[Git][security-tracker-team/security-tracker][master] Add CVE-2022-29{89,90}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4927ad96 by Salvatore Bonaccorso at 2022-08-26T07:48:16+02:00 Add CVE-2022-29{89,90} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26,8 +26,16 @@ CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's Ligh NOTE: CONFIG_NVM not enabled in Debian CVE-2022-2990 RESERVED + - golang-github-containers-buildah + NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ + NOTE: https://github.com/containers/buildah/pull/4200 + NOTE: https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453 CVE-2022-2989 RESERVED + - libpod + NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445 CVE-2022-2988 RESERVED CVE-2022-2987 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4927ad964f206777be9016d9a0ebfa5960585a6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4927ad964f206777be9016d9a0ebfa5960585a6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-0759 was fixed in ruby-kubeclient 4.9.3-1
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab5d082e by Adrian Bunk at 2022-08-26T02:49:29+03:00 CVE-2022-0759 was fixed in ruby-kubeclient 4.9.3-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35162,7 +35162,7 @@ CVE-2022-0761 CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...) - - ruby-kubeclient (bug #1014780) + - ruby-kubeclient 4.9.3-1 (bug #1014780) [bullseye] - ruby-kubeclient (Minor issue) [buster] - ruby-kubeclient (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5d082ec76df76614ea86a442f30c6f5c9b6a2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5d082ec76df76614ea86a442f30c6f5c9b6a2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-22728/libapreq2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8576d098 by Salvatore Bonaccorso at 2022-08-26T00:06:45+02:00 Add CVE-2022-22728/libapreq2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46611,7 +46611,8 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension WikiBaseMediainfo CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...) - TODO: check + - libapreq2 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3 CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8576d098e5c4d7f02c32879960ed19b66916b7a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8576d098e5c4d7f02c32879960ed19b66916b7a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3800/glib2.0
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e68372e by Salvatore Bonaccorso at 2022-08-26T00:02:54+02:00 Add CVE-2021-3800/glib2.0 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66700,7 +66700,10 @@ CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovere CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random charset ...) - TODO: check + - glib2.0 2.64.0-1 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1 (2.63.6) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8 + TODO: check completeness CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12, allows attac ...) {DLA-2928-1} - htmldoc 1.9.13-1 (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e68372eba678dacb4ce49899368abe6545faf71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e68372eba678dacb4ce49899368abe6545faf71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42523/colord
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76ed2457 by Salvatore Bonaccorso at 2022-08-25T23:57:22+02:00 Add CVE-2021-42523/colord - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62554,7 +62554,9 @@ CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.ja CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...) NOT-FOR-US: Android CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) - TODO: check + - colord 1.4.6-1 + NOTE: https://github.com/hughsie/colord/issues/110 + NOTE: https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405 (1.4.6) CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) - anjuta NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ed245796f0c4d1dcc7319de62acfed152deed7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ed245796f0c4d1dcc7319de62acfed152deed7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42522/anjuta
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c5b80a4 by Salvatore Bonaccorso at 2022-08-25T23:55:16+02:00 Add CVE-2021-42522/anjuta - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62556,7 +62556,8 @@ CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) TODO: check CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) - TODO: check + - anjuta + NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...) - vtk9 - vtk7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c5b80a413bf82f0b29c35231ba2285405026ac7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c5b80a413bf82f0b29c35231ba2285405026ac7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42521/vtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e79d2a76 by Salvatore Bonaccorso at 2022-08-25T23:53:05+02:00 Add CVE-2021-42521/vtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62558,7 +62558,11 @@ CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) TODO: check CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...) - TODO: check + - vtk9 + - vtk7 + - vtk6 + NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818 + TODO: check, potentially as well src:paraview, but needs to check impact CVE-2021-42520 RESERVED CVE-2021-42519 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79d2a766848fcc89a962d065d4c2c2127451025 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79d2a766848fcc89a962d065d4c2c2127451025 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32793/webkit2gtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a36d2fe8 by Salvatore Bonaccorso at 2022-08-25T23:43:57+02:00 Add CVE-2022-32793/webkit2gtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15435,6 +15435,7 @@ CVE-2022-32795 CVE-2022-32794 RESERVED CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) + - webkit2gtk 2.36.7-1 - wpewebkit 2.36.7-1 NOTE: https://wpewebkit.org/security/WSA-2022-0008.html CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a36d2fe84660953322e3a5ce6c8a9d9f0a5282d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a36d2fe84660953322e3a5ce6c8a9d9f0a5282d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32793/wpewebkit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6dd4f3f2 by Salvatore Bonaccorso at 2022-08-25T23:40:26+02:00 Add CVE-2022-32793/wpewebkit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15435,7 +15435,8 @@ CVE-2022-32795 CVE-2022-32794 RESERVED CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) - TODO: check + - wpewebkit 2.36.7-1 + NOTE: https://wpewebkit.org/security/WSA-2022-0008.html CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] RESERVED {DSA-5211-1 DSA-5210-1 DLA-3073-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd4f3f215b53102f3eed57802c184e611b0e06c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd4f3f215b53102f3eed57802c184e611b0e06c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bbaa6690 by Salvatore Bonaccorso at 2022-08-25T22:57:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2076,7 +2076,7 @@ CVE-2022-36373 CVE-2022-36365 RESERVED CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-36355 RESERVED CVE-2022-36352 @@ -2342,7 +2342,7 @@ CVE-2022-37954 CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) TODO: check CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) - TODO: check + NOT-FOR-US: iHistorian Data Display of WorkstationST CVE-2022-37951 RESERVED CVE-2022-37950 @@ -4150,21 +4150,21 @@ CVE-2022-37247 CVE-2022-37246 RESERVED CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37243 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37242 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulne ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37241 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37240 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37237 RESERVED CVE-2022-37236 @@ -4316,15 +4316,15 @@ CVE-2022-37164 CVE-2022-37163 RESERVED CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37160 (Claroline 13.5.7 and prior allows an authenticated attacker to elevate ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37159 (Claroline 13.5.7 and prior is vulnerable to Remote code execution via ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37158 (RuoYi v3.8.3 has a Weak password vulnerability in the management syste ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2022-37157 RESERVED CVE-2022-37156 @@ -4440,75 +4440,75 @@ CVE-2022-37102 CVE-2022-37101 RESERVED CVE-2022-37100 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37099 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37098 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37097 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37096 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37095 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37094 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37093 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37092 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37091 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37090 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37089 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37088 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37087 (H3C H200 H200V100R004 was discovered to
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2991/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6853f9d by Salvatore Bonaccorso at 2022-08-25T22:33:11+02:00 Add CVE-2022-2991/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,11 @@ CVE-2022-2993 CVE-2022-2992 RESERVED CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) - TODO: check + - linux 5.15.3-1 (unimportant) + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-960/ + NOTE: CONFIG_NVM not enabled in Debian CVE-2022-2990 RESERVED CVE-2022-2989 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6853f9db796506a46ca4fd0d2c6477ddc687f06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6853f9db796506a46ca4fd0d2c6477ddc687f06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f810a9fb by Salvatore Bonaccorso at 2022-08-25T22:25:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -196,7 +196,7 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due CVE-2022-2958 RESERVED CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) NOT-FOR-US: Noxen CVE-2022-2955 @@ -2636,59 +2636,59 @@ CVE-2022-37826 CVE-2022-37825 RESERVED CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37811 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37810 (Tenda AC1206 V15.03.06.23 was discovered to contain a command injectio ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37809 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37808 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37807 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37806 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37805 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37804 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37803 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37802 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37801 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37800 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37797 RESERVED CVE-2022-37796 @@ -4052,7 +4052,7 @@ CVE-2022-37294 CVE-2022-37293 RESERVED CVE-2022-37292 (Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This over ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37291 RESERVED CVE-2022-37290 View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd10aa3b by security tracker role at 2022-08-25T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2022-38752 + RESERVED +CVE-2022-38751 + RESERVED +CVE-2022-38750 + RESERVED +CVE-2022-38749 + RESERVED +CVE-2022-38748 + RESERVED +CVE-2022-38747 + RESERVED +CVE-2022-38746 + RESERVED +CVE-2022-38745 + RESERVED +CVE-2022-2993 + RESERVED +CVE-2022-2992 + RESERVED +CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) + TODO: check +CVE-2022-2990 + RESERVED +CVE-2022-2989 + RESERVED +CVE-2022-2988 + RESERVED +CVE-2022-2987 + RESERVED +CVE-2022-2986 + RESERVED +CVE-2021-46835 + RESERVED +CVE-2020-36602 + RESERVED CVE-2022-38744 RESERVED CVE-2022-38743 @@ -151,8 +187,7 @@ CVE-2022-2961 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595 CVE-2022-2960 RESERVED -CVE-2022-2959 - RESERVED +CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a ...) - linux 5.18.2-1 [bullseye] - linux 5.10.120-1 [buster] - linux (Vulnerable code introduced later) @@ -160,8 +195,8 @@ CVE-2022-2959 NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1) CVE-2022-2958 RESERVED -CVE-2022-2957 - RESERVED +CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) NOT-FOR-US: Noxen CVE-2022-2955 @@ -2036,8 +2071,8 @@ CVE-2022-36373 RESERVED CVE-2022-36365 RESERVED -CVE-2022-36358 - RESERVED +CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin ...) + TODO: check CVE-2022-36355 RESERVED CVE-2022-36352 @@ -2300,10 +2335,10 @@ CVE-2022-37955 RESERVED CVE-2022-37954 RESERVED -CVE-2022-37953 - RESERVED -CVE-2022-37952 - RESERVED +CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) + TODO: check +CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) + TODO: check CVE-2022-37951 RESERVED CVE-2022-37950 @@ -2600,60 +2635,60 @@ CVE-2022-37826 RESERVED CVE-2022-37825 RESERVED -CVE-2022-37824 - RESERVED -CVE-2022-37823 - RESERVED -CVE-2022-37822 - RESERVED -CVE-2022-37821 - RESERVED -CVE-2022-37820 - RESERVED -CVE-2022-37819 - RESERVED -CVE-2022-37818 - RESERVED -CVE-2022-37817 - RESERVED -CVE-2022-37816 - RESERVED -CVE-2022-37815 - RESERVED -CVE-2022-37814 - RESERVED -CVE-2022-37813 - RESERVED -CVE-2022-37812 - RESERVED -CVE-2022-37811 - RESERVED -CVE-2022-37810 - RESERVED -CVE-2022-37809 - RESERVED -CVE-2022-37808 - RESERVED -CVE-2022-37807 - RESERVED -CVE-2022-37806 - RESERVED -CVE-2022-37805 - RESERVED -CVE-2022-37804 - RESERVED -CVE-2022-37803 - RESERVED -CVE-2022-37802 - RESERVED -CVE-2022-37801 - RESERVED -CVE-2022-37800 - RESERVED -CVE-2022-37799 - RESERVED -CVE-2022-37798 - RESERVED +CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) + TODO: check +CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for zlib update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aba91adf by Salvatore Bonaccorso at 2022-08-25T21:47:35+02:00 Reserve DSA number for zlib update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[25 Aug 2022] DSA-5218-1 zlib - security update + {CVE-2022-37434} + [bullseye] - zlib 1:1.2.11.dfsg-2+deb11u2 [24 Aug 2022] DSA-5217-1 firefox-esr - security update {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478} [bullseye] - firefox-esr 91.13.0esr-1~deb11u1 = data/dsa-needed.txt = @@ -51,5 +51,3 @@ sox -- thunderbird (jmm) -- -zlib (carnil) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba91adf1aff96ecc1bcb1b29510b47046421a1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba91adf1aff96ecc1bcb1b29510b47046421a1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-27511/prototypejs via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81a318a0 by Salvatore Bonaccorso at 2022-08-25T21:32:44+02:00 Track fixed version for CVE-2020-27511/prototypejs via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -132817,7 +132817,7 @@ CVE-2020-27513 CVE-2020-27512 RESERVED CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...) - - prototypejs (bug #991898) + - prototypejs 1.7.3-1 (bug #991898) [bullseye] - prototypejs (Minor issue) [buster] - prototypejs (Minor issue) [stretch] - prototypejs (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a318a09aff9503b13dd00c6acc5a6f9ebabd24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a318a09aff9503b13dd00c6acc5a6f9ebabd24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 181a9d4e by Salvatore Bonaccorso at 2022-08-25T12:29:56+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9431,7 +9431,7 @@ CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contai CVE-2022-35116 RESERVED CVE-2022-35115 (IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to ...) - TODO: check + NOT-FOR-US: IceWarp WebClient DC2 CVE-2022-35114 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/185 @@ -9753,7 +9753,7 @@ CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was disc CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an attacker ...) - TODO: check + NOT-FOR-US: MikroTik RouterOS CVE-2022-34959 RESERVED CVE-2022-34958 @@ -16357,7 +16357,7 @@ CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEI CVE-2022-32428 RESERVED CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows attackers to exe ...) - TODO: check + NOT-FOR-US: PrinterLogic Windows Client CVE-2022-32426 RESERVED CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/181a9d4ee9734efbcdb57eb132a462271f048ceb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/181a9d4ee9734efbcdb57eb132a462271f048ceb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc0a2b42 by Salvatore Bonaccorso at 2022-08-25T11:39:26+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5203,7 +5203,7 @@ CVE-2022-36806 CVE-2022-36805 RESERVED CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2022-36803 RESERVED CVE-2022-36802 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0a2b42e2a6f3c7fc0799c3b643543b85d00bb0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0a2b42e2a6f3c7fc0799c3b643543b85d00bb0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80fe4f5c by security tracker role at 2022-08-25T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2022-38744 + RESERVED +CVE-2022-38743 + RESERVED +CVE-2022-38742 + RESERVED +CVE-2022-38741 + RESERVED +CVE-2022-38740 + RESERVED +CVE-2022-38739 + RESERVED +CVE-2022-38738 + RESERVED +CVE-2022-38737 + RESERVED +CVE-2022-38736 + RESERVED +CVE-2022-38735 + RESERVED +CVE-2022-38734 + RESERVED +CVE-2022-38733 + RESERVED +CVE-2022-38732 + RESERVED +CVE-2022-38731 + RESERVED +CVE-2022-2985 + RESERVED +CVE-2022-2984 + RESERVED +CVE-2022-2983 + RESERVED +CVE-2022-2982 + RESERVED +CVE-2022-2981 + RESERVED +CVE-2022-2980 + RESERVED CVE-2022-2979 RESERVED CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found ...) @@ -5162,8 +5202,8 @@ CVE-2022-36806 RESERVED CVE-2022-36805 RESERVED -CVE-2022-36804 - RESERVED +CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...) + TODO: check CVE-2022-36803 RESERVED CVE-2022-36802 @@ -9712,8 +9752,8 @@ CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was disc NOT-FOR-US: OpenTeknik CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik -CVE-2022-34960 - RESERVED +CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an attacker ...) + TODO: check CVE-2022-34959 RESERVED CVE-2022-34958 @@ -15149,10 +15189,10 @@ CVE-2022-32896 RESERVED CVE-2022-32895 RESERVED -CVE-2022-32894 - RESERVED -CVE-2022-32893 - RESERVED +CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2022-32893 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check CVE-2022-32892 RESERVED CVE-2022-32891 @@ -15223,8 +15263,8 @@ CVE-2022-32859 RESERVED CVE-2022-32858 RESERVED -CVE-2022-32857 - RESERVED +CVE-2022-32857 (This issue was addressed by using HTTPS when sending information over ...) + TODO: check CVE-2022-32856 RESERVED CVE-2022-32855 @@ -15257,20 +15297,20 @@ CVE-2022-32842 RESERVED CVE-2022-32841 RESERVED -CVE-2022-32840 - RESERVED -CVE-2022-32839 - RESERVED -CVE-2022-32838 - RESERVED -CVE-2022-32837 - RESERVED +CVE-2022-32840 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32839 (The issue was addressed with improved bounds checks. This issue is fix ...) + TODO: check +CVE-2022-32838 (A logic issue was addressed with improved state management. This issue ...) + TODO: check +CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2022-32836 RESERVED CVE-2022-32835 RESERVED -CVE-2022-32834 - RESERVED +CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...) + TODO: check CVE-2022-32833 RESERVED CVE-2022-32832 @@ -15315,14 +15355,14 @@ CVE-2022-32815 RESERVED CVE-2022-32814 RESERVED -CVE-2022-32813 - RESERVED -CVE-2022-32812 - RESERVED -CVE-2022-32811 - RESERVED -CVE-2022-32810 - RESERVED +CVE-2022-32813 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2022-32812 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2022-32811 (A memory corruption vulnerability was addressed with improved locking. ...) + TODO: check +CVE-2022-32810 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2022-32809 RESERVED CVE-2022-32808 @@ -15355,8 +15395,8 @@ CVE-2022-32795 RESERVED CVE-2022-32794 RESERVED -CVE-2022-32793 - RESERVED +CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) + TODO: check CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] RESERVED {DSA-5211-1 DSA-5210-1 DLA-3073-1} @@ -16316,8 +16356,8 @@ CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEI NOT-FOR-US: Mega System Technologies Inc MSNSwitch CVE-2022-32428 RESERVED -CVE-2022-32427 - RESERVED +CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows attackers to exe ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3081-1 for open-vm-tools
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 65156c78 by Abhijith PA at 2022-08-25T12:47:43+05:30 Reserve DLA-3081-1 for open-vm-tools - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[25 Aug 2022] DLA-3081-1 open-vm-tools - security update + {CVE-2022-31676} + [buster] - open-vm-tools 2:10.3.10-1+deb10u3 [24 Aug 2022] DLA-3080-1 firefox-esr - security update {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478} [buster] - firefox-esr 91.13.0esr-1~deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65156c78415bace7957c7ffe0991599f29bd10b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65156c78415bace7957c7ffe0991599f29bd10b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2021-4022 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a0587d5 by Salvatore Bonaccorso at 2022-08-25T08:27:15+02:00 Process CVE-2021-4022 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54532,6 +54532,7 @@ CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux NOTE: https://git.kernel.org/linus/713b9825a4c47897f66ad69409581e7734a8728e (5.15-rc1) CVE-2021-4022 RESERVED + NOT-FOR-US: Rizin CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) - keepalived 1:2.2.4-0.2 [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0587d54dda5c69f9e8e17b0b3d92d2775dee58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0587d54dda5c69f9e8e17b0b3d92d2775dee58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits