[Git][security-tracker-team/security-tracker][master] LTS: update gpac notes in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 480cdaec by Roberto C. Sánchez at 2022-04-27T19:34:20-04:00 LTS: update gpac notes in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,6 +70,7 @@ gpac (Roberto C. Sánchez) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) NOTE: 20220305: There are many dozens of open CVEs, it will take a while yet (roberto) NOTE: 20220413: New CVEs continue flooding in (roberto) + NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- icingaweb2 (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480cdaec097699dd9891c61b2a166468bd4b9da9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480cdaec097699dd9891c61b2a166468bd4b9da9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9a81025 by security tracker role at 2022-04-27T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,133 +1,194 @@ +CVE-2022-29823 + RESERVED +CVE-2022-29822 + RESERVED +CVE-2022-29821 + RESERVED +CVE-2022-29820 + RESERVED +CVE-2022-29819 + RESERVED +CVE-2022-29818 + RESERVED +CVE-2022-29817 + RESERVED +CVE-2022-29816 + RESERVED +CVE-2022-29815 + RESERVED +CVE-2022-29814 + RESERVED +CVE-2022-29813 + RESERVED +CVE-2022-29812 + RESERVED +CVE-2022-29811 + RESERVED +CVE-2022-1508 + RESERVED +CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_frame ...) + TODO: check +CVE-2022-1506 + RESERVED +CVE-2022-1505 + RESERVED +CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...) + TODO: check CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH credenti ...) TODO: check CVE-2022-29809 RESERVED -CVE-2022-1503 - RESERVED +CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check CVE-2022-1502 RESERVED CVE-2022-1501 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1500 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1499 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1498 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1497 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1496 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1495 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1494 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1493 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1492 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1491 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1490 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1489 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1488 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1487 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1486 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1485 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1484 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1483 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1482 RESERVED + {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1481
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3512b536 by Moritz Muehlenhoff at 2022-04-27T20:07:08+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -137,6 +137,7 @@ CVE-2022-1475 RESERVED {DSA-5124-1} - ffmpeg 7:4.4.2-1 + [buster] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/9651 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) @@ -3535,6 +3536,8 @@ CVE-2022-28507 RESERVED CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...) - giflib + [bullseye] - giflib (Minor issue) + [buster] - giflib (Minor issue) NOTE: https://sourceforge.net/p/giflib/bugs/159/ CVE-2022-28505 RESERVED @@ -32864,6 +32867,8 @@ CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher NOT-FOR-US: AnyTXT Searcher for Windows CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754 NOTE: Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f @@ -35529,6 +35534,8 @@ CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in de NOT-FOR-US: D-Link CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...) - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448 NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0) @@ -35537,6 +35544,8 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...) - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439 NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) @@ -35545,16 +35554,22 @@ CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1) CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...) - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...) - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086 CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...) - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083 @@ -39363,6 +39378,8 @@ CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7d TODO: check - could be only a test artifact CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue)
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 95fa19dc by Moritz Mühlenhoff at 2022-04-27T19:55:56+02:00 chromium DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[27 Apr 2022] DSA-5125-1 chromium - security update + {CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501} + [bullseye] - chromium 101.0.4951.41-1~deb11u1 [25 Apr 2022] DSA-5124-1 ffmpeg - security update {CVE-2022-1475} [bullseye] - ffmpeg 7:4.3.4-0+deb11u1 = data/dsa-needed.txt = @@ -16,8 +16,6 @@ asterisk/oldstable -- cacti -- -chromium --- condor/oldstable -- epiphany-browser View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fa19dc6f0b2005731e41d61d795650b5fa52c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fa19dc6f0b2005731e41d61d795650b5fa52c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2022-28739 in ruby2.3 for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d03435d4 by Chris Lamb at 2022-04-27T09:08:39-07:00 Triage CVE-2022-28739 in ruby2.3 for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2852,6 +2852,7 @@ CVE-2022-28739 [Buffer overrun in String-to-Float conversion] - ruby2.5 [buster] - ruby2.5 (Minor issue, fix with next Ruby security release) - ruby2.3 + [stretch] - ruby2.3 (Minor issue; fix in next LTS release) NOTE: https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10) NOTE: https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6) NOTE: https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58 (v3_0_4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d03435d40d0b6fe44840edef005247fcb0fc59e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d03435d40d0b6fe44840edef005247fcb0fc59e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-devise-two-factor for stretch LTS (CVE-2021-43177)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c41bff28 by Chris Lamb at 2022-04-27T09:02:52-07:00 data/dla-needed.txt: Triage ruby-devise-two-factor for stretch LTS (CVE-2021-43177) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,10 @@ ring (Abhijith PA) NOTE: 20220404: package in archive is faulty. New regs can't be done due (abhijith) NOTE: 20220404: a network error (abhijith) -- +ruby-devise-two-factor + NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to this being the result + NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby) +-- salt -- samba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41bff28ca815348556234927d931f15a1fde904 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41bff28ca815348556234927d931f15a1fde904 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2022-28391 in busybox for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ea40503 by Chris Lamb at 2022-04-27T08:46:17-07:00 Triage CVE-2022-28391 in busybox for stretch LTS. - - - - - abdbd0a4 by Chris Lamb at 2022-04-27T08:46:49-07:00 Triage CVE-2022-1304 in e2fsprogs for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2212,6 +2212,7 @@ CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs - e2fsprogs (bug #1010263) [bullseye] - e2fsprogs (Minor issue) [buster] - e2fsprogs (Minor issue) + [stretch] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczer...@redhat.com/T/#u @@ -3766,6 +3767,7 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitr - busybox (bug #1010264) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) - linux 5.17.3-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a281b6acdcbf93848785283cc454d112a3b551...abdbd0a461826858e58492acad9f7605f893bf14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a281b6acdcbf93848785283cc454d112a3b551...abdbd0a461826858e58492acad9f7605f893bf14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 23a281b6 by Jeremiah C. Foster at 2022-04-27T11:16:17-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,7 +111,7 @@ mbedtls (Utkarsh) NOTE: 20220404: update prepared, needs testing. (utkarsh) NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh) -- -mitmproxy (Abhijith PA) +mitmproxy -- mruby -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new htmldoc non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b5ff5faf by Moritz Muehlenhoff at 2022-04-27T16:59:50+02:00 new htmldoc non issue new gitlab issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4392,7 +4392,7 @@ CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) - gitlab CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...) - TODO: check + NOT-FOR-US: Grav CMS CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...) - gpac [bullseye] - gpac (Minor issue) @@ -4932,7 +4932,10 @@ CVE-2022-28087 CVE-2022-28086 RESERVED CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ...) - TODO: check + - htmldoc (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/480 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 + NOTE: Crash in CLI tool, no security impact CVE-2022-28084 RESERVED CVE-2022-28083 @@ -15386,7 +15389,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...) - TODO: check + - gitlab CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) - radare2 NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d @@ -15726,7 +15729,7 @@ CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in a CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) NOT-FOR-US: WordPress plugin CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...) - TODO: check + NOT-FOR-US: Irker CVE-2022-0424 RESERVED CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...) @@ -43931,7 +43934,7 @@ CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versi CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) - gitlab (Specific to EE) CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters can be abu ...) - TODO: check + - gitlab CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) @@ -43999,7 +44002,7 @@ CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jir CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) - gitlab CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...) - TODO: check + - gitlab CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) - gitlab CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) @@ -51464,7 +51467,7 @@ CVE-2021-36897 CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36894 RESERVED CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) @@ -51520,7 +51523,7 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress CVE-2021-36868 RESERVED CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36866 RESERVED CVE-2021-36865 @@ -77314,9 +77317,9 @@ CVE-2021-26631 CVE-2021-26630 RESERVED CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...) - TODO: check + NOT-FOR-US: Tobesoft Xplatform CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...) - TODO: check + NOT-FOR-US: Maxboard CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...) NOT-FOR-US: EDrhyme QCP camera CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] various bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 68736fcb by Moritz Mühlenhoff at 2022-04-27T14:31:28+02:00 various bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2209,7 +2209,7 @@ CVE-2022-1305 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) - - e2fsprogs + - e2fsprogs (bug #1010263) [bullseye] - e2fsprogs (Minor issue) [buster] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 @@ -2709,7 +2709,7 @@ CVE-2022-28807 CVE-2022-28806 RESERVED CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...) - - lua5.4 + - lua5.4 (bug #1010265) [bullseye] - lua5.4 (Minor issue) NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa NOTE: http://lua-users.org/lists/lua-l/2022-02/msg1.html @@ -3763,7 +3763,7 @@ CVE-2022-28393 CVE-2022-28392 RESERVED CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) - - busybox + - busybox (bug #1010264) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68736fcb8ee8abe318cde90ad1458b074be9cc96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68736fcb8ee8abe318cde90ad1458b074be9cc96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update ansible status in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e9d170c0 by Markus Koschany at 2022-04-27T14:01:05+02:00 Update ansible status in dla-needed.txt - - - - - 3c1b4789 by Markus Koschany at 2022-04-27T14:02:30+02:00 Claim vim and ghostscript in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,8 @@ ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ + NOTE: 20220427: Lee Garrett (maintainer) took over the work a while ago. See + NOTE: 20220427: https://salsa.debian.org/debian/ansible/-/commits/stretch/ -- asterisk -- @@ -51,7 +53,7 @@ gerbv NOTE: 20220326: CVE-2021-40401 is fixed https://salsa.debian.org/lts-team/packages/gerbv/-/blob/debian/stretch/debian/patches/CVE-2021-40401.patch (Anton) NOTE: 20220326: CVE-2021-4040{0,2,3} do not have confirmed upstream fixes yet. (Anton) -- -ghostscript +ghostscript (Markus Koschany) -- golang-1.7 (Sylvain Beucler) NOTE: 20220402: harmonize with bullseye/11.3 (Beuc) @@ -176,7 +178,7 @@ twisted (Stefano Rivera) unzip NOTE: 20220319: no patches yet but reproducible (apo) -- -vim +vim (Markus Koschany) -- waitress NOTE: 20220320: I am not sure if we should ignore CVE-2022-24761 as it is View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e9e315582802b25d9d513501f232fba2d555a2...3c1b4789244384ed56ad65b91d22896a3bc61e34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e9e315582802b25d9d513501f232fba2d555a2...3c1b4789244384ed56ad65b91d22896a3bc61e34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-29458/ncurses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91e9e315 by Salvatore Bonaccorso at 2022-04-27T13:53:13+02:00 Track fixed version via unstable for CVE-2022-29458/ncurses - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -998,7 +998,7 @@ CVE-2022-29460 CVE-2022-29459 RESERVED CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...) - - ncurses (bug #1009870) + - ncurses 6.3+20220423-1 (bug #1009870) [bullseye] - ncurses (Minor issue) [buster] - ncurses (Minor issue) [stretch] - ncurses (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e9e315582802b25d9d513501f232fba2d555a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e9e315582802b25d9d513501f232fba2d555a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f832a040 by Moritz Muehlenhoff at 2022-04-27T13:52:12+02:00 buster/bullseye triage new busybox issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -755,7 +755,7 @@ CVE-2022-29568 CVE-2022-29567 RESERVED CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...) - TODO: check + NOT-FOR-US: Bulletproofs CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...) - mruby [bullseye] - mruby (Minor issue) @@ -2210,9 +2210,11 @@ CVE-2022-1305 [stretch] - chromium (see DSA 4562) CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) - e2fsprogs + [bullseye] - e2fsprogs (Minor issue) + [buster] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 - TODO: check when fixed + NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczer...@redhat.com/T/#u CVE-2022-1303 RESERVED CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...) @@ -2708,6 +2710,7 @@ CVE-2022-28806 RESERVED CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...) - lua5.4 + [bullseye] - lua5.4 (Minor issue) NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa NOTE: http://lua-users.org/lists/lua-l/2022-02/msg1.html NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html @@ -3760,7 +3763,10 @@ CVE-2022-28393 CVE-2022-28392 RESERVED CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) - TODO: check + - busybox + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-27239/cifs-utils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c39e281 by Salvatore Bonaccorso at 2022-04-27T13:44:03+02:00 Add CVE-2022-27239/cifs-utils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7069,8 +7069,13 @@ CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a [bullseye] - glewlwyd 2.5.2-2+deb11u3 [buster] - glewlwyd (Minor issue) NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2) -CVE-2022-27239 +CVE-2022-27239 [cifs-utils mount.cifs buffer overflow in ip parameter] RESERVED + - cifs-utils + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216 + NOTE: https://github.com/piastry/cifs-utils/pull/7 + NOTE: https://github.com/piastry/cifs-utils/commit/007c07fd91b6d42f8bd45187cf78ebb06801139d CVE-2022-27238 RESERVED CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c39e28115e76e34ff31a16c7b36a9fe5e584e6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c39e28115e76e34ff31a16c7b36a9fe5e584e6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: lts: take openvpn
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f78fc81 by Emilio Pozuelo Monfort at 2022-04-27T11:06:35+02:00 lts: take openvpn - - - - - bd79bfa2 by Emilio Pozuelo Monfort at 2022-04-27T11:06:46+02:00 Correct triage for CVE-2020-11810/jessie - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -144808,7 +144808,7 @@ CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attack - openvpn 2.4.9-1 (low) [buster] - openvpn 2.4.7-1+deb10u1 [stretch] - openvpn (Minor issue) - [jessie] - openvpn (Minor issue) + [jessie] - openvpn (Vulnerable code introduced in 2.4) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED = data/dla-needed.txt = @@ -125,7 +125,7 @@ nvidia-graphics-drivers -- openjdk-8 (pochu) -- -openvpn +openvpn (Emilio) NOTE: 20220402: harmonize with buster/10.10 (Beuc) -- pdns View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adc1880fba09fcc428cfc34707e7f2b354c06588...bd79bfa2dbac7749b434a91c41008b0ef9366dec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adc1880fba09fcc428cfc34707e7f2b354c06588...bd79bfa2dbac7749b434a91c41008b0ef9366dec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug referneces for curl issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adc1880f by Salvatore Bonaccorso at 2022-04-27T10:23:35+02:00 Add Debian bug referneces for curl issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5719,12 +5719,12 @@ CVE-2022-2 RESERVED CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED - - curl + - curl (bug #1010252) NOTE: https://curl.se/docs/CVE-2022-27776.html NOTE: Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0) CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED - - curl + - curl (bug #1010253) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-27775.html @@ -5732,7 +5732,7 @@ CVE-2022-27775 [Bad local IPv6 connection reuse] NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0) CVE-2022-27774 [Credential leak on redirect] RESERVED - - curl + - curl (bug #1010254) NOTE: https://curl.se/docs/CVE-2022-27774.html NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0) NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc1880fba09fcc428cfc34707e7f2b354c06588 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc1880fba09fcc428cfc34707e7f2b354c06588 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a72bc74 by Salvatore Bonaccorso at 2022-04-27T10:15:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2460,7 +2460,7 @@ CVE-2022-28920 CVE-2022-28919 RESERVED CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) - TODO: check + NOT-FOR-US: GreenCMS CVE-2022-28917 RESERVED CVE-2022-28916 @@ -3485,21 +3485,21 @@ CVE-2022-28530 CVE-2022-28529 RESERVED CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...) - TODO: check + NOT-FOR-US: bloofoxCMS CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...) - TODO: check + NOT-FOR-US: dhcms CVE-2022-28526 RESERVED CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload ...) - TODO: check + NOT-FOR-US: ED01-CMS CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: ED01-CMS CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...) - TODO: check + NOT-FOR-US: HongCMS CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: ZCMS CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...) - TODO: check + NOT-FOR-US: ZCMS CVE-2022-28520 RESERVED CVE-2022-28519 @@ -3642,11 +3642,11 @@ CVE-2022-28452 CVE-2022-28451 RESERVED CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28447 RESERVED CVE-2022-28446 @@ -4978,9 +4978,9 @@ CVE-2022-28061 CVE-2022-28060 RESERVED CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) - TODO: check + NOT-FOR-US: Verydows CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) - TODO: check + NOT-FOR-US: Verydows CVE-2022-28057 RESERVED CVE-2022-28056 @@ -5372,7 +5372,7 @@ CVE-2022-27890 CVE-2022-27889 RESERVED CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...) - TODO: check + NOT-FOR-US: Foundry Issues service CVE-2022-1102 RESERVED CVE-2022-1101 @@ -13676,7 +13676,7 @@ CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) - TODO: check + NOT-FOR-US: Ballcat Codegen CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) NOT-FOR-US: flask-session-captcha CVE-2022-24879 @@ -13709,7 +13709,7 @@ CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that pr - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...) NOT-FOR-US: HumHub CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some CVEs for zammad, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af6e65a3 by Salvatore Bonaccorso at 2022-04-27T10:14:41+02:00 Process some CVEs for zammad, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,9 +409,9 @@ CVE-2022-29703 CVE-2022-29702 RESERVED CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5. ...) - TODO: check + - zammad (bug #841355) CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows for the ...) - TODO: check + - zammad (bug #841355) CVE-2022-29699 RESERVED CVE-2022-29698 @@ -6824,9 +6824,9 @@ CVE-2022-27334 CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) NOT-FOR-US: idcCMS CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to write ent ...) - TODO: check + - zammad (bug #841355) CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...) - TODO: check + - zammad (bug #841355) CVE-2022-27330 RESERVED CVE-2022-27329 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6e65a367fbcbacf4fe0e5ce01151516ad7c248 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6e65a367fbcbacf4fe0e5ce01151516ad7c248 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add freerdp source package for CVE-2022-2488{2,3}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1052e69d by Salvatore Bonaccorso at 2022-04-27T10:10:48+02:00 Add freerdp source package for CVE-2022-2488{2,3} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13665,11 +13665,13 @@ CVE-2022-24884 RESERVED CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - freerdp2 + - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - freerdp2 + - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1052e69def42d485e988654a1bc20934ab89fdf6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1052e69def42d485e988654a1bc20934ab89fdf6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a68aa4fc by security tracker role at 2022-04-27T08:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,100 +1,133 @@ +CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH credenti ...) + TODO: check +CVE-2022-29809 + RESERVED +CVE-2022-1503 + RESERVED +CVE-2022-1502 + RESERVED CVE-2022-1501 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1500 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1499 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1498 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1497 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1496 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1495 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1494 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1493 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1492 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1491 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1490 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1489 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1488 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1487 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1486 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1485 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1484 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1483 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1482 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1481 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1480 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1479 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1478 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1477 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) @@ -102,6 +135,7 @@ CVE-2022-1476 RESERVED CVE-2022-1475 RESERVED + {DSA-5124-1} - ffmpeg 7:4.4.2-1 NOTE: https://trac.ffmpeg.org/ticket/9651 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 @@ -374,10 +408,10 @@ CVE-2022-29703 RESERVED CVE-2022-29702 RESERVED -CVE-2022-29701 - RESERVED -CVE-2022-29700 - RESERVED +CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5.
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2488{2,3}/freerdp2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48491567 by Salvatore Bonaccorso at 2022-04-27T09:30:37+02:00 Add CVE-2022-2488{2,3}/freerdp2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13631,9 +13631,15 @@ CVE-2022-24885 CVE-2022-24884 RESERVED CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - TODO: check + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc + NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - TODO: check + - freerdp2 + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh + NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 + NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) TODO: check CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4849156704142379ac1a6e4caf575a4364c319b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4849156704142379ac1a6e4caf575a4364c319b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d4cafa7 by Salvatore Bonaccorso at 2022-04-27T09:25:28+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4379,7 +4379,7 @@ CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in t CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through ...) - TODO: check + NOT-FOR-US: CipherMail Webmail Messenger CVE-2022-28217 RESERVED CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...) @@ -5105,9 +5105,9 @@ CVE-2022-27987 CVE-2022-27986 RESERVED CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: CuppaCMS CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: CuppaCMS CVE-2022-27983 RESERVED CVE-2022-27982 @@ -5498,7 +5498,7 @@ CVE-2022-27856 CVE-2022-27855 RESERVED CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...) @@ -6389,9 +6389,9 @@ CVE-2022-27471 CVE-2022-27470 RESERVED CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...) - TODO: check + NOT-FOR-US: Monstaftp CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...) - TODO: check + NOT-FOR-US: Monstaftp CVE-2022-27467 RESERVED CVE-2022-27466 @@ -6856,7 +6856,7 @@ CVE-2022-27301 CVE-2022-27300 RESERVED CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) - TODO: check + NOT-FOR-US: Hospital Management System CVE-2022-27298 RESERVED CVE-2022-27297 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d4cafa7a950e243ad3357e722885c74b7dc1172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d4cafa7a950e243ad3357e722885c74b7dc1172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-1475/ffmpeg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 66e911bd by Salvatore Bonaccorso at 2022-04-27T09:18:52+02:00 Add CVE-2022-1475/ffmpeg - - - - - 4a212780 by Salvatore Bonaccorso at 2022-04-27T09:19:17+02:00 Track CVE which was fixed in the DSA 5124-1 - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -102,6 +102,11 @@ CVE-2022-1476 RESERVED CVE-2022-1475 RESERVED + - ffmpeg 7:4.4.2-1 + NOTE: https://trac.ffmpeg.org/ticket/9651 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4) CVE-2022-1474 RESERVED CVE-2022-1473 = data/DSA/list = @@ -1,4 +1,5 @@ [25 Apr 2022] DSA-5124-1 ffmpeg - security update + {CVE-2022-1475} [bullseye] - ffmpeg 7:4.3.4-0+deb11u1 [18 Apr 2022] DSA-5123-1 xz-utils - security update {CVE-2022-1271} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ba35c66c23d6bb59fd32be7e5d97ca67a235226...4a212780cd49259bcdf7593befec3aa826859a9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ba35c66c23d6bb59fd32be7e5d97ca67a235226...4a212780cd49259bcdf7593befec3aa826859a9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2022-1466 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ba35c66 by Salvatore Bonaccorso at 2022-04-27T09:12:07+02:00 Process CVE-2022-1466 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -136,7 +136,7 @@ CVE-2022-1468 CVE-2022-1467 RESERVED CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...) - TODO: check + NOT-FOR-US: Red Hat Single Sign-On / Keycloak CVE-2022-29801 RESERVED CVE-2022-29800 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba35c66c23d6bb59fd32be7e5d97ca67a235226 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba35c66c23d6bb59fd32be7e5d97ca67a235226 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs in convert2rhel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 688dcbeb by Salvatore Bonaccorso at 2022-04-27T09:07:19+02:00 Process two NFUs in convert2rhel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9325,8 +9325,10 @@ CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to NOT-FOR-US: jboss-client CVE-2022-0852 RESERVED + NOT-FOR-US: Red Hat convert2rhel CVE-2022-0851 RESERVED + NOT-FOR-US: Red Hat convert2rhel CVE-2022-0850 RESERVED - linux 5.14.6-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688dcbeb6acb3ddb80ab4ffce412c5df02c61dee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688dcbeb6acb3ddb80ab4ffce412c5df02c61dee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2021-3523 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62f8362d by Salvatore Bonaccorso at 2022-04-27T09:06:11+02:00 Process CVE-2021-3523 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63625,6 +63625,7 @@ CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 CVE-2021-3523 RESERVED + NOT-FOR-US: Red Hat 3scale API gateway CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) NOT-FOR-US: Istio CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f8362d9a8a756c8ec82204429b58239df9a600 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f8362d9a8a756c8ec82204429b58239df9a600 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 014cfc6c by Salvatore Bonaccorso at 2022-04-27T09:05:06+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,6 +16,8 @@ asterisk/oldstable -- cacti -- +chromium +-- condor/oldstable -- epiphany-browser View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/014cfc6c2909752a9266aef286dbfd1d0d3a9732 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/014cfc6c2909752a9266aef286dbfd1d0d3a9732 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-2777{4,5,6}/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27298ada by Salvatore Bonaccorso at 2022-04-27T09:03:32+02:00 Update information for CVE-2022-2777{4,5,6}/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5682,17 +5682,21 @@ CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED - curl NOTE: https://curl.se/docs/CVE-2022-27776.html - TODO: check + NOTE: Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0) CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED - curl + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-27775.html - TODO: check + NOTE: Introduced by: https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898 (curl-7_65_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0) CVE-2022-27774 [Credential leak on redirect] RESERVED - curl NOTE: https://curl.se/docs/CVE-2022-27774.html - TODO: check + NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0) + NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0) CVE-2022-27773 RESERVED CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27298ada3ace3d7cdd14d8d0cebf7801f489f7d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27298ada3ace3d7cdd14d8d0cebf7801f489f7d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 28782068 by Salvatore Bonaccorso at 2022-04-27T08:59:22+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2022-1501 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1500 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1499 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1498 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1497 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1496 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1495 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1494 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1493 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1492 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1491 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1490 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1489 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1488 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1487 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1486 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1485 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1484 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1483 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1482 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1481 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1480 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1479 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1478 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1477 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) CVE-2022-1476 RESERVED CVE-2022-1475 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287820685081ad46d2a578d9fd7f1289a6cbc3df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287820685081ad46d2a578d9fd7f1289a6cbc3df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f681b89 by Henri Salo at 2022-04-27T09:55:35+03:00 CVE-2022-27774, CVE-2022-27775, CVE-2022-27776 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5578,12 +5578,21 @@ CVE-2022-27778 RESERVED CVE-2022-2 RESERVED -CVE-2022-27776 +CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED -CVE-2022-27775 + - curl + NOTE: https://curl.se/docs/CVE-2022-27776.html + TODO: check +CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED -CVE-2022-27774 + - curl + NOTE: https://curl.se/docs/CVE-2022-27775.html + TODO: check +CVE-2022-27774 [Credential leak on redirect] RESERVED + - curl + NOTE: https://curl.se/docs/CVE-2022-27774.html + TODO: check CVE-2022-27773 RESERVED CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits