[Git][security-tracker-team/security-tracker][fix_987283] Wrap comment line at ca. 80 symbols
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker Commits: c28bf164 by Anton Gladky at 2022-08-08T21:21:28+00:00 Wrap comment line at ca. 80 symbols - - - - - 1 changed file: - data/packages/ignored-debian-bug-packages Changes: = data/packages/ignored-debian-bug-packages = @@ -1,4 +1,5 @@ -# This file lists packages which by default should be ignored from reporting bugs for Debian unstable. +# This file lists packages which by default should be ignored from reporting +# bugs for Debian unstable. linux gitlab \ No newline at end of file View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c28bf164fff7792988c502883f4ef69dc1e62da7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c28bf164fff7792988c502883f4ef69dc1e62da7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71658853 by Salvatore Bonaccorso at 2022-08-08T22:25:52+02:00 Process some NFUs - - - - - 502a8b9e by Salvatore Bonaccorso at 2022-08-08T22:25:54+02:00 Add new zammad CVEs, itped - - - - - be4c2264 by Salvatore Bonaccorso at 2022-08-08T22:25:55+02:00 Add CVE-2022-34293/wolfssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -869,25 +869,25 @@ CVE-2022-37454 CVE-2022-37453 RESERVED CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Student Information System CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) - TODO: check + NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) @@ -4060,13 +4060,13 @@ CVE-2022-36269 CVE-2022-36268 RESERVED CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...) - TODO: check + NOT-FOR-US: Airspan AirSpot CVE-2022-36263 RESERVED CVE-2022-36262 @@ -5843,13 +5843,13 @@ CVE-2022-35492 CVE-2022-35491 RESERVED CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...) - TODO: check + - zammad (bug #841355) CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...) - TODO: check + - zammad (bug #841355) CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...) - TODO: check + - zammad (bug #841355) CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...) - TODO: check + - zammad (bug #841355) CVE-2022-35486 RESERVED CVE-2022-35485 @@ -9012,7 +9012,8 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...) CVE-2022-34294 RESERVED CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) - TODO: check + - wolfssl + NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 CVE-2022-34292 RESERVED CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) @@ -23593,7 +23594,7 @@ CVE-2022-1325 CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2022-1322 RESERVED CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ffb81929 by Moritz Muehlenhoff at 2022-08-08T22:23:23+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4385,8 +4385,10 @@ CVE-2015-10003 (A vulnerability, which was classified as problematic, was found NOT-FOR-US: FileZilla server CVE-2022-36125 RESERVED + NOT-FOR-US: Apache Avro CVE-2022-36124 RESERVED + NOT-FOR-US: Apache Avro CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation for th ...) - linux 5.18.14-1 [bullseye] - linux (Vulnerability introduced later) @@ -5283,6 +5285,7 @@ CVE-2022-35736 RESERVED CVE-2022-35724 RESERVED + NOT-FOR-US: Apache Avro CVE-2022-35723 RESERVED CVE-2022-35722 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffb81929b760ac7b7a70f276709b3a324351d0ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffb81929b760ac7b7a70f276709b3a324351d0ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50b28d26 by Salvatore Bonaccorso at 2022-08-08T22:21:26+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4034,7 +4034,7 @@ CVE-2022-36277 CVE-2022-36276 RESERVED CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly escape u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab (Specific to EE) CVE-2022-2458 @@ -4932,13 +4932,13 @@ CVE-2022-2428 CVE-2022-2427 RESERVED CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2422 RESERVED CVE-2022-2421 @@ -4985,13 +4985,13 @@ CVE-2022-2414 (Access to external entities when parsing XML documents can lead t CVE-2022-2413 RESERVED CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...) - mattermost-server (bug #823556) CVE-2022-2407 @@ -5264,7 +5264,7 @@ CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...) NOT-FOR-US: Apache CloudStack CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does not esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2397 RESERVED CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...) @@ -5322,7 +5322,7 @@ CVE-2022-29870 CVE-2022-27170 RESERVED CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...) NOT-FOR-US: Puppet Bolt CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...) @@ -5471,7 +5471,7 @@ CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a c CVE-2022-2392 RESERVED CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2390 RESERVED CVE-2022-2389 @@ -5481,7 +5481,7 @@ CVE-2022-2388 CVE-2022-2387 RESERVED CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...) NOT-FOR-US: Nautilus treadmills CVE-2022-35647 @@ -5556,9 +5556,9 @@ CVE-2022-2374 CVE-2022-2373 RESERVED CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) NOT-FOR-US: WordPress plugin CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) @@ -5566,7 +5566,7 @@ CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capabilit CVE-2022-2368 (Business Logic Errors in GitHub repository microweber/microweber prior ...) NOT-FOR-US: microweber CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only specific ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-35626 RESERVED CVE-2022-35625 @@ -6019,11 +6019,11 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e94d45b by security tracker role at 2022-08-08T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2022-37876
+ RESERVED
+CVE-2022-37875
+ RESERVED
+CVE-2022-37874
+ RESERVED
+CVE-2022-37873
+ RESERVED
+CVE-2022-37872
+ RESERVED
+CVE-2022-37871
+ RESERVED
+CVE-2022-37870
+ RESERVED
+CVE-2022-37869
+ RESERVED
+CVE-2022-37868
+ RESERVED
+CVE-2022-37867
+ RESERVED
+CVE-2022-37866
+ RESERVED
+CVE-2022-37865
+ RESERVED
+CVE-2022-37864
+ RESERVED
+CVE-2022-35733
+ RESERVED
+CVE-2022-2718
+ RESERVED
+CVE-2022-2717
+ RESERVED
+CVE-2022-2716
+ RESERVED
+CVE-2022-2715
+ RESERVED
+CVE-2022-2714
+ RESERVED
+CVE-2022-2713 (Insufficient Session Expiration in GitHub repository
cockpit-hq/cockpi ...)
+ TODO: check
+CVE-2022-2712
+ RESERVED
+CVE-2022-2711
+ RESERVED
+CVE-2022-2710
+ RESERVED
+CVE-2022-2709
+ RESERVED
CVE-2022-37863
RESERVED
CVE-2022-37862
@@ -820,26 +868,26 @@ CVE-2022-37454
RESERVED
CVE-2022-37453
RESERVED
-CVE-2022-2708
- RESERVED
-CVE-2022-2707
- RESERVED
-CVE-2022-2706
- RESERVED
-CVE-2022-2705
- RESERVED
-CVE-2022-2704
- RESERVED
-CVE-2022-2703
- RESERVED
-CVE-2022-2702
- RESERVED
-CVE-2022-2701
- RESERVED
-CVE-2022-2700
- RESERVED
-CVE-2022-2699
- RESERVED
+CVE-2022-2708 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2022-2707 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2022-2706 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student
Information ...)
+ TODO: check
+CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning
System. ...)
+ TODO: check
+CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management
System. It ...)
+ TODO: check
+CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS
and cl ...)
+ TODO: check
+CVE-2022-2701 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2022-2700 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning
System. ...)
+ TODO: check
CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning
System. ...)
NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning
System. ...)
@@ -3636,6 +3684,7 @@ CVE-2022-32570
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens
because of ...)
+ {DSA-5203-1}
- gnutls28 3.7.7-1
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
@@ -3984,8 +4033,8 @@ CVE-2022-36277
RESERVED
CVE-2022-36276
RESERVED
-CVE-2022-2460
- RESERVED
+CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly
escape u ...)
+ TODO: check
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all
versions befor ...)
- gitlab (Specific to EE)
CVE-2022-2458
@@ -4010,14 +4059,14 @@ CVE-2022-36269
RESERVED
CVE-2022-36268
RESERVED
-CVE-2022-36267
- RESERVED
-CVE-2022-36266
- RESERVED
-CVE-2022-36265
- RESERVED
-CVE-2022-36264
- RESERVED
+CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there
exists a Una ...)
+ TODO: check
+CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there
exists a sto ...)
+ TODO: check
+CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there
exists a Hid ...)
+ TODO: check
+CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there
exists an Un ...)
+ TODO: check
CVE-2022-36263
RESERVED
CVE-2022-36262
@@ -4882,14 +4931,14 @@ CVE-2022-2428
RESERVED
CVE-2022-2427
RESERVED
-CVE-2022-2426
- RESERVED
-CVE-2022-2425
- RESERVED
-CVE-2022-2424
- RESERVED
-CVE-2022-2423
- RESERVED
+CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not
sanitis ...)
+ TODO: check
+CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not
sanitise an ...)
+ TODO: check
+CVE-2022-2424 (The Google Maps Anywhere WordPress
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gnutls28 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3d33a48 by Salvatore Bonaccorso at 2022-08-08T21:09:10+02:00
Reserve DSA number for gnutls28 update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[08 Aug 2022] DSA-5203-1 gnutls28 - security update
+ {CVE-2022-2509}
+ [bullseye] - gnutls28 3.7.1-5+deb11u2
[08 Aug 2022] DSA-5202-1 unzip - security update
{CVE-2022-0529 CVE-2022-0530}
[bullseye] - unzip 6.0-26+deb11u1
=
data/dsa-needed.txt
=
@@ -18,8 +18,6 @@ epiphany-browser
--
freecad (aron)
--
-gnutls28 (carnil)
---
gst-plugins-good1.0
Maintainer contacted to repare updates
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3d33a4869ddf1eed04f60f088c8852fea88a137
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3d33a4869ddf1eed04f60f088c8852fea88a137
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers-tesla-470 issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7872265 by Salvatore Bonaccorso at 2022-08-08T19:59:20+02:00 Track fixed version for nvidia-graphics-drivers-tesla-470 issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16032,7 +16032,7 @@ CVE-2022-31615 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - - nvidia-graphics-drivers-tesla-470 (bug #1016620) + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1016621) CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) @@ -16064,7 +16064,7 @@ CVE-2022-31608 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - - nvidia-graphics-drivers-tesla-470 (bug #1016620) + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1016621) CVE-2022-31607 @@ -16084,7 +16084,7 @@ CVE-2022-31607 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - - nvidia-graphics-drivers-tesla-470 (bug #1016620) + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1016621) CVE-2022-31606 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d78722654a4810eb519949fcb9f86b694f0b36fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d78722654a4810eb519949fcb9f86b694f0b36fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim qemu from beuc
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 99815548 by Abhijith PA at 2022-08-08T22:42:38+05:30 Claim qemu from beuc - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,7 +38,7 @@ nodejs -- puma -- -qemu +qemu (Abhijith PA) NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99815548d65565d854d8d4ce9d6396464883b3b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99815548d65565d854d8d4ce9d6396464883b3b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] rustc toolchain updated in bullseye/buster
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c9b4afe by Emilio Pozuelo Monfort at 2022-08-08T18:01:35+02:00 rustc toolchain updated in bullseye/buster Minor issues pending, but no need to track it here anymore. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -43,7 +43,3 @@ qemu NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) -- -rustc (Emilio) - NOTE: 20220614: backporting toolchain (rust, llvm...) for Firefox 102 ESR (pochu) - NOTE: 20220712: bullseye backports done, wip on buster updates (pochu) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c9b4afe6eaed09f7c71e94e26f80d7c99cf1b1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c9b4afe6eaed09f7c71e94e26f80d7c99cf1b1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] avahi spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cf68903e by Moritz Mühlenhoff at 2022-08-08T17:34:32+02:00 avahi spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -62,3 +62,5 @@ CVE-2022-31608 [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 CVE-2022-31615 [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 +CVE-2021-3502 + [bullseye] - avahi 0.8-5+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf68903ea49578da0510479e923993fc88965c9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf68903ea49578da0510479e923993fc88965c9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] unzip DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d165bc1 by Moritz Mühlenhoff at 2022-08-08T17:26:53+02:00
unzip DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[08 Aug 2022] DSA-5202-1 unzip - security update
+ {CVE-2022-0529 CVE-2022-0530}
+ [bullseye] - unzip 6.0-26+deb11u1
[07 Aug 2022] DSA-5201-1 chromium - security update
{CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607
CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612
CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617
CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622
CVE-2022-2623 CVE-2022-2624}
[bullseye] - chromium 104.0.5112.79-1~deb11u1
=
data/dsa-needed.txt
=
@@ -58,5 +58,3 @@ samba (carnil)
sox
patch needed for CVE-2021-40426, check with upstream
--
-unzip (jmm)
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d165bc1f027e492e895ae0652f3f2b66467
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d165bc1f027e492e895ae0652f3f2b66467
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2022-1184/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f06fd428 by Salvatore Bonaccorso at 2022-08-08T17:10:41+02:00
Update tracking for CVE-2022-1184/linux
The correct fix only landed recently in mainline and is not yet
backported to oder releases.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -25999,10 +25999,9 @@ CVE-2022-1185 (A denial of service vulnerability when
rendering RDoc files in Gi
- gitlab
CVE-2022-1184
RESERVED
- {DSA-5173-1}
- - linux 5.18.5-1
- [bullseye] - linux 5.10.127-1
+ - linux
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
+ NOTE:
https://git.kernel.org/linus/65f8ea4cd57dbd46ea13b41dc8bac03176b04233
CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some
circumstan ...)
- bind9 1:9.18.3-1
[bullseye] - bind9 (Vulnerable code not present)
=
data/DSA/list
=
@@ -96,7 +96,7 @@
[buster] - gnupg2 2.2.12-1+deb10u2
[bullseye] - gnupg2 2.2.27-2+deb11u2
[03 Jul 2022] DSA-5173-1 linux - security update
- {CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011
CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1195
CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353
CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734
CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125
CVE-2022-21166 CVE-2022-23960 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356
CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29581 CVE-2022-30594
CVE-2022-32250 CVE-2022-32296 CVE-2022-33981}
+ {CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011
CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1195 CVE-2022-1198
CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419
CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974
CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
CVE-2022-23960 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388
CVE-2022-28389 CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250
CVE-2022-32296 CVE-2022-33981}
[buster] - linux 4.19.249-2
[29 Jun 2022] DSA-5172-1 firefox-esr - security update
{CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470
CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06fd42846bb6a6ead9fab05fcdd487f8ccb6201
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06fd42846bb6a6ead9fab05fcdd487f8ccb6201
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a56d322e by Salvatore Bonaccorso at 2022-08-08T16:16:35+02:00 Track fixed version for nvidia-graphics-drivers issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16017,7 +16017,7 @@ CVE-2022-31616 RESERVED CVE-2022-31615 RESERVED - - nvidia-graphics-drivers (bug #1016614) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) @@ -16049,7 +16049,7 @@ CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU NOT-FOR-US: NVIDIA CVE-2022-31608 RESERVED - - nvidia-graphics-drivers (bug #1016614) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) @@ -16069,7 +16069,7 @@ CVE-2022-31608 - nvidia-graphics-drivers-tesla-510 (bug #1016621) CVE-2022-31607 RESERVED - - nvidia-graphics-drivers (bug #1016614) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a56d322eab0ff8b1f7fa115c974568a9e7743701 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a56d322eab0ff8b1f7fa115c974568a9e7743701 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-31197/libpgjava via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8f1d9d1 by Salvatore Bonaccorso at 2022-08-08T16:15:21+02:00 Track fixed version for CVE-2022-31197/libpgjava via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17194,7 +17194,7 @@ CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cac CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to conn ...) - - libpgjava (bug #1016662) + - libpgjava 42.4.1-1 (bug #1016662) NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1) CVE-2022-31196 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8f1d9d1a1d63c2e58135f44e75a5e456679731c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8f1d9d1a1d63c2e58135f44e75a5e456679731c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed verison for CVE-2022-27650/crun via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4adbd74a by Salvatore Bonaccorso at 2022-08-08T16:13:53+02:00 Track fixed verison for CVE-2022-27650/crun via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27760,7 +27760,7 @@ CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly st NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...) - - crun (bug #1009881) + - crun 1.5+dfsg-1 (bug #1009881) [bullseye] - crun (Minor issue) NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4) CVE-2022-27649 (A flaw was found in Podman, where containers were started incorrectly ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4adbd74abbaabdce1c03628c5cebb5a44c8824c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4adbd74abbaabdce1c03628c5cebb5a44c8824c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2022-29582/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0924c71f by Salvatore Bonaccorso at 2022-08-08T13:24:53+02:00 Add reference for CVE-2022-29582/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22104,6 +22104,7 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4 NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646 + NOTE: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...) NOT-FOR-US: Meridian Cooperative Utility Software CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924c71f3f3c19a2168c4dfb911948b34dd67561 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924c71f3f3c19a2168c4dfb911948b34dd67561 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add oss-security reference for CVE-2022-2590/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8afde184 by Salvatore Bonaccorso at 2022-08-08T12:12:28+02:00 Add oss-security reference for CVE-2022-2590/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2006,6 +2006,7 @@ CVE-2022-2590 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/linux-mm/20220808073232.8808-1-da...@redhat.com/ + NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afde18444d0f14afa9fb7443f95adbc0670c318 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afde18444d0f14afa9fb7443f95adbc0670c318 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2590/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8390bac by Salvatore Bonaccorso at 2022-08-08T11:24:07+02:00 Add CVE-2022-2590/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2002,6 +2002,10 @@ CVE-2022-37038 RESERVED CVE-2022-2590 RESERVED + - linux + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/linux-mm/20220808073232.8808-1-da...@redhat.com/ CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8390baccf633eabaf4efa9a07a12efdaaf5dfe4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8390baccf633eabaf4efa9a07a12efdaaf5dfe4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: update qemu status following abhijith contact
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 44cd31ff by Sylvain Beucler at 2022-08-08T11:08:00+02:00 dla: update qemu status following abhijith contact - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,9 +38,10 @@ nodejs -- puma -- -qemu (Sylvain Beucler) - debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and - can now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. +qemu + NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and + NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) + NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) -- rustc (Emilio) NOTE: 20220614: backporting toolchain (rust, llvm...) for Firefox 102 ESR (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cd31ff413095ded4633f45e96b9615aa6230b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cd31ff413095ded4633f45e96b9615aa6230b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts-cve-triage: don't use the release number
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a3851d0 by Emilio Pozuelo Monfort at 2022-08-08T10:27:02+02:00
lts-cve-triage: dont use the release number
This is much harder to catch when a release becomes EOL, as we
grep for e.g. stretch.
- - - - -
2 changed files:
- bin/lts-cve-triage.py
- bin/unsupported_packages.py
Changes:
=
bin/lts-cve-triage.py
=
@@ -97,7 +97,7 @@ parser.add_argument('--exclude', nargs='+', choices=[x[0] for
x in LIST_NAMES],
args = parser.parse_args()
tracker = TrackerData(update_cache=not args.skip_cache_update)
-unsupported = UnsupportedPackages(debian_version=10,
+unsupported = UnsupportedPackages(codename=RELEASES['lts'],
update_cache=not args.skip_cache_update)
limited = LimitedSupportPackages(update_cache=not args.skip_cache_update)
# unsupport/limited package names can be regexps
=
bin/unsupported_packages.py
=
@@ -13,6 +13,9 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7c80100 by Salvatore Bonaccorso at 2022-08-08T10:20:52+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -841,9 +841,9 @@ CVE-2022-2700 CVE-2022-2699 RESERVED CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) - TODO: check + NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2696 RESERVED CVE-2022-2695 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7c80100c34f99c9e87c50b607d6c8af210d5ae5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7c80100c34f99c9e87c50b607d6c8af210d5ae5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6226e001 by security tracker role at 2022-08-08T08:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,849 @@ +CVE-2022-37863 + RESERVED +CVE-2022-37862 + RESERVED +CVE-2022-37861 + RESERVED +CVE-2022-37860 + RESERVED +CVE-2022-37859 + RESERVED +CVE-2022-37858 + RESERVED +CVE-2022-37857 + RESERVED +CVE-2022-37856 + RESERVED +CVE-2022-37855 + RESERVED +CVE-2022-37854 + RESERVED +CVE-2022-37853 + RESERVED +CVE-2022-37852 + RESERVED +CVE-2022-37851 + RESERVED +CVE-2022-37850 + RESERVED +CVE-2022-37849 + RESERVED +CVE-2022-37848 + RESERVED +CVE-2022-37847 + RESERVED +CVE-2022-37846 + RESERVED +CVE-2022-37845 + RESERVED +CVE-2022-37844 + RESERVED +CVE-2022-37843 + RESERVED +CVE-2022-37842 + RESERVED +CVE-2022-37841 + RESERVED +CVE-2022-37840 + RESERVED +CVE-2022-37839 + RESERVED +CVE-2022-37838 + RESERVED +CVE-2022-37837 + RESERVED +CVE-2022-37836 + RESERVED +CVE-2022-37835 + RESERVED +CVE-2022-37834 + RESERVED +CVE-2022-37833 + RESERVED +CVE-2022-37832 + RESERVED +CVE-2022-37831 + RESERVED +CVE-2022-37830 + RESERVED +CVE-2022-37829 + RESERVED +CVE-2022-37828 + RESERVED +CVE-2022-37827 + RESERVED +CVE-2022-37826 + RESERVED +CVE-2022-37825 + RESERVED +CVE-2022-37824 + RESERVED +CVE-2022-37823 + RESERVED +CVE-2022-37822 + RESERVED +CVE-2022-37821 + RESERVED +CVE-2022-37820 + RESERVED +CVE-2022-37819 + RESERVED +CVE-2022-37818 + RESERVED +CVE-2022-37817 + RESERVED +CVE-2022-37816 + RESERVED +CVE-2022-37815 + RESERVED +CVE-2022-37814 + RESERVED +CVE-2022-37813 + RESERVED +CVE-2022-37812 + RESERVED +CVE-2022-37811 + RESERVED +CVE-2022-37810 + RESERVED +CVE-2022-37809 + RESERVED +CVE-2022-37808 + RESERVED +CVE-2022-37807 + RESERVED +CVE-2022-37806 + RESERVED +CVE-2022-37805 + RESERVED +CVE-2022-37804 + RESERVED +CVE-2022-37803 + RESERVED +CVE-2022-37802 + RESERVED +CVE-2022-37801 + RESERVED +CVE-2022-37800 + RESERVED +CVE-2022-37799 + RESERVED +CVE-2022-37798 + RESERVED +CVE-2022-37797 + RESERVED +CVE-2022-37796 + RESERVED +CVE-2022-37795 + RESERVED +CVE-2022-37794 + RESERVED +CVE-2022-37793 + RESERVED +CVE-2022-37792 + RESERVED +CVE-2022-37791 + RESERVED +CVE-2022-37790 + RESERVED +CVE-2022-37789 + RESERVED +CVE-2022-37788 + RESERVED +CVE-2022-37787 + RESERVED +CVE-2022-37786 + RESERVED +CVE-2022-37785 + RESERVED +CVE-2022-37784 + RESERVED +CVE-2022-37783 + RESERVED +CVE-2022-37782 + RESERVED +CVE-2022-37781 + RESERVED +CVE-2022-37780 + RESERVED +CVE-2022-37779 + RESERVED +CVE-2022-37778 + RESERVED +CVE-2022-3 + RESERVED +CVE-2022-37776 + RESERVED +CVE-2022-37775 + RESERVED +CVE-2022-37774 + RESERVED +CVE-2022-37773 + RESERVED +CVE-2022-37772 + RESERVED +CVE-2022-37771 + RESERVED +CVE-2022-37770 + RESERVED +CVE-2022-37769 + RESERVED +CVE-2022-37768 + RESERVED +CVE-2022-37767 + RESERVED +CVE-2022-37766 + RESERVED +CVE-2022-37765 + RESERVED +CVE-2022-37764 + RESERVED +CVE-2022-37763 + RESERVED +CVE-2022-37762 + RESERVED +CVE-2022-37761 + RESERVED +CVE-2022-37760 + RESERVED +CVE-2022-37759 + RESERVED +CVE-2022-37758 + RESERVED +CVE-2022-37757 + RESERVED +CVE-2022-37756 + RESERVED +CVE-2022-37755 + RESERVED +CVE-2022-37754 + RESERVED +CVE-2022-37753 + RESERVED +CVE-2022-37752 + RESERVED +CVE-2022-37751 + RESERVED +CVE-2022-37750 + RESERVED +CVE-2022-37749 + RESERVED +CVE-2022-37748 + RESERVED +CVE-2022-37747 + RESERVED +CVE-2022-37746 + RESERVED +CVE-2022-37745 + RESERVED +CVE-2022-37744 + RESERVED +CVE-2022-37743 + RESERVED +CVE-2022-37742 + RESERVED +CVE-2022-37741 + RESERVED +CVE-2022-37740 + RESERVED +CVE-2022-37739 + RESERVED +CVE-2022-37738 + RESERVED +CVE-2022-37737 + RESERVED +CVE-2022-37736 + RESERVED +CVE-2022-37735 + RESERVED +CVE-2022-37734 + RESERVED +CVE-2022-37733 + RESERVED +CVE-2022-37732 + RESERVED +CVE-2022-37731 + RESERVED +CVE-2022-37730 + RESERVED +CVE-2022-37729 + RESERVED +CVE-2022-37728 + RESERVED +CVE-2022-37727 + RESERVED +CVE-2022-37726 + RESERVED +CVE-2022-37725 + RESERVED +CVE-2022-37724 + RESERVED +CVE-2022-37723 +
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-34943/php-laravel-framework
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e63ddf74 by Salvatore Bonaccorso at 2022-08-08T08:39:51+02:00 Add CVE-2022-34943/php-laravel-framework - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6171,7 +6171,9 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL CVE-2022-34944 RESERVED CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...) - TODO: check + - php-laravel-framework + NOTE: https://github.com/beicheng-maker/vulns/issues/1 + TODO: check, unclear if upstream reported CVE-2022-34942 RESERVED CVE-2022-34941 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63ddf74ce40909126ac2049a727ae06e3850a78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63ddf74ce40909126ac2049a727ae06e3850a78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
