Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7c642cbe by Salvatore Bonaccorso at 2022-04-08T22:26:07+02:00 Track some new radare2 issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -387,9 +387,13 @@ CVE-2022-26045 CVE-2022-25868 RESERVED CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 + NOTE: https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6 CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 + NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 CVE-2022-1282 RESERVED CVE-2022-1281 @@ -461,7 +465,9 @@ CVE-2022-1246 CVE-2022-1245 RESERVED CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 + NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...) TODO: check CVE-2022-1242 @@ -504,13 +510,19 @@ CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()] NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114) NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115) CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc + NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 CVE-2022-1239 RESERVED CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 + NOTE: https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778 CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...) - TODO: check + - radare2 <unfixed> + NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40 + NOTE: https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6 CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to ...) NOT-FOR-US: GROWI CVE-2022-28660 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c642cbebfa2104640292e5b16c7bbae64374470 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c642cbebfa2104640292e5b16c7bbae64374470 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits