[Git][security-tracker-team/security-tracker][master] LTS: update gpac notes in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 480cdaec by Roberto C. Sánchez at 2022-04-27T19:34:20-04:00 LTS: update gpac notes in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,6 +70,7 @@ gpac (Roberto C. Sánchez) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) NOTE: 20220305: There are many dozens of open CVEs, it will take a while yet (roberto) NOTE: 20220413: New CVEs continue flooding in (roberto) + NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- icingaweb2 (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480cdaec097699dd9891c61b2a166468bd4b9da9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480cdaec097699dd9891c61b2a166468bd4b9da9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9a81025 by security tracker role at 2022-04-27T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,133 +1,194 @@
+CVE-2022-29823
+ RESERVED
+CVE-2022-29822
+ RESERVED
+CVE-2022-29821
+ RESERVED
+CVE-2022-29820
+ RESERVED
+CVE-2022-29819
+ RESERVED
+CVE-2022-29818
+ RESERVED
+CVE-2022-29817
+ RESERVED
+CVE-2022-29816
+ RESERVED
+CVE-2022-29815
+ RESERVED
+CVE-2022-29814
+ RESERVED
+CVE-2022-29813
+ RESERVED
+CVE-2022-29812
+ RESERVED
+CVE-2022-29811
+ RESERVED
+CVE-2022-1508
+ RESERVED
+CVE-2022-1507 (chafa: NULL Pointer Dereference in function
gif_internal_decode_frame ...)
+ TODO: check
+CVE-2022-1506
+ RESERVED
+CVE-2022-1505
+ RESERVED
+CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository
microweber/micro ...)
+ TODO: check
CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH
credenti ...)
TODO: check
CVE-2022-29809
RESERVED
-CVE-2022-1503
- RESERVED
+CVE-2022-1503 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
CVE-2022-1502
RESERVED
CVE-2022-1501
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1500
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1499
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1498
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1497
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1496
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1495
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1494
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1493
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1492
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1491
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1490
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1489
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1488
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1487
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1486
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1485
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1484
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1483
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1482
RESERVED
+ {DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1481
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3512b536 by Moritz Muehlenhoff at 2022-04-27T20:07:08+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -137,6 +137,7 @@ CVE-2022-1475
RESERVED
{DSA-5124-1}
- ffmpeg 7:4.4.2-1
+ [buster] - ffmpeg (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/9651
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f
(n4.4.2)
@@ -3535,6 +3536,8 @@ CVE-2022-28507
RESERVED
CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function
DumpScreen2RG ...)
- giflib
+ [bullseye] - giflib (Minor issue)
+ [buster] - giflib (Minor issue)
NOTE: https://sourceforge.net/p/giflib/bugs/159/
CVE-2022-28505
RESERVED
@@ -32864,6 +32867,8 @@ CVE-2021-43454 (An Unquoted Service Path vulnerability
exists in AnyTXT Searcher
NOT-FOR-US: AnyTXT Searcher for Windows
CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in
JerryScript 2.4.0 ...)
- iotjs
+ [bullseye] - iotjs (Minor issue)
+ [buster] - iotjs (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754
NOTE: Fixed by;
https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f
@@ -35529,6 +35534,8 @@ CVE-2021-42783 (Missing Authentication for Critical
Function vulnerability in de
NOT-FOR-US: D-Link
CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before
version 0.22. ...)
- opensc 0.22.0-1
+ [bullseye] - opensc (Minor issue)
+ [buster] - opensc (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448
NOTE:
https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f
(0.22.0-rc1)
NOTE:
https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3
(0.22.0)
@@ -35537,6 +35544,8 @@ CVE-2021-42782 (Stack buffer overflow issues were found
in Opensc before version
NOTE:
https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c
(0.22.0-rc1)
CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before
version 0.22.0 ...)
- opensc 0.22.0-1
+ [bullseye] - opensc (Minor issue)
+ [buster] - opensc (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439
NOTE:
https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749
(0.22.0-rc1)
NOTE:
https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4
(0.22.0-rc1)
@@ -35545,16 +35554,22 @@ CVE-2021-42781 (Heap buffer overflow issues were
found in Opensc before version
NOTE:
https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90
(0.22.0-rc1)
CVE-2021-42780 (A use after return issue was found in Opensc before version
0.22.0 in ...)
- opensc 0.22.0-1
+ [bullseye] - opensc (Minor issue)
+ [buster] - opensc (Minor issue)
NOTE:
https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e
(0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139
CVE-2021-42779 (A heap use after free issue was found in Opensc before version
0.22.0 ...)
- opensc 0.22.0-1
+ [bullseye] - opensc (Minor issue)
+ [buster] - opensc (Minor issue)
NOTE:
https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27
(0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086
CVE-2021-42778 (A heap double free issue was found in Opensc before version
0.22.0 in ...)
- opensc 0.22.0-1
+ [bullseye] - opensc (Minor issue)
+ [buster] - opensc (Minor issue)
NOTE:
https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7
(0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
@@ -39363,6 +39378,8 @@ CVE-2021-41752 (Stack overflow vulnerability in
Jerryscript before commit e1ce7d
TODO: check - could be only a test artifact
CVE-2021-41751 (Buffer overflow vulnerability in file
ecma-builtin-array-prototype.c:9 ...)
- iotjs
+ [bullseye] - iotjs (Minor issue)
+ [buster] - iotjs (Minor issue)
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
95fa19dc by Moritz Mühlenhoff at 2022-04-27T19:55:56+02:00
chromium DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[27 Apr 2022] DSA-5125-1 chromium - security update
+ {CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481
CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486
CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491
CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496
CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501}
+ [bullseye] - chromium 101.0.4951.41-1~deb11u1
[25 Apr 2022] DSA-5124-1 ffmpeg - security update
{CVE-2022-1475}
[bullseye] - ffmpeg 7:4.3.4-0+deb11u1
=
data/dsa-needed.txt
=
@@ -16,8 +16,6 @@ asterisk/oldstable
--
cacti
--
-chromium
---
condor/oldstable
--
epiphany-browser
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fa19dc6f0b2005731e41d61d795650b5fa52c6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fa19dc6f0b2005731e41d61d795650b5fa52c6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2022-28739 in ruby2.3 for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d03435d4 by Chris Lamb at 2022-04-27T09:08:39-07:00 Triage CVE-2022-28739 in ruby2.3 for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2852,6 +2852,7 @@ CVE-2022-28739 [Buffer overrun in String-to-Float conversion] - ruby2.5 [buster] - ruby2.5 (Minor issue, fix with next Ruby security release) - ruby2.3 + [stretch] - ruby2.3 (Minor issue; fix in next LTS release) NOTE: https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10) NOTE: https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6) NOTE: https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58 (v3_0_4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d03435d40d0b6fe44840edef005247fcb0fc59e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d03435d40d0b6fe44840edef005247fcb0fc59e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-devise-two-factor for stretch LTS (CVE-2021-43177)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c41bff28 by Chris Lamb at 2022-04-27T09:02:52-07:00 data/dla-needed.txt: Triage ruby-devise-two-factor for stretch LTS (CVE-2021-43177) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,10 @@ ring (Abhijith PA) NOTE: 20220404: package in archive is faulty. New regs can't be done due (abhijith) NOTE: 20220404: a network error (abhijith) -- +ruby-devise-two-factor + NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to this being the result + NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby) +-- salt -- samba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41bff28ca815348556234927d931f15a1fde904 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41bff28ca815348556234927d931f15a1fde904 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2022-28391 in busybox for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ea40503 by Chris Lamb at 2022-04-27T08:46:17-07:00 Triage CVE-2022-28391 in busybox for stretch LTS. - - - - - abdbd0a4 by Chris Lamb at 2022-04-27T08:46:49-07:00 Triage CVE-2022-1304 in e2fsprogs for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2212,6 +2212,7 @@ CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs - e2fsprogs (bug #1010263) [bullseye] - e2fsprogs (Minor issue) [buster] - e2fsprogs (Minor issue) + [stretch] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczer...@redhat.com/T/#u @@ -3766,6 +3767,7 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitr - busybox (bug #1010264) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) - linux 5.17.3-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a281b6acdcbf93848785283cc454d112a3b551...abdbd0a461826858e58492acad9f7605f893bf14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a281b6acdcbf93848785283cc454d112a3b551...abdbd0a461826858e58492acad9f7605f893bf14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 23a281b6 by Jeremiah C. Foster at 2022-04-27T11:16:17-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,7 +111,7 @@ mbedtls (Utkarsh) NOTE: 20220404: update prepared, needs testing. (utkarsh) NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh) -- -mitmproxy (Abhijith PA) +mitmproxy -- mruby -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new htmldoc non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b5ff5faf by Moritz Muehlenhoff at 2022-04-27T16:59:50+02:00 new htmldoc non issue new gitlab issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4392,7 +4392,7 @@ CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) - gitlab CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...) - TODO: check + NOT-FOR-US: Grav CMS CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...) - gpac [bullseye] - gpac (Minor issue) @@ -4932,7 +4932,10 @@ CVE-2022-28087 CVE-2022-28086 RESERVED CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ...) - TODO: check + - htmldoc (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/480 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 + NOTE: Crash in CLI tool, no security impact CVE-2022-28084 RESERVED CVE-2022-28083 @@ -15386,7 +15389,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...) - TODO: check + - gitlab CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) - radare2 NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d @@ -15726,7 +15729,7 @@ CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in a CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) NOT-FOR-US: WordPress plugin CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...) - TODO: check + NOT-FOR-US: Irker CVE-2022-0424 RESERVED CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...) @@ -43931,7 +43934,7 @@ CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versi CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) - gitlab (Specific to EE) CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters can be abu ...) - TODO: check + - gitlab CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) @@ -43999,7 +44002,7 @@ CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jir CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) - gitlab CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...) - TODO: check + - gitlab CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) - gitlab CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) @@ -51464,7 +51467,7 @@ CVE-2021-36897 CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36894 RESERVED CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) @@ -51520,7 +51523,7 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress CVE-2021-36868 RESERVED CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36866 RESERVED CVE-2021-36865 @@ -77314,9 +77317,9 @@ CVE-2021-26631 CVE-2021-26630 RESERVED CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...) - TODO: check + NOT-FOR-US: Tobesoft Xplatform CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...) - TODO: check + NOT-FOR-US: Maxboard CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...) NOT-FOR-US: EDrhyme QCP camera CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] various bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 68736fcb by Moritz Mühlenhoff at 2022-04-27T14:31:28+02:00 various bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2209,7 +2209,7 @@ CVE-2022-1305 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) - - e2fsprogs + - e2fsprogs (bug #1010263) [bullseye] - e2fsprogs (Minor issue) [buster] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 @@ -2709,7 +2709,7 @@ CVE-2022-28807 CVE-2022-28806 RESERVED CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...) - - lua5.4 + - lua5.4 (bug #1010265) [bullseye] - lua5.4 (Minor issue) NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa NOTE: http://lua-users.org/lists/lua-l/2022-02/msg1.html @@ -3763,7 +3763,7 @@ CVE-2022-28393 CVE-2022-28392 RESERVED CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) - - busybox + - busybox (bug #1010264) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68736fcb8ee8abe318cde90ad1458b074be9cc96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68736fcb8ee8abe318cde90ad1458b074be9cc96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update ansible status in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9d170c0 by Markus Koschany at 2022-04-27T14:01:05+02:00
Update ansible status in dla-needed.txt
- - - - -
3c1b4789 by Markus Koschany at 2022-04-27T14:02:30+02:00
Claim vim and ghostscript in dla-needed.txt
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
@@ -22,6 +22,8 @@ ansible
NOTE: 20210411: As discussed with the maintainer I will update Buster first
and
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
+ NOTE: 20220427: Lee Garrett (maintainer) took over the work a while ago. See
+ NOTE: 20220427: https://salsa.debian.org/debian/ansible/-/commits/stretch/
--
asterisk
--
@@ -51,7 +53,7 @@ gerbv
NOTE: 20220326: CVE-2021-40401 is fixed
https://salsa.debian.org/lts-team/packages/gerbv/-/blob/debian/stretch/debian/patches/CVE-2021-40401.patch
(Anton)
NOTE: 20220326: CVE-2021-4040{0,2,3} do not have confirmed upstream fixes
yet. (Anton)
--
-ghostscript
+ghostscript (Markus Koschany)
--
golang-1.7 (Sylvain Beucler)
NOTE: 20220402: harmonize with bullseye/11.3 (Beuc)
@@ -176,7 +178,7 @@ twisted (Stefano Rivera)
unzip
NOTE: 20220319: no patches yet but reproducible (apo)
--
-vim
+vim (Markus Koschany)
--
waitress
NOTE: 20220320: I am not sure if we should ignore CVE-2022-24761 as it is
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e9e315582802b25d9d513501f232fba2d555a2...3c1b4789244384ed56ad65b91d22896a3bc61e34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e9e315582802b25d9d513501f232fba2d555a2...3c1b4789244384ed56ad65b91d22896a3bc61e34
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-29458/ncurses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91e9e315 by Salvatore Bonaccorso at 2022-04-27T13:53:13+02:00 Track fixed version via unstable for CVE-2022-29458/ncurses - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -998,7 +998,7 @@ CVE-2022-29460 CVE-2022-29459 RESERVED CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...) - - ncurses (bug #1009870) + - ncurses 6.3+20220423-1 (bug #1009870) [bullseye] - ncurses (Minor issue) [buster] - ncurses (Minor issue) [stretch] - ncurses (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e9e315582802b25d9d513501f232fba2d555a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e9e315582802b25d9d513501f232fba2d555a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f832a040 by Moritz Muehlenhoff at 2022-04-27T13:52:12+02:00 buster/bullseye triage new busybox issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -755,7 +755,7 @@ CVE-2022-29568 CVE-2022-29567 RESERVED CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...) - TODO: check + NOT-FOR-US: Bulletproofs CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...) - mruby [bullseye] - mruby (Minor issue) @@ -2210,9 +2210,11 @@ CVE-2022-1305 [stretch] - chromium (see DSA 4562) CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) - e2fsprogs + [bullseye] - e2fsprogs (Minor issue) + [buster] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 - TODO: check when fixed + NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczer...@redhat.com/T/#u CVE-2022-1303 RESERVED CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...) @@ -2708,6 +2710,7 @@ CVE-2022-28806 RESERVED CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...) - lua5.4 + [bullseye] - lua5.4 (Minor issue) NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa NOTE: http://lua-users.org/lists/lua-l/2022-02/msg1.html NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html @@ -3760,7 +3763,10 @@ CVE-2022-28393 CVE-2022-28392 RESERVED CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) - TODO: check + - busybox + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-27239/cifs-utils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c39e281 by Salvatore Bonaccorso at 2022-04-27T13:44:03+02:00 Add CVE-2022-27239/cifs-utils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7069,8 +7069,13 @@ CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a [bullseye] - glewlwyd 2.5.2-2+deb11u3 [buster] - glewlwyd (Minor issue) NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2) -CVE-2022-27239 +CVE-2022-27239 [cifs-utils mount.cifs buffer overflow in ip parameter] RESERVED + - cifs-utils + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216 + NOTE: https://github.com/piastry/cifs-utils/pull/7 + NOTE: https://github.com/piastry/cifs-utils/commit/007c07fd91b6d42f8bd45187cf78ebb06801139d CVE-2022-27238 RESERVED CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c39e28115e76e34ff31a16c7b36a9fe5e584e6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c39e28115e76e34ff31a16c7b36a9fe5e584e6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: lts: take openvpn
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f78fc81 by Emilio Pozuelo Monfort at 2022-04-27T11:06:35+02:00 lts: take openvpn - - - - - bd79bfa2 by Emilio Pozuelo Monfort at 2022-04-27T11:06:46+02:00 Correct triage for CVE-2020-11810/jessie - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -144808,7 +144808,7 @@ CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attack - openvpn 2.4.9-1 (low) [buster] - openvpn 2.4.7-1+deb10u1 [stretch] - openvpn (Minor issue) - [jessie] - openvpn (Minor issue) + [jessie] - openvpn (Vulnerable code introduced in 2.4) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED = data/dla-needed.txt = @@ -125,7 +125,7 @@ nvidia-graphics-drivers -- openjdk-8 (pochu) -- -openvpn +openvpn (Emilio) NOTE: 20220402: harmonize with buster/10.10 (Beuc) -- pdns View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adc1880fba09fcc428cfc34707e7f2b354c06588...bd79bfa2dbac7749b434a91c41008b0ef9366dec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adc1880fba09fcc428cfc34707e7f2b354c06588...bd79bfa2dbac7749b434a91c41008b0ef9366dec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug referneces for curl issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adc1880f by Salvatore Bonaccorso at 2022-04-27T10:23:35+02:00 Add Debian bug referneces for curl issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5719,12 +5719,12 @@ CVE-2022-2 RESERVED CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED - - curl + - curl (bug #1010252) NOTE: https://curl.se/docs/CVE-2022-27776.html NOTE: Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0) CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED - - curl + - curl (bug #1010253) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-27775.html @@ -5732,7 +5732,7 @@ CVE-2022-27775 [Bad local IPv6 connection reuse] NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0) CVE-2022-27774 [Credential leak on redirect] RESERVED - - curl + - curl (bug #1010254) NOTE: https://curl.se/docs/CVE-2022-27774.html NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0) NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc1880fba09fcc428cfc34707e7f2b354c06588 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc1880fba09fcc428cfc34707e7f2b354c06588 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a72bc74 by Salvatore Bonaccorso at 2022-04-27T10:15:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2460,7 +2460,7 @@ CVE-2022-28920 CVE-2022-28919 RESERVED CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) - TODO: check + NOT-FOR-US: GreenCMS CVE-2022-28917 RESERVED CVE-2022-28916 @@ -3485,21 +3485,21 @@ CVE-2022-28530 CVE-2022-28529 RESERVED CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...) - TODO: check + NOT-FOR-US: bloofoxCMS CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...) - TODO: check + NOT-FOR-US: dhcms CVE-2022-28526 RESERVED CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload ...) - TODO: check + NOT-FOR-US: ED01-CMS CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: ED01-CMS CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...) - TODO: check + NOT-FOR-US: HongCMS CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: ZCMS CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...) - TODO: check + NOT-FOR-US: ZCMS CVE-2022-28520 RESERVED CVE-2022-28519 @@ -3642,11 +3642,11 @@ CVE-2022-28452 CVE-2022-28451 RESERVED CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...) - TODO: check + NOT-FOR-US: nopCommerce CVE-2022-28447 RESERVED CVE-2022-28446 @@ -4978,9 +4978,9 @@ CVE-2022-28061 CVE-2022-28060 RESERVED CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) - TODO: check + NOT-FOR-US: Verydows CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) - TODO: check + NOT-FOR-US: Verydows CVE-2022-28057 RESERVED CVE-2022-28056 @@ -5372,7 +5372,7 @@ CVE-2022-27890 CVE-2022-27889 RESERVED CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...) - TODO: check + NOT-FOR-US: Foundry Issues service CVE-2022-1102 RESERVED CVE-2022-1101 @@ -13676,7 +13676,7 @@ CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) - TODO: check + NOT-FOR-US: Ballcat Codegen CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) NOT-FOR-US: flask-session-captcha CVE-2022-24879 @@ -13709,7 +13709,7 @@ CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that pr - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...) NOT-FOR-US: HumHub CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some CVEs for zammad, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af6e65a3 by Salvatore Bonaccorso at 2022-04-27T10:14:41+02:00 Process some CVEs for zammad, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,9 +409,9 @@ CVE-2022-29703 CVE-2022-29702 RESERVED CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5. ...) - TODO: check + - zammad (bug #841355) CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows for the ...) - TODO: check + - zammad (bug #841355) CVE-2022-29699 RESERVED CVE-2022-29698 @@ -6824,9 +6824,9 @@ CVE-2022-27334 CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) NOT-FOR-US: idcCMS CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to write ent ...) - TODO: check + - zammad (bug #841355) CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...) - TODO: check + - zammad (bug #841355) CVE-2022-27330 RESERVED CVE-2022-27329 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6e65a367fbcbacf4fe0e5ce01151516ad7c248 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af6e65a367fbcbacf4fe0e5ce01151516ad7c248 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add freerdp source package for CVE-2022-2488{2,3}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1052e69d by Salvatore Bonaccorso at 2022-04-27T10:10:48+02:00
Add freerdp source package for CVE-2022-2488{2,3}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13665,11 +13665,13 @@ CVE-2022-24884
RESERVED
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
- freerdp2
+ - freerdp
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
NOTE: Fixed by (backport):
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
- freerdp2
+ - freerdp
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
NOTE: Pull request for stable 2.0 branch:
https://github.com/FreeRDP/FreeRDP/pull/7750
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1052e69def42d485e988654a1bc20934ab89fdf6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1052e69def42d485e988654a1bc20934ab89fdf6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a68aa4fc by security tracker role at 2022-04-27T08:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,100 +1,133 @@
+CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH
credenti ...)
+ TODO: check
+CVE-2022-29809
+ RESERVED
+CVE-2022-1503
+ RESERVED
+CVE-2022-1502
+ RESERVED
CVE-2022-1501
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1500
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1499
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1498
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1497
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1496
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1495
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1494
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1493
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1492
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1491
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1490
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1489
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1488
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1487
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1486
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1485
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1484
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1483
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1482
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1481
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1480
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1479
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1478
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
CVE-2022-1477
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium (see DSA 5046)
[stretch] - chromium (see DSA 4562)
@@ -102,6 +135,7 @@ CVE-2022-1476
RESERVED
CVE-2022-1475
RESERVED
+ {DSA-5124-1}
- ffmpeg 7:4.4.2-1
NOTE: https://trac.ffmpeg.org/ticket/9651
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
@@ -374,10 +408,10 @@ CVE-2022-29703
RESERVED
CVE-2022-29702
RESERVED
-CVE-2022-29701
- RESERVED
-CVE-2022-29700
- RESERVED
+CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of
Zammad v5.
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2488{2,3}/freerdp2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
48491567 by Salvatore Bonaccorso at 2022-04-27T09:30:37+02:00
Add CVE-2022-2488{2,3}/freerdp2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13631,9 +13631,15 @@ CVE-2022-24885
CVE-2022-24884
RESERVED
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
- TODO: check
+ - freerdp2
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
+ NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
+ NOTE: Fixed by (backport):
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
- TODO: check
+ - freerdp2
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
+ NOTE: Pull request for stable 2.0 branch:
https://github.com/FreeRDP/FreeRDP/pull/7750
CVE-2022-24881 (Ballcat Codegen provides the function of online editing code
to genera ...)
TODO: check
CVE-2022-24880 (flask-session-captcha is a package which allows users to
extend Flask ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4849156704142379ac1a6e4caf575a4364c319b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4849156704142379ac1a6e4caf575a4364c319b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d4cafa7 by Salvatore Bonaccorso at 2022-04-27T09:25:28+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4379,7 +4379,7 @@ CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in t CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through ...) - TODO: check + NOT-FOR-US: CipherMail Webmail Messenger CVE-2022-28217 RESERVED CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...) @@ -5105,9 +5105,9 @@ CVE-2022-27987 CVE-2022-27986 RESERVED CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: CuppaCMS CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: CuppaCMS CVE-2022-27983 RESERVED CVE-2022-27982 @@ -5498,7 +5498,7 @@ CVE-2022-27856 CVE-2022-27855 RESERVED CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...) @@ -6389,9 +6389,9 @@ CVE-2022-27471 CVE-2022-27470 RESERVED CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...) - TODO: check + NOT-FOR-US: Monstaftp CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...) - TODO: check + NOT-FOR-US: Monstaftp CVE-2022-27467 RESERVED CVE-2022-27466 @@ -6856,7 +6856,7 @@ CVE-2022-27301 CVE-2022-27300 RESERVED CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) - TODO: check + NOT-FOR-US: Hospital Management System CVE-2022-27298 RESERVED CVE-2022-27297 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d4cafa7a950e243ad3357e722885c74b7dc1172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d4cafa7a950e243ad3357e722885c74b7dc1172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-1475/ffmpeg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66e911bd by Salvatore Bonaccorso at 2022-04-27T09:18:52+02:00
Add CVE-2022-1475/ffmpeg
- - - - -
4a212780 by Salvatore Bonaccorso at 2022-04-27T09:19:17+02:00
Track CVE which was fixed in the DSA 5124-1
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -102,6 +102,11 @@ CVE-2022-1476
RESERVED
CVE-2022-1475
RESERVED
+ - ffmpeg 7:4.4.2-1
+ NOTE: https://trac.ffmpeg.org/ticket/9651
+ NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
+ NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f
(n4.4.2)
+ NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d
(n4.3.4)
CVE-2022-1474
RESERVED
CVE-2022-1473
=
data/DSA/list
=
@@ -1,4 +1,5 @@
[25 Apr 2022] DSA-5124-1 ffmpeg - security update
+ {CVE-2022-1475}
[bullseye] - ffmpeg 7:4.3.4-0+deb11u1
[18 Apr 2022] DSA-5123-1 xz-utils - security update
{CVE-2022-1271}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ba35c66c23d6bb59fd32be7e5d97ca67a235226...4a212780cd49259bcdf7593befec3aa826859a9d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9ba35c66c23d6bb59fd32be7e5d97ca67a235226...4a212780cd49259bcdf7593befec3aa826859a9d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2022-1466 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ba35c66 by Salvatore Bonaccorso at 2022-04-27T09:12:07+02:00 Process CVE-2022-1466 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -136,7 +136,7 @@ CVE-2022-1468 CVE-2022-1467 RESERVED CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...) - TODO: check + NOT-FOR-US: Red Hat Single Sign-On / Keycloak CVE-2022-29801 RESERVED CVE-2022-29800 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba35c66c23d6bb59fd32be7e5d97ca67a235226 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba35c66c23d6bb59fd32be7e5d97ca67a235226 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs in convert2rhel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 688dcbeb by Salvatore Bonaccorso at 2022-04-27T09:07:19+02:00 Process two NFUs in convert2rhel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9325,8 +9325,10 @@ CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to NOT-FOR-US: jboss-client CVE-2022-0852 RESERVED + NOT-FOR-US: Red Hat convert2rhel CVE-2022-0851 RESERVED + NOT-FOR-US: Red Hat convert2rhel CVE-2022-0850 RESERVED - linux 5.14.6-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688dcbeb6acb3ddb80ab4ffce412c5df02c61dee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688dcbeb6acb3ddb80ab4ffce412c5df02c61dee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2021-3523 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62f8362d by Salvatore Bonaccorso at 2022-04-27T09:06:11+02:00 Process CVE-2021-3523 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63625,6 +63625,7 @@ CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 CVE-2021-3523 RESERVED + NOT-FOR-US: Red Hat 3scale API gateway CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) NOT-FOR-US: Istio CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f8362d9a8a756c8ec82204429b58239df9a600 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f8362d9a8a756c8ec82204429b58239df9a600 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 014cfc6c by Salvatore Bonaccorso at 2022-04-27T09:05:06+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -16,6 +16,8 @@ asterisk/oldstable -- cacti -- +chromium +-- condor/oldstable -- epiphany-browser View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/014cfc6c2909752a9266aef286dbfd1d0d3a9732 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/014cfc6c2909752a9266aef286dbfd1d0d3a9732 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-2777{4,5,6}/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27298ada by Salvatore Bonaccorso at 2022-04-27T09:03:32+02:00
Update information for CVE-2022-2777{4,5,6}/curl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5682,17 +5682,21 @@ CVE-2022-27776 [Auth/cookie leak on redirect]
RESERVED
- curl
NOTE: https://curl.se/docs/CVE-2022-27776.html
- TODO: check
+ NOTE: Fixed by:
https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258
(curl-7_83_0)
CVE-2022-27775 [Bad local IPv6 connection reuse]
RESERVED
- curl
+ [buster] - curl (Vulnerable code introduced later)
+ [stretch] - curl (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2022-27775.html
- TODO: check
+ NOTE: Introduced by:
https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898
(curl-7_65_0)
+ NOTE: Fixed by:
https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705
(curl-7_83_0)
CVE-2022-27774 [Credential leak on redirect]
RESERVED
- curl
NOTE: https://curl.se/docs/CVE-2022-27774.html
- TODO: check
+ NOTE: Fixed by:
https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79
(curl-7_83_0)
+ NOTE: Followup:
https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08
(curl-7_83_0)
CVE-2022-27773
RESERVED
CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27298ada3ace3d7cdd14d8d0cebf7801f489f7d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27298ada3ace3d7cdd14d8d0cebf7801f489f7d9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 28782068 by Salvatore Bonaccorso at 2022-04-27T08:59:22+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2022-1501 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1500 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1499 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1498 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1497 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1496 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1495 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1494 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1493 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1492 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1491 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1490 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1489 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1488 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1487 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1486 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1485 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1484 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1483 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1482 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1481 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1480 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1479 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1478 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1477 + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) CVE-2022-1476 RESERVED CVE-2022-1475 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287820685081ad46d2a578d9fd7f1289a6cbc3df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287820685081ad46d2a578d9fd7f1289a6cbc3df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f681b89 by Henri Salo at 2022-04-27T09:55:35+03:00 CVE-2022-27774, CVE-2022-27775, CVE-2022-27776 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5578,12 +5578,21 @@ CVE-2022-27778 RESERVED CVE-2022-2 RESERVED -CVE-2022-27776 +CVE-2022-27776 [Auth/cookie leak on redirect] RESERVED -CVE-2022-27775 + - curl + NOTE: https://curl.se/docs/CVE-2022-27776.html + TODO: check +CVE-2022-27775 [Bad local IPv6 connection reuse] RESERVED -CVE-2022-27774 + - curl + NOTE: https://curl.se/docs/CVE-2022-27775.html + TODO: check +CVE-2022-27774 [Credential leak on redirect] RESERVED + - curl + NOTE: https://curl.se/docs/CVE-2022-27774.html + TODO: check CVE-2022-27773 RESERVED CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f681b8935afa0e97aee4ab25603bf053900bb1f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
