[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-26068/pistache
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9053892e by Salvatore Bonaccorso at 2023-02-03T06:08:14+01:00 Update information for CVE-2022-26068/pistache - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74460,8 +74460,9 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...) - - pistache - TODO: check + - pistache (Fixed with initial upload to Debian) + NOTE: https://github.com/pistacheio/pistache/pull/1065 + NOTE: https://github.com/pistacheio/pistache/commit/4ba6da096611d11849aa37ee342c032a306ee885 (0.0.5) CVE-2022-26066 RESERVED CVE-2022-26063 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9053892eeeb4c1841673ca5e2297c4b486563905 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9053892eeeb4c1841673ca5e2297c4b486563905 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for three libde265 issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac4f4ef7 by Salvatore Bonaccorso at 2023-02-03T05:57:31+01:00 Track fixed version for three libde265 issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26472,8 +26472,9 @@ CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow NOTE: https://github.com/strukturag/libde265/issues/346 CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DLA-3280-1} - - libde265 (bug #1027179) + - libde265 1.0.11-1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/345 + NOTE: https://github.com/strukturag/libde265/pull/373 CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DLA-3280-1} - libde265 1.0.9-1.1 (bug #1025816) @@ -26484,8 +26485,9 @@ CVE-2022-43246 RESERVED CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violation via ...) {DLA-3280-1} - - libde265 (bug #1029357) + - libde265 1.0.11-1 (bug #1029357) NOTE: https://github.com/strukturag/libde265/issues/352 + NOTE: https://github.com/strukturag/libde265/commit/ad291690a8c92218b9e86738edd45ed64736b246 (v1.0.10) CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) @@ -186301,10 +186303,11 @@ CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma NOTE: https://github.com/strukturag/libde265/issues/238 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) {DLA-3280-1} - - libde265 (bug #1029397) + - libde265 1.0.11-1 (bug #1029397) [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/236 + NOTE: https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c (v1.0.10) CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) {DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4f4ef76d4c9f3751ac59a4a169476adb66fb9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4f4ef76d4c9f3751ac59a4a169476adb66fb9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-26068/pistache
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f8e69f4 by Henri Salo at 2023-02-03T05:48:54+02:00 CVE-2022-26068/pistache - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74458,7 +74458,8 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...) - - pistache (bug #929593) + - pistache + TODO: check CVE-2022-26066 RESERVED CVE-2022-26063 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8e69f4e07496dda9a4b4f12221517665ca5f13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 935d50d7078f37a082fafee2fdc3ea868ad22f06 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] note apr fix
Stefan Fritsch pushed to branch master at Debian Security Tracker / security-tracker Commits: 935d50d7 by Stefan Fritsch at 2023-02-03T00:01:39+01:00 note apr fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77604,7 +77604,7 @@ CVE-2022-24965 CVE-2022-24964 RESERVED CVE-2022-24963 (Integer Overflow or Wraparound vulnerability in apr_encode functions o ...) - - apr + - apr 1.7.2-1 NOTE: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 NOTE: http://svn.apache.org/r1904675 CVE-2022-24962 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d50d7078f37a082fafee2fdc3ea868ad22f06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935d50d7078f37a082fafee2fdc3ea868ad22f06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 108028de7bf8b44be5970ca10e9f97ed9e2e4658 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 108028de7bf8b44be5970ca10e9f97ed9e2e4658 failed
The error message was: data/CVE/list:74460: ITPed package pistache is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 108028de by Salvatore Bonaccorso at 2023-02-02T21:39:35+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -111,17 +111,17 @@ CVE-2023-0653 CVE-2023-0652 RESERVED CVE-2023-0651 (A vulnerability was found in FastCMS 0.1.0. It has been classified as ...) - TODO: check + NOT-FOR-US: FastCMS CVE-2023-0650 (A vulnerability was found in YAFNET up to 3.1.11 and classified as pro ...) - TODO: check + NOT-FOR-US: YAFNET CVE-2023-0649 (A vulnerability has been found in dst-admin 1.5.0 and classified as cr ...) - TODO: check + NOT-FOR-US: dst-admin CVE-2023-0648 (A vulnerability, which was classified as critical, was found in dst-ad ...) - TODO: check + NOT-FOR-US: dst-admin CVE-2023-0647 (A vulnerability, which was classified as critical, has been found in d ...) - TODO: check + NOT-FOR-US: dst-admin CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...) - TODO: check + NOT-FOR-US: dst-admin CVE-2023-0645 RESERVED CVE-2023-0644 @@ -131,15 +131,15 @@ CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub reposit CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...) TODO: check CVE-2023-0641 (A vulnerability was found in PHPGurukul Employee Leaves Management Sys ...) - TODO: check + NOT-FOR-US: PHPGurukul Employee Leaves Management System CVE-2023-0640 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0639 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classifie ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0638 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0637 (A vulnerability, which was classified as critical, was found in TRENDn ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0636 RESERVED CVE-2023-0635 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108028de7bf8b44be5970ca10e9f97ed9e2e4658 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108028de7bf8b44be5970ca10e9f97ed9e2e4658 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45f6d019 by Salvatore Bonaccorso at 2023-02-02T21:22:39+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43926,7 +43926,7 @@ CVE-2022-36769 CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses the wron ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2545 RESERVED CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45f6d0196ba45b68220009f2b746db7a02dd06a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45f6d0196ba45b68220009f2b746db7a02dd06a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e77da58 by security tracker role at 2023-02-02T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e77da58cd4a1d2014be71f66789cb21619c99a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e77da58cd4a1d2014be71f66789cb21619c99a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage trafficserver for buster LTS (CVE-2022-31779,...
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: e61edf5c by Chris Lamb at 2023-02-02T09:18:19-08:00 data/dla-needed.txt: Triage trafficserver for buster LTS (CVE-2022-31779, CVE-2022-32749 CVE-2022-37392) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -297,6 +297,10 @@ tmux (Utkarsh) NOTE: 20230129: Programming language: C. NOTE: 20230129: VCS: https://salsa.debian.org/lts-team/packages/tmux.git -- +trafficserver + NOTE: 20230202: Programming language: C. + NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010) suggest CVE-2022-31779 may have already been investigated. (lamby) +-- wireshark NOTE: 20230123: Programming language: C. NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them pile up like last time. (utkarsh). View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61edf5cc8b88ff7d26ef9561625a8b42ad5da49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61edf5cc8b88ff7d26ef9561625a8b42ad5da49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0001
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: 4edf3256 by Alberto Garcia at 2023-02-02T18:05:32+01:00 webkit2gtk / wpewebkit upstream advisory WSA-2023-0001 - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -4172,10 +4172,16 @@ CVE-2023-23520 RESERVED CVE-2023-23519 RESERVED -CVE-2023-23518 +CVE-2023-23518 [Processing maliciously crafted web content may lead to arbitrary code execution] RESERVED -CVE-2023-23517 + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html +CVE-2023-23517 [Processing maliciously crafted web content may lead to arbitrary code execution] RESERVED + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html CVE-2023-23516 RESERVED CVE-2023-23515 @@ -27645,8 +27651,11 @@ CVE-2022-42828 RESERVED CVE-2022-42827 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple -CVE-2022-42826 +CVE-2022-42826 [Processing maliciously crafted web content may lead to arbitrary code execution] RESERVED + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html CVE-2022-42825 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2022-42824 (A logic issue was addressed with improved state management. This issue ...) = data/dsa-needed.txt = @@ -59,6 +59,10 @@ thunderbird (jmm) -- tiff (aron) -- +webkit2gtk (berto) +-- +wpewebkit (berto) +-- xrdp needs some additional clarification, tentatively DSA worthy maybe upgrade to 0.9.21 within bullseye? View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4edf32569d9d21bb7b223a0ba3293a8c98715edd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4edf32569d9d21bb7b223a0ba3293a8c98715edd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d6e7b381 by Moritz Muehlenhoff at 2023-02-02T17:41:30+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,11 +12,11 @@ CVE-2023-25017 CVE-2023-25016 RESERVED CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) - TODO: check + NOT-FOR-US: Clockwork Web CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) - linux NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dce...@diag.uniroma1.it/ @@ -119,9 +119,9 @@ CVE-2023-24978 CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...) NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0616 RESERVED CVE-2023-0615 @@ -131,15 +131,15 @@ CVE-2023-0615 CVE-2023-0614 RESERVED CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) - TODO: check + NOT-FOR-US: Wallabag CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...) @@ -469,7 +469,7 @@ CVE-2023-24834 CVE-2023-0600 RESERVED CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) - TODO: check + NOT-FOR-US: Rapid7 CVE-2023-0598 RESERVED CVE-2023-0597 @@ -3393,9 +3393,9 @@ CVE-2023-23753 CVE-2023-23752 RESERVED CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM ...) NOT-FOR-US: Joomla! extension CVE-2023-23748 @@ -3716,7 +3716,7 @@ CVE-2023-23632 CVE-2023-23631 RESERVED CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...) - TODO: check + NOT-FOR-US: Eta CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...) NOT-FOR-US: Metabase CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...) @@ -4231,7 +4231,7 @@ CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3. CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...) - TODO: check + NOT-FOR-US: F5 CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) @@ -4247,7 +4247,7 @@ CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) - TODO: check + NOT-FOR-US: F5 CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22287 @@ -5108,27 +5108,27 @@ CVE-2023-23138 CVE-2023-23137 RESERVED CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file deletion
[Git][security-tracker-team/security-tracker][master] new symfony issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c7894b9f by Moritz Muehlenhoff at 2023-02-02T17:27:17+01:00 new symfony issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77631,10 +77631,12 @@ CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to NOT-FOR-US: Xwiki CVE-2022-24896 (Tuleap is a Free Open Source Suite to manage software developmen ...) NOT-FOR-US: Tuleap -CVE-2022-24895 +CVE-2022-24895 [Remove CSRF tokens from storage on successful login] RESERVED -CVE-2022-24894 + - symfony 5.4.20+dfsg-1 +CVE-2022-24894 [Remove private headers before storing responses with HttpCache] RESERVED + - symfony 5.4.20+dfsg-1 CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...) NOT-FOR-US: ESP-IDF CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7894b9f9f7e73d570ae99f473558300db002248 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7894b9f9f7e73d570ae99f473558300db002248 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information for CVE-2023-23924
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 184a4c43 by Salvatore Bonaccorso at 2023-02-02T16:51:36+01:00 Add information for CVE-2023-23924 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2852,7 +2852,9 @@ CVE-2023-23926 CVE-2023-23925 RESERVED CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...) - TODO: check + - php-dompdf + NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg + NOTE: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85 CVE-2023-23923 RESERVED - moodle View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184a4c43b6458abcafbffc557edcd6b9f70e1b44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184a4c43b6458abcafbffc557edcd6b9f70e1b44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference introducing commit for openssh issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd71637a by Salvatore Bonaccorso at 2023-02-02T16:48:58+01:00 Reference introducing commit for openssh issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4,6 +4,7 @@ CVE-2023- [double-free vulnerability] [buster] - openssh (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 + NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 CVE-2023-25018 RESERVED CVE-2023-25017 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71637af013b099dd4d18c00a1a76e9759f1bf5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71637af013b099dd4d18c00a1a76e9759f1bf5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new issue in openssh
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0923316e by Salvatore Bonaccorso at 2023-02-02T16:46:31+01:00 Add new issue in openssh - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023- [double-free vulnerability] + - openssh + [bullseye] - openssh (Vulnerable code not present) + [buster] - openssh (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 + NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 CVE-2023-25018 RESERVED CVE-2023-25017 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0923316e2a1fd0baa22f2393a2e00c95f3a942d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0923316e2a1fd0baa22f2393a2e00c95f3a942d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90a25342 by Salvatore Bonaccorso at 2023-02-02T14:32:47+01:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -110,7 +110,7 @@ CVE-2023-24979 CVE-2023-24978 RESERVED CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...) - TODO: check + NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...) TODO: check CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) @@ -3549,7 +3549,7 @@ CVE-2023-23694 CVE-2023-23693 RESERVED CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection ...) - TODO: check + NOT-FOR-US: EMC CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...) NOT-FOR-US: EMC CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...) @@ -4106,11 +4106,11 @@ CVE-2023-23557 CVE-2023-23556 RESERVED CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-23553 RESERVED CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-23551 RESERVED CVE-2023-23543 @@ -4216,39 +4216,39 @@ CVE-2023-23494 CVE-2023-23493 RESERVED CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...) TODO: check CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22374 (In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, a ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vu ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22341 (On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when th ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) TODO: check CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22287 REJECTED CVE-2023-22284 REJECTED CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...) {DSA-5324-1} - linux 6.1.7-1 @@ -4336,7 +4336,7 @@ CVE-2023-23471 CVE-2023-23470 RESERVED CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23468 RESERVED CVE-2023-23467 @@ -8137,7 +8137,7 @@ CVE-2022-47985 CVE-2022-47984 RESERVED CVE-2022-47983 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-47982 RESERVED CVE-2022-47981 @@ -24432,7 +24432,7 @@ CVE-2022-43924 CVE-2022-43923 RESERVED CVE-2022-43922 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43921 RESERVED CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: f7403df6 by Emilio Pozuelo Monfort at 2023-02-02T11:03:07+01:00 lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -17246,6 +17246,7 @@ CVE-2022-4056 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...) - xdg-utils (bug #1027160) [bullseye] - xdg-utils (Minor issue) + [buster] - xdg-utils (Minor issue) NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58 CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...) = data/dla-needed.txt = @@ -301,12 +301,6 @@ wireshark NOTE: 20230123: Programming language: C. NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them pile up like last time. (utkarsh). -- -xdg-utils - NOTE: 20221120: Programming language: C. - NOTE: 20221120: no real fix yet - NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils - NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used --- xfig (gladk) NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-25012/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bda75c8f by Salvatore Bonaccorso at 2023-02-02T09:31:31+01:00 Add CVE-2023-25012/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,8 @@ CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) TODO: check CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) - TODO: check + - linux + NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dce...@diag.uniroma1.it/ CVE-2023-25011 RESERVED CVE-2023-25010 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda75c8f3ddca3e8b49ce011db5139644fd7058e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda75c8f3ddca3e8b49ce011db5139644fd7058e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4c2183a by security tracker role at 2023-02-02T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,69 @@ +CVE-2023-25018 + RESERVED +CVE-2023-25017 + RESERVED +CVE-2023-25016 + RESERVED +CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) + TODO: check +CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) + TODO: check +CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) + TODO: check +CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) + TODO: check +CVE-2023-25011 + RESERVED +CVE-2023-25010 + RESERVED +CVE-2023-25009 + RESERVED +CVE-2023-25008 + RESERVED +CVE-2023-25007 + RESERVED +CVE-2023-25006 + RESERVED +CVE-2023-25005 + RESERVED +CVE-2023-25004 + RESERVED +CVE-2023-25003 + RESERVED +CVE-2023-25002 + RESERVED +CVE-2023-25001 + RESERVED +CVE-2023-0634 + RESERVED +CVE-2023-0633 + RESERVED +CVE-2023-0632 + RESERVED +CVE-2023-0631 + RESERVED +CVE-2023-0630 + RESERVED +CVE-2023-0629 + RESERVED +CVE-2023-0628 + RESERVED +CVE-2023-0627 + RESERVED +CVE-2023-0626 + RESERVED +CVE-2023-0625 + RESERVED +CVE-2023-0624 + RESERVED +CVE-2023-0623 + RESERVED +CVE-2023-0622 + RESERVED +CVE-2023-0621 + RESERVED +CVE-2023-0620 + RESERVED CVE-2023-25000 RESERVED CVE-2023-24999 @@ -394,8 +460,8 @@ CVE-2023-24834 RESERVED CVE-2023-0600 RESERVED -CVE-2023-0599 - RESERVED +CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) + TODO: check CVE-2023-0598 RESERVED CVE-2023-0597 @@ -3316,10 +3382,10 @@ CVE-2023-23753 RESERVED CVE-2023-23752 RESERVED -CVE-2023-23751 - RESERVED -CVE-2023-23750 - RESERVED +CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...) + TODO: check +CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...) + TODO: check CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM ...) NOT-FOR-US: Joomla! extension CVE-2023-23748 @@ -4175,9 +4241,9 @@ CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3. CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...) TODO: check CVE-2023-22287 - RESERVED + REJECTED CVE-2023-22284 - RESERVED + REJECTED CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...) TODO: check CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) @@ -9054,8 +9120,8 @@ CVE-2022-47874 RESERVED CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...) NOT-FOR-US: Netcad KEOS -CVE-2022-47872 - RESERVED +CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...) + TODO: check CVE-2022-47871 RESERVED CVE-2022-47870 @@ -16387,10 +16453,10 @@ CVE-2022-45785 RESERVED CVE-2022-45784 RESERVED -CVE-2022-45783 - RESERVED -CVE-2022-45782 - RESERVED +CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...) + TODO: check +CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...) + TODO: check CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...) NOT-FOR-US: WordPress theme CVE-2022-4113 @@ -18613,8 +18679,8 @@ CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitis NOT-FOR-US: WordPress plugin CVE-2022-3914 RESERVED -CVE-2022-3913 - RESERVED +CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to v ...) + TODO: check CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + m ...) @@ -36873,8 +36939,8 @@ CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior NOT-FOR-US: Fuji CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...) NOT-FOR-US: GE CIMPICITY -CVE-2022-3083 - RESERVED +CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Re ...) + TODO: check CVE-2022-39189 (An