[Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e8a88a7 by Thorsten Alteholz at 2022-04-24T23:53:19+02:00 update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -82,7 +82,7 @@ kvmtool NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for acknowledgments/fixes (Beuc) -- libarchive (Thorsten Alteholz) - NOTE: 20220410: still testing + NOTE: 20220423: still testing, some tests still fail -- liblouis NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN @@ -91,7 +91,7 @@ liblouis libpgjava -- libvirt (Thorsten Alteholz) - NOTE: 20220410: wait for upload in newer releases + NOTE: 20220423: wait for upload in newer releases, dependency loop seems to be resolved now -- libz-mingw-w64 NOTE: 20220231: upcoming DSA (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e8a88a7e2b094f331e937d2c8042af067ba2602 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e8a88a7e2b094f331e937d2c8042af067ba2602 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f8fe777 by security tracker role at 2022-04-24T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2022-29599 + RESERVED +CVE-2022-1450 + RESERVED +CVE-2022-1449 + RESERVED +CVE-2022-1448 + RESERVED +CVE-2022-1447 + RESERVED +CVE-2022-1446 + RESERVED +CVE-2022-1445 (Stored Cross Site Scripting vulnerability in the checked_out_to parame ...) + TODO: check CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) - radare2 NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8fe77793911e8c5e1ff72b58d69e9c6d687e8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8fe77793911e8c5e1ff72b58d69e9c6d687e8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-24828/composer via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfb3447b by Salvatore Bonaccorso at 2022-04-24T21:24:40+02:00 Track fixed version for CVE-2022-24828/composer via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13082,7 +13082,7 @@ CVE-2022-24830 CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...) NOT-FOR-US: Garden CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...) - - composer (bug #1009960) + - composer 2.2.12-1 (bug #1009960) [bullseye] - composer (Minor issue) [buster] - composer (Minor issue) NOTE: https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 (2.2.12) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb3447b34add1e9722a3232a19b12ae193a066a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb3447b34add1e9722a3232a19b12ae193a066a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-28368/php-dompdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31827f5f by Salvatore Bonaccorso at 2022-04-24T10:58:54+02:00 Add Debian bug reference for CVE-2022-28368/php-dompdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3160,7 +3160,7 @@ CVE-2022-28370 CVE-2022-28369 RESERVED CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...) - - php-dompdf + - php-dompdf (bug #1010090) NOTE: https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/ NOTE: https://positive.security/blog/dompdf-rce NOTE: https://github.com/dompdf/dompdf/issues/2598 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31827f5ffbc35433cd176ece222cfb88f717a4ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31827f5ffbc35433cd176ece222cfb88f717a4ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1444/radare2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db9b93e3 by Salvatore Bonaccorso at 2022-04-24T10:21:21+02:00 Add CVE-2022-1444/radare2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) - TODO: check + - radare2 + NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa + NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5 CVE-2022-1443 RESERVED CVE-2022-1442 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9b93e370aac181d636353fcf824b2b5eca7411 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9b93e370aac181d636353fcf824b2b5eca7411 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2c98167 by security tracker role at 2022-04-24T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) + TODO: check CVE-2022-1443 RESERVED CVE-2022-1442 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2c98167d8b73c4d5fdbdda91f266150451137bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2c98167d8b73c4d5fdbdda91f266150451137bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits