[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add fusiondirectory to dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: ba6f0df3 by Anton Gladky at 2022-12-03T22:31:20+01:00 LTS: add fusiondirectory to dla-needed.txt - - - - - dd890a05 by Anton Gladky at 2022-12-03T23:44:09+01:00 LTS: add libetpan to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,13 @@ exiv2 firmware-nonfree (Markus Koschany) NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. -- +fusiondirectory + NOTE: 20221203: Programming language: PHP. + NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk). + NOTE: 20221203: Two CVEs have only mitigation, fix in a new version (gladk). + NOTE: 20221203: Also the package was removed from sid recently (gladk). + NOTE: 20221203: Feel free to marke both CVEs as , if they are not too serious (gladk). +-- fwupd (Stefano Rivera) NOTE: 20221003: Programming language: C++. -- @@ -107,6 +114,10 @@ libde265 NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk) NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk) -- +libetpan + NOTE: 20221203: Programming language: C++. + NOTE: 20221203: VCS: https://salsa.debian.org/lts-team/packages/libetpan.git +-- libreoffice NOTE: 20221012: Programming language: C++. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/51cca91dbdfed80ffe83a94e875befce8d3e704b...dd890a054bb9581b552a2c546f5786631bf7784c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/51cca91dbdfed80ffe83a94e875befce8d3e704b...dd890a054bb9581b552a2c546f5786631bf7784c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Claim hsqldb in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: db12bfbd by Markus Koschany at 2022-12-03T22:20:04+01:00 Claim hsqldb in dla-needed.txt - - - - - 5a4c54c5 by Markus Koschany at 2022-12-03T22:22:56+01:00 Remove android-platform-system-core from dla-needed.txt Minor issue. Requires a compromised adb daemon and root privileges to cause any harm and automated use cases are unlikely for the Debian version of Platform Tools. - - - - - 5fdb3c44 by Markus Koschany at 2022-12-03T22:28:41+01:00 Claim jqueryui in dla-needed.txt - - - - - 51cca91d by Markus Koschany at 2022-12-03T22:29:49+01:00 CVE-2022-3168,CVE-2022-20128,android-platform-system-core: Buster is no-dsa Minor issue - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -19384,6 +19384,7 @@ CVE-2022-3168 - android-platform-tools - android-platform-system-core [bullseye] - android-platform-system-core (Minor issue) + [buster] - android-platform-system-core (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...) - openvswitch (bug #1021740) @@ -86873,6 +86874,7 @@ CVE-2022-20128 - android-platform-tools - android-platform-system-core [bullseye] - android-platform-system-core (Minor issue) + [buster] - android-platform-system-core (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...) NOT-FOR-US: Android = data/dla-needed.txt = @@ -12,13 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. --- -android-platform-system-core - NOTE: 20221102: Programming language: C++. - NOTE: 20221102: VCS: https://salsa.debian.org/lts-team/packages/android-platform-system-core.git - NOTE: 20221102: The package in buster is likely affected but since no known fix is available it is hard to tell without running the proof of concept code. - NOTE: 20221102: Consider ignoring this if Debian Security team see the CVEs as minor. (ola) - NOTE: 20221103: Both PoCs (CVE-2022-20128 & CVE-2022-3168) work for me in buster (Beuc/front-desk) -- ceph NOTE: 20221031: Programming language: C++. @@ -76,7 +69,7 @@ golang-websocket NOTE: 20220915: 1 CVE fixed in stretch and bullseye (golang-github-gorilla-websocket) (Beuc/front-desk) NOTE: 20220915: Special attention: limited support; requires rebuilding reverse dependencies -- -hsqldb +hsqldb (Markus Koschany) NOTE: 20221031: Programming language: Java. NOTE: 20221031: To be investigated further. A possible outcome is to ignore it. NOTE: 20221031: https://lists.debian.org/debian-lts/2022/10/msg00060.html. @@ -91,7 +84,7 @@ jhead (Markus Koschany) NOTE: 20221031: Note that multiple options are vulnerable. The attacker have to trick someone to execute the command but arbitrary code exectuion is not good.. NOTE: 20221031: It should be stated in the DLA that multiple options are affected.. -- -jqueryui +jqueryui (Markus Koschany) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.2 (and jessie/elts) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d635d1226076a791464775edc577dc76c08a33f...51cca91dbdfed80ffe83a94e875befce8d3e704b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d635d1226076a791464775edc577dc76c08a33f...51cca91dbdfed80ffe83a94e875befce8d3e704b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d635d12 by Salvatore Bonaccorso at 2022-12-03T21:21:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Dot Tech Smart Campus System CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-4278 (A vulnerability was found in SourceCodester Book Store Management Syst ...) - TODO: check + NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management System. It ...) - TODO: check + NOT-FOR-US: Shaoxing Background Management System CVE-2022-4276 (A vulnerability was found in House Rental System and classified as cri ...) - TODO: check + NOT-FOR-US: House Rental System CVE-2022-4275 (A vulnerability has been found in House Rental System and classified a ...) - TODO: check + NOT-FOR-US: House Rental System CVE-2022-4274 (A vulnerability, which was classified as critical, was found in House ...) - TODO: check + NOT-FOR-US: House Rental System CVE-2022-4273 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...) TODO: check CVE-2022-45124 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d635d1226076a791464775edc577dc76c08a33f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d635d1226076a791464775edc577dc76c08a33f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3491/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e859a264 by Salvatore Bonaccorso at 2022-12-03T21:17:20+01:00 Add CVE-2022-3491/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12614,7 +12614,9 @@ CVE-2022-3493 (A vulnerability, which was classified as problematic, has been fo CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-3491 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - TODO: check + - vim 2:9.0.0813-1 + NOTE: https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb + NOTE: https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041 (v9.0.0742) CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e859a264b2a0d28a90c8704ddea73bf8e4ed4ea8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e859a264b2a0d28a90c8704ddea73bf8e4ed4ea8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed73055e by security tracker role at 2022-12-03T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-4278 (A vulnerability was found in SourceCodester Book Store Management Syst ...) + TODO: check +CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management System. It ...) + TODO: check +CVE-2022-4276 (A vulnerability was found in House Rental System and classified as cri ...) + TODO: check +CVE-2022-4275 (A vulnerability has been found in House Rental System and classified a ...) + TODO: check +CVE-2022-4274 (A vulnerability, which was classified as critical, was found in House ...) + TODO: check +CVE-2022-4273 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...) + TODO: check CVE-2022-45124 RESERVED CVE-2022-45115 @@ -590,51 +608,67 @@ CVE-2022-4197 CVE-2022-4196 RESERVED CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-41795 @@ -642,21 +676,27 @@ CVE-2022-41795 CVE-2022-41793 RESERVED CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) + {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + {DSA-5293-1} - chromium
[Git][security-tracker-team/security-tracker][master] Update status for vlc in dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47f6b490 by Salvatore Bonaccorso at 2022-12-03T21:02:06+01:00 Update status for vlc in dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -66,6 +66,7 @@ sox tiff -- vlc + Maintainer proposed update for review, to be acked for upload -- xfce4-settings (corsac) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47f6b490a9abf37e445ec0acbf0e47b61cf2d694 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47f6b490a9abf37e445ec0acbf0e47b61cf2d694 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-29167/node-hawk via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 282a0184 by Salvatore Bonaccorso at 2022-12-03T20:54:31+01:00 Track fixed version for CVE-2022-29167/node-hawk via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50170,7 +50170,7 @@ CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Version CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...) NOT-FOR-US: wire-webapp CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...) - - node-hawk + - node-hawk 9.0.1-1 NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq NOTE: https://github.com/mozilla/hawk/pull/286 NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/282a0184ce13792285039e34c09f7cd4090387a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/282a0184ce13792285039e34c09f7cd4090387a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for CVE-2022-46149/capnproto
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c9410761 by Salvatore Bonaccorso at 2022-12-03T19:01:46+01:00 Track fixed version via experimental for CVE-2022-46149/capnproto - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -906,6 +906,7 @@ CVE-2022-46151 CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) + [experimental] - capnproto 0.9.2-1 - capnproto - rust-capnp NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9410761fc5004cee4badc23a9152b363c8b9abc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9410761fc5004cee4badc23a9152b363c8b9abc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Associate CVE-2022-29167 with node-hawk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26e773ad by Salvatore Bonaccorso at 2022-12-03T18:52:48+01:00 Associate CVE-2022-29167 with node-hawk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50169,7 +50169,10 @@ CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Version CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...) NOT-FOR-US: wire-webapp CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...) - NOT-FOR-US: Hawk (mozilla/hawk, different from itp'ed hawk, #634344) + - node-hawk + NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq + NOTE: https://github.com/mozilla/hawk/pull/286 + NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3 CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...) NOT-FOR-US: Matrix-appservice-bridge CVE-2022-29165 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e773ad96ddbc72f4b43d005a874aa4f409c7db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e773ad96ddbc72f4b43d005a874aa4f409c7db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: claim node-cached-path-relative in dla-needed.txt
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 15130fcf by Guilhem Moulin at 2022-12-03T17:49:44+01:00 LTS: claim node-cached-path-relative in dla-needed.txt - - - - - 9fbd781d by Guilhem Moulin at 2022-12-03T17:49:44+01:00 LTS: claim node-eventsource in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -158,14 +158,14 @@ nextcloud-desktop NOTE: 20221128: VCS: https://salsa.debian.org/owncloud-team/nextcloud-desktop NOTE: 20221128: Please coordinate with maintainer the usage of their git-repo (gladk). -- -node-cached-path-relative +node-cached-path-relative (guilhem) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.3 (Beuc/front-desk) -- node-css-what NOTE: 20221031: Programming language: Javascript. -- -node-eventsource +node-eventsource (guilhem) NOTE: 2022: Programming language: JavaScript. NOTE: 2022: Follow fixes from bullseye 11.4 (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a9487a265227c3d4181511570bdf61889ce4c8e2...9fbd781ddfb58fea54bbcc951e00429ce9c64f68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a9487a265227c3d4181511570bdf61889ce4c8e2...9fbd781ddfb58fea54bbcc951e00429ce9c64f68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: ceph: reference zigo's e-mail
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: a9487a26 by Sylvain Beucler at 2022-12-03T17:12:19+01:00 dla: ceph: reference zigos e-mail - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,10 @@ android-platform-system-core ceph NOTE: 20221031: Programming language: C++. NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system. - NOTE: 20221031: What should be checked is whether any user with ceph permission can do the actions described in the exploit. + NOTE: 20221031: What should be checked is whether any user with ceph permission can do the actions described in the exploit. (ola/front-desk) + NOTE: 20221130: CVE-2022-3650: The patch is kind of trivial Python stuff backporting work. + NOTE: 20221130: Can someone take care of it in Buster? I'm currently building the Bullseye backport of the fix... + NOTE: 20221130: https://lists.debian.org/debian-lts/2022/11/msg00025.html (zigo/maintainer) -- consul NOTE: 20221031: Programming language: Go. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9487a265227c3d4181511570bdf61889ce4c8e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9487a265227c3d4181511570bdf61889ce4c8e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2013-1841/libnet-server-perl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30f36a86 by Salvatore Bonaccorso at 2022-12-03T16:23:08+01:00 Update information for CVE-2013-1841/libnet-server-perl Consider it as fixed with the upstream version adding code and configuration for double_reverse_lookups. Upstream does not enable the checks by default but they need to be set by consumers trough reverse_lookups=double or double_reverse_lookups=1. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -484869,7 +484869,7 @@ CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5 {DSA-2646-1} - typo3-src 4.5.19+dfsg1-5 (bug #702574) CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...) - - libnet-server-perl (low; bug #702914) + - libnet-server-perl 2.013-1 (low; bug #702914) [bullseye] - libnet-server-perl (Minor issue) [buster] - libnet-server-perl (Minor issue) [stretch] - libnet-server-perl (Minor issue) @@ -484877,6 +484877,9 @@ CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not [wheezy] - libnet-server-perl (Minor issue) [squeeze] - libnet-server-perl (Minor issue) NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909 + NOTE: 2.011 upstream adds 'double_reverse_lookups' configuration and code as fix + NOTE: for the issue, but does not enable the checks by default. They need to be + NOTE: enabled by consumers by setting 'reverse_lookups=double' or double_reverse_lookups=1'. CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...) - glance 2012.1.1-5 (bug #703063) CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x befo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f36a86ed316a49820c803010dd0f937ab10fcf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f36a86ed316a49820c803010dd0f937ab10fcf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1850535 by Salvatore Bonaccorso at 2022-12-03T15:34:31+01:00 Add chromium to dsa-needed list Unfortunately on 2th december there was another out of order stable channel update for chromium, for CVE-2022-4262 and only fixed in 108.0.5359.94. Link: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +chromium -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18505350c1b9fc9d2e91d7c0f7e643fc1bc44fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18505350c1b9fc9d2e91d7c0f7e643fc1bc44fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fda3aeb by Moritz Mühlenhoff at 2022-12-03T15:15:59+01:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[03 Dec 2022] DSA-5293-1 chromium - security update + {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195} + [bullseye] - chromium 108.0.5359.71-2~deb11u1 [01 Dec 2022] DSA-5292-1 snapd - security update {CVE-2022-3328} [bullseye] - snapd 2.49-1+deb11u2 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -chromium -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fda3aebc721d9bb633bd6bc894c597590aab260 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fda3aebc721d9bb633bd6bc894c597590aab260 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83776095 by Salvatore Bonaccorso at 2022-12-03T10:36:24+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2550,9 +2550,9 @@ CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as pro NOTE: Introduced after: https://github.com/petergoldstein/dalli/commit/5588d98f79eb04a9abcaeeff3263e08f93468b30 (v3.2.0) NOTE: Fixed by: https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d (v3.2.3) CVE-2022-45483 (Lazy Mouse allows an attacker (in a man in the middle position between ...) - TODO: check + NOT-FOR-US: Lazy Mouse CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and doesn't impl ...) - TODO: check + NOT-FOR-US: Lazy Mouse CVE-2022-45481 RESERVED CVE-2022-45480 (PC Keyboard WiFi Bluetooth allows an attacker (in a man-in-the-m ...) @@ -4383,43 +4383,43 @@ CVE-2022-44964 CVE-2022-44963 RESERVED CVE-2022-44962 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44961 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44960 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44959 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44958 RESERVED CVE-2022-44957 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44956 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44955 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44954 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44953 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44952 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44951 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44950 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44949 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44948 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44947 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44946 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44945 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44944 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2022-44943 RESERVED CVE-2022-44942 @@ -7155,9 +7155,9 @@ CVE-2022-44293 CVE-2022-44292 RESERVED CVE-2022-44291 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44290 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: webtareas CVE-2022-44289 RESERVED CVE-2022-44288 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8377609594ac1ff078cc02902a68f988780fae72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8377609594ac1ff078cc02902a68f988780fae72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4269/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92dfc2bb by Salvatore Bonaccorso at 2022-12-03T10:32:49+01:00 Add CVE-2022-4269/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,6 +40,8 @@ CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files We NOT-FOR-US: M-Files Web CVE-2022-4269 RESERVED + - linux + NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcara...@redhat.com/ CVE-2022-4268 RESERVED CVE-2022-4267 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92dfc2bbdfa56c55568c329a0d6675888483da23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92dfc2bbdfa56c55568c329a0d6675888483da23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-24999/node-qs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bec812f9 by Salvatore Bonaccorso at 2022-12-03T10:10:45+01:00 Add CVE-2022-24999/node-qs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62241,7 +62241,8 @@ CVE-2022-25001 CVE-2022-25000 RESERVED CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...) - TODO: check + - node-qs 6.10.3+ds+~6.9.7-1 + NOTE: https://github.com/ljharb/qs/pull/428 CVE-2022-24998 RESERVED CVE-2022-24997 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bec812f9ec68a9b3127deb0ee73aa160867341c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bec812f9ec68a9b3127deb0ee73aa160867341c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4262/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3913e128 by Salvatore Bonaccorso at 2022-12-03T10:03:08+01:00 Add CVE-2022-4262/chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159,7 +159,8 @@ CVE-2023-21575 CVE-2023-21574 RESERVED CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...) - TODO: check + - chromium + [buster] - chromium (see DSA 5046) CVE-2023-21573 RESERVED CVE-2023-21572 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3913e12862d00ef00318f7ae939ab81ef2319f04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3913e12862d00ef00318f7ae939ab81ef2319f04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-23922 as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eab6c33b by Salvatore Bonaccorso at 2022-12-03T09:33:22+01:00 Mark CVE-2020-23922 as unimportant Not clear reproducible, but impact is negligible. Err rather on the safe side, but mark it unimportant as it only affects gif2rgb crashing. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -165956,11 +165956,9 @@ CVE-2020-23924 CVE-2020-23923 RESERVED CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...) - - giflib (bug #988151) - [bullseye] - giflib (Minor issue) - [buster] - giflib (Minor issue) - [stretch] - giflib (Minor issue) + - giflib (unimportant; bug #988151) NOTE: https://sourceforge.net/p/giflib/bugs/151/ + NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...) NOT-FOR-US: fast_ber CVE-2020-23920 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2022-45939/emacs via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1adab03 by Salvatore Bonaccorso at 2022-12-03T09:24:29+01:00 Add fixed version for CVE-2022-45939/emacs via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1387,7 +1387,7 @@ CVE-2022-45941 CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) - - emacs (bug #1025009) + - emacs 1:28.2+1-8 (bug #1025009) NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1adab03be0ab65b9c3e43ba78ca828616af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1adab03be0ab65b9c3e43ba78ca828616af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 678ab69b by Salvatore Bonaccorso at 2022-12-03T09:18:58+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -393,31 +393,31 @@ CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management Sy CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Asus NAS-M25 CVE-2022-4220 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4219 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4218 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4217 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4216 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4215 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4214 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4213 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4212 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4211 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4210 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-41985 RESERVED CVE-2022-46337 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/678ab69bae0eb3becd252ed479419f00e4610fe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/678ab69bae0eb3becd252ed479419f00e4610fe4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 877492e9 by security tracker role at 2022-12-03T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2022-45124 + RESERVED +CVE-2022-45115 + RESERVED +CVE-2022-43665 + RESERVED CVE-2022-46378 RESERVED CVE-2022-46377 @@ -152,8 +158,8 @@ CVE-2023-21575 RESERVED CVE-2023-21574 RESERVED -CVE-2022-4262 - RESERVED +CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...) + TODO: check CVE-2023-21573 RESERVED CVE-2023-21572 @@ -386,32 +392,32 @@ CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management Sy NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Asus NAS-M25 -CVE-2022-4220 - RESERVED -CVE-2022-4219 - RESERVED -CVE-2022-4218 - RESERVED -CVE-2022-4217 - RESERVED -CVE-2022-4216 - RESERVED -CVE-2022-4215 - RESERVED -CVE-2022-4214 - RESERVED -CVE-2022-4213 - RESERVED -CVE-2022-4212 - RESERVED -CVE-2022-4211 - RESERVED -CVE-2022-4210 - RESERVED -CVE-2022-4209 - RESERVED -CVE-2022-4208 - RESERVED +CVE-2022-4220 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2022-4219 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2022-4218 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2022-4217 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2022-4216 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2022-4215 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4214 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4213 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4212 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4211 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4210 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check CVE-2022-41985 RESERVED CVE-2022-46337 @@ -484,6 +490,7 @@ CVE-2022-4202 (A vulnerability, which was classified as problematic, was found i CVE-2021-46856 RESERVED CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) + {DLA-3217-1} - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) NOTE: https://github.com/MatMoul/g810-led/pull/297 @@ -4372,44 +4379,44 @@ CVE-2022-44964 RESERVED CVE-2022-44963 RESERVED -CVE-2022-44962 - RESERVED -CVE-2022-44961 - RESERVED -CVE-2022-44960 - RESERVED -CVE-2022-44959 - RESERVED +CVE-2022-44962 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44961 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44960 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44959 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check CVE-2022-44958 RESERVED -CVE-2022-44957 - RESERVED -CVE-2022-44956 - RESERVED -CVE-2022-44955 - RESERVED -CVE-2022-44954 - RESERVED -CVE-2022-44953 - RESERVED -CVE-2022-44952 - RESERVED -CVE-2022-44951 - RESERVED -CVE-2022-44950 - RESERVED -CVE-2022-44949 - RESERVED -CVE-2022-44948 - RESERVED -CVE-2022-44947 - RESERVED -CVE-2022-44946 - RESERVED -CVE-2022-44945 - RESERVED -CVE-2022-44944 - RESERVED +CVE-2022-44957 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44956 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44955 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2022-44954 (webtareas 2.4p5 was discovered to contain a cross-site scripting