[Git][security-tracker-team/security-tracker][master] Add CVE-2022-35948/node-undici
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f390561 by Salvatore Bonaccorso at 2022-08-14T06:24:05+02:00 Add CVE-2022-35948/node-undici - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5625,6 +5625,9 @@ CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.` NOTE: https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (v5.8.2) CVE-2022-35948 RESERVED + - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 + NOTE: https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2) CVE-2022-35947 RESERVED CVE-2022-35946 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f390561e053a846dccffbf3f9e2b0ed0867cd59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f390561e053a846dccffbf3f9e2b0ed0867cd59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f737e65e by security tracker role at 2022-08-13T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2022-2810 + RESERVED CVE-2022-38216 RESERVED CVE-2022-38215 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f737e65e9f89ccd50f074591bc2fce3b95be7b6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f737e65e9f89ccd50f074591bc2fce3b95be7b6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dojo fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ab03065 by Moritz Mühlenhoff at 2022-08-13T21:06:12+02:00 dojo fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -108990,7 +108990,7 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto CVE-2021-23451 (The package otp-generator before 3.0.0 are vulnerable to Insecure Rand ...) NOT-FOR-US: Node otp-generator CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) - - dojo (bug #1014785) + - dojo 1.17.2+dfsg1-1 (bug #1014785) [bullseye] - dojo (Minor issue) [buster] - dojo (Minor issue) NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab0306510d9f1c420f150f0de08b69b650fbdd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab0306510d9f1c420f150f0de08b69b650fbdd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] iotjs removed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5772161b by Moritz Mühlenhoff at 2022-08-13T21:00:48+02:00 iotjs removed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -42226,13 +42226,13 @@ CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at j NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936 CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...) - - iotjs (bug #1004288) + - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937 CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...) - - iotjs (bug #1004288) + - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961 @@ -42242,7 +42242,7 @@ CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (o NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938 CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) - - iotjs (bug #1004288) + - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 @@ -42266,7 +42266,7 @@ CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !e CVE-2021-46341 RESERVED CVE-2021-46340 (There is an Assertion 'context_p-stack_top_uint8 == SCAN_STACK_TRY ...) - - iotjs (bug #1004288) + - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964 @@ -42275,7 +42275,7 @@ CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, stri NOTE: Not considered a security issue by iotjs project NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935 CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...) - - iotjs (bug #1004288) + - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943 @@ -43733,37 +43733,37 @@ CVE-2022-22897 CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - - iotjs (bug #1004298) + - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - - iotjs (bug #1004298) + - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) - - iotjs (bug #1004298) + - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) - - iotjs (bug #1004298) + - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) - - iotjs (bug #1004298) + - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 NOTE:
[Git][security-tracker-team/security-tracker][master] Track fixed version for sofia-sip issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fbc2a2a7 by Salvatore Bonaccorso at 2022-08-13T16:50:13+02:00 Track fixed version for sofia-sip issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18646,17 +18646,17 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...) NOT-FOR-US: CVEProject/cve-services CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip (bug #1016974) + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip (bug #1016974) + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) - - sofia-sip (bug #1016974) + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc2a2a7d5d1d06322b64f0c2ffd9116a2f2ce25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc2a2a7d5d1d06322b64f0c2ffd9116a2f2ce25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-35943/codeigniter
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d71c1947 by Salvatore Bonaccorso at 2022-08-13T14:15:30+02:00 Add CVE-2022-35943/codeigniter - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5632,7 +5632,7 @@ CVE-2022-35945 CVE-2022-35944 RESERVED CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...) - TODO: check + - codeigniter (bug #471583) CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...) TODO: check CVE-2022-35941 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71c1947c358ee8ee5784d1070751cbee1bea8b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71c1947c358ee8ee5784d1070751cbee1bea8b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23ee41d0 by Salvatore Bonaccorso at 2022-08-13T14:14:55+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2016,7 +2016,7 @@ CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as criti ...) NOT-FOR-US: Jeecg-boot CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based ...) - TODO: check + NOT-FOR-US: YugabyteDB CVE-2022-37345 RESERVED CVE-2022-37334 @@ -5610,7 +5610,7 @@ CVE-2022-35955 CVE-2022-35954 RESERVED CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking about ...) - TODO: check + NOT-FOR-US: BookWyrm CVE-2022-35952 RESERVED CVE-2022-35951 @@ -59023,9 +59023,9 @@ CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ( CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-42751 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) - TODO: check + NOT-FOR-US: ThingsBoard CVE-2021-42750 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) - TODO: check + NOT-FOR-US: ThingsBoard CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...) NOT-FOR-US: Beaver CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...) @@ -60053,23 +60053,23 @@ CVE-2022-20410 CVE-2022-20409 RESERVED CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20406 (Product: AndroidVersions: Android kernelAndroid ID: A-184676385Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20405 (Product: AndroidVersions: Android kernelAndroid ID: A-216363416Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20404 (Product: AndroidVersions: Android kernelAndroid ID: A-205714161Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20403 (Product: AndroidVersions: Android kernelAndroid ID: A-207975764Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20402 (Product: AndroidVersions: Android kernelAndroid ID: A-218701042Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20401 (In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20399 RESERVED CVE-2022-20398 @@ -60101,35 +60101,35 @@ CVE-2022-20386 CVE-2022-20385 RESERVED CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20382 (In (TBD) of (TBD), there is a possible out of bounds write due to kern ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20381 (Product: AndroidVersions: Android kernelAndroid ID: A-188935887Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20380 (Product: AndroidVersions: Android kernelAndroid ID: A-212625740Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20379 (In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary c ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20378 (Product: AndroidVersions: Android kernelAndroid ID: A-234657153Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20377 (In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20376 (In trusty_log_seq_start of trusty-log.c, there is a possible use after ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20375 (In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20374 (On specific devices, there is a possible bypass of configuration integ ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20373 (In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible u ...) - TODO: check + NOT-FOR-US: Android CVE-2022-20372 (In exynos5_i2c_irq of (TBD), there is a
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-38183/gitea
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90e5a2fb by Salvatore Bonaccorso at 2022-08-13T14:00:26+02:00 Add CVE-2022-38183/gitea - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,7 +65,7 @@ CVE-2022-38185 CVE-2022-38184 RESERVED CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) - TODO: check + - gitea CVE-2022-38182 RESERVED CVE-2022-38181 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90e5a2fbf1d2fa2738fcb49075ba00aa12aa361d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90e5a2fbf1d2fa2738fcb49075ba00aa12aa361d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-35949/node-undici
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e048876a by Salvatore Bonaccorso at 2022-08-13T13:57:40+02:00 Add CVE-2022-35949/node-undici - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5618,7 +5618,9 @@ CVE-2022-35951 CVE-2022-35950 RESERVED CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.`undici ...) - TODO: check + - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 + NOTE: https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (v5.8.2) CVE-2022-35948 RESERVED CVE-2022-35947 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e048876ad64462cb799f4bc197d6a30e116b4f0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e048876ad64462cb799f4bc197d6a30e116b4f0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove TODO from CVE-2022-20359 (withdrawn by its CNA)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 027eba2a by Salvatore Bonaccorso at 2022-08-13T10:39:50+02:00 Remove TODO from CVE-2022-20359 (withdrawn by its CNA) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -60155,7 +60155,6 @@ CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a NOT-FOR-US: Android CVE-2022-20359 REJECTED - TODO: check - not listed in linked bulletin CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/027eba2abd290f8a0f5b5c777e5bff14955acebe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/027eba2abd290f8a0f5b5c777e5bff14955acebe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop notes from now rejected CVEs for laravel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0354d002 by Salvatore Bonaccorso at 2022-08-13T10:37:16+02:00 Drop notes from now rejected CVEs for laravel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7976,8 +7976,6 @@ CVE-2022-34944 RESERVED CVE-2022-34943 REJECTED - - php-laravel-framework (bug #1016977) - NOTE: https://github.com/beicheng-maker/vulns/issues/1 CVE-2022-34942 RESERVED CVE-2022-34941 @@ -17870,7 +17868,6 @@ CVE-2022-31280 RESERVED CVE-2022-31279 REJECTED - NOT-FOR-US: Laravel CVE-2022-31278 RESERVED CVE-2022-31277 (Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay at ...) @@ -19497,10 +19494,8 @@ CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d (lighttpd-1.4.59) CVE-2022-30779 REJECTED - NOT-FOR-US: Disputed Laravel issue CVE-2022-30778 REJECTED - NOT-FOR-US: Disputed Laravel issue CVE-2022-30777 (Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from param ...) NOT-FOR-US: Parallels H-Sphere CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter ...) @@ -56116,7 +56111,6 @@ CVE-2021-43504 RESERVED CVE-2021-43503 REJECTED - NOTE: Disputed Laravel issue CVE-2021-43502 RESERVED CVE-2021-43501 @@ -74255,8 +74249,6 @@ CVE-2021-37299 RESERVED CVE-2021-37298 REJECTED - - php-laravel-framework (bug #1014830) - NOTE: https://github.com/Stakcery/happywd/issues/1 CVE-2021-37297 RESERVED CVE-2021-37296 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0354d0028b0ccd8b45877337b6245d173f506106 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0354d0028b0ccd8b45877337b6245d173f506106 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2022-36408 (rejected, duplicate of CVE-2022-31181)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 020968c6 by Salvatore Bonaccorso at 2022-08-13T10:32:29+02:00 Remove notes from CVE-2022-36408 (rejected, duplicate of CVE-2022-31181) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4418,7 +4418,6 @@ CVE-2022-36409 RESERVED CVE-2022-36408 REJECTED - NOT-FOR-US: PrestaShop CVE-2022-36398 RESERVED CVE-2022-36396 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/020968c67847bebda43a8301b1f23a5fb52a6b61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/020968c67847bebda43a8301b1f23a5fb52a6b61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43a82394 by Salvatore Bonaccorso at 2022-08-13T10:31:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -89,21 +89,21 @@ CVE-2022-2806 CVE-2022-2805 RESERVED CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) - TODO: check + NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management System and ...) - TODO: check + NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-2802 (A vulnerability has been found in SourceCodester Gas Agency Management ...) - TODO: check + NOT-FOR-US: SourceCodester Gas Agency Management System CVE-2022-2801 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Automated Beer Parlour Billing System CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2799 RESERVED CVE-2022-2798 RESERVED CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...) - TODO: check + NOT-FOR-US: SourceCodester Student Information System CVE-2022-2796 RESERVED CVE-2022-2795 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43a82394c88bb03e27310b4e93e4225196bf7ec2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43a82394c88bb03e27310b4e93e4225196bf7ec2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f32b2c8a by security tracker role at 2022-08-13T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2022-38216 + RESERVED +CVE-2022-38215 + RESERVED +CVE-2022-38214 + RESERVED +CVE-2022-38213 + RESERVED +CVE-2022-38212 + RESERVED +CVE-2022-38211 + RESERVED +CVE-2022-38210 + RESERVED +CVE-2022-38209 + RESERVED +CVE-2022-38208 + RESERVED +CVE-2022-38207 + RESERVED +CVE-2022-38206 + RESERVED +CVE-2022-38205 + RESERVED +CVE-2022-38204 + RESERVED +CVE-2022-38203 + RESERVED +CVE-2022-38202 + RESERVED +CVE-2022-38201 + RESERVED +CVE-2022-38200 + RESERVED +CVE-2022-38199 + RESERVED +CVE-2022-38198 + RESERVED +CVE-2022-38197 + RESERVED +CVE-2022-38196 + RESERVED +CVE-2022-38195 + RESERVED +CVE-2022-38194 + RESERVED +CVE-2022-38193 + RESERVED +CVE-2022-38192 + RESERVED +CVE-2022-38191 + RESERVED +CVE-2022-38190 + RESERVED +CVE-2022-38189 + RESERVED +CVE-2022-38188 + RESERVED +CVE-2022-38187 + RESERVED +CVE-2022-38186 + RESERVED +CVE-2022-38185 + RESERVED +CVE-2022-38184 + RESERVED +CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) + TODO: check +CVE-2022-38182 + RESERVED +CVE-2022-38181 + RESERVED +CVE-2022-2809 + RESERVED CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...) NOT-FOR-US: JetBrains Ktor CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...) @@ -14,22 +88,22 @@ CVE-2022-2806 RESERVED CVE-2022-2805 RESERVED -CVE-2022-2804 - RESERVED -CVE-2022-2803 - RESERVED -CVE-2022-2802 - RESERVED -CVE-2022-2801 - RESERVED -CVE-2022-2800 - RESERVED +CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) + TODO: check +CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management System and ...) + TODO: check +CVE-2022-2802 (A vulnerability has been found in SourceCodester Gas Agency Management ...) + TODO: check +CVE-2022-2801 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check CVE-2022-2799 RESERVED CVE-2022-2798 RESERVED -CVE-2022-2797 - RESERVED +CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...) + TODO: check CVE-2022-2796 RESERVED CVE-2022-2795 @@ -1842,11 +1916,9 @@ CVE-2022-37414 RESERVED CVE-2022-37413 RESERVED -CVE-2022-37401 - RESERVED +CVE-2022-37401 (Apache OpenOffice supports the storage of passwords for web connection ...) NOT-FOR-US: Apache OpenOffice -CVE-2022-37400 - RESERVED +CVE-2022-37400 (Apache OpenOffice supports the storage of passwords for web connection ...) NOT-FOR-US: Apache OpenOffice CVE-2022-37399 RESERVED @@ -1943,8 +2015,8 @@ CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as criti ...) NOT-FOR-US: Jeecg-boot -CVE-2022-37397 - RESERVED +CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based ...) + TODO: check CVE-2022-37345 RESERVED CVE-2022-37334 @@ -2187,113 +2259,91 @@ CVE-2022-2625 [extension scripts replace objects not owned by the extension] [bullseye] - postgresql-13 (Minor issue, fix along in next update) - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/ -CVE-2022-2624 - RESERVED +CVE-2022-2624 (Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 al ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) -CVE-2022-2623 - RESERVED +CVE-2022-2623 (Use after free in Offline in Google Chrome on Android prior to 104.0.5 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) -CVE-2022-2622 - RESERVED +CVE-2022-2622 (Insufficient validation of untrusted input in Safe Browsing in Google ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) -CVE-2022-2621 - RESERVED +CVE-2022-2621 (Use after free in Extensions in Google Chrome prior to 104.0.5112.79 a ...) {DSA-5201-1} -
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add zlib to dla-needed
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: c24bb079 by Anton Gladky at 2022-08-13T09:46:55+02:00 LTS: add zlib to dla-needed - - - - - 13a33704 by Anton Gladky at 2022-08-13T09:48:51+02:00 LTS: add schroot to dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -57,6 +57,12 @@ nodejs puma NOTE: 20220801: Programming language: Ruby. -- +schroot + NOTE: 20220813: Programming language: C++ + NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/ + NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates + NOTE: 20220813: Debian security team will release DSA and DLA +-- rsync (Stefano Rivera) NOTE: 20220811: Programming language: C. NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton) @@ -67,3 +73,8 @@ qemu (Abhijith PA) NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) -- +zlib + NOTE: 20220813: Programming language: C + NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/ + NOTE: 20220813: Special attention: Very high popcon. Please test carefully! +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc8bbd01945320cb4cb3431a5429b9734bfdf5a8...13a3370479890e8b843843dfc4d4c69f38a6d5c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc8bbd01945320cb4cb3431a5429b9734bfdf5a8...13a3370479890e8b843843dfc4d4c69f38a6d5c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove `Added` field
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: bc8bbd01 by Anton Gladky at 2022-08-13T09:43:25+02:00 Remove `Added` field - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -25,56 +25,44 @@ apache2 -- asterisk (Markus Koschany) NOTE: 20220810: Programming language: C. - NOTE: 20220810: Added -- curl (Markus Koschany) NOTE: 20220802: Programming language: C. - NOTE: 20220802: Added -- epiphany-browser (Emilio) NOTE: 20220811: Programming language: C. - NOTE: 20220811: Added -- jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. - NOTE: 20220802: Added -- kicad NOTE: 20220811: Programming language: C++. - NOTE: 20220811: Added -- kopanocore (Andreas Rönnquist) NOTE: 20220801: Programming language: C++. - NOTE: 20220801: Added NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- linux (Ben Hutchings) -- mediawiki (Markus Koschany) NOTE: 20220810: Programming language: PHP. - NOTE: 20220810: Added -- ndpi (Anton) NOTE: 20220801: Programming language: C. - NOTE: 20220801: Added -- nodejs NOTE: 20220801: Programming language: JavaScript. - NOTE: 20220801: Added NOTE: 20220801: one of the upstream fixes doesn't address the security issue -- puma NOTE: 20220801: Programming language: Ruby. - NOTE: 20220801: Added -- rsync (Stefano Rivera) NOTE: 20220811: Programming language: C. - NOTE: 20220811: Added NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton) -- qemu (Abhijith PA) NOTE: 20220802: Programming language: C. - NOTE: 20220802: Added NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8bbd01945320cb4cb3431a5429b9734bfdf5a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8bbd01945320cb4cb3431a5429b9734bfdf5a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1844,8 +1844,10 @@ CVE-2022-37413 RESERVED CVE-2022-37401 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37400 RESERVED + NOT-FOR-US: Apache OpenOffice CVE-2022-37399 RESERVED CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e48f103b2190b87d8482b5018141085aa9cdd55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits