[Git][security-tracker-team/security-tracker][master] Add CVE-2022-33103/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2373c94a by Salvatore Bonaccorso at 2022-07-02T22:19:19+02:00 Add CVE-2022-33103/u-boot - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4575,7 +4575,9 @@ CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the compo CVE-2022-33104 RESERVED CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...) - TODO: check + - u-boot + NOTE: https://lore.kernel.org/all/CALO=dhfb+yboxxvr5kcsk0ifdg+e7ywko4-e+72kjbcs8jb...@mail.gmail.com/ + NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.ray...@bootlin.com/ CVE-2022-33102 RESERVED CVE-2022-33101 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2373c94ad29b7af122aebda84c1d7ea91b391e67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2373c94ad29b7af122aebda84c1d7ea91b391e67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-2084/cloud-init
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e0126c5 by Salvatore Bonaccorso at 2022-07-02T22:16:46+02:00 Add Debian bug reference for CVE-2022-2084/cloud-init - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4108,7 +4108,7 @@ CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1) CVE-2022-2084 [logged schema failures can include password hashes] RESERVED - - cloud-init + - cloud-init (bug #1014247) [bullseye] - cloud-init (Vulnerable code not present, introduced in 22.2) [buster] - cloud-init (Vulnerable code not present, introduced in 22.2) NOTE: https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0126c50b65d73f6a47106f1fdff12f49ec1ce8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0126c50b65d73f6a47106f1fdff12f49ec1ce8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two new vim issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc35f75e by Salvatore Bonaccorso at 2022-07-02T22:16:04+02:00 Add two new vim issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,9 +59,14 @@ CVE-2022-34895 CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...) TODO: check CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/ + NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018) CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) - TODO: check + - vim (unimportant) + NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/ + NOTE: https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (v9.0.0017) + NOTE: Crash in CLI tool, no security impact CVE-2022-2283 RESERVED CVE-2022-2282 (Improper Authorization in GitHub repository saltstack/salt prior to 30 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc35f75eb34ce7b273279ce6c2c41e88f5079501 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc35f75eb34ce7b273279ce6c2c41e88f5079501 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eed76d4b by security tracker role at 2022-07-02T20:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2022-2289 + RESERVED +CVE-2022-2288 + RESERVED CVE-2022-34910 RESERVED CVE-2022-34909 @@ -54,10 +58,10 @@ CVE-2022-34895 RESERVED CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...) TODO: check -CVE-2022-2285 - RESERVED -CVE-2022-2284 - RESERVED +CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) + TODO: check +CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) + TODO: check CVE-2022-2283 RESERVED CVE-2022-2282 (Improper Authorization in GitHub repository saltstack/salt prior to 30 ...) @@ -4751,11 +4755,11 @@ CVE-2022-33018 CVE-2022-33017 RESERVED CVE-2022-33016 - RESERVED + REJECTED CVE-2022-33015 - RESERVED + REJECTED CVE-2022-33014 - RESERVED + REJECTED CVE-2022-33013 RESERVED CVE-2022-33012 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed76d4bf96634cc3ab687e2fd56b4d05a38fbfc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed76d4bf96634cc3ab687e2fd56b4d05a38fbfc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d0f0cfc5 by Salvatore Bonaccorso at 2022-07-02T22:09:07+02:00 Track fixed version for thunderbird issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -552,7 +552,7 @@ CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE af TODO: check CVE-2022-2226 RESERVED - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226 CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel Booki ...) NOT-FOR-US: Online Hotel Booking System Pro @@ -1199,7 +1199,7 @@ CVE-2022-2200 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-2200 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200 @@ -1214,7 +1214,7 @@ CVE-2022-34484 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34484 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34484 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34484 @@ -1231,7 +1231,7 @@ CVE-2022-34481 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34481 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34481 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34481 @@ -1244,7 +1244,7 @@ CVE-2022-34479 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34479 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34479 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34479 @@ -1281,7 +1281,7 @@ CVE-2022-34472 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34472 @@ -1294,7 +1294,7 @@ CVE-2022-34470 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34470 @@ -1307,7 +1307,7 @@ CVE-2022-34468 {DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34468 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34468 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34468 @@ -8140,7 +8140,7 @@ CVE-2022-31744 {DSA-5172-1 DLA-3064-1} - firefox 101.0-1 - firefox-esr 91.11.0esr-1 - - thunderbird + - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-31744 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f0cfc55ef4a81a9a1c3174e010bd9f3a4f8746 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f0cfc55ef4a81a9a1c3174e010bd9f3a4f8746 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Add temporary description for CVE-2022-2084
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 938e90b6 by Salvatore Bonaccorso at 2022-07-02T22:05:56+02:00 Add temporary description for CVE-2022-2084 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4097,7 +4097,7 @@ CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript [stretch] - ghostscript (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704945 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1) -CVE-2022-2084 +CVE-2022-2084 [logged schema failures can include password hashes] RESERVED - cloud-init [bullseye] - cloud-init (Vulnerable code not present, introduced in 22.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938e90b65ece96f24ab9fada6918f5303e91bc86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938e90b65ece96f24ab9fada6918f5303e91bc86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track update for node-mermaid via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92389617 by Salvatore Bonaccorso at 2022-07-02T21:43:09+02:00 Track update for node-mermaid via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -1,5 +1,7 @@ CVE-2021-23648 [bullseye] - node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u1 +CVE-2021-43861 + [bullseye] - node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u2 CVE-2021-44906 [bullseye] - node-minimist 1.2.5+~cs5.3.1-2+deb11u1 CVE-2022-24773 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92389617d3caa134b84305c2ce828407ca30416f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92389617d3caa134b84305c2ce828407ca30416f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-32981
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7890eba8 by Salvatore Bonaccorso at 2022-07-02T17:46:23+02:00 Update information for CVE-2022-32981 Add the (yet to be released) versions exceptionally, so I do not forget to merge. In fact the issue is unimportant for us as 32bit powerpc architecture is not a release architecture. So in context of kernel-sec we marked it earlier as ignored no release architecture affected. On source-level the issue is addressed in 5.10.122, 4.19.247 and 4.9.318. - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -4933,6 +4933,8 @@ CVE-2022-32982 RESERVED CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on powerpc ...) - linux 5.18.5-1 (unimportant) + [bullseye] - linux 5.10.127-1 + [buster] - linux 4.19.249-1 [stretch] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/8e127846fc97778a5e5c99bca1ce0bbc5ec9 NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/3 = data/next-point-update.txt = @@ -162,7 +162,5 @@ CVE-2022-21166 [bullseye] - linux 5.10.127-1 CVE-2022-32296 [bullseye] - linux 5.10.127-1 -CVE-2022-32981 - [bullseye] - linux 5.10.127-1 CVE-2022-1348 [bullseye] - logrotate 3.18.0-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7890eba82ad1d01bd513ee119a643d67189f46d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7890eba82ad1d01bd513ee119a643d67189f46d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff933705 by Salvatore Bonaccorso at 2022-07-02T11:14:49+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6349,7 +6349,7 @@ CVE-2022-32386 CVE-2022-32385 RESERVED CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-32383 RESERVED CVE-2022-32382 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff933705f06916abef8774cb63fe0298b5ead5c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff933705f06916abef8774cb63fe0298b5ead5c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] upstream patch for CVE-2021-3607
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 18bef27b by Abhijith PA at 2022-07-02T14:41:58+05:30 upstream patch for CVE-2021-3607 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71393,6 +71393,7 @@ CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWar [buster] - qemu (Minor issue) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349 + NOTE: upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=32e5703cfea07c91e6e84bcb0313f633bb146534 CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...) - openvpn (Windows-specific) CVE-2021-34826 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bef27b2df3e46f75916c546dd6de9e8cc733cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bef27b2df3e46f75916c546dd6de9e8cc733cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c0cb529 by security tracker role at 2022-07-02T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2022-34910 + RESERVED +CVE-2022-34909 + RESERVED +CVE-2022-34908 + RESERVED +CVE-2022-34907 + RESERVED +CVE-2022-34906 + RESERVED +CVE-2022-34905 + RESERVED +CVE-2022-34904 + RESERVED +CVE-2022-34863 + RESERVED +CVE-2022-34856 + RESERVED +CVE-2022-34854 + RESERVED +CVE-2022-34841 + RESERVED +CVE-2022-34488 + RESERVED +CVE-2022-34346 + RESERVED +CVE-2022-33972 + RESERVED +CVE-2022-33197 + RESERVED +CVE-2022-32581 + RESERVED +CVE-2022-30531 + RESERVED +CVE-2022-2287 + RESERVED +CVE-2022-2286 + RESERVED CVE-2022-34902 RESERVED CVE-2022-34901 @@ -77,7 +115,7 @@ CVE-2022-34877 RESERVED CVE-2022-34876 RESERVED -CVE-2022-34903 [vulnerable to status injection] +CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...) - gnupg2 2.2.35-3 (bug #1014157) NOTE: https://dev.gnupg.org/T6027 NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1 @@ -5794,8 +5832,8 @@ CVE-2022-28697 RESERVED CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) NOT-FOR-US: francoisjacquet/rosariosis -CVE-2022-32551 - RESERVED +CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...) + TODO: check CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...) NOT-FOR-US: AgileBits 1Password CVE-2022-32549 (Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 ...) @@ -6238,8 +6276,8 @@ CVE-2022-32422 RESERVED CVE-2022-32421 RESERVED -CVE-2022-32420 - RESERVED +CVE-2022-32420 (College Management System v1.0 was discovered to contain a remote code ...) + TODO: check CVE-2022-32419 RESERVED CVE-2022-32418 @@ -6254,10 +6292,10 @@ CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat NOT-FOR-US: njs CVE-2022-32413 RESERVED -CVE-2022-32412 - RESERVED -CVE-2022-32411 - RESERVED +CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...) + TODO: check +CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...) + TODO: check CVE-2022-32410 RESERVED CVE-2022-32409 @@ -6310,8 +6348,8 @@ CVE-2022-32386 RESERVED CVE-2022-32385 RESERVED -CVE-2022-32384 - RESERVED +CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) + TODO: check CVE-2022-32383 RESERVED CVE-2022-32382 @@ -6428,10 +6466,10 @@ CVE-2022-32327 RESERVED CVE-2022-32326 RESERVED -CVE-2022-32325 - RESERVED -CVE-2022-32324 - RESERVED +CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ...) + TODO: check +CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the ...) + TODO: check CVE-2022-32323 RESERVED CVE-2022-32322 @@ -7187,36 +7225,36 @@ CVE-2022-32097 RESERVED CVE-2022-32096 RESERVED -CVE-2022-32095 - RESERVED -CVE-2022-32094 - RESERVED -CVE-2022-32093 - RESERVED +CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + TODO: check +CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + TODO: check +CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + TODO: check CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...) NOT-FOR-US: D-Link -CVE-2022-32091 - RESERVED +CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...) + TODO: check CVE-2022-32090 RESERVED -CVE-2022-32089 - RESERVED -CVE-2022-32088 - RESERVED -CVE-2022-32087 - RESERVED -CVE-2022-32086 - RESERVED -CVE-2022-32085 - RESERVED -CVE-2022-32084 - RESERVED -CVE-2022-32083 - RESERVED -CVE-2022-32082 - RESERVED -CVE-2022-32081 - RESERVED +CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...) + TODO: check +CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + TODO: check +CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + TODO: check +CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to
[Git][security-tracker-team/security-tracker][master] CVE-2022-34903/gnupg2 assigned
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ce1c9de by Salvatore Bonaccorso at 2022-07-02T10:01:21+02:00 CVE-2022-34903/gnupg2 assigned - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77,7 +77,7 @@ CVE-2022-34877 RESERVED CVE-2022-34876 RESERVED -CVE-2022- [vulnerable to status injection] +CVE-2022-34903 [vulnerable to status injection] - gnupg2 2.2.35-3 (bug #1014157) NOTE: https://dev.gnupg.org/T6027 NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce1c9de2bc606d6f83d87c6dc53ffc6a7847480 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce1c9de2bc606d6f83d87c6dc53ffc6a7847480 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] upstream patch for CVE-2021-3582
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bb24844 by Abhijith PA at 2022-07-02T11:44:47+05:30 upstream patch for CVE-2021-3582 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73510,6 +73510,7 @@ CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtu [buster] - qemu (Minor issue) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html + NOTE: Upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=284f191b4abad213aed04cb0458e1600fd18d7c4 CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-33906 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb24844c71f04f69264336f4e8cf919469df179 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb24844c71f04f69264336f4e8cf919469df179 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits