[Git][security-tracker-team/security-tracker][master] Sync CVEs with kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e52bd47 by Salvatore Bonaccorso at 2022-02-25T07:27:01+01:00
Sync CVEs with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1945,8 +1945,10 @@ CVE-2022-25267
 CVE-2022-25266
RESERVED
 CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may 
have the ...)
-   - linux 
+   - linux  (unimportant)
NOTE: https://github.com/x0reaxeax/exec-prot-bypass
+   NOTE: Not considered a security flaw. If desired because no need for 
backward compatibility
+   NOTE: can be mitigated through a LSM.
 CVE-2022-25264
RESERVED
 CVE-2022-25263
@@ -2024,7 +2026,7 @@ CVE-2022-0648
 CVE-2022-0647
RESERVED
 CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component 
Transpo ...)
-   - linux 
+   - linux  (Vulnerable code introduced later)
NOTE: 
https://lore.kernel.org/all/20220211011552.1861886-1...@codeconstruct.com.au/T/
 CVE-2022-0645
RESERVED
@@ -2911,6 +2913,7 @@ CVE-2022-24960
RESERVED
 CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. 
There is a  ...)
- linux 5.16.7-1
+   [stretch] - linux  (Vulnerable code introduced later)
NOTE: 
https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
 CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 
5.16.8 m ...)
- linux 
@@ -4527,6 +4530,9 @@ CVE-2022-24309
 CVE-2022-0480
RESERVED
- linux 5.15.3-1
+   [bullseye] - linux  (Minor issue)
+   [buster] - linux  (Minor issue)
+   [stretch] - linux  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
NOTE: 
https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
 CVE-2022-0479
@@ -4815,9 +4821,10 @@ CVE-2021-46661 (MariaDB through 10.5.9 allows an 
application crash in find_field
NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 
10.2.43
 CVE-2021-4218
RESERVED
-   - linux 5.8.7-1
+   - linux  (Vulnerable code not present; specific to 
CentOS/RHEL)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
-   NOTE: Fixed by: 
https://git.kernel.org/linus/32927393dc1ccd60fb2bdc05b9e8e88753761469 (5.8-rc1)
+   NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always 
used copy_to_user()
+   NOTE: until the general conversion of sysctls to use a kernel buffer.
 CVE-2022-24282
RESERVED
 CVE-2022-24281
@@ -5876,6 +5883,9 @@ CVE-2022-0383
RESERVED
 CVE-2022-0382 (An information leak flaw was found due to uninitialized memory 
in the  ...)
- linux 5.15.15-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   [stretch] - linux  (Vulnerable code not present)
NOTE: Fixed by: 
https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected 
Cross-Si ...)
NOT-FOR-US: WordPress plugin
@@ -13658,6 +13668,7 @@ CVE-2021-4161 (The affected products contain vulnerable 
firmware, which could al
 CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel 
through 5.15 ...)
{DSA-5050-1}
- linux 5.15.15-1
+   [stretch] - linux  (Minor issue; f2fs is not supportable)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 
allows remote ...)
NOT-FOR-US: Imperva Web Application Firewall
@@ -14162,7 +14173,7 @@ CVE-2021-45452 (Storage.save in Django 2.2 before 
2.2.26, 3.2 before 3.2.11, and
NOTE: 
https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
 (2.2.26)
 CVE-2021-4150 [Block subsystem mishandles reference counts]
RESERVED
-   - linux 5.15.3-1
+   - linux  (Vulnerability introduced and fixed in 
experimental)
NOTE: 
https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
 CVE-2021-4149 [Improper lock operation in btrfs]
RESERVED
@@ -14170,7 +14181,10 @@ CVE-2021-4149 [Improper lock operation in btrfs]
NOTE: 
https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
 CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users 
to crash the kernel]
RESERVED
-   - linux 
+   - linux 5.14.16-1
+   [bullseye] - linux 5.10.84-1
+   [buster] - linux  (Vulnerable code not present)
+   [stretch] - linux  (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2021/9/17/1037
NOTE: https://lkml.org/lkml/2021/9/12/323
 CVE-2021-4147 [deadlock and crash in libxl driver]
@@ 

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for three bluez issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf81ce6a by Salvatore Bonaccorso at 2022-02-25T07:07:20+01:00
Add Debian bug reference for three bluez issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -97669,12 +97669,12 @@ CVE-2020-26562
 CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 
1.0.04.002_US_ ...)
NOT-FOR-US: Belkin
 CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 
and 1.0. ...)
-   - bluez 
+   - bluez  (bug #1006406)
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959994
 CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 
and 1.0. ...)
-   - bluez 
+   - bluez  (bug #1006406)
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960011
@@ -97690,7 +97690,7 @@ CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing 
in Bluetooth Core Specifi
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
 CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 
may perm ...)
-   - bluez 
+   - bluez  (bug #1006406)
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf81ce6a9ae8cf4a760d3f646b1d31feef561d72

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf81ce6a9ae8cf4a760d3f646b1d31feef561d72
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] BlueMirror mesh provisioning issues are in bluez not linux

[Ben Hutchings (@benh)]

Ben Hutchings pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f17b1f8a by Ben Hutchings at 2022-02-25T03:29:07+01:00
BlueMirror mesh provisioning issues are in bluez not linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -97669,12 +97669,12 @@ CVE-2020-26562
 CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 
1.0.04.002_US_ ...)
NOT-FOR-US: Belkin
 CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 
and 1.0. ...)
-   - linux 
+   - bluez 
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959994
 CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 
and 1.0. ...)
-   - linux 
+   - bluez 
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960011
@@ -97690,12 +97690,12 @@ CVE-2020-26558 (Bluetooth LE and BR/EDR secure 
pairing in Bluetooth Core Specifi
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
 CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 
may perm ...)
-   - linux 
+   - bluez 
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009
 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 
may perm ...)
-   - linux 
+   - bluez 
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: 
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17b1f8ac0e7935cfa73e2191763be2f8bb5bad6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17b1f8ac0e7935cfa73e2191763be2f8bb5bad6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-24615/zip4j

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0fa2349 by Salvatore Bonaccorso at 2022-02-24T21:28:34+01:00
Add CVE-2022-24615/zip4j

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3773,7 +3773,9 @@ CVE-2022-24617
 CVE-2022-24616
RESERVED
 CVE-2022-24615 (zip4j up to 2.9.0 can throw various uncaught exceptions while 
parsing  ...)
-   TODO: check
+   - zip4j 
+   NOTE: https://github.com/srikanth-lingala/zip4j/issues/377
+   TODO: check details
 CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor 
up to 2 ...)
TODO: check
 CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught 
exceptions  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fa23491aeed78da303976355d5f714980e0a52

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fa23491aeed78da303976355d5f714980e0a52
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-0695/radare2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2a4cd750 by Salvatore Bonaccorso at 2022-02-24T21:28:09+01:00
Add CVE-2022-0695/radare2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1605,7 +1605,9 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 8.
NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
NOTE: 
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 
(v8.2.4428)
 CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior 
to 5.6. ...)
-   TODO: check
+   - radare2 
+   NOTE: https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea
+   NOTE: 
https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
 CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket 
transport. An  ...)
NOT-FOR-US: PreMiD
 CVE-2022-25371



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4cd7507901be5d40fa223aa30156a4731728f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4cd7507901be5d40fa223aa30156a4731728f6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
daace58b by Salvatore Bonaccorso at 2022-02-24T21:25:08+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -606,7 +606,7 @@ CVE-2022-0738
 CVE-2022-0737
RESERVED
 CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow 
prior to 1. ...)
-   TODO: check
+   NOT-FOR-US: mlflow
 CVE-2022-0735
RESERVED
 CVE-2021-4223
@@ -1114,7 +1114,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub 
repository radareorg/radare2 p
 CVE-2022-0711
RESERVED
 CVE-2022-0710 (The Header Footer Code Manager plugin = 1.1.16 for 
WordPress is vu ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0709
RESERVED
 CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses 
of the c ...)
@@ -1613,7 +1613,7 @@ CVE-2022-25371
 CVE-2022-25370
RESERVED
 CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 
improperly handl ...)
-   TODO: check
+   NOT-FOR-US: EC-CUBE
 CVE-2022-0694
RESERVED
 CVE-2022-0693
@@ -1756,7 +1756,7 @@ CVE-2022-25326
 CVE-2022-23183
RESERVED
 CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 
plugin 'Mai ...)
-   TODO: check
+   NOT-FOR-US: EC-CUBE
 CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is 
vulnerable ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-0682
@@ -2010,13 +2010,13 @@ CVE-2022-25247
 CVE-2022-25246
RESERVED
 CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x 
series vers ...)
-   TODO: check
+   NOT-FOR-US: a-blog cms
 CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x 
series vers ...)
-   TODO: check
+   NOT-FOR-US: a-blog cms
 CVE-2022-23810 (Template injection (Improper Neutralization of Special 
Elements Used i ...)
-   TODO: check
+   NOT-FOR-US: a-blog cms
 CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x 
series ver ...)
-   TODO: check
+   NOT-FOR-US: a-blog cms
 CVE-2022-0648
RESERVED
 CVE-2022-0647
@@ -2189,9 +2189,9 @@ CVE-2022-25168
 CVE-2022-25167
RESERVED
 CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and 
earlier all ...)
-   TODO: check
+   NOT-FOR-US: phpUploader
 CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and 
earlier allows ...)
-   TODO: check
+   NOT-FOR-US: phpUploader
 CVE-2022-21159
RESERVED
 CVE-2022-0618
@@ -2723,9 +2723,9 @@ CVE-2022-25006
 CVE-2022-25005
RESERVED
 CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered 
to conta ...)
-   TODO: check
+   NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered 
to conta ...)
-   TODO: check
+   NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-25002
RESERVED
 CVE-2022-25001
@@ -3415,9 +3415,9 @@ CVE-2022-24705 (The rad_packet_recv function in 
radius/packet.c suffers from a m
 CVE-2022-24704 (The rad_packet_recv function in 
opt/src/accel-pppd/radius/packet.c suf ...)
NOT-FOR-US: ACCEL-PPP
 CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions 
misconfiguratio ...)
-   TODO: check
+   NOT-FOR-US: WIN-911
 CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions 
misconfiguratio ...)
-   TODO: check
+   NOT-FOR-US: WIN-911
 CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when 
compil ...)
- util-linux  (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
@@ -3781,7 +3781,7 @@ CVE-2022-24612
 CVE-2022-24611
RESERVED
 CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto 
DVC-215IP ca ...)
-   TODO: check
+   NOT-FOR-US: Alecto
 CVE-2022-24609
RESERVED
 CVE-2022-24608
@@ -4955,7 +4955,7 @@ CVE-2022-24234
 CVE-2022-24233
RESERVED
 CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management 
System v1 ...)
-   TODO: check
+   NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-24231
RESERVED
 CVE-2022-24230
@@ -8960,7 +8960,7 @@ CVE-2022-23137
 CVE-2022-23136
RESERVED
 CVE-2022-23135 (There is a directory traversal vulnerability in some home 
gateway prod ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2022-23134 (After the initial setup process, some steps of setup.php file 
are reac ...)
{DLA-2914-1}
- zabbix 
@@ -10173,9 +10173,9 @@ CVE-2022-22796
 CVE-2022-22795
RESERVED
 CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. 
Attacker c ...)
-   TODO: check
+   

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
788ff49e by Salvatore Bonaccorso at 2022-02-24T21:15:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1758,7 +1758,7 @@ CVE-2022-23183
 CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 
plugin 'Mai ...)
TODO: check
 CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is 
vulnerable ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0682
RESERVED
 CVE-2022-0681
@@ -1823,11 +1823,11 @@ CVE-2022-25309
 CVE-2022-25308
RESERVED
 CVE-2022-25307 (The WP Statistics WordPress plugin is vulnerable to Cross-Site 
Scripti ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-25306 (The WP Statistics WordPress plugin is vulnerable to Cross-Site 
Scripti ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site 
Scripti ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-21158
RESERVED
 CVE-2022-0674
@@ -1966,11 +1966,11 @@ CVE-2022-0655
 CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
NOT-FOR-US: Node request-retry
 CVE-2022-0653 (The Profile Builder  User Profile  User 
Registration Forms ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0652
RESERVED
 CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL 
Injection due  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0650
RESERVED
 CVE-2022-0649
@@ -2325,9 +2325,9 @@ CVE-2022-25151
 CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 
6.8.1.0, prog ...)
NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
 CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL 
Injection due  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-25148 (The WP Statistics WordPress plugin is vulnerable to SQL 
Injection due  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist 
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
 CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior 
to 5.3 ...)
@@ -11568,7 +11568,7 @@ CVE-2022-22351
 CVE-2022-22350
RESERVED
 CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, 
and 6.0. ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22348
RESERVED
 CVE-2022-22347
@@ -34692,7 +34692,7 @@ CVE-2021-39040
 CVE-2021-39039
RESERVED
 CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere 
Application Ser ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2021-39037
RESERVED
 CVE-2021-39036
@@ -34778,9 +34778,9 @@ CVE-2021-38997
 CVE-2021-38996
RESERVED
 CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2021-38993
RESERVED
 CVE-2021-38992



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788ff49e31f2b57a6391f3f180c74473826268f4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788ff49e31f2b57a6391f3f180c74473826268f4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Drop notes from CVE-2021-38892 (was withdrawn by its CNA as it was not a security issue)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa4610c4 by Salvatore Bonaccorso at 2022-02-24T21:13:44+01:00
Drop notes from CVE-2021-38892 (was withdrawn by its CNA as it was not a 
security issue)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -34985,7 +34985,6 @@ CVE-2021-38893 (IBM Business Process Manager 8.5 and 
8.6 and IBM Business Automa
NOT-FOR-US: IBM
 CVE-2021-38892
REJECTED
-   NOT-FOR-US: IBM
 CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses 
weaker than  ...)
NOT-FOR-US: IBM
 CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an 
inadequat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa4610c4eb7ae447565f256e57befab8f7c426c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa4610c4eb7ae447565f256e57befab8f7c426c5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f232a1a7 by security tracker role at 2022-02-24T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,533 @@
+CVE-2022-26085
+   RESERVED
+CVE-2022-26068
+   RESERVED
+CVE-2022-26066
+   RESERVED
+CVE-2022-26063
+   RESERVED
+CVE-2022-26060
+   RESERVED
+CVE-2022-26050
+   RESERVED
+CVE-2022-26049
+   RESERVED
+CVE-2022-26048
+   RESERVED
+CVE-2022-26046
+   RESERVED
+CVE-2022-26044
+   RESERVED
+CVE-2022-26040
+   RESERVED
+CVE-2022-26036
+   RESERVED
+CVE-2022-26035
+   RESERVED
+CVE-2022-26033
+   RESERVED
+CVE-2022-26030
+   RESERVED
+CVE-2022-26029
+   RESERVED
+CVE-2022-26025
+   RESERVED
+CVE-2022-26021
+   RESERVED
+CVE-2022-26020
+   RESERVED
+CVE-2022-26018
+   RESERVED
+CVE-2022-26016
+   RESERVED
+CVE-2022-26015
+   RESERVED
+CVE-2022-26014
+   RESERVED
+CVE-2022-26012
+   RESERVED
+CVE-2022-26011
+   RESERVED
+CVE-2022-26010
+   RESERVED
+CVE-2022-26008
+   RESERVED
+CVE-2022-26005
+   RESERVED
+CVE-2022-26004
+   RESERVED
+CVE-2022-26003
+   RESERVED
+CVE-2022-26001
+   RESERVED
+CVE-2022-26000
+   RESERVED
+CVE-2022-25998
+   RESERVED
+CVE-2022-25994
+   RESERVED
+CVE-2022-25993
+   RESERVED
+CVE-2022-25991
+   RESERVED
+CVE-2022-25988
+   RESERVED
+CVE-2022-25985
+   RESERVED
+CVE-2022-25984
+   RESERVED
+CVE-2022-25983
+   RESERVED
+CVE-2022-25982
+   RESERVED
+CVE-2022-25981
+   RESERVED
+CVE-2022-25979
+   RESERVED
+CVE-2022-25978
+   RESERVED
+CVE-2022-25977
+   RESERVED
+CVE-2022-25975
+   RESERVED
+CVE-2022-25974
+   RESERVED
+CVE-2022-25973
+   RESERVED
+CVE-2022-25971
+   RESERVED
+CVE-2022-25970
+   RESERVED
+CVE-2022-25967
+   RESERVED
+CVE-2022-25965
+   RESERVED
+CVE-2022-25964
+   RESERVED
+CVE-2022-25963
+   RESERVED
+CVE-2022-25962
+   RESERVED
+CVE-2022-25961
+   RESERVED
+CVE-2022-25956
+   RESERVED
+CVE-2022-25955
+   RESERVED
+CVE-2022-25954
+   RESERVED
+CVE-2022-25953
+   RESERVED
+CVE-2022-25951
+   RESERVED
+CVE-2022-25950
+   RESERVED
+CVE-2022-25948
+   RESERVED
+CVE-2022-25947
+   RESERVED
+CVE-2022-25945
+   RESERVED
+CVE-2022-25944
+   RESERVED
+CVE-2022-25941
+   RESERVED
+CVE-2022-25940
+   RESERVED
+CVE-2022-25939
+   RESERVED
+CVE-2022-25938
+   RESERVED
+CVE-2022-25937
+   RESERVED
+CVE-2022-25936
+   RESERVED
+CVE-2022-25935
+   RESERVED
+CVE-2022-25934
+   RESERVED
+CVE-2022-25933
+   RESERVED
+CVE-2022-25931
+   RESERVED
+CVE-2022-25930
+   RESERVED
+CVE-2022-25929
+   RESERVED
+CVE-2022-25928
+   RESERVED
+CVE-2022-25927
+   RESERVED
+CVE-2022-25926
+   RESERVED
+CVE-2022-25925
+   RESERVED
+CVE-2022-25924
+   RESERVED
+CVE-2022-25923
+   RESERVED
+CVE-2022-25921
+   RESERVED
+CVE-2022-25919
+   RESERVED
+CVE-2022-25918
+   RESERVED
+CVE-2022-25916
+   RESERVED
+CVE-2022-25914
+   RESERVED
+CVE-2022-25913
+   RESERVED
+CVE-2022-25912
+   RESERVED
+CVE-2022-25911
+   RESERVED
+CVE-2022-25910
+   RESERVED
+CVE-2022-25908
+   RESERVED
+CVE-2022-25907
+   RESERVED
+CVE-2022-25906
+   RESERVED
+CVE-2022-25904
+   RESERVED
+CVE-2022-25903
+   RESERVED
+CVE-2022-25902
+   RESERVED
+CVE-2022-25901
+   RESERVED
+CVE-2022-25900
+   RESERVED
+CVE-2022-25898
+   RESERVED
+CVE-2022-25897
+   RESERVED
+CVE-2022-25896
+   RESERVED
+CVE-2022-25895
+   RESERVED
+CVE-2022-25894
+   RESERVED
+CVE-2022-25893
+   RESERVED
+CVE-2022-25892
+   RESERVED
+CVE-2022-25891
+   RESERVED
+CVE-2022-25890
+   RESERVED
+CVE-2022-25888
+   RESERVED
+CVE-2022-25887
+   RESERVED
+CVE-2022-25886
+   RESERVED
+CVE-2022-25885
+   RESERVED
+CVE-2022-25884
+   RESERVED
+CVE-2022-25883
+   RESERVED
+CVE-2022-25882
+   RESERVED
+CVE-2022-25881
+   RESERVED
+CVE-2022-25879
+   RESERVED
+CVE-2022-25878
+   RESERVED
+CVE-2022-25877
+   RESERVED
+CVE-2022-25876
+   RESERVED
+CVE-2022-25875
+   RESERVED
+CVE-2022-25874
+   RESERVED
+CVE-2022-25873
+   RESERVED
+CVE-2022-25872
+   RESERVED
+CVE-2022-25871
+   RESERVED
+CVE-2022-25869
+   RESERVED
+CVE-2022-25867
+   RESERVED
+CVE-2022-25866
+   RESERVED
+CVE-2022-25865
+   RESERVED
+CVE-2022-25863
+   RESERVED
+CVE-2022-25862
+   RESERVED
+CVE-2022-25861
+   RESERVED
+CVE-2022-25860
+   RESERVED
+CVE-2022-25859
+   RESERVED
+CVE-2022-25858
+   RESERVED
+CVE-2022-25857
+   RESERVED
+CVE-2022-25856
+   RESERVED
+CVE-2022-25855
+   RESERVED
+CVE-2022-25854
+   

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2532{6,7,8}/fscrypt

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc35dbbb by Salvatore Bonaccorso at 2022-02-24T21:06:50+01:00
Add CVE-2022-2532{6,7,8}/fscrypt

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1208,10 +1208,21 @@ CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 
Information Server uses a stat
NOT-FOR-US: Trend Micro
 CVE-2022-25328
RESERVED
+   - fscrypt 
+   NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
+   NOTE: 
https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02
 CVE-2022-25327
RESERVED
+   - fscrypt 
+   NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
+   NOTE: 
https://github.com/google/fscrypt/commit/1a47718420317f893831b0223153d56005d5b02b
+   NOTE: 
https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576
+   NOTE: 
https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0
 CVE-2022-25326
RESERVED
+   - fscrypt 
+   NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
+   NOTE: 
https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
 CVE-2022-23183
RESERVED
 CVE-2022-21179



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc35dbbba2d584475d4a870f82b69901342d39c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc35dbbba2d584475d4a870f82b69901342d39c7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed update for lemonldap-ng via bullseye-pu

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
abd912e8 by Salvatore Bonaccorso at 2022-02-24T20:58:12+01:00
Track proposed update for lemonldap-ng via bullseye-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -124,3 +124,5 @@ CVE-2022-23647
[bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u2
 CVE-2021-39191
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-1+deb11u1
+CVE-2021-40874
+   [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd912e8b40c4192a08512864af7fb7453b13e20

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd912e8b40c4192a08512864af7fb7453b13e20
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-40874/lemonldap-ng via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1aead9bc by Salvatore Bonaccorso at 2022-02-24T20:44:15+01:00
Track fixed version for CVE-2021-40874/lemonldap-ng via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29545,7 +29545,7 @@ CVE-2021-40875 (Improper Access Control in Gurock 
TestRail versions  7.2.0.3
 CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + 
Kerberos]
RESERVED
[experimental] - lemonldap-ng 2.0.14~exp+ds-1
-   - lemonldap-ng  (bug #1005302)
+   - lemonldap-ng 2.0.14+ds-1 (bug #1005302)
[bullseye] - lemonldap-ng  (Minor issue)
[buster] - lemonldap-ng  (Minor issue)
[stretch] - lemonldap-ng  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aead9bcb2fac5793020237d37ec529cb19b0267

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aead9bcb2fac5793020237d37ec529cb19b0267
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] airflow

[Henri Salo (@hsalo-guest)]

Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a81b8b6c by Henri Salo at 2022-02-24T21:05:46+02:00
airflow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4049,6 +4049,7 @@ CVE-2022-24289 (Hessian serialization is a network 
protocol that supports object
NOT-FOR-US: Apache Cayenne
 CVE-2022-24288
RESERVED
+   - airflow  (bug #819700)
 CVE-2022-24287
RESERVED
 CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router 
WRC-300FEBK-R  ...)
@@ -14418,6 +14419,7 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This 
CVE applies to a specific
- airflow  (bug #819700)
 CVE-2021-45229
RESERVED
+   - airflow  (bug #819700)
 CVE-2021-45228
RESERVED
 CVE-2021-45227



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81b8b6cbb1325beff99dd2ef294e662b0a59f9d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Polycom VVX 400 - 26 Feb URGENT!

[Adrian Brown]

Good Day Team,

Hope you’re Doing Great,

Could you please provide us a quote for the below given opportunity?


S#
ITEM / PART #
DESCRIPTION
QUANTITY
COST / UNIT
VENDOR COMMENTS

1

Poly VVX 400
 300





TOTAL




Ship to:
2825 E Beaver Ave. Ft.
Morgan, CO 80701


Note:- Please make Sure Freight Charges included in quote and Estimated 
Shipping date if not in stock.


Adrian Brown |Accounts Manager
Email:abr...@planetcellinc.com
Phone: 305-440-6259
www.planetcellinc.com



___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b8ac524 by Salvatore Bonaccorso at 2022-02-24T09:41:09+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -992,17 +992,17 @@ CVE-2022-25408
 CVE-2022-25407
RESERVED
 CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
-   TODO: check
+   NOT-FOR-US: Tongda2000
 CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
-   TODO: check
+   NOT-FOR-US: Tongda2000
 CVE-2022-25404 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
-   TODO: check
+   NOT-FOR-US: Tongda2000
 CVE-2022-25403 (HMS v1.0 was discovered to contain a SQL injection 
vulnerability via t ...)
-   TODO: check
+   NOT-FOR-US: HMS
 CVE-2022-25402 (An incorrect access control issue in HMS v1.0 allows 
unauthenticated a ...)
-   TODO: check
+   NOT-FOR-US: HMS
 CVE-2022-25401 (The copy function of the file manager in Cuppa CMS v1.0 allows 
any fil ...)
-   TODO: check
+   NOT-FOR-US: Cuppa CMS
 CVE-2022-25400
RESERVED
 CVE-2022-25399
@@ -1134,13 +1134,13 @@ CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows 
allows attackers to move
 CVE-2022-25364
RESERVED
 CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25362
RESERVED
 CVE-2022-25361
RESERVED
 CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25359
RESERVED
 CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path 
handler of awf ...)
@@ -1348,13 +1348,13 @@ CVE-2022-25295
 CVE-2022-25294
RESERVED
 CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox 
and XTM ap ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox 
and XTM ap ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25291 (An integer overflow in WatchGuard Firebox and XTM appliances 
allows an ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25290 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-25289
RESERVED
 CVE-2022-25288
@@ -1982,19 +1982,19 @@ CVE-2022-25106
 CVE-2022-25105
RESERVED
 CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an 
arbitrary file  ...)
-   TODO: check
+   NOT-FOR-US: HorizontCMS
 CVE-2022-25103
RESERVED
 CVE-2022-25102
RESERVED
 CVE-2022-25101 (A vulnerability in the component /templates/install.php of 
WBCE CMS v1 ...)
-   TODO: check
+   NOT-FOR-US: WBCE CMS
 CVE-2022-25100
RESERVED
 CVE-2022-25099 (A vulnerability in the component /languages/index.php of WBCE 
CMS v1.5 ...)
-   TODO: check
+   NOT-FOR-US: WBCE CMS
 CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to 
insufficient fi ...)
-   TODO: check
+   NOT-FOR-US: ECTouch
 CVE-2022-25097
RESERVED
 CVE-2022-25096
@@ -3629,7 +3629,7 @@ CVE-2022-24411
 CVE-2022-24410
RESERVED
 CVE-2022-24409 (Only customers with active BSAFE maintenance contracts can 
receive det ...)
-   TODO: check
+   NOT-FOR-US: Dell
 CVE-2022-24380
RESERVED
 CVE-2022-22147
@@ -6613,7 +6613,7 @@ CVE-2022-23657
 CVE-2022-23656
RESERVED
 CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel 
PHP Fram ...)
-   TODO: check
+   NOT-FOR-US: October CMS
 CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions 
an authen ...)
NOT-FOR-US: Wiki.js
 CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the 
backbla ...)
@@ -8339,7 +8339,7 @@ CVE-2022-23178 (An issue was discovered on Crestron 
HD-MD4X2-4K-E 1.0.0.2159 dev
 CVE-2022-23177
RESERVED
 CVE-2022-23176 (WatchGuard Firebox and XTM appliances allow a remote attacker 
with unp ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard
 CVE-2022-23175
RESERVED
 CVE-2022-23174
@@ -12440,7 +12440,7 @@ CVE-2021-45748
 CVE-2021-45747
RESERVED
 CVE-2021-45746 (A Directory Traversal vulnerability exists in WeBankPartners 
wecube-pl ...)
-   TODO: check
+   NOT-FOR-US: WeBankPartners
 CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in 
Bludit 3.1 ...)
NOT-FOR-US: Bludit
 CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in 
bludit 3.1 ...)
@@ -16484,7 +16484,7 @@ CVE-2021-44612
 CVE-2021-44611
RESERVED
 CVE-2021-44610 (Multiple SQL Injection 

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-256{39,40}/wolfssl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2c3c8569 by Salvatore Bonaccorso at 2022-02-24T09:37:11+01:00
Add CVE-2022-256{39,40}/wolfssl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -455,11 +455,17 @@ CVE-2022-25642
 CVE-2022-25641
RESERVED
 CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly 
enforce a re ...)
-   TODO: check
+   - wolfssl 5.2.0-1
+   NOTE: https://github.com/wolfSSL/wolfssl/pull/4831
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/3cdb1c639da94a9dc8c75590d0ec475e7f27c226
 (v5.2.0-stable)
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/b60d2dccce9110fd2b985d99063e524e39bdf6f7
 (v5.2.0-stable)
 CVE-2022-25639
RESERVED
 CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be 
bypassed during ...)
-   TODO: check
+   - wolfssl 5.2.0-1
+   NOTE: https://github.com/wolfSSL/wolfssl/pull/4813
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/e13861bcde8015bb99ddb034224afb66e2fb89b8
 (v5.2.0-stable)
+   NOTE: 
https://github.com/wolfSSL/wolfssl/commit/08047b2d959ee5e21a4a2c672308f45fec61f059
 (v5.2.0-stable)
 CVE-2022-25637
RESERVED
 CVE-2022-25635



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3c8569138e9b46d4a685714065fea3e45eb0f3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c3c8569138e9b46d4a685714065fea3e45eb0f3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-25058/usbguard

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c3e866a by Salvatore Bonaccorso at 2022-02-24T09:36:11+01:00
Add CVE-2019-25058/usbguard

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -51,7 +51,10 @@ CVE-2022-25814
 CVE-2022-0743
RESERVED
 CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems 
with the  ...)
-   TODO: check
+   - usbguard 
+   NOTE: https://github.com/USBGuard/usbguard/issues/273
+   NOTE: https://github.com/USBGuard/usbguard/issues/403
+   NOTE: https://github.com/USBGuard/usbguard/pull/531
 CVE-2022-25813
RESERVED
 CVE-2022-25812



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3e866ad39fbd6754344652aaf96ff11e2d8199

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3e866ad39fbd6754344652aaf96ff11e2d8199
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
187a39b5 by Salvatore Bonaccorso at 2022-02-24T09:34:53+01:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time 
window, ...)
-   TODO: check
+   NOT-FOR-US: Laravel Fortify
 CVE-2022-25837
RESERVED
 CVE-2022-25836



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187a39b50904e07ff7f62cb70e474b4ea7ea4c24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187a39b50904e07ff7f62cb70e474b4ea7ea4c24
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-0500 in unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7fedca63 by Salvatore Bonaccorso at 2022-02-24T09:29:07+01:00
Track fixed version for CVE-2022-0500 in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3679,7 +3679,7 @@ CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in 
Packagist ptrofimov/bea
NOT-FOR-US: beanstalk_console
 CVE-2022-0500
RESERVED
-   - linux 
+   - linux 5.16.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
 CVE-2022-0499
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fedca63b70f44c52c28ac6387ff33cfc0317599

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fedca63b70f44c52c28ac6387ff33cfc0317599
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56ae63a6 by Salvatore Bonaccorso at 2022-02-24T09:15:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1192,11 +1192,11 @@ CVE-2022-25333
 CVE-2022-25332
RESERVED
 CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro 
ServerProtect ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro 
ServerProtect 6. ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a 
static cre ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-25328
RESERVED
 CVE-2022-25327
@@ -2969,11 +2969,11 @@ CVE-2022-24682 (An issue was discovered in the Calendar 
feature in Zimbra Collab
 CVE-2022-24681
RESERVED
 CVE-2022-24680 (A security link following local privilege escalation 
vulnerability in  ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-24679 (A security link following local privilege escalation 
vulnerability in  ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-24678 (An security agent resource exhaustion denial-of-service 
vulnerability  ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution 
because ...)
NOT-FOR-US: HYBBS2
 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows 
arbitrary file ...)
@@ -2997,7 +2997,7 @@ CVE-2022-21202
 CVE-2022-21168
RESERVED
 CVE-2022-24671 (A link following privilege escalation vulnerability in Trend 
Micro Ant ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2022-24670
RESERVED
 CVE-2022-24669
@@ -11046,13 +11046,13 @@ CVE-2022-22338
 CVE-2022-22337
RESERVED
 CVE-2022-22336 (IBM Sterling External Authentication Server and IBM Sterling 
Secure Pr ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22335
RESERVED
 CVE-2022-22334
RESERVED
 CVE-2022-22333 (IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and 
IBM Sterli ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22332
RESERVED
 CVE-2022-22331



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ae63a603c07fd833c070ffae1184690c3b654b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ae63a603c07fd833c070ffae1184690c3b654b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fe9567fd by security tracker role at 2022-02-24T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,57 @@
+CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time 
window, ...)
+   TODO: check
+CVE-2022-25837
+   RESERVED
+CVE-2022-25836
+   RESERVED
+CVE-2022-25835
+   RESERVED
+CVE-2022-25834
+   RESERVED
+CVE-2022-25833
+   RESERVED
+CVE-2022-25832
+   RESERVED
+CVE-2022-25831
+   RESERVED
+CVE-2022-25830
+   RESERVED
+CVE-2022-25829
+   RESERVED
+CVE-2022-25828
+   RESERVED
+CVE-2022-25827
+   RESERVED
+CVE-2022-25826
+   RESERVED
+CVE-2022-25825
+   RESERVED
+CVE-2022-25824
+   RESERVED
+CVE-2022-25823
+   RESERVED
+CVE-2022-25822
+   RESERVED
+CVE-2022-25821
+   RESERVED
+CVE-2022-25820
+   RESERVED
+CVE-2022-25819
+   RESERVED
+CVE-2022-25818
+   RESERVED
+CVE-2022-25817
+   RESERVED
+CVE-2022-25816
+   RESERVED
+CVE-2022-25815
+   RESERVED
+CVE-2022-25814
+   RESERVED
+CVE-2022-0743
+   RESERVED
+CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems 
with the  ...)
+   TODO: check
 CVE-2022-25813
RESERVED
 CVE-2022-25812
@@ -397,12 +451,12 @@ CVE-2022-25642
RESERVED
 CVE-2022-25641
RESERVED
-CVE-2022-25640
-   RESERVED
+CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly 
enforce a re ...)
+   TODO: check
 CVE-2022-25639
RESERVED
-CVE-2022-25638
-   RESERVED
+CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be 
bypassed during ...)
+   TODO: check
 CVE-2022-25637
RESERVED
 CVE-2022-25635
@@ -928,18 +982,18 @@ CVE-2022-25408
RESERVED
 CVE-2022-25407
RESERVED
-CVE-2022-25406
-   RESERVED
-CVE-2022-25405
-   RESERVED
-CVE-2022-25404
-   RESERVED
-CVE-2022-25403
-   RESERVED
-CVE-2022-25402
-   RESERVED
-CVE-2022-25401
-   RESERVED
+CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
+   TODO: check
+CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
+   TODO: check
+CVE-2022-25404 (Tongda2000 v11.10 was discovered to contain a SQL injection 
vulnerabil ...)
+   TODO: check
+CVE-2022-25403 (HMS v1.0 was discovered to contain a SQL injection 
vulnerability via t ...)
+   TODO: check
+CVE-2022-25402 (An incorrect access control issue in HMS v1.0 allows 
unauthenticated a ...)
+   TODO: check
+CVE-2022-25401 (The copy function of the file manager in Cuppa CMS v1.0 allows 
any fil ...)
+   TODO: check
 CVE-2022-25400
RESERVED
 CVE-2022-25399
@@ -1070,14 +1124,14 @@ CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows 
allows attackers to move
NOT-FOR-US: Docker Desktop
 CVE-2022-25364
RESERVED
-CVE-2022-25363
-   RESERVED
+CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
+   TODO: check
 CVE-2022-25362
RESERVED
 CVE-2022-25361
RESERVED
-CVE-2022-25360
-   RESERVED
+CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
+   TODO: check
 CVE-2022-25359
RESERVED
 CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path 
handler of awf ...)
@@ -1137,12 +1191,12 @@ CVE-2022-25333
RESERVED
 CVE-2022-25332
RESERVED
-CVE-2022-25331
-   RESERVED
-CVE-2022-25330
-   RESERVED
-CVE-2022-25329
-   RESERVED
+CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro 
ServerProtect ...)
+   TODO: check
+CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro 
ServerProtect 6. ...)
+   TODO: check
+CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a 
static cre ...)
+   TODO: check
 CVE-2022-25328
RESERVED
 CVE-2022-25327
@@ -1284,14 +1338,14 @@ CVE-2022-25295
RESERVED
 CVE-2022-25294
RESERVED
-CVE-2022-25293
-   RESERVED
-CVE-2022-25292
-   RESERVED
-CVE-2022-25291
-   RESERVED
-CVE-2022-25290
-   RESERVED
+CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox 
and XTM ap ...)
+   TODO: check
+CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox 
and XTM ap ...)
+   TODO: check
+CVE-2022-25291 (An integer overflow in WatchGuard Firebox and XTM appliances 
allows an ...)
+   TODO: check
+CVE-2022-25290 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
+   TODO: check
 CVE-2022-25289
RESERVED
 CVE-2022-25288
@@ -1918,20 +1972,20 @@ CVE-2022-25106
RESERVED
 CVE-2022-25105
RESERVED