[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2021-44103

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
710bb111 by Salvatore Bonaccorso at 2022-06-14T07:45:46+02:00
Remove notes from CVE-2021-44103

CVE-2021-44103 was found to be a duplicate of CVE-2021-42192.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -39652,7 +39652,6 @@ CVE-2021-44104
RESERVED
 CVE-2021-44103
REJECTED
-   NOT-FOR-US: KONGA
 CVE-2021-44102
RESERVED
 CVE-2021-44101



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710bb11137385dc7aabbfbe80a0bf7527f031485

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710bb11137385dc7aabbfbe80a0bf7527f031485
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Drop notes from several CVEs originally for libsolv

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eddd8ba0 by Salvatore Bonaccorso at 2022-06-14T07:44:37+02:00
Drop notes from several CVEs originally for libsolv

They were all found to be duplicate assignments for the CVE-2021-3200
ID.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -38056,54 +38056,22 @@ CVE-2021-44578
RESERVED
 CVE-2021-44577
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/428
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44576
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/426
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44575
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/427
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44574
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/429
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44573
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/430
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44572
RESERVED
 CVE-2021-44571
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/421
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44570
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/424
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44569
REJECTED
-   - libsolv 0.7.17-1 (unimportant)
-   NOTE: https://github.com/openSUSE/libsolv/issues/423
-   NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-   NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv 
libsolv th ...)
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/425



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eddd8ba03295862c0403c720d0557e167086f9db

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eddd8ba03295862c0403c720d0557e167086f9db
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2022-25029

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2892f3fc by Salvatore Bonaccorso at 2022-06-14T07:41:47+02:00
Remove notes from CVE-2022-25029

CVE-2022-25029 is a duplicate assignment of CVE-2022-25096.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22902,7 +22902,6 @@ CVE-2022-25030
RESERVED
 CVE-2022-25029
REJECTED
-   NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered 
to contai ...)
NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25027



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2892f3fc112dc7f6c17a492fe0ebcd67f9b150bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2892f3fc112dc7f6c17a492fe0ebcd67f9b150bc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Cleanup notes for CVE-2022-27427

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7560b47 by Salvatore Bonaccorso at 2022-06-14T07:40:29+02:00
Cleanup notes for CVE-2022-27427

CVE-2022-27427 was found to be a duplicate of CVE-2021-38745.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -16084,7 +16084,6 @@ CVE-2022-27428 (A stored cross-site scripting (XSS) 
vulnerability in /index.php/
NOT-FOR-US: GalleryCMS
 CVE-2022-27427
REJECTED
-   NOT-FOR-US: Chamilo LMS
 CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 
allows at ...)
NOT-FOR-US: Chamilo LMS
 CVE-2022-27425 (Chamilo LMS v1.11.13 was discovered to contain a cross-site 
scripting  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7560b472e04971f6a0dcc8c472b456efcfc9d00

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7560b472e04971f6a0dcc8c472b456efcfc9d00
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Record upstream tag information for CVE-2022-26280

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9fe88b40 by Salvatore Bonaccorso at 2022-06-14T07:39:13+02:00
Record upstream tag information for CVE-2022-26280

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19435,7 +19435,7 @@ CVE-2022-26280 (Libarchive v3.6.0 was discovered to 
contain an out-of-bounds rea
[stretch] - libarchive  (Vulnerable code not present)
NOTE: https://github.com/libarchive/libarchive/issues/1672
NOTE: Introduced by: 
https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516
 (v3.4.0)
-   NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
+   NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
 (v3.6.1)
 CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the 
compone ...)
NOT-FOR-US: EyouCMS
 CVE-2022-26278 (Tenda AC9 v15.03.2.21_cn was discovered to contain a stack 
overflow vi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fe88b40e4c90a4084bdce72cb661a8cc6fa8e13

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fe88b40e4c90a4084bdce72cb661a8cc6fa8e13
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2022-28066

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25e3305e by Salvatore Bonaccorso at 2022-06-14T07:36:02+02:00
Remove notes for CVE-2022-28066

CVE-2022-28066 was found to be a duplicate of CVE-2022-26280 and the
latter should be used.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -14453,12 +14453,6 @@ CVE-2022-28067 (An incorrect access control issue in 
Sandboxie Classic v5.55.13
NOT-FOR-US: Sandboxie Classic
 CVE-2022-28066
REJECTED
-   - libarchive  (bug #1010696)
-   [bullseye] - libarchive  (Minor issue)
-   [buster] - libarchive  (Vulnerable code introduced later)
-   [stretch] - libarchive  (Vulnerable code introduced later)
-   NOTE: https://github.com/libarchive/libarchive/issues/1672
-   NOTE: 
https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
 (v3.6.1)
 CVE-2022-28065
RESERVED
 CVE-2022-28064



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25e3305e2d99bd7861e82cd1a431b8ec620d4841

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25e3305e2d99bd7861e82cd1a431b8ec620d4841
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove tracking of CVE-2022-30294

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b14de13c by Salvatore Bonaccorso at 2022-06-14T07:29:00+02:00
Remove tracking of CVE-2022-30294

It was found to be a duplicate of CVE-2022-30293 and got rejected.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=
data/CVE/list
=
@@ -7754,10 +7754,6 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc 
through 0.9.33.2 use predict
NOTE: src:uclibc switched to the uClibc-ng source codebase with the 
1.0.20-1 upload.
 CVE-2022-30294
REJECTED
-   {DSA-5155-1 DSA-5154-1}
-   - webkit2gtk 2.36.1-1
-   [stretch] - webkit2gtk  (Not covered by security support in 
stretch)
-   - wpewebkit 2.36.1-1
 CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a 
heap-based bu ...)
{DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.1-1


=
data/DSA/list
=
@@ -28,10 +28,10 @@
[buster] - firefox-esr 91.10.0esr-1~deb10u1
[bullseye] - firefox-esr 91.10.0esr-1~deb11u1
 [01 Jun 2022] DSA-5155-1 wpewebkit - security update
-   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293 CVE-2022-30294}
+   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293}
[bullseye] - wpewebkit 2.36.3-1~deb11u1
 [01 Jun 2022] DSA-5154-1 webkit2gtk - security update
-   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293 CVE-2022-30294}
+   {CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 
CVE-2022-26719 CVE-2022-30293}
[buster] - webkit2gtk 2.36.3-1~deb10u1
[bullseye] - webkit2gtk 2.36.3-1~deb11u1
 [30 May 2022] DSA-5153-1 trafficserver - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b14de13c245d6ec09f297a4c0c15128a5adef8d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b14de13c245d6ec09f297a4c0c15128a5adef8d0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-29162/runc

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3c0f062a by Salvatore Bonaccorso at 2022-06-14T07:25:52+02:00
Track fixed version via unstable for CVE-2022-29162/runc

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11072,7 +11072,7 @@ CVE-2022-29164 (Argo Workflows is an open source 
container-native workflow engin
 CVE-2022-29163 (Nextcloud Server is the file server software for Nextcloud, a 
self-hos ...)
- nextcloud-server  (bug #941708)
 CVE-2022-29162 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
-   - runc 
+   - runc 1.1.3+ds1-1
[bullseye] - runc  (Minor issue)
[buster] - runc  (Minor issue)
[stretch] - runc  (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f062a2c3e9658fbfee6fb6b26ac46b8ed3ee9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f062a2c3e9658fbfee6fb6b26ac46b8ed3ee9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b897eccc by Salvatore Bonaccorso at 2022-06-14T07:24:07+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -413,7 +413,7 @@ CVE-2022-2069
 CVE-2022-2068
RESERVED
 CVE-2022-2067 (SQL Injection in GitHub repository francoisjacquet/rosariosis 
prior to ...)
-   TODO: check
+   NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-2066 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
neorazorx/ ...)
NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-2065 (Cross-site Scripting (XSS) - Stored in GitHub repository 
neorazorx/fac ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b897eccc3a42c47f73b9be66d59952f220ff8a6a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b897eccc3a42c47f73b9be66d59952f220ff8a6a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim modsecurity-crs

[@gusnan]

Andreas Rönnquist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eace0e7e by Andreas Rönnquist at 2022-06-13T23:22:02+02:00
Claim modsecurity-crs

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -170,7 +170,7 @@ mbedtls (Utkarsh)
   NOTE: 20220516: helf off upload to see if the other one should
   NOTE: 20220516: be squeezed in. waiting on -pu. (utkarsh)
 --
-modsecurity-crs
+modsecurity-crs (Andreas Rönnquist)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 and 10.11 (2 
CVEs) (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eace0e7eac928588844f8f6280d3a0b6f8748caa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eace0e7eac928588844f8f6280d3a0b6f8748caa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2060/dolibarr

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61b14cf3 by Salvatore Bonaccorso at 2022-06-13T22:33:06+02:00
Add CVE-2022-2060/dolibarr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -427,7 +427,7 @@ CVE-2022-2062 (Exposure of Sensitive Information to an 
Unauthorized Actor in Git
 CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa 
prior  ...)
TODO: check
 CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository 
dolibarr/doli ...)
-   TODO: check
+   - dolibarr 
 CVE-2022-2059
RESERVED
 CVE-2021-46820



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b14cf36fdf3beb37522da460b0f5e2e7d42a3d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b14cf36fdf3beb37522da460b0f5e2e7d42a3d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e5f3ceba by Salvatore Bonaccorso at 2022-06-13T22:30:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19,9 +19,9 @@ CVE-2022-33179
 CVE-2022-33178
RESERVED
 CVE-2022-33175 (Power Distribution Units running on Powertek firmware 
(multiple brands ...)
-   TODO: check
+   NOT-FOR-US: Powertek
 CVE-2022-33174 (Power Distribution Units running on Powertek firmware 
(multiple brands ...)
-   TODO: check
+   NOT-FOR-US: Powertek
 CVE-2022-33173
RESERVED
 CVE-2022-33172
@@ -415,15 +415,15 @@ CVE-2022-2068
 CVE-2022-2067 (SQL Injection in GitHub repository francoisjacquet/rosariosis 
prior to ...)
TODO: check
 CVE-2022-2066 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
neorazorx/ ...)
-   TODO: check
+   NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-2065 (Cross-site Scripting (XSS) - Stored in GitHub repository 
neorazorx/fac ...)
-   TODO: check
+   NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-2064 (Insufficient Session Expiration in GitHub repository 
nocodb/nocodb pri ...)
-   TODO: check
+   NOT-FOR-US: nocodb
 CVE-2022-2063 (Improper Privilege Management in GitHub repository 
nocodb/nocodb prior ...)
-   TODO: check
+   NOT-FOR-US: nocodb
 CVE-2022-2062 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
-   TODO: check
+   NOT-FOR-US: nocodb
 CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa 
prior  ...)
TODO: check
 CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository 
dolibarr/doli ...)
@@ -933,11 +933,11 @@ CVE-2022-2040
 CVE-2021-46819
RESERVED
 CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by 
a memor ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by 
a memor ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by 
a memory ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2022-32769
RESERVED
 CVE-2022-32768
@@ -1705,13 +1705,13 @@ CVE-2022-1995
 CVE-2022-1994
RESERVED
 CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It 
has been d ...)
-   TODO: check
+   NOT-FOR-US: Navetti PricePoint
 CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It 
has been c ...)
-   TODO: check
+   NOT-FOR-US: Navetti PricePoint
 CVE-2017-20043 (A vulnerability was found in Navetti PricePoint 4.6.0.0 and 
classified ...)
-   TODO: check
+   NOT-FOR-US: Navetti PricePoint
 CVE-2017-20042 (A vulnerability has been found in Navetti PricePoint 4.6.0.0 
and class ...)
-   TODO: check
+   NOT-FOR-US: Navetti PricePoint
 CVE-2017-20041 (A vulnerability was found in Ucweb UC Browser 11.2.5.932. It 
has been  ...)
TODO: check
 CVE-2022-32452
@@ -2301,7 +2301,7 @@ CVE-2022-29926
 CVE-2022-29512
RESERVED
 CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to 
reflected C ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1984
RESERVED
 CVE-2022-1983
@@ -2587,7 +2587,7 @@ CVE-2022-29519
 CVE-2022-1962
RESERVED
 CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is 
vulnerable to  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1960
RESERVED
 CVE-2022-1959



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3cebabc7913ed630f552946c01a3ede02bf3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3cebabc7913ed630f552946c01a3ede02bf3c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5ec9cf3b by Salvatore Bonaccorso at 2022-06-13T22:18:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2411,7 +2411,7 @@ CVE-2022-1970
RESERVED
NOT-FOR-US: Keycloak
 CVE-2022-1969 (The Mobile browser color select plugin for WordPress is 
vulnerable to  ...)
-   TODO: check
+   NOT-FOR-US: Mobile browser color select plugin for WordPress
 CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim 
[bullseye] - vim  (Minor issue)
@@ -3488,7 +3488,7 @@ CVE-2022-1919
- firefox 101.0-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919
 CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to 
Cross-Site  ...)
-   TODO: check
+   NOT-FOR-US: ToolBar to Share plugin for WordPress
 CVE-2022-1917
RESERVED
 CVE-2022-1916
@@ -3559,7 +3559,7 @@ CVE-2022-1902
 CVE-2022-1901
RESERVED
 CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site 
Request Fo ...)
-   TODO: check
+   NOT-FOR-US: Copify plugin for WordPress
 CVE-2021-46815 (Configuration defects in the secure OS module. Successful 
exploitation ...)
TODO: check
 CVE-2021-46814 (The video framework has an out-of-bounds memory read/write 
vulnerabili ...)
@@ -4957,13 +4957,13 @@ CVE-2022-1824
 CVE-2022-1823
RESERVED
 CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable 
to Refle ...)
-   TODO: check
+   NOT-FOR-US: Zephyr Project Manager plugin for WordPress
 CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab 
NOTE: 
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to 
Reflected  ...)
-   TODO: check
+   NOT-FOR-US: Keep Backup Daily plugin for WordPress
 CVE-2022-1819 (A vulnerability, which was classified as problematic, was found 
in Stu ...)
NOT-FOR-US: Student Information System
 CVE-2022-1818
@@ -4975,7 +4975,7 @@ CVE-2022-1816 (A vulnerability, which was classified as 
problematic, has been fo
 CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
NOT-FOR-US: jgraph/drawio
 CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not 
sanitise an ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-30549
RESERVED
 CVE-2022-29524
@@ -5126,7 +5126,7 @@ CVE-2022-31216
 CVE-2022-1801
RESERVED
 CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin 
before 1.3.5 ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1799
RESERVED
 CVE-2022-1798
@@ -5654,21 +5654,21 @@ CVE-2022-1795 (Use After Free in GitHub repository 
gpac/gpac prior to v2.1.0-DEV
 CVE-2022-1794
RESERVED
 CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF 
check  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not 
have CSRF  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1791 (The One Click Plugin Updater WordPress plugin through 2.4.14 
does not  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1790 (The New User Email Set Up WordPress plugin through 0.5.2 does 
not have ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in 
a call  ...)
{DSA-5161-1}
- linux 5.17.11-1
NOTE: 
https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
 CVE-2022-1788 (Due to missing checks the Change Uploaded File Permissions 
WordPress p ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1787 (The Sideblog WordPress plugin through 6.0 does not have CSRF 
check in  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s 
io_uring s ...)
{DSA-5161-1}
- linux 5.14.6-1
@@ -5691,15 +5691,15 @@ CVE-2022-1783 (An issue has been discovered in GitLab 
CE/EE affecting all versio
 CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository 
erudika/para ...)
NOT-FOR-US: erudika/para
 CVE-2022-1781 (The postTabs WordPress plugin through 2.10.6 does not have CSRF 
check  ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have 
CSRF check ...)
-   TODO: check
+   NOT-FOR-US: WordPress pl

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0df9630e by security tracker role at 2022-06-13T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,451 @@
+CVE-2022-33187
+   RESERVED
+CVE-2022-33186
+   RESERVED
+CVE-2022-33185
+   RESERVED
+CVE-2022-33184
+   RESERVED
+CVE-2022-33183
+   RESERVED
+CVE-2022-33182
+   RESERVED
+CVE-2022-33181
+   RESERVED
+CVE-2022-33180
+   RESERVED
+CVE-2022-33179
+   RESERVED
+CVE-2022-33178
+   RESERVED
+CVE-2022-33175 (Power Distribution Units running on Powertek firmware 
(multiple brands ...)
+   TODO: check
+CVE-2022-33174 (Power Distribution Units running on Powertek firmware 
(multiple brands ...)
+   TODO: check
+CVE-2022-33173
+   RESERVED
+CVE-2022-33172
+   RESERVED
+CVE-2022-33171
+   RESERVED
+CVE-2022-33170
+   RESERVED
+CVE-2022-33169
+   RESERVED
+CVE-2022-33168
+   RESERVED
+CVE-2022-33167
+   RESERVED
+CVE-2022-33166
+   RESERVED
+CVE-2022-33165
+   RESERVED
+CVE-2022-33164
+   RESERVED
+CVE-2022-33163
+   RESERVED
+CVE-2022-33162
+   RESERVED
+CVE-2022-33161
+   RESERVED
+CVE-2022-33160
+   RESERVED
+CVE-2022-33159
+   RESERVED
+CVE-2022-33158
+   RESERVED
+CVE-2022-33157
+   RESERVED
+CVE-2022-33156
+   RESERVED
+CVE-2022-33155
+   RESERVED
+CVE-2022-33154
+   RESERVED
+CVE-2022-33153
+   RESERVED
+CVE-2022-33152
+   RESERVED
+CVE-2022-33149
+   RESERVED
+CVE-2022-33148
+   RESERVED
+CVE-2022-33147
+   RESERVED
+CVE-2022-33140
+   RESERVED
+CVE-2022-33139
+   RESERVED
+CVE-2022-33138
+   RESERVED
+CVE-2022-33137
+   RESERVED
+CVE-2022-33136
+   RESERVED
+CVE-2022-33135
+   RESERVED
+CVE-2022-33134
+   RESERVED
+CVE-2022-33133
+   RESERVED
+CVE-2022-33132
+   RESERVED
+CVE-2022-33131
+   RESERVED
+CVE-2022-33130
+   RESERVED
+CVE-2022-33129
+   RESERVED
+CVE-2022-33128
+   RESERVED
+CVE-2022-33127
+   RESERVED
+CVE-2022-33126
+   RESERVED
+CVE-2022-33125
+   RESERVED
+CVE-2022-33124
+   RESERVED
+CVE-2022-33123
+   RESERVED
+CVE-2022-33122
+   RESERVED
+CVE-2022-33121
+   RESERVED
+CVE-2022-33120
+   RESERVED
+CVE-2022-33119
+   RESERVED
+CVE-2022-33118
+   RESERVED
+CVE-2022-33117
+   RESERVED
+CVE-2022-33116
+   RESERVED
+CVE-2022-33115
+   RESERVED
+CVE-2022-33114
+   RESERVED
+CVE-2022-33113
+   RESERVED
+CVE-2022-33112
+   RESERVED
+CVE-2022-33111
+   RESERVED
+CVE-2022-33110
+   RESERVED
+CVE-2022-33109
+   RESERVED
+CVE-2022-33108
+   RESERVED
+CVE-2022-33107
+   RESERVED
+CVE-2022-33106
+   RESERVED
+CVE-2022-33105
+   RESERVED
+CVE-2022-33104
+   RESERVED
+CVE-2022-33103
+   RESERVED
+CVE-2022-33102
+   RESERVED
+CVE-2022-33101
+   RESERVED
+CVE-2022-33100
+   RESERVED
+CVE-2022-33099
+   RESERVED
+CVE-2022-33098
+   RESERVED
+CVE-2022-33097
+   RESERVED
+CVE-2022-33096
+   RESERVED
+CVE-2022-33095
+   RESERVED
+CVE-2022-33094
+   RESERVED
+CVE-2022-33093
+   RESERVED
+CVE-2022-33092
+   RESERVED
+CVE-2022-33091
+   RESERVED
+CVE-2022-33090
+   RESERVED
+CVE-2022-33089
+   RESERVED
+CVE-2022-33088
+   RESERVED
+CVE-2022-33087
+   RESERVED
+CVE-2022-33086
+   RESERVED
+CVE-2022-33085
+   RESERVED
+CVE-2022-33084
+   RESERVED
+CVE-2022-33083
+   RESERVED
+CVE-2022-33082
+   RESERVED
+CVE-2022-33081
+   RESERVED
+CVE-2022-33080
+   RESERVED
+CVE-2022-33079
+   RESERVED
+CVE-2022-33078
+   RESERVED
+CVE-2022-33077
+   RESERVED
+CVE-2022-33076
+   RESERVED
+CVE-2022-33075
+   RESERVED
+CVE-2022-33074
+   RESERVED
+CVE-2022-33073
+   RESERVED
+CVE-2022-33072
+   RESERVED
+CVE-2022-33071
+   RESERVED
+CVE-2022-33070
+   RESERVED
+CVE-2022-33069
+   RESERVED
+CVE-2022-33068
+   RESERVED
+CVE-2022-33067
+   RESERVED
+CVE-2022-33066
+   RESERVED
+CVE-2022-33065
+   RESERVED
+CVE-2022-33064
+   RESERVED
+CVE-2022-33063
+   RESERVED
+CVE-2022-33062
+   RESERVED
+CVE-2022-33061
+   RESERVED
+CVE-2022-33060
+   RESERVED
+CVE-2022-33059
+   RESERVED
+CVE-2022-33058
+   RESERVED
+CVE-2022-33057
+   RESERVED
+CVE-2022-33056
+   RESERVED
+CVE-2022-33055
+   RESERVED
+CVE-2022-33054
+   RESERVED
+CVE-2022-33053
+   RESERVED
+CVE-2022-33052
+   RESERVED
+CVE-2022-33051
+   RESERVED
+CVE-2022-33050
+   RESERVED
+CVE-2022-33049
+   RESERVED
+CVE-2022-33048
+   RESERVED
+CVE-2022-33047
+   RESERVED
+CVE-2022-33046
+   RESERVED
+CVE-2022-33045
+   RESERVED
+CVE-2022-33044
+   RESERVED
+CVE-2022-33043
+   RESERVED
+CVE-2022-33042
+   RESERVE

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f80932d5 by Anton Gladky at 2022-06-13T22:02:06+02:00
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Anton Gladky 

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -39,7 +39,7 @@ ckeditor
   NOTE: 20220510: waiting for ckeditor_3_ discussion to close up first (Beuc)
   NOTE: 20220510: https://lists.debian.org/debian-lts/2022/05/msg00018.html
 --
-curl (Emilio)
+curl
   NOTE: 20220529: Programming language: C.
   NOTE: 20220530: update prepared, but there are test regressions, 
investigating (pochu)
 --
@@ -56,7 +56,7 @@ exempi
   NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further 
analysis
   NOTE: 20220517: is needed.
 --
-firmware-nonfree (Markus Koschany)
+firmware-nonfree
   NOTE: 20220529: Programming language: binary blob.
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
@@ -128,7 +128,7 @@ lemonldap-ng
   NOTE: 20220529: Programming language: Perl.
   NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 
10.5 (regression fix) (Beuc/front-desk)
 --
-liblouis (Andreas Rönnquist)
+liblouis
   NOTE: 20220529: Programming language: C.
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
   NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.
@@ -240,7 +240,7 @@ pyjwt
   NOTE: 20220610: intention to mark as no-dsa for stretch, and will do so in a 
few days
   NOTE: 20220610: see 
https://lists.debian.org/msgid-search/20220610102343.6o3ak3ehc3jdo...@enricozini.org
 (enrico)
 --
-qemu (Abhijith PA)
+qemu
   NOTE: 20220529: Programming language: C.
   NOTE: 20220527: a few new CVEs since last DLA, and buster got no updates 
since 2 years,
   NOTE: 20220527: so maybe coordinate to start anticipating the next LTS 
(Beuc/front-desk)
@@ -305,7 +305,7 @@ systemd (Stefano Rivera)
   NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but 
at the
   NOTE: 20220524: same time is severe and was fixed in other old distros 
(Beuc/front-desk)
 --
-tiff (Utkarsh)
+tiff
   NOTE: 20220529: Programming language: C.
   NOTE: 20220404: jessie upload at 
https://salsa.debian.org/lts-team/packages/tiff.
   NOTE: 20220404: if that works out well, I'll roll the same for stretch. 
(utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80932d5012591d55da525bfa43fcdd2c194cdfb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80932d5012591d55da525bfa43fcdd2c194cdfb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-23712/elasticsearch

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4e0f451 by Salvatore Bonaccorso at 2022-06-13T20:58:52+02:00
Add CVE-2022-23712/elasticsearch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -27274,7 +27274,7 @@ CVE-2022-23714
 CVE-2022-23713
RESERVED
 CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch. 
Using this v ...)
-   TODO: check
+   - elasticsearch 
 CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information 
related t ...)
- kibana  (bug #700337)
 CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in 
the Data  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e0f451c4a37b88788dd47e7a630694b3dae46c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e0f451c4a37b88788dd47e7a630694b3dae46c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4f0eb9a by Salvatore Bonaccorso at 2022-06-13T20:56:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6271,11 +6271,11 @@ CVE-2022-30618 (An authenticated user with access to 
the Strapi admin panel can
 CVE-2022-30617 (An authenticated user with access to the Strapi admin panel 
can view p ...)
NOT-FOR-US: Strapi
 CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a 
hard-coded cred ...)
-   TODO: check
+   NOT-FOR-US: Rakuten Casa
 CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version 
AP_F_V1_ ...)
-   TODO: check
+   NOT-FOR-US: Rakuten Casa
 CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version 
AP_F_V1_ ...)
-   TODO: check
+   NOT-FOR-US: Rakuten Casa
 CVE-2022-1705
RESERVED
 CVE-2022-1704
@@ -6319,7 +6319,7 @@ CVE-2022-29522
 CVE-2022-29482
RESERVED
 CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics 
versions pr ...)
-   TODO: check
+   NOT-FOR-US: WordPress plugin
 CVE-2022-26302
RESERVED
 CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository 
causefx/organiz ...)
@@ -6403,9 +6403,9 @@ CVE-2022-30589
 CVE-2022-30588
RESERVED
 CVE-2022-30587 (Gradle Enterprise through 2022.2.2 has Incorrect Access 
Control that l ...)
-   TODO: check
+   NOT-FOR-US: Gradle Enterprise
 CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access 
Control that l ...)
-   TODO: check
+   NOT-FOR-US: Gradle Enterprise
 CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) 
contains an ...)
NOT-FOR-US: Archer
 CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an 
Improper Access ...)
@@ -6807,7 +6807,7 @@ CVE-2022-30498
 CVE-2022-30497
RESERVED
 CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version 
1.0, all ...)
-   TODO: check
+   NOT-FOR-US: IDCE MV's application
 CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name 
id param ...)
NOT-FOR-US: oretnom23 Automotive Shop Management System
 CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first 
and las ...)
@@ -7125,7 +7125,7 @@ CVE-2022-30336
 CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL 
injection via  ...)
NOT-FOR-US: Bonanza Wealth Management System
 CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier 
allows a r ...)
-   TODO: check
+   NOT-FOR-US: RCCMD
 CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
- tiff 
[bullseye] - tiff  (Minor issue)
@@ -7315,7 +7315,7 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE 
WebKit), there is a heap-ba
[stretch] - webkit2gtk  (Not covered by security support in 
stretch)
- wpewebkit 2.36.1-1
 CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site 
scripti ...)
-   TODO: check
+   NOT-FOR-US: Strapi
 CVE-2022-1602
RESERVED
 CVE-2022-1601
@@ -9309,7 +9309,7 @@ CVE-2022-29619
 CVE-2022-29618
RESERVED
 CVE-2022-29617 (Due to improper error handling an authenticated user can crash 
CLA ass ...)
-   TODO: check
+   NOT-FOR-US: CLA assistant
 CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an 
attacker to l ...)
NOT-FOR-US: SAP
 CVE-2022-29615
@@ -14042,7 +14042,7 @@ CVE-2022-28053 (Typemill v1.5.3 was discovered to 
contain an arbitrary file uplo
 CVE-2022-28052 (Directory Traversal vulnerability in file 
cn/roothub/store/FileSystemS ...)
NOT-FOR-US: Roothub
 CVE-2022-28051 (The "Add category" functionality inside the "Global Keywords" 
menu in  ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2022-28050
RESERVED
 CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer 
dereference v ...)
@@ -15425,7 +15425,7 @@ CVE-2022-27504
 CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront 
affects  ...)
NOT-FOR-US: Citrix
 CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows 
local privil ...)
-   TODO: check
+   NOT-FOR-US: RealVNC VNC Server
 CVE-2022-27501
RESERVED
 CVE-2022-27500
@@ -15621,7 +15621,7 @@ CVE-2022-27440
 CVE-2022-27439
RESERVED
 CVE-2022-27438 (Caphyon Ltd Advanced Installer 19.2 was discovered to contain 
a remote ...)
-   TODO: check
+   NOT-FOR-US: Caphyon Ltd Advanced Installer
 CVE-2022-27437
RESERVED
 CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in 
/public/admin/index.php? ...)
@@ -18798,7 +18798,7 @@ CVE-2022-0825 (The Amelia WordPress plugin before 
1.0.49 does not

[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c946259b by Moritz Muehlenhoff at 2022-06-13T18:42:16+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,7 +7,7 @@ CVE-2022-2056
 CVE-2022-2055
RESERVED
 CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 
0.9. ...)
-   - nuitka 
+   - nuitka  (bug #1012762)
[bullseye] - nuitka  (Minor issue)
[buster] - nuitka  (Minor issue)
NOTE: https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/
@@ -1247,7 +1247,7 @@ CVE-2022-1998 (A use after free in the Linux kernel File 
System notify functiona
 CVE-2022-1997 (Cross-site Scripting (XSS) - Stored in GitHub repository 
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub 
repository  ...)
-   - golang-github-emicklei-go-restful 
+   - golang-github-emicklei-go-restful  (bug #1012763)
[bullseye] - golang-github-emicklei-go-restful  (Minor issue)
[buster] - golang-github-emicklei-go-restful  (Minor issue)
NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c946259b1b80f40b60d785fd74847e45a4ac846d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c946259b1b80f40b60d785fd74847e45a4ac846d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f5fe6c91 by Moritz Muehlenhoff at 2022-06-13T18:41:23+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1759,9 +1759,9 @@ CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in 
GitHub repository neorazo
 CVE-2022-32274
RESERVED
 CVE-2022-32273 (As a result of an observable discrepancy in returned messages, 
OPSWAT  ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender Core
 CVE-2022-32272 (OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect 
access co ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender Core
 CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote 
Arbitrary Code ...)
NOT-FOR-US: Real Player
 CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() 
allows do ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5fe6c918f1920958a8fadc223d74bb9eb8bfa08

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5fe6c918f1920958a8fadc223d74bb9eb8bfa08
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2020-14374, CVE-2020-14375, CVE-2020-14376, CVE-2020-14377, CVE-2020-14378/dpd...

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ac6b3779 by Sylvain Beucler at 2022-06-13T18:33:18+02:00
CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378/dpdk:
 reference upstream patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -147098,26 +147098,31 @@ CVE-2020-14378 (An integer underflow in dpdk 
versions before 18.11.10 and before
[buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk  (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+   NOTE: 
https://git.dpdk.org/dpdk-stable/commit/?id=7a5af91f8bf46f121cc1a7873045ef37f63d56c2
 (v18.11.10)
 CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk  (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+   NOTE: 
https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090
 (v18.11.10)
 CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk  (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+   NOTE: 
https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090
 (v18.11.10)
 CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk  (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+   NOTE: 
https://git.dpdk.org/dpdk-stable/commit/?id=6e8a4da39e68c581c236b1f109fef4b6e22b35ef
 (v18.11.10)
 CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk  (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+   NOTE: 
https://git.dpdk.org/dpdk-stable/commit/?id=75f8df70a2c8a477ed61bf3145746ef1164466ce
 (v18.11.10)
 CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of 
psi/igc.c of g ...)
- ghostscript 9.26~dfsg-1
[stretch] - ghostscript 9.26~dfsg-0+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac6b37790c03543304d412a738abed76bbd4f2cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac6b37790c03543304d412a738abed76bbd4f2cb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new spring security issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41b24e18 by Moritz Mühlenhoff at 2022-06-13T18:06:54+02:00
new spring security issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29713,11 +29713,11 @@ CVE-2022-22980
 CVE-2022-22979
RESERVED
 CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older 
unsupported vers ...)
-   TODO: check
+   - libspring-security-2.0-java 
 CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains 
an XML Ex ...)
NOT-FOR-US: VMware
 CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 
5.6.4, a ...)
-   TODO: check
+   - libspring-security-2.0-java 
 CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either 
LADPIde ...)
NOT-FOR-US: vmware-tanzu/pinniped
 CVE-2022-22974



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b24e185abc95311bb1c0994d8c9479ea52b97e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b24e185abc95311bb1c0994d8c9479ea52b97e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] runc spu

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
054fdb68 by Moritz Mühlenhoff at 2022-06-13T18:04:48+02:00
runc spu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=
data/CVE/list
=
@@ -10624,6 +10624,8 @@ CVE-2022-29163 (Nextcloud Server is the file server 
software for Nextcloud, a se
- nextcloud-server  (bug #941708)
 CVE-2022-29162 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
- runc 
+   [bullseye] - runc  (Minor issue)
+   [buster] - runc  (Minor issue)
[stretch] - runc  (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1
NOTE: 
https://github.com/opencontainers/runc/commit/364ec0f1b4fa188ad96049c590ecb42fa70ea165
 (v1.1.2)


=
data/next-point-update.txt
=
@@ -124,3 +124,5 @@ CVE-2022-30556
[bullseye] - apache2 2.4.54-1~deb11u1
 CVE-2022-31813
[bullseye] - apache2 2.4.54-1~deb11u1
+CVE-2022-29162
+   [bullseye] - runc 1.0.0~rc93+ds1-5+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/054fdb689a3eba7c109f14c2939cb9db6f75c6bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/054fdb689a3eba7c109f14c2939cb9db6f75c6bf
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new golang-github-emicklei-go-restful issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b99eba4 by Moritz Muehlenhoff at 2022-06-13T14:55:09+02:00
new golang-github-emicklei-go-restful issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1097,7 +1097,7 @@ CVE-2022-32500
 CVE-2022-32499
RESERVED
 CVE-2022-2013 (In Octopus Server after version 2022.1.1495 and before 
2022.1.2647 if  ...)
-   TODO: check
+   NOT-FOR-US: Octopus Server
 CVE-2022-2012
RESERVED
 CVE-2022-2011
@@ -1247,7 +1247,11 @@ CVE-2022-1998 (A use after free in the Linux kernel File 
System notify functiona
 CVE-2022-1997 (Cross-site Scripting (XSS) - Stored in GitHub repository 
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub 
repository  ...)
-   TODO: check
+   - golang-github-emicklei-go-restful 
+   [bullseye] - golang-github-emicklei-go-restful  (Minor issue)
+   [buster] - golang-github-emicklei-go-restful  (Minor issue)
+   NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/
+   NOTE: 
https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10
 CVE-2022-1995
RESERVED
 CVE-2022-1994



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b99eba4fcfd0d6fbf17746434996b4a33eb2666

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b99eba4fcfd0d6fbf17746434996b4a33eb2666
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] golang-gopkg-yaml.v3 fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74801e73 by Moritz Muehlenhoff at 2022-06-13T14:40:02+02:00
golang-gopkg-yaml.v3 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11283,7 +11283,7 @@ CVE-2022-28950
 CVE-2022-28949
RESERVED
 CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the 
program to ...)
-   - golang-gopkg-yaml.v3  (bug #1011338)
+   - golang-gopkg-yaml.v3 3.0.1-1 (bug #1011338)
NOTE: https://github.com/go-yaml/yaml/issues/666
NOTE: 
https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754 
(v3.0.0)
 CVE-2022-28947



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74801e73dd4b69da0af05500c7655fc6c6ce956b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74801e73dd4b69da0af05500c7655fc6c6ce956b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update notes

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
debb0e2a by Thorsten Alteholz at 2022-06-13T10:25:36+02:00
update notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -25,6 +25,7 @@ blender (Thorsten Alteholz)
   NOTE: 20220529: Programming language: C++.
   NOTE: 20220528: 3 CVEs now fixed in unstable, but maintainer never was 
approached to fix in stable/oldstable,
   NOTE: 20220528: maybe coordinate with them (Beuc/front-desk)
+  NOTE: 20220613: testing package
 --
 cgal
   NOTE: 20220529: Programming language: C++.
@@ -75,6 +76,7 @@ golang-github-hashicorp-go-getter (Thorsten Alteholz)
   NOTE: 20220529: Programming language: Go.
   NOTE: 20220528: limited golang support in stretch (cf. stretch release notes)
   NOTE: 20220528: no rdeps AFAICS so no need to rebuild other golang packages 
(Beuc/front-desk)
+  NOTE: 20220613: testing package
 --
 golang-go.crypto
   NOTE: 20220529: Programming language: Go.
@@ -175,6 +177,7 @@ modsecurity-crs
 ncurses (Thorsten Alteholz)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 (2-3 CVEs + 
some non-CVE'd issues) (Beuc/front-desk)
+  NOTE: 20220613: testing package
 --
 ntfs-3g
   NOTE: 20220529: Programming language: C.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/debb0e2a201d08b07f97426d6b5c54f5cf42fb21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/debb0e2a201d08b07f97426d6b5c54f5cf42fb21
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
babd4332 by security tracker role at 2022-06-13T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2022-2058
+   RESERVED
+CVE-2022-2057
+   RESERVED
+CVE-2022-2056
+   RESERVED
+CVE-2022-2055
+   RESERVED
 CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 
0.9. ...)
- nuitka 
[bullseye] - nuitka  (Minor issue)
@@ -1088,8 +1096,8 @@ CVE-2022-32500
RESERVED
 CVE-2022-32499
RESERVED
-CVE-2022-2013
-   RESERVED
+CVE-2022-2013 (In Octopus Server after version 2022.1.1495 and before 
2022.1.2647 if  ...)
+   TODO: check
 CVE-2022-2012
RESERVED
 CVE-2022-2011
@@ -6258,12 +6266,12 @@ CVE-2022-30618 (An authenticated user with access to 
the Strapi admin panel can
NOT-FOR-US: Strapi
 CVE-2022-30617 (An authenticated user with access to the Strapi admin panel 
can view p ...)
NOT-FOR-US: Strapi
-CVE-2022-29525
-   RESERVED
-CVE-2022-28704
-   RESERVED
-CVE-2022-26834
-   RESERVED
+CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a 
hard-coded cred ...)
+   TODO: check
+CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version 
AP_F_V1_ ...)
+   TODO: check
+CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version 
AP_F_V1_ ...)
+   TODO: check
 CVE-2022-1705
RESERVED
 CVE-2022-1704
@@ -6306,8 +6314,8 @@ CVE-2022-29522
RESERVED
 CVE-2022-29482
RESERVED
-CVE-2022-27231
-   RESERVED
+CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics 
versions pr ...)
+   TODO: check
 CVE-2022-26302
RESERVED
 CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository 
causefx/organiz ...)
@@ -7112,8 +7120,8 @@ CVE-2022-30336
RESERVED
 CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL 
injection via  ...)
NOT-FOR-US: Bonanza Wealth Management System
-CVE-2022-26041
-   RESERVED
+CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier 
allows a r ...)
+   TODO: check
 CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
- tiff 
[bullseye] - tiff  (Minor issue)
@@ -7302,8 +7310,8 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE 
WebKit), there is a heap-ba
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk  (Not covered by security support in 
stretch)
- wpewebkit 2.36.1-1
-CVE-2022-29894
-   RESERVED
+CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site 
scripti ...)
+   TODO: check
 CVE-2022-1602
RESERVED
 CVE-2022-1601
@@ -8915,8 +8923,8 @@ CVE-2022-29790 (The graphics acceleration service has a 
vulnerability in multi-t
NOT-FOR-US: Huawei
 CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity 
of the pr ...)
NOT-FOR-US: Huawei
-CVE-2022-27174
-   RESERVED
+CVE-2022-27174 (Cross-site request forgery (CSRF) vulnerability in Easy Blog 
for EC-CU ...)
+   TODO: check
 CVE-2022-1465 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 
2.9.9 d ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. 
As the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babd433266e4dd51908e242ea5335be391303766

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babd433266e4dd51908e242ea5335be391303766
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits