20221031: Programming language: C. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/git.git @@ -227,6 +233,11 @@ node-url-parse NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk) -- +node-xmldom + NOTE: 20221130: Programming language: JavaScript. + NOTE: 20221130: VCS: https://salsa.debian.org/lts-team/packages/node-xmldom.git + NOTE: 20221130: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883 (gladk). +-- nodejs NOTE: 20221105: Programming language: Javascript, C/C++, Python NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a853b8d59f3084ad130bf649944e9607b249ebf...272dbee46ae9e1d46d3384c73d0e3dad7c21abdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a853b8d59f3084ad130bf649944e9607b249ebf...272dbee46ae9e1d46d3384c73d0e3dad7c21abdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: mark CVE-2021-4219 as for buster, add notes on introducing upstream commits
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a853b8d by Roberto C. Sánchez at 2022-11-30T17:53:05-05:00 LTS: mark CVE-2021-4219 as not-affected for buster, add notes on introducing upstream commits - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61043,8 +61043,9 @@ CVE-2021-4220 CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to impro ...) - imagemagick (bug #1013282) [bullseye] - imagemagick (Minor issue) - [buster] - imagemagick (Minor issue) + [buster] - imagemagick (Vulnerable code introduced later) [stretch] - imagemagick (Minor issue, DoS) + NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/b51ead044753d771646fe1dfd6fb1db0b562a5f0 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7f1b2b9b816baaa956381ff80c3b120e83faa95 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a853b8d59f3084ad130bf649944e9607b249ebf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a853b8d59f3084ad130bf649944e9607b249ebf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 88861372 by Moritz Muehlenhoff at 2022-11-30T23:15:49+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46299,6 +46299,7 @@ CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 t NOT-FOR-US: Technitium DNS Server CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) - maradns + [bullseye] - maradns (Minor issue) NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 CVE-2022-30255 RESERVED @@ -50203,6 +50204,7 @@ CVE-2022-28949 RESERVED CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...) - golang-gopkg-yaml.v3 3.0.1-1 (bug #1011338) + [bullseye] - golang-gopkg-yaml.v3 (Minor issue) NOTE: https://github.com/go-yaml/yaml/issues/666 NOTE: https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754 (v3.0.0) CVE-2022-28947 @@ -66056,6 +66058,7 @@ CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to NOTE: https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...) - xen 4.16.2+90-g0d39a6d1ae-1 + [bullseye] - xen (Fix along in next DSA) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-422.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8886137260d1520fb34f3ceec72d354a4bf14aae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8886137260d1520fb34f3ceec72d354a4bf14aae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] g810-led spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b87931dd by Moritz Mühlenhoff at 2022-11-30T23:00:01+01:00 g810-led spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -88,3 +88,5 @@ CVE-2022-38851 [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 CVE-2022-38850 [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-46338 + [bullseye] - g810-led 0.4.2-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b87931dd8784f8c40d42129a6e750155e7f88dd4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b87931dd8784f8c40d42129a6e750155e7f88dd4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d6f78138 by Moritz Muehlenhoff at 2022-11-30T22:46:30+01:00 bullseye triage mplayer spu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -1486,6 +1486,7 @@ CVE-2022-45786 CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c] RESERVED - libetpan (bug #1025120) + [bullseye] - libetpan (Minor issue) NOTE: https://github.com/dinhvh/libetpan/issues/420 CVE-2022-4120 RESERVED @@ -2959,6 +2960,7 @@ CVE-2022-45344 RESERVED CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) - gpac + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2315 NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 @@ -3341,6 +3343,7 @@ CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpe CVE-2022-45197 [missing certificate hostname validation] RESERVED - slixmpp 1.8.3-1 + [bullseye] - slixmpp (Minor issue) NOTE: https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa (slix-1.8.3) CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...) NOT-FOR-US: Hyperledger Fabric @@ -1,6 +4,7 @@ CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By NOTE: Crash in CLI tool, no security impact CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer (bug #1021013) + [bullseye] - mplayer (Minor issue, will be fixed via spu) NOTE: https://trac.mplayerhq.hu/ticket/2406 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) @@ -22234,6 +22238,7 @@ CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: https://trac.mplayerhq.hu/ticket/2404 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...) - mplayer (bug #1021013) + [bullseye] - mplayer (Minor issue, will be fixed via spu) NOTE: https://trac.mplayerhq.hu/ticket/2407 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) @@ -29726,9 +29731,11 @@ CVE-2022-36181 RESERVED CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...) - fusiondirectory + [bullseye] - fusiondirectory (Minor issue) NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. ...) - fusiondirectory + [bullseye] - fusiondirectory (Minor issue) NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ CVE-2022-36178 RESERVED = data/next-point-update.txt = @@ -68,3 +68,23 @@ CVE-2020-29260 [bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1 CVE-2022-39353 [bullseye] - node-xmldom 0.5.0-1+deb11u2 +CVE-2022-38866 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38865 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38864 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38863 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38861 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38860 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38858 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38855 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38851 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 +CVE-2022-38850 + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3328/snapd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f411f905 by Salvatore Bonaccorso at 2022-11-30T22:36:15+01:00 Add CVE-2022-3328/snapd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15573,6 +15573,12 @@ CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC NOT-FOR-US: Intel CVE-2022-3328 RESERVED + - snapd + NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/d9d8c2f6f6c0310bd10e3061030e8bf9e9e49949 (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/1816f8dd9e33c252b6aa6c7e6205baa9161c2d4c (2.57.6) + NOTE: https://github.com/snapcore/snapd/releases/tag/2.57.6 CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...) - rdiffweb (bug #969974) CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f411f90594ade91290eaba5196fc302febc7154e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f411f90594ade91290eaba5196fc302febc7154e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] issue DLA-3214-1 for libraw
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker Commits: 245c2a39 by Helmut Grohne at 2022-11-30T21:56:35+01:00 issue DLA-3214-1 for libraw - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -163032,7 +163032,7 @@ CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference vulner NOTE: https://github.com/LibRaw/LibRaw/issues/335#issuecomment-677637276 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version 20.0 LibRaw::Ge ...) - libraw 0.20.2-1 - [buster] - libraw (Minor issue) + [buster] - libraw (Hassleblad data parser added in 0.20) [stretch] - libraw (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/334 NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee @@ -183716,7 +183716,6 @@ CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfac CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) [experimental] - libraw 0.20.0-1 - libraw 0.20.0-4 (bug #964747) - [buster] - libraw (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[30 Nov 2022] DLA-3214-1 libraw - security update + {CVE-2020-15503} + [buster] - libraw 0.19.2-2+deb10u2 [29 Nov 2022] DLA-3213-1 krb5 - security update {CVE-2022-42898} [buster] - krb5 1.17-3+deb10u5 = data/dla-needed.txt = @@ -121,10 +121,6 @@ libpgjava NOTE: 20221128: Please check, whether CVE-2022-41946 affects modern systems (gladk). NOTE: 20221128: If not - please mark it as (gladk). -- -libraw - NOTE: 20221129: Programming language: C++. - NOTE: 20221129: VCS: https://salsa.debian.org/lts-team/packages/libraw.git --- libreoffice NOTE: 20221012: Programming language: C++. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245c2a3955a3dafe6de3d55f4c41da07cff276c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245c2a3955a3dafe6de3d55f4c41da07cff276c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46149/capnproto
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c75522da by Salvatore Bonaccorso at 2022-11-30T21:42:15+01:00 Add CVE-2022-46149/capnproto - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -585,7 +585,9 @@ CVE-2022-46151 CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) - TODO: check + - capnproto + NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx + NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75522dae9c7162ea2a8656983fb8b6835676079 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75522dae9c7162ea2a8656983fb8b6835676079 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6196d5 by Salvatore Bonaccorso at 2022-11-30T21:35:58+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,19 +39,19 @@ CVE-2022-4236 CVE-2022-4235 RESERVED CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...) - TODO: check + NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...) - TODO: check + NOT-FOR-US: SourceCodester Event Registration System CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Event Registration System CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Tribal Systems Zenario CMS CVE-2022-4230 RESERVED CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...) - TODO: check + NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4227 RESERVED CVE-2022-4226 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6196d5987610994d885411967eb9709a54ba09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6196d5987610994d885411967eb9709a54ba09 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-41912/golang-github-crewjam-saml
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b0920a3 by Salvatore Bonaccorso at 2022-11-30T21:20:23+01:00 Add Debian bug reference for CVE-2022-41912/golang-github-crewjam-saml - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14625,7 +14625,7 @@ CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizatio CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...) NOT-FOR-US: Discourse plugin CVE-2022-41912 (The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...) - - golang-github-crewjam-saml + - golang-github-crewjam-saml (bug #1025187) NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g NOTE: https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b (v0.4.9) CVE-2022-41911 (TensorFlow is an open source platform for machine learning. When print ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0920a36f3bbe3801626ea36bb071db69183216 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0920a36f3bbe3801626ea36bb071db69183216 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: add796c4 by security tracker role at 2022-11-30T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2022-46359 + RESERVED +CVE-2022-46358 + RESERVED +CVE-2022-46357 + RESERVED +CVE-2022-46356 + RESERVED +CVE-2022-46355 + RESERVED +CVE-2022-46354 + RESERVED +CVE-2022-46353 + RESERVED +CVE-2022-46352 + RESERVED +CVE-2022-46351 + RESERVED +CVE-2022-46350 + RESERVED +CVE-2022-46349 + RESERVED +CVE-2022-46348 + RESERVED +CVE-2022-46347 + RESERVED +CVE-2022-46346 + RESERVED +CVE-2022-46345 + RESERVED +CVE-2022-4239 + RESERVED +CVE-2022-4238 + RESERVED +CVE-2022-4237 + RESERVED +CVE-2022-4236 + RESERVED +CVE-2022-4235 + RESERVED +CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...) + TODO: check +CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...) + TODO: check +CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2022-4230 + RESERVED +CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...) + TODO: check +CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-4227 + RESERVED +CVE-2022-4226 + RESERVED +CVE-2022-4225 + RESERVED +CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...) + TODO: check CVE-2022-46344 RESERVED CVE-2022-46343 @@ -522,8 +584,8 @@ CVE-2022-46151 RESERVED CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse -CVE-2022-46149 - RESERVED +CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) + TODO: check CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) @@ -1266,8 +1328,8 @@ CVE-2022-45844 RESERVED CVE-2022-45843 RESERVED -CVE-2022-45842 - RESERVED +CVE-2022-45842 (Unauth. Race Condition vulnerability in WP ULike Plugin = 4.6.4 on ...) + TODO: check CVE-2022-45841 RESERVED CVE-2022-45840 @@ -4557,8 +4619,8 @@ CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injec NOT-FOR-US: Betheme theme for WordPress CVE-2022-3860 RESERVED -CVE-2022-3859 - RESERVED +CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...) + TODO: check CVE-2022-3858 RESERVED CVE-2022-3857 [Null pointer dereference leads to segmentation fault] @@ -6737,12 +6799,12 @@ CVE-2022-44298 RESERVED CVE-2022-44297 RESERVED -CVE-2022-44296 - RESERVED -CVE-2022-44295 - RESERVED -CVE-2022-44294 - RESERVED +CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-44293 RESERVED CVE-2022-44292 @@ -7027,8 +7089,8 @@ CVE-2022-44153 RESERVED CVE-2022-44152 RESERVED -CVE-2022-44151 - RESERVED +CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-44150 RESERVED CVE-2022-44149 @@ -7057,8 +7119,8 @@ CVE-2022-44138 RESERVED CVE-2022-44137 RESERVED -CVE-2022-44136 - RESERVED +CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). ...) + TODO: check CVE-2022-44135 RESERVED CVE-2022-44134 @@ -22302,12 +22364,12 @@ CVE-2022-38805 RESERVED CVE-2022-38804 RESERVED -CVE-2022-38803 - RESERVED -CVE-2022-38802 - RESERVED -CVE-2022-38801 - RESERVED +CVE-2022-38803 (Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...) + TODO: check +CVE-2022-38802 (Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...) + TODO: check +CVE-2022-38801 (In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijac ...) + TODO: check CVE-2022-38800 RESERVED CVE-2022-38799 @@ -25094,8 +25156,8 @@ CVE-2022-37934 RESERVED
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-41912/golang-github-crewjam-saml
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51c80714 by Salvatore Bonaccorso at 2022-11-30T20:56:56+01:00 Add CVE-2022-41912/golang-github-crewjam-saml - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14563,7 +14563,9 @@ CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizatio CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...) NOT-FOR-US: Discourse plugin CVE-2022-41912 (The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...) - TODO: check + - golang-github-crewjam-saml + NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g + NOTE: https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b (v0.4.9) CVE-2022-41911 (TensorFlow is an open source platform for machine learning. When print ...) - tensorflow (bug #804612) CVE-2022-41910 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c80714ef40783f7076b649dfecd6be5edb8061 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c80714ef40783f7076b649dfecd6be5edb8061 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c14e2786 by Salvatore Bonaccorso at 2022-11-30T20:55:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2969,19 +2969,19 @@ CVE-2022-45309 CVE-2022-45308 RESERVED CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and below grant ...) - TODO: check + NOT-FOR-US: Chocolatey PHP package CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.21 ...) - TODO: check + NOT-FOR-US: Chocolatey Azure-Pipelines-Agent package CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and below g ...) - TODO: check + NOT-FOR-US: Chocolatey Python3 package CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and below gra ...) - TODO: check + NOT-FOR-US: Chocolatey Cmder package CVE-2022-45303 RESERVED CVE-2022-45302 RESERVED CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below gra ...) - TODO: check + NOT-FOR-US: Chocolatey Ruby package CVE-2022-45300 RESERVED CVE-2022-45299 @@ -4027,7 +4027,7 @@ CVE-2022-44939 CVE-2022-44938 RESERVED CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery ...) - TODO: check + NOT-FOR-US: BossCMS CVE-2022-44936 RESERVED CVE-2022-44935 @@ -6618,11 +6618,11 @@ CVE-2022-44358 CVE-2022-44357 RESERVED CVE-2022-44356 (WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030 ...) - TODO: check + NOT-FOR-US: WAVLINK CVE-2022-44355 (SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via ...) - TODO: check + NOT-FOR-US: SolarView Compact CVE-2022-44354 (SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Uploa ...) - TODO: check + NOT-FOR-US: SolarView Compact CVE-2022-44353 RESERVED CVE-2022-44352 @@ -6772,7 +6772,7 @@ CVE-2022-44281 CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Scripting (X ...) - TODO: check + NOT-FOR-US: Garage Management System CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44277 @@ -7136,9 +7136,9 @@ CVE-2022-44099 CVE-2022-44098 RESERVED CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain hardcoded ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain hardcode ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-44095 RESERVED CVE-2022-44094 @@ -7254,7 +7254,7 @@ CVE-2022-44040 CVE-2022-44039 RESERVED CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remo ...) - TODO: check + NOT-FOR-US: Russound XSourcePlayer 777D CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...) TODO: check CVE-2022-44036 @@ -14134,7 +14134,7 @@ CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...) NOT-FOR-US: Liferay CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain a SQL in ...) - TODO: check + NOT-FOR-US: Online-shopping-system-advanced CVE-2022-42108 RESERVED CVE-2022-42107 @@ -14152,9 +14152,9 @@ CVE-2022-42102 CVE-2022-42101 RESERVED CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) - TODO: check + NOT-FOR-US: KLiK SocialMediaWebsit CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) - TODO: check + NOT-FOR-US: KLiK SocialMediaWebsit CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...) NOT-FOR-US: KLiK SocialMediaWebsite CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) @@ -14447,7 +14447,7 @@ CVE-2022-41967 CVE-2022-41966 RESERVED CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...) - TODO: check + NOT-FOR-US: Opencast CVE-2022-41964 RESERVED CVE-2022-41963 @@ -14463,7 +14463,7 @@ CVE-2022-41959 CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...) NOT-FOR-US: super-xray CVE-2022-41957 (Muhammara is a node
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-4139
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ab08eee by Salvatore Bonaccorso at 2022-11-30T20:42:41+01:00 Reference upstream commit for CVE-2022-4139 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1117,6 +1117,7 @@ CVE-2022-4139 RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1 + NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550 CVE-2022-45897 RESERVED CVE-2022-45896 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab08eee972582f51a449e3a1d9263df73f67a73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab08eee972582f51a449e3a1d9263df73f67a73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4139/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b39efcf by Salvatore Bonaccorso at 2022-11-30T15:47:51+01:00 Add CVE-2022-4139/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1115,6 +1115,8 @@ CVE-2022-4140 RESERVED CVE-2022-4139 RESERVED + - linux + NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1 CVE-2022-45897 RESERVED CVE-2022-45896 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b39efcf5f87d703f33e6f17f5fe00899f55eb60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b39efcf5f87d703f33e6f17f5fe00899f55eb60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add closing commit for CVE-2021-4219/imagemagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: e77db619 by Roberto C. Sánchez at 2022-11-30T07:44:10-05:00 Add closing commit for CVE-2021-4219/imagemagick - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -60962,6 +60962,7 @@ CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue, DoS) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7f1b2b9b816baaa956381ff80c3b120e83faa95 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77db6194ab9c97d970bd7c8b9dde074912da861 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77db6194ab9c97d970bd7c8b9dde074912da861 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 85f3014e by Salvatore Bonaccorso at 2022-11-30T11:34:40+01:00 Process NFUs - - - - - bd6a0a02 by Salvatore Bonaccorso at 2022-11-30T11:37:03+01:00 Add CVE-2022-45332/libredwg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2022-4224 CVE-2022-4223 RESERVED CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...) - TODO: check + NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4221 RESERVED CVE-2022-4220 @@ -2297,7 +2297,7 @@ CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable t CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...) - TODO: check + NOT-FOR-US: Appointment Hour Booking Plugin for WordPress CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...) NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...) @@ -2916,7 +2916,7 @@ CVE-2022-45334 CVE-2022-45333 RESERVED CVE-2022-45332 (LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow ...) - TODO: check + - libredwg (bug #595191) CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) @@ -2924,7 +2924,7 @@ CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Church Management System CVE-2022-45327 RESERVED CVE-2022-45326 @@ -3132,13 +3132,13 @@ CVE-2022-45226 CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2022-45224 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) - TODO: check + NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45223 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) - TODO: check + NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45222 RESERVED CVE-2022-45221 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) - TODO: check + NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45220 RESERVED CVE-2022-45219 @@ -3152,7 +3152,7 @@ CVE-2022-45216 CVE-2022-45215 RESERVED CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-45213 RESERVED CVE-2022-45212 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82ab383d1f75d9ba27ec3d1cf89e7a70c6b2e9c4...bd6a0a021d70f91e3644210a2c185ba24f0b7932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82ab383d1f75d9ba27ec3d1cf89e7a70c6b2e9c4...bd6a0a021d70f91e3644210a2c185ba24f0b7932 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82ab383d by Salvatore Bonaccorso at 2022-11-30T10:52:48+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2293,25 +2293,25 @@ CVE-2022-45448 CVE-2022-45447 RESERVED CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...) - TODO: check + NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) - TODO: check + NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...) TODO: check CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...) - TODO: check + NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...) - TODO: check + NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2022-4031 (The Simple:Press plugin for WordPress is vulnerable to arbitrary file ...) - TODO: check + NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4030 (The Simple:Press plugin for WordPress is vulnerable to Path Traversal ...) - TODO: check + NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4029 (The Simple:Press plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4028 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4026 RESERVED CVE-2022-4025 @@ -2434,7 +2434,7 @@ CVE-2022-45113 CVE-2022-43660 RESERVED CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...) - TODO: check + NOT-FOR-US: TeraWallet plugin for WordPress CVE-2022-3994 RESERVED CVE-2023-21518 @@ -2906,7 +2906,7 @@ CVE-2022-45339 CVE-2022-45338 RESERVED CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45336 RESERVED CVE-2022-45335 @@ -3186,7 +3186,7 @@ CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository ka CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: Photospace Gallery plugin for WordPress CVE-2022-3990 RESERVED CVE-2022-3989 @@ -3737,11 +3737,11 @@ CVE-2022-45046 CVE-2022-3899 RESERVED CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...) - TODO: check + NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to Reflec ...) - TODO: check + NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...) NOT-FOR-US: BlueSpice CVE-2022-3894 @@ -7401,7 +7401,7 @@ CVE-2022-3749 CVE-2022-3748 RESERVED CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: Becustom plugin for WordPress CVE-2022-3746 RESERVED CVE-2022-3745 @@ -14392,9 +14392,9 @@ CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3384 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) - TODO: check + NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-3383 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) - TODO: check + NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...) NOT-FOR-US: HIWIN Robot System Software CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...) @@ -14933,7 +14933,7 @@
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a6a9ed7f by Salvatore Bonaccorso at 2022-11-30T10:48:32+01:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +chromium -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6a9ed7fc9e8dec25125bab02a80bb6d8268b46d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6a9ed7fc9e8dec25125bab02a80bb6d8268b46d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e1920e7 by Salvatore Bonaccorso at 2022-11-30T10:47:28+01:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -207,53 +207,75 @@ CVE-2022-4197 CVE-2022-4196 RESERVED CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-41795 RESERVED CVE-2022-41793 RESERVED CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2022-4173 RESERVED CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the ACPI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1920e7282e56a60c602432ade7183b2adfa67b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1920e7282e56a60c602432ade7183b2adfa67b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-28483 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 04349b1c by Salvatore Bonaccorso at 2022-11-30T10:36:08+01:00 Track fixed version for CVE-2020-28483 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -151745,7 +151745,7 @@ CVE-2020-28485 CVE-2020-28484 RESERVED CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...) - - golang-github-gin-gonic-gin (bug #988943) + - golang-github-gin-gonic-gin 1.8.1-1 (bug #988943) [bullseye] - golang-github-gin-gonic-gin (Minor issue) [buster] - golang-github-gin-gonic-gin (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04349b1cc37414c0967ff098db9591843db99b1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04349b1cc37414c0967ff098db9591843db99b1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-formidable fixed in sid, thanks yadd!
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6399435f by Moritz Muehlenhoff at 2022-11-30T09:18:43+01:00 node-formidable fixed in sid, thanks yadd! - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48061,7 +48061,7 @@ CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...) NOT-FOR-US: expressjs/connect-multiparty CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...) - - node-formidable (unimportant; bug #1011341) + - node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (unimportant; bug #1011341) NOTE: https://github.com/node-formidable/formidable/issues/856 NOTE: https://medium.com/@zsolt.imre/cve-2022-29622-in-vulnerability-analysis-5cf783c3721 CVE-2022-29621 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6399435f397b572f71fb15953e7c4b65f309cc2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6399435f397b572f71fb15953e7c4b65f309cc2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2db1c65 by security tracker role at 2022-11-30T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2022-46344 + RESERVED +CVE-2022-46343 + RESERVED +CVE-2022-46342 + RESERVED +CVE-2022-46341 + RESERVED +CVE-2022-46340 + RESERVED +CVE-2022-46339 + RESERVED +CVE-2022-4224 + RESERVED +CVE-2022-4223 + RESERVED +CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...) + TODO: check +CVE-2022-4221 + RESERVED +CVE-2022-4220 + RESERVED +CVE-2022-4219 + RESERVED +CVE-2022-4218 + RESERVED +CVE-2022-4217 + RESERVED +CVE-2022-4216 + RESERVED +CVE-2022-4215 + RESERVED +CVE-2022-4214 + RESERVED +CVE-2022-4213 + RESERVED +CVE-2022-4212 + RESERVED +CVE-2022-4211 + RESERVED +CVE-2022-4210 + RESERVED +CVE-2022-4209 + RESERVED +CVE-2022-4208 + RESERVED +CVE-2022-41985 + RESERVED CVE-2022-46337 RESERVED CVE-2022-46336 @@ -65,7 +113,7 @@ CVE-2022-4202 (A vulnerability, which was classified as problematic, was found i TODO: check details CVE-2021-46856 RESERVED -CVE-2022-46338 [g810 insecure device permissions] +CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) CVE-2022-46309 @@ -158,54 +206,54 @@ CVE-2022-4197 RESERVED CVE-2022-4196 RESERVED -CVE-2022-4195 - RESERVED -CVE-2022-4194 - RESERVED -CVE-2022-4193 - RESERVED -CVE-2022-4192 - RESERVED -CVE-2022-4191 - RESERVED -CVE-2022-4190 - RESERVED -CVE-2022-4189 - RESERVED -CVE-2022-4188 - RESERVED -CVE-2022-4187 - RESERVED -CVE-2022-4186 - RESERVED -CVE-2022-4185 - RESERVED -CVE-2022-4184 - RESERVED -CVE-2022-4183 - RESERVED -CVE-2022-4182 - RESERVED -CVE-2022-4181 - RESERVED -CVE-2022-4180 - RESERVED +CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) + TODO: check +CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) + TODO: check +CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + TODO: check +CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) + TODO: check +CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) + TODO: check +CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) + TODO: check +CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + TODO: check +CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) + TODO: check +CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) + TODO: check +CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) + TODO: check +CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) + TODO: check +CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + TODO: check +CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) + TODO: check +CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) + TODO: check +CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) + TODO: check +CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + TODO: check CVE-2022-41795 RESERVED CVE-2022-41793 RESERVED -CVE-2022-4179 - RESERVED -CVE-2022-4178 - RESERVED -CVE-2022-4177 - RESERVED -CVE-2022-4176 - RESERVED -CVE-2022-4175 - RESERVED -CVE-2022-4174 - RESERVED +CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) + TODO: check +CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + TODO: check +CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...) + TODO: check +CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...) + TODO: check +CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...) + TODO: check +CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...) +