[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues fixed via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9cb6fb3b by Salvatore Bonaccorso at 2022-09-15T06:57:31+02:00
Track fixed version for chromium issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -212,31 +212,31 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree 
in fs/jfs/inode.c in Jo
NOTE: 
https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
 CVE-2022-3201
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3200
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3199
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3198
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3197
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3196
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3195
RESERVED
-   - chromium 
+   - chromium 105.0.5195.125-1
[buster] - chromium  (see DSA 5046)
 CVE-2022-3194
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb6fb3bae7a00434f11b185b8e0031f722ddc1c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb6fb3bae7a00434f11b185b8e0031f722ddc1c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3108-1 for pcs

[Valentin Vidic (@vvidic)]

Valentin Vidic pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b31594f7 by Valentin Vidic at 2022-09-14T23:51:09+02:00
Reserve DLA-3108-1 for pcs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -35552,7 +35552,6 @@ CVE-2022-1050 (A flaw was found in the QEMU 
implementation of VMWare's paravirtu
 CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The 
pcs da ...)
{DSA-5226-1}
- pcs 0.11.3-1
-   [buster] - pcs  (Minor issue)
[stretch] - pcs  (Vulnerable code introduced later, 
./pcs/daemon/ not present)
NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
NOTE: 
https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[14 Sep 2022] DLA-3108-1 pcs - security update
+   {CVE-2022-1049}
+   [buster] - pcs 0.10.1-2+deb10u1
 [13 Sep 2022] DLA-3107-1 sqlite3 - security update
{CVE-2020-35525 CVE-2020-35527 CVE-2021-20223}
[buster] - sqlite3 3.27.2-3+deb10u2


=
data/dla-needed.txt
=
@@ -114,15 +114,6 @@ openexr
 openvswitch
   NOTE: 20220911: No known patch for this problem.
 --
-pcs (Valentin Vidic)
-  NOTE: 20220905: Programming language: Python.
-  NOTE: 20220905: Local access needed to get exploit the vulnerability.
-  NOTE: 20220905: One could argue that the vulnerability is in 
Thin::Backends::UnixServer:connect
-  NOTE: 20220905: since the solution is to override that function with a new 
umask.
-  NOTE: 20220905: https://lists.debian.org/debian-lts/2022/09/msg7.html
-  NOTE: 20220908: CVE-2022-2735 not-affected: Vulnerable code not present, see 
#1018930.
-  NOTE: 20220908: CVE-2022-1049 vulnerable
---
 php-phpseclib
   NOTE: 20220909: Programming language: PHP.
   NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the 
CVE or not. It looks like it is affected by a small part of it that is best to 
fix..



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b31594f766d64ae5e3da7050217be1148d84c313

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b31594f766d64ae5e3da7050217be1148d84c313
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
58ad2f5b by Moritz Muehlenhoff at 2022-09-14T23:48:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -102,7 +102,7 @@ CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free 
in the doContent func
NOTE: https://github.com/libexpat/libexpat/pull/640
NOTE: 
https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b
 CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus 
methods  ...)
-   TODO: check
+   NOT-FOR-US: KDiskMark
 CVE-2022-40670
RESERVED
 CVE-2022-40669
@@ -200,7 +200,7 @@ CVE-2022-3207
 CVE-2022-3206
RESERVED
 CVE-2022-3205 (An XSS exists in automation controller UI where the project 
name is su ...)
-   TODO: check
+   NOT-FOR-US: Red Hat Ansible Automation Controller
 CVE-2022-3204
RESERVED
 CVE-2022-3203
@@ -,9 +,9 @@ CVE-2022-39205 (Onedev is an open source, self-hosted Git 
Server with CI/CD and
 CVE-2022-39204
RESERVED
 CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for 
Matrix. ...)
-   TODO: check
+   NOT-FOR-US: matrix-appservice-irc
 CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for 
Matrix. ...)
-   TODO: check
+   NOT-FOR-US: matrix-appservice-irc
 CVE-2022-39201
RESERVED
 CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected 
versions ev ...)
@@ -6929,7 +6929,7 @@ CVE-2022-38009 (Microsoft SharePoint Server Remote Code 
Execution Vulnerability.
 CVE-2022-38008 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability. This  ...)
NOT-FOR-US: Microsoft
 CVE-2022-38007 (Azure Guest Configuration and Azure Arc-enabled servers 
Elevation of P ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38006 (Windows Graphics Component Information Disclosure 
Vulnerability. This  ...)
NOT-FOR-US: Microsoft
 CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability. 
...)
@@ -7027,7 +7027,7 @@ CVE-2022-37960
 CVE-2022-37959 (Network Device Enrollment Service (NDES) Security Feature 
Bypass Vulne ...)
NOT-FOR-US: Microsoft
 CVE-2022-37958 (SPNEGO Extended Negotiation (NEGOEX) Security Mechanism 
Information Di ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37957 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
NOT-FOR-US: Microsoft
 CVE-2022-37956 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58ad2f5b8997696dba5021a0298a3c4788f7663b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58ad2f5b8997696dba5021a0298a3c4788f7663b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-36087 via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25e61d80 by Salvatore Bonaccorso at 2022-09-14T23:03:02+02:00
Track fixed version for CVE-2022-36087 via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11810,7 +11810,7 @@ CVE-2022-36089 (KubeVela is an application delivery 
platform Users using KubeVel
 CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations 
via either ...)
NOT-FOR-US: GoCD
 CVE-2022-36087 (OAuthLib is an implementation of the OAuth request-signing 
logic for P ...)
-   - python-oauthlib  (bug #1019710)
+   - python-oauthlib 3.2.1-1 (bug #1019710)
[bullseye] - python-oauthlib  (Vulnerable code introduced 
later)
[buster] - python-oauthlib  (Vulnerable code introduced 
later)
NOTE: 
https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25e61d8055b204a1e88796fb91b44b1810f87e19

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25e61d8055b204a1e88796fb91b44b1810f87e19
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new glpi issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
086c1ec6 by Salvatore Bonaccorso at 2022-09-14T22:39:44+02:00
Add new glpi issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11756,7 +11756,8 @@ CVE-2022-36114 (Cargo is a package manager for the rust 
programming language. It
 CVE-2022-36113 (Cargo is a package manager for the rust programming language. 
After a  ...)
TODO: check
 CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is 
a Free  ...)
-   TODO: check
+   - glpi  (unimportant)
+   NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-36111
RESERVED
 CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 
0.15.1, Impro ...)
@@ -12120,11 +12121,14 @@ CVE-2022-35948 (undici is an HTTP/1.1 client, written 
from scratch for Node.js.`
NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
NOTE: 
https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
 (v5.8.2)
 CVE-2022-35947 (GLPI stands for Gestionnaire Libre de Parc Informatique and is 
a Free  ...)
-   TODO: check
+   - glpi  (unimportant)
+   NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is 
a Free  ...)
-   TODO: check
+   - glpi  (unimportant)
+   NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is 
a Free  ...)
-   TODO: check
+   - glpi  (unimportant)
+   NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-35944
RESERVED
 CVE-2022-35943 (Shield is an authentication and authorization framework for 
CodeIgnite ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/086c1ec6f550e1e20d163c6356c6c75f8ab46aff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/086c1ec6f550e1e20d163c6356c6c75f8ab46aff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-37703/amanda

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3a7efb7e by Salvatore Bonaccorso at 2022-09-14T22:38:29+02:00
Add CVE-2022-37703/amanda

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7596,7 +7596,8 @@ CVE-2022-37705
 CVE-2022-37704
RESERVED
 CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found 
in the ca ...)
-   TODO: check
+   - amanda 
+   NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
 CVE-2022-37702
RESERVED
 CVE-2022-37701



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7efb7e2aea5efa1a3a0331d55a03f29417787a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7efb7e2aea5efa1a3a0331d55a03f29417787a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d9ef618e by Salvatore Bonaccorso at 2022-09-14T22:37:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4384,7 +4384,7 @@ CVE-2022-38798
 CVE-2022-38797
RESERVED
 CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may 
allow an  ...)
-   TODO: check
+   NOT-FOR-US: Feehi CMS
 CVE-2022-38453 (Multiple binary application files on the CMS8000 device are 
compiled w ...)
NOT-FOR-US: Contec Health
 CVE-2022-38399 (Missing protection mechanism for alternate hardware interface 
in SmaCa ...)
@@ -5046,7 +5046,7 @@ CVE-2022-38635
 CVE-2022-38634
RESERVED
 CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL 
hijacking vu ...)
-   TODO: check
+   NOT-FOR-US: Genymotion Desktop
 CVE-2022-38632
RESERVED
 CVE-2022-38631
@@ -5228,17 +5228,17 @@ CVE-2022-38544
 CVE-2022-38543
RESERVED
 CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL 
injection vul ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple 
SQL inject ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL 
injection vul ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL 
injection vul ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL 
injection vul ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple 
SQL inject ...)
-   TODO: check
+   NOT-FOR-US: Archery
 CVE-2022-38536
RESERVED
 CVE-2022-38535
@@ -5329,11 +5329,11 @@ CVE-2022-38499
 CVE-2022-38498
RESERVED
 CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation 
violation ...)
-   TODO: check
+   NOT-FOR-US: LIEF
 CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable 
assertion ab ...)
-   TODO: check
+   NOT-FOR-US: LIEF
 CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: LIEF
 CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a 
command  ...)
- movabletype-opensource 
 CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository 
appwrite/appw ...)
@@ -6083,9 +6083,9 @@ CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and 
v15.03.05.05 was discovered t
 CVE-2022-38308
RESERVED
 CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation 
violation ...)
-   TODO: check
+   NOT-FOR-US: LIEF
 CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer 
overflow i ...)
-   TODO: check
+   NOT-FOR-US: LIEF
 CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device 
Softwar ...)
NOT-FOR-US: Ricoh
 CVE-2022-2825
@@ -7680,7 +7680,7 @@ CVE-2022-37663
 CVE-2022-37662
RESERVED
 CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable 
to Remo ...)
-   TODO: check
+   NOT-FOR-US: SmartRG
 CVE-2022-37660
RESERVED
 CVE-2022-37659
@@ -8723,7 +8723,7 @@ CVE-2022-37304
 CVE-2022-37303
RESERVED
 CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the 
Bounds of a M ...)
-   TODO: check
+   NOT-FOR-US: EcoStruxure Control Expert
 CVE-2022-37301
RESERVED
 CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten 
Password vul ...)
@@ -9473,7 +9473,7 @@ CVE-2022-37013
 CVE-2022-37012
RESERVED
 CVE-2022-37011 (A vulnerability has been identified in Mendix SAML Module 
(Mendix 7 co ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address 
validation in t ...)
- intellij-idea  (bug #747616)
 CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution 
via a Va ...)
@@ -9990,13 +9990,13 @@ CVE-2022-36784
 CVE-2022-36783
RESERVED
 CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The 
vulnerabi ...)
-   TODO: check
+   NOT-FOR-US: Pal Electronics Systems
 CVE-2022-36781
RESERVED
 CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The 
product ...)
-   TODO: check
+   NOT-FOR-US: Avdor CIS
 CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular 
Router (w ...)
-   TODO: check
+   NOT-FOR-US: PROSCEND
 CVE-2022-36778 (insert HTML / js code inside input how to get to the 
vulnerable input  ...)
TODO: check
 

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97f4ca16 by Salvatore Bonaccorso at 2022-09-14T22:29:43+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -76858,7 +76858,7 @@ CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows 
(includes Db2 Connect Server
 CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 
6.1.1.0  ...)
NOT-FOR-US: IBM
 CVE-2021-38924 (IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a 
remote a ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to 
gain ac ...)
NOT-FOR-US: IBM
 CVE-2021-38922



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97f4ca16ddcf04bd91ba62cfd0dd288ca49429f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97f4ca16ddcf04bd91ba62cfd0dd288ca49429f5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2022-2078 (and rejected CVE-2022-1972)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
278a5456 by Salvatore Bonaccorso at 2022-09-14T22:25:33+02:00
Update tracking for CVE-2022-2078 (and rejected CVE-2022-1972)

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=
data/CVE/list
=
@@ -19261,9 +19261,10 @@ CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in 
GitHub repository nocodb/n
NOT-FOR-US: nocodb
 CVE-2022-2078 (A vulnerability was found in the Linux kernel's 
nft_set_desc_concat_pa ...)
- linux 5.18.2-1
-   [bullseye] - linux 5.10.120-1
[buster] - linux  (Vulnerable code not present)
[stretch] - linux  (Vulnerable code not present)
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2096178
+   NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1
NOTE: 
https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 (5.19-rc1)
 CVE-2022-33207
RESERVED
@@ -21933,12 +21934,6 @@ CVE-2022-1973 (A use-after-free flaw was found in the 
Linux kernel in log_replay
NOTE: 
https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
 CVE-2022-1972
REJECTED
-   {DSA-5161-1}
-   - linux 5.18.2-1
-   [buster] - linux  (Vulnerable code not present)
-   [stretch] - linux  (Vulnerable code not present)
-   NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1
-   NOTE: 
https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85
 CVE-2022-32204
RESERVED
 CVE-2022-32203


=
data/DSA/list
=
@@ -221,7 +221,7 @@
{CVE-2022-24769 CVE-2022-31030}
[bullseye] - containerd 1.4.13~ds1-1~deb11u2
 [11 Jun 2022] DSA-5161-1 linux - security update
-   {CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 
CVE-2022-1789 CVE-2022-1852 CVE-2022-32250 CVE-2022-1972 CVE-2022-1974 
CVE-2022-1975 CVE-2022-21499 CVE-2022-28893}
+   {CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 
CVE-2022-1789 CVE-2022-1852 CVE-2022-32250 CVE-2022-1974 CVE-2022-1975 
CVE-2022-2078 CVE-2022-21499 CVE-2022-28893}
[bullseye] - linux 5.10.120-1
 [10 Jun 2022] DSA-5160-1 ntfs-3g - security update
{CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/278a54568954d5c1c612f9558614cada02e9a7d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/278a54568954d5c1c612f9558614cada02e9a7d2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40626/zabbix

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab7e0aac by Salvatore Bonaccorso at 2022-09-14T22:16:15+02:00
Add CVE-2022-40626/zabbix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -252,7 +252,10 @@ CVE-2022-40628
 CVE-2022-40627
RESERVED
 CVE-2022-40626 (An unauthenticated user can create a link with reflected 
Javascript co ...)
-   TODO: check
+   - zabbix 1:6.0.7+dfsg-2
+   NOTE: https://support.zabbix.com/browse/ZBX-21350
+   NOTE: 
https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/55eb14d0a394b362d5df00ed9e06a3918472deec
 (6.0.7rc1)
+   TODO: check, verify it really did not affect versions before 6.0.0
 CVE-2022-40625
RESERVED
 CVE-2022-40624



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7e0aaca76dd5d1cb09341cc830a80a7b2c5599

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab7e0aaca76dd5d1cb09341cc830a80a7b2c5599
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a82a9178 by security tracker role at 2022-09-14T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,101 @@
+CVE-2022-40706
+   RESERVED
+CVE-2022-40705
+   RESERVED
+CVE-2022-40696
+   RESERVED
+CVE-2022-40684
+   RESERVED
+CVE-2022-40683
+   RESERVED
+CVE-2022-40682
+   RESERVED
+CVE-2022-40681
+   RESERVED
+CVE-2022-40680
+   RESERVED
+CVE-2022-40679
+   RESERVED
+CVE-2022-40678
+   RESERVED
+CVE-2022-40677
+   RESERVED
+CVE-2022-40676
+   RESERVED
+CVE-2022-40675
+   RESERVED
+CVE-2022-40672
+   RESERVED
+CVE-2022-40671
+   RESERVED
+CVE-2022-40632
+   RESERVED
+CVE-2022-40312
+   RESERVED
+CVE-2022-40310
+   RESERVED
+CVE-2022-40223
+   RESERVED
+CVE-2022-40219
+   RESERVED
+CVE-2022-40217
+   RESERVED
+CVE-2022-40215
+   RESERVED
+CVE-2022-40213
+   RESERVED
+CVE-2022-40211
+   RESERVED
+CVE-2022-40206
+   RESERVED
+CVE-2022-40205
+   RESERVED
+CVE-2022-40193
+   RESERVED
+CVE-2022-40131
+   RESERVED
+CVE-2022-38974
+   RESERVED
+CVE-2022-38468
+   RESERVED
+CVE-2022-38461
+   RESERVED
+CVE-2022-38454
+   RESERVED
+CVE-2022-38104
+   RESERVED
+CVE-2022-38079
+   RESERVED
+CVE-2022-38074
+   RESERVED
+CVE-2022-38073
+   RESERVED
+CVE-2022-36424
+   RESERVED
+CVE-2022-36417
+   RESERVED
+CVE-2022-36404
+   RESERVED
+CVE-2022-35238
+   RESERVED
+CVE-2022-33978
+   RESERVED
+CVE-2022-3216
+   RESERVED
+CVE-2022-3215
+   RESERVED
+CVE-2022-3214
+   RESERVED
+CVE-2022-3213
+   RESERVED
+CVE-2022-3212 (bytes::Bytes as 
axum_core::extract::FromRequest::from_request  ...)
+   TODO: check
+CVE-2022-3211
+   RESERVED
+CVE-2022-30545
+   RESERVED
+CVE-2020-36603
+   RESERVED
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
- expat  (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -107,8 +205,7 @@ CVE-2022-3204
RESERVED
 CVE-2022-3203
RESERVED
-CVE-2022-3202
-   RESERVED
+CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in 
Journal ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -4283,8 +4380,8 @@ CVE-2022-38798
RESERVED
 CVE-2022-38797
RESERVED
-CVE-2022-38796
-   RESERVED
+CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may 
allow an  ...)
+   TODO: check
 CVE-2022-38453 (Multiple binary application files on the CMS8000 device are 
compiled w ...)
NOT-FOR-US: Contec Health
 CVE-2022-38399 (Missing protection mechanism for alternate hardware interface 
in SmaCa ...)
@@ -5409,8 +5506,8 @@ CVE-2022-2902
RESERVED
 CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot 
prior to ...)
NOT-FOR-US: chatwoot
-CVE-2022-2900
-   RESERVED
+CVE-2022-2900 (Server-Side Request Forgery (SSRF) in GitHub repository 
ionicabizau/pa ...)
+   TODO: check
 CVE-2022-38464
RESERVED
 CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows 
reflected XSS ...)
@@ -7579,8 +7676,8 @@ CVE-2022-37663
RESERVED
 CVE-2022-37662
RESERVED
-CVE-2022-37661
-   RESERVED
+CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable 
to Remo ...)
+   TODO: check
 CVE-2022-37660
RESERVED
 CVE-2022-37659
@@ -11650,12 +11747,12 @@ CVE-2022-36116 (An issue was discovered in Blue Prism 
Enterprise 6.0 through 7.0
NOT-FOR-US: Blue Prism Enterprise
 CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 
7.01. In  ...)
NOT-FOR-US: Blue Prism Enterprise
-CVE-2022-36114
-   RESERVED
-CVE-2022-36113
-   RESERVED
-CVE-2022-36112
-   RESERVED
+CVE-2022-36114 (Cargo is a package manager for the rust programming language. 
It was d ...)
+   TODO: check
+CVE-2022-36113 (Cargo is a package manager for the rust programming language. 
After a  ...)
+   TODO: check
+CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is 
a Free  ...)
+   TODO: check
 CVE-2022-36111
RESERVED
 CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 
0.15.1, Impro ...)
@@ -12018,12 +12115,12 @@ CVE-2022-35948 (undici is an HTTP/1.1 client, written 
from scratch for Node.js.`
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
NOTE: 
https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
 (v5.8.2)
-CVE-2022-35947
-   RESERVED
-CVE-2022-35946
-   RESERVED

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-40674/expat

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
044d0119 by Salvatore Bonaccorso at 2022-09-14T21:52:18+02:00
Add Debian bug reference for CVE-2022-40674/expat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
-   - expat 
+   - expat  (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
NOTE: https://github.com/libexpat/libexpat/pull/640
NOTE: 
https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/044d01196cc42474118506a6c7f1b4fddd34ea7b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/044d01196cc42474118506a6c7f1b4fddd34ea7b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference merge request for CVE-2022-1615

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
106401af by Salvatore Bonaccorso at 2022-09-14T21:34:58+02:00
Reference merge request for CVE-2022-1615

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -27505,6 +27505,7 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail 
and give predictable rando
- samba 
[bullseye] - samba  (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
+   NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644
NOTE: 
https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe
 (samba-4.17.0rc1)
 CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting 
a visi ...)
NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/106401afc9ce34dc7886373fc5ed579b93df361c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/106401afc9ce34dc7886373fc5ed579b93df361c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2022-1615

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
af644d23 by Salvatore Bonaccorso at 2022-09-14T21:33:13+02:00
Add upstream tag information for CVE-2022-1615

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -27505,7 +27505,7 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail 
and give predictable rando
- samba 
[bullseye] - samba  (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
-   NOTE: 
https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe
 (v4-17-stable)
+   NOTE: 
https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe
 (samba-4.17.0rc1)
 CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting 
a visi ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-1613



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af644d23916da66614feb1d3f44699265f3f788f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af644d23916da66614feb1d3f44699265f3f788f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57bdd7b0 by Salvatore Bonaccorso at 2022-09-14T21:31:12+02:00
Add chromium to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk (apo)
 --
+chromium
+--
 commons-configuration
 --
 connman (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57bdd7b09124f902fd82a2ec88ad55db375da73a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57bdd7b09124f902fd82a2ec88ad55db375da73a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new crhomium issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e0288d08 by Salvatore Bonaccorso at 2022-09-14T21:30:01+02:00
Add new crhomium issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -115,18 +115,32 @@ CVE-2022-3202
NOTE: 
https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
 CVE-2022-3201
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3200
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3199
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3198
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3197
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3196
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3195
RESERVED
+   - chromium 
+   [buster] - chromium  (see DSA 5046)
 CVE-2022-3194
RESERVED
 CVE-2022-3193



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0288d08e8c2e5fe5f8789017a2bb670f346465a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0288d08e8c2e5fe5f8789017a2bb670f346465a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-30630/golang: introduced in 1.16

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50c4c9b8 by Sylvain Beucler at 2022-09-14T19:42:52+02:00
CVE-2022-30630/golang: introduced in 1.16

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -26415,12 +26415,12 @@ CVE-2022-30630 (Uncontrolled recursion in Glob in 
io/fs before Go 1.17.12 and Go
- golang-1.18 1.18.4-1
- golang-1.17 1.17.13-1
- golang-1.15 
-   - golang-1.11 
-   [buster] - golang-1.11  (Limited support)
NOTE: https://go.dev/issue/53415
NOTE: 
https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 
(go1.19rc2)
NOTE: 
https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 
(go1.18.4)
NOTE: 
https://github.com/golang/go/commit/8c1d8c836270615cfb5b229932269048ef59ac07 
(go1.17.12)
+   NOTE: Introduced by 
https://github.com/golang/go/commit/b64202bc29b9c1cf0118878d1c0acc9cdb2308f6 
(go1.16beta1)
+   NOTE: io/fs/Glob.go introduced in 1.16; see CVE-2022-30632 for similar 
older code in path/filepath/
 CVE-2022-30629 (Non-random values for ticket_age_add in session tickets in 
crypto/tls  ...)
- golang-1.18 1.18.3-1
- golang-1.17 1.17.11-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c4c9b854212249d80efd2bfe0361146d3c947e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c4c9b854212249d80efd2bfe0361146d3c947e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-28131/golang: reference patches

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57672f15 by Sylvain Beucler at 2022-09-14T19:24:02+02:00
CVE-2022-28131/golang: reference patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -33990,6 +33990,10 @@ CVE-2022-28131 (In Decoder.Skip in encoding/xml in Go 
before 1.17.12 and 1.18.x
- golang-1.15 
- golang-1.11 
[buster] - golang-1.11  (Limited support)
+   NOTE: https://github.com/golang/go/issues/53614
+   NOTE: 
https://github.com/golang/go/commit/08c46ed43d80bbb67cb904944ea3417989be4af3 
(go1.19rc2)
+   NOTE: 
https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96 
(go1.18.4)
+   NOTE: 
https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae 
(go1.17.12)
 CVE-2022-28130
RESERVED
 CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header 
parsing of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57672f15b9f0332de0f814ba02b953e94e473122

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57672f15b9f0332de0f814ba02b953e94e473122
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01392162 by Moritz Muehlenhoff at 2022-09-14T17:25:06+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -186,6 +186,7 @@ CVE-2022-3191
RESERVED
 CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in 
Wiresha ...)
- wireshark 3.6.8-1
+   [bullseye] - wireshark  (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html
 CVE-2022-3189
@@ -1482,6 +1483,7 @@ CVE-2022-40024
RESERVED
 CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular 
expression Denia ...)
- mako 1.2.2+ds1-1
+   [bullseye] - mako  (Minor issue)
NOTE: 
https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
 (rel_1_2_2)
NOTE: https://github.com/sqlalchemy/mako/issues/366
 CVE-2022-40022
@@ -3284,12 +3286,14 @@ CVE-2022-39178
RESERVED
 CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to 
cause a den ...)
- bluez 5.61-1
+   [bullseye] - bluez  (Minor issue)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
 (5.59)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a
 (5.59)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4
 (5.60)
NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
 CVE-2022-39176 (BlueZ before 5.59 allows physically proximate attackers to 
obtain sens ...)
- bluez 5.61-1
+   [bullseye] - bluez  (Minor issue)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
 (5.59)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a
 (5.59)
NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4
 (5.60)
@@ -4488,18 +4492,22 @@ CVE-2022-2994
RESERVED
 CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be 
vulnerable to Den ...)
- snakeyaml 
+   [bullseye] - snakeyaml  (Minor issue)
NOTE: 
https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not 
public)
 CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be 
vulnerable to Den ...)
- snakeyaml 
+   [bullseye] - snakeyaml  (Minor issue)
NOTE: 
https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
 CVE-2022-38750 (Using snakeYAML to parse untrusted YAML files may be 
vulnerable to Den ...)
- snakeyaml 
+   [bullseye] - snakeyaml  (Minor issue)
NOTE: 
https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
 CVE-2022-38749 (Using snakeYAML to parse untrusted YAML files may be 
vulnerable to Den ...)
- snakeyaml 
+   [bullseye] - snakeyaml  (Minor issue)
NOTE: 
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
 CVE-2022-38748
@@ -4531,6 +4539,7 @@ CVE-2022-2990 (An incorrect handling of the supplementary 
groups in the Buildah
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453
 CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman 
contai ...)
- libpod  (bug #1019591)
+   [bullseye] - libpod  (Minor issue)
NOTE: 
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
 CVE-2022-2988
@@ -5143,6 +5152,7 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to 
contain a heap-buffer o
NOTE: 
https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
 CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was 
discovered to co ...)
- assimp 
+   [bullseye] - assimp  (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
 CVE-2022-38527
RESERVED
@@ -6422,9 +6432,11 @@ CVE-2022-38154
RESERVED
 CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when 
--enable-session ...)
- wolfssl 
+   [bullseye] - wolfssl  (Vulnerable code not present and 
session tickets not enabled)
  

[Git][security-tracker-team/security-tracker][master] otfcc non issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0568dfee by Moritz Muehlenhoff at 2022-09-14T16:46:17+02:00
otfcc non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13107,191 +13107,196 @@ CVE-2022-35486 (OTFCC v0.10.4 was discovered to 
contain a segmentation violation
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35480
RESERVED
 CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation 
violation via / ...)
- texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
-   NOTE: Crash in CLI tool, no security impact)
+   NOTE: Crash in CLI tool, no security impact and affected code not 
built, see #1019602
 CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow 
via /re ...)
-   - texlive-bin  (bug #1019602)
+   - texlive-bin  (unimportant; bug #1019602)
[bullseye] - texlive-bin  (Vulnerable code not present)
[buster] - texlive-bin  (Vulnerable code not present)
+   NOTE: Affected code not built, see #1019602
 CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer 

[Git][security-tracker-team/security-tracker][master] drop CVE-2022-32224 from DLA-3093-1

[Abhijith PA (@abhijith)]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de0c07b1 by Abhijith PA at 2022-09-14T19:08:39+05:30
drop CVE-2022-32224 from DLA-3093-1

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=
data/CVE/list
=
@@ -21681,7 +21681,6 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability 
has been discovered in t
NOT-FOR-US: Veeam
 CVE-2022-32224
RESERVED
-   {DLA-3093-1}
- rails 2:6.1.6.1+dfsg-1 (bug #1016140)
NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
NOTE: Fixed by: 
https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a 
(main)


=
data/DLA/list
=
@@ -41,7 +41,7 @@
{CVE-2021-0561}
[buster] - flac 1.3.2-3+deb10u2
 [03 Sep 2022] DLA-3093-1 rails - security update
-   {CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-2 
CVE-2022-32224}
+   {CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-2}
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u4
 [02 Sep 2022] DLA-3092-1 dpdk - security update
{CVE-2022-2132}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de0c07b172ab04ca843894f92d959ef044c5a652

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de0c07b172ab04ca843894f92d959ef044c5a652
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove todo item for CVE-2022-36087, confirmed by maintainer

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d3106d66 by Salvatore Bonaccorso at 2022-09-14T15:36:29+02:00
Remove todo item for CVE-2022-36087, confirmed by maintainer

And the upload addressing the issue will contain the two needed commits
not in 3.2.1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11688,7 +11688,6 @@ CVE-2022-36087 (OAuthLib is an implementation of the 
OAuth request-signing logic
NOTE: Introduced with: 
https://github.com/oauthlib/oauthlib/commit/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2
 (v3.1.1)
NOTE: Fixed by: 
https://github.com/oauthlib/oauthlib/commit/e514826eea15f2b62bbc13da407b71552ef5ff4c
NOTE: Fixed by: 
https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8
-   TODO: double-check, the fix has not landed in 3.2.1 actually
 CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std 
systems. Prior ...)
NOT-FOR-US: linked_list_allocator
 CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose 
policy engi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3106d663aec780d2eb31be21628de00843837ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3106d663aec780d2eb31be21628de00843837ad
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2022-38266/leptonlib: buster postponed

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e5e33f82 by Sylvain Beucler at 2022-09-14T14:37:38+02:00
CVE-2022-38266/leptonlib: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6063,6 +6063,7 @@ CVE-2022-38267 (School Activity Updates with SMS 
Notification v1.0 was discovere
 CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) in 
Tesseract v5.0.0 ...)
- leptonlib 1.82.0-1
[bullseye] - leptonlib  (Minor issue)
+   [buster] - leptonlib  (Minor issue, SIGFPE in CLI tools)
NOTE: 
https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614
 (1.81.0)
NOTE: https://github.com/tesseract-ocr/tesseract/issues/3498
 CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to 
contain a S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e33f820d74e64764292873c5614c100ada7c89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e33f820d74e64764292873c5614c100ada7c89
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: take bzip2

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3f9df9b5 by Emilio Pozuelo Monfort at 2022-09-14T14:05:46+02:00
lts: take bzip2

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -22,6 +22,9 @@ bluez
   NOTE: 20220902: Programming language: C.
   NOTE: 20220902: Consider synchronizing with Stretch. (apo)
 --
+bzip2 (Emilio)
+  NOTE: 20220914: https://lists.debian.org/debian-lts/2022/09/msg00041.html
+--
 curl
   NOTE: 20220901: Programming language: C.
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f9df9b56078798a8524ffdae9af9980363129da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f9df9b56078798a8524ffdae9af9980363129da
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Move CVE-2022-1748 to a NFU entry

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0dcf6a2e by Salvatore Bonaccorso at 2022-09-14T13:04:30+02:00
Move CVE-2022-1748 to a NFU entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -203496,7 +203496,7 @@ CVE-2020-1749 (A flaw was found in the Linux kernel's 
implementation of some net
[stretch] - linux 4.9.228-1
NOTE: 
https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
 CVE-2020-1748 (A flaw was found in all supported versions before 
wildfly-elytron-1.6. ...)
-   - wildfly  (bug #752018)
+   NOT-FOR-US: WildFly Elytron
 CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in 
versions befor ...)
- pyyaml 5.3-2 (bug #953013)
[buster] - pyyaml  (Loader/Constructor classes are unsafe 
in this version)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dcf6a2e514463e73e12505d9e5d71c681ebe064

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dcf6a2e514463e73e12505d9e5d71c681ebe064
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU, concludes external check

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54b2c084 by Moritz Muehlenhoff at 2022-09-14T12:24:25+02:00
NFU, concludes external check

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1247,6 +1247,7 @@ CVE-2022-3144
RESERVED
 CVE-2022-3143
RESERVED
+   NOT-FOR-US: WildFly Elytron
 CVE-2022-40137
RESERVED
 CVE-2022-40136



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b2c08480dfb22b2633f8c5fe4d1a5d91eb263e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a0d5201 by Salvatore Bonaccorso at 2022-09-14T11:04:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5350,7 +5350,7 @@ CVE-2022-2910
 CVE-2022-2909 (A vulnerability was found in SourceCodester Simple and Nice 
Shopping C ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
 CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way 
Gateway (OWG ...)
-   TODO: check
+   NOT-FOR-US: CoreShield One-Way Gateway (OWG)
 CVE-2022-38465
RESERVED
 CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) 
exceedone/ ...)
@@ -5888,7 +5888,7 @@ CVE-2022-38344
 CVE-2022-38343
RESERVED
 CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered 
to conta ...)
-   TODO: check
+   NOT-FOR-US: Safe Software FME Server
 CVE-2022-38341
RESERVED
 CVE-2022-38340
@@ -5914,7 +5914,7 @@ CVE-2022-38331
 CVE-2022-38330
RESERVED
 CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF 
vulnera ...)
-   TODO: check
+   NOT-FOR-US: Shopxian CMS
 CVE-2022-38328
RESERVED
 CVE-2022-38327
@@ -5982,7 +5982,7 @@ CVE-2022-2819 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
 CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository 
cockpit ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file 
upload vuln ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain 
a SQL in ...)
NOT-FOR-US: Online Leave Management System
 CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain 
a SQL in ...)
@@ -6775,9 +6775,9 @@ CVE-2022-38022
 CVE-2022-38021
RESERVED
 CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38018
RESERVED
 CVE-2022-38017
@@ -6789,25 +6789,25 @@ CVE-2022-38015
 CVE-2022-38014
RESERVED
 CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability. 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability. 
This CVE I ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38009 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability. This  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38008 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability. This  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38007 (Azure Guest Configuration and Azure Arc-enabled servers 
Elevation of P ...)
TODO: check
 CVE-2022-38006 (Windows Graphics Component Information Disclosure 
Vulnerability. This  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability. 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-38003
RESERVED
 CVE-2022-38002
@@ -6877,7 +6877,7 @@ CVE-2022-37971
 CVE-2022-37970
RESERVED
 CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege 
Vulnerabi ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37968
RESERVED
 CVE-2022-37967
@@ -6887,27 +6887,27 @@ CVE-2022-37966
 CVE-2022-37965
RESERVED
 CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability. 
This CVE I ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37962 (Microsoft PowerPoint Remote Code Execution Vulnerability. ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37961 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability. This  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37960
RESERVED
 CVE-2022-37959 (Network Device Enrollment Service (NDES) Security Feature 
Bypass Vulne ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2022-37958 (SPNEGO Extended Negotiation (NEGOEX) Security Mechanism 

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
343cfa65 by Salvatore Bonaccorso at 2022-09-14T11:00:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -147,11 +147,11 @@ CVE-2022-40625
 CVE-2022-40624
RESERVED
 CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version 
M31G3.V5030 ...)
-   TODO: check
+   NOT-FOR-US: WAVLINK
 CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version 
M31G3.V5030 ...)
-   TODO: check
+   NOT-FOR-US: WAVLINK
 CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware 
version M31 ...)
-   TODO: check
+   NOT-FOR-US: WAVLINK
 CVE-2022-40620
RESERVED
 CVE-2022-40619
@@ -203,7 +203,7 @@ CVE-2022-3184
 CVE-2022-3183
RESERVED
 CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor 
of Dev ...)
-   TODO: check
+   NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-40606
RESERVED
 CVE-2022-40605
@@ -1928,21 +1928,21 @@ CVE-2022-39823
 CVE-2022-39822
RESERVED
 CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information 
into an ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39820
RESERVED
 CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection 
vulnerabilities ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39818
RESERVED
 CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection 
vulnerabilities occur  ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials 
(clearte ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection 
vulnerabilities ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs 
is the  ...)
-   TODO: check
+   NOT-FOR-US: NOKIA
 CVE-2022-39813
RESERVED
 CVE-2022-39812
@@ -4305,7 +4305,7 @@ CVE-2022-3028 (A race condition was found in the Linux 
kernel's IP framework for
NOTE: 
https://lore.kernel.org/all/ytowqekkzvimz...@gondor.apana.org.au/T/
NOTE: 
https://git.kernel.org/linus/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (6.0-rc3)
 CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the 
SSID name ...)
-   TODO: check
+   NOT-FOR-US: CMS8000 device
 CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV 
Inject ...)
NOT-FOR-US: WP Users Exporter plugin for WordPress
 CVE-2022-3025
@@ -4433,13 +4433,13 @@ CVE-2022-3000
 CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, 
Network Co ...)
NOT-FOR-US: Zoho ManageEngine
 CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset 
Management ...)
-   TODO: check
+   NOT-FOR-US: Transtek
 CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed Asset 
Management ...)
-   TODO: check
+   NOT-FOR-US: Transtek
 CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset 
Management ...)
-   TODO: check
+   NOT-FOR-US: Transtek
 CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset 
Management ...)
-   TODO: check
+   NOT-FOR-US: Transtek
 CVE-2022-38767
RESERVED
 CVE-2022-38766
@@ -4914,7 +4914,7 @@ CVE-2022-38639 (A cross-site scripting (XSS) 
vulnerability in Markdown-Nice v1.8
 CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file 
write vuln ...)
NOT-FOR-US: Casdoor
 CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain 
multiple SQL ...)
-   TODO: check
+   NOT-FOR-US: Hospital Management System
 CVE-2022-38636
RESERVED
 CVE-2022-38635
@@ -4956,7 +4956,7 @@ CVE-2022-38618
 CVE-2022-38617
RESERVED
 CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL 
injection vul ...)
-   TODO: check
+   NOT-FOR-US: SmartVista
 CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple 
SQL inject ...)
NOT-FOR-US: SmartVista
 CVE-2022-38614 (An issue in the IGB Files and OutfileService features of 
SmartVista Ca ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343cfa65daf417bf7428b98c0f3a961a8a6c28fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343cfa65daf417bf7428b98c0f3a961a8a6c28fa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2f02e3cb by Salvatore Bonaccorso at 2022-09-14T10:52:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9889,7 +9889,7 @@ CVE-2022-36770
 CVE-2022-36769
RESERVED
 CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-2546
RESERVED
 CVE-2022-2545
@@ -12755,7 +12755,7 @@ CVE-2022-35639 (IBM Sterling Partner Engagement Manager 
6.1, 6.2, and Cloud 22.2
 CVE-2022-35638
RESERVED
 CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 
11.5 is ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-35636
RESERVED
 CVE-2022-35635
@@ -16248,7 +16248,7 @@ CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is 
vulnerable to cross-site scripti
 CVE-2022-34357
RESERVED
 CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-34355
RESERVED
 CVE-2022-34354
@@ -16302,7 +16302,7 @@ CVE-2022-34338 (IBM Robotic Process Automation 21.0.0, 
21.0.1, and 21.0.2 could
 CVE-2022-34337
RESERVED
 CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-34335
RESERVED
 CVE-2022-34334
@@ -52181,7 +52181,7 @@ CVE-2022-22485 (In some cases, an unsuccessful attempt 
to log into IBM Spectrum
 CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could 
allow a ...)
NOT-FOR-US: IBM
 CVE-2022-22483 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 
11.5 is ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.0.3.5 a ...)
NOT-FOR-US: IBM
 CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could 
allow a ...)
@@ -52487,9 +52487,9 @@ CVE-2022-22332 (IBM Sterling Partner Engagement Manager 
6.2.0 could allow an att
 CVE-2022-22331 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a 
remote auth ...)
NOT-FOR-US: IBM
 CVE-2022-22330 (IBM Control Desk 7.6.1 could allow a remote attacker to obtain 
sensiti ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22329 (IBM Control Desk 7.6.1 does not set the secure attribute on 
authorizat ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2022-22328 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a 
malicious u ...)
NOT-FOR-US: IBM
 CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses 
weaker  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f02e3cbe7de06298a08c2e92024c2db8b074598

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f02e3cbe7de06298a08c2e92024c2db8b074598
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Record upstream commit for CVE-2022-40674

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a644df52 by Salvatore Bonaccorso at 2022-09-14T10:51:02+02:00
Record upstream commit for CVE-2022-40674

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2,6 +2,7 @@ CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in 
the doContent func
- expat 
NOTE: https://github.com/libexpat/libexpat/pull/629
NOTE: https://github.com/libexpat/libexpat/pull/640
+   NOTE: 
https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b
 CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus 
methods  ...)
TODO: check
 CVE-2022-40670



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a644df52764e93147ae8712a2b16e296340c6e30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a644df52764e93147ae8712a2b16e296340c6e30
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new enlightenment issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a6e6739 by Moritz Muehlenhoff at 2022-09-14T10:49:07+02:00
new enlightenment issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7459,6 +7459,8 @@ CVE-2022-37707
RESERVED
 CVE-2022-37706
RESERVED
+   - e17 
+   NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
 CVE-2022-37705
RESERVED
 CVE-2022-37704



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e67395839934dbb0d54e20eb63951b8e6251d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e67395839934dbb0d54e20eb63951b8e6251d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-40674/expat

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
acf44d90 by Salvatore Bonaccorso at 2022-09-14T10:47:53+02:00
Add CVE-2022-40674/expat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,7 @@
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
-   TODO: check
+   - expat 
+   NOTE: https://github.com/libexpat/libexpat/pull/629
+   NOTE: https://github.com/libexpat/libexpat/pull/640
 CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus 
methods  ...)
TODO: check
 CVE-2022-40670



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf44d907118d303efe5b6e8d26ca7d22ad4e496

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf44d907118d303efe5b6e8d26ca7d22ad4e496
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78a370a2 by security tracker role at 2022-09-14T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,83 @@
+CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent 
function i ...)
+   TODO: check
+CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus 
methods  ...)
+   TODO: check
+CVE-2022-40670
+   RESERVED
+CVE-2022-40669
+   RESERVED
+CVE-2022-40668
+   RESERVED
+CVE-2022-40667
+   RESERVED
+CVE-2022-40666
+   RESERVED
+CVE-2022-40665
+   RESERVED
+CVE-2022-40664
+   RESERVED
+CVE-2022-40663
+   RESERVED
+CVE-2022-40662
+   RESERVED
+CVE-2022-40661
+   RESERVED
+CVE-2022-40660
+   RESERVED
+CVE-2022-40659
+   RESERVED
+CVE-2022-40658
+   RESERVED
+CVE-2022-40657
+   RESERVED
+CVE-2022-40656
+   RESERVED
+CVE-2022-40655
+   RESERVED
+CVE-2022-40654
+   RESERVED
+CVE-2022-40653
+   RESERVED
+CVE-2022-40652
+   RESERVED
+CVE-2022-40651
+   RESERVED
+CVE-2022-40650
+   RESERVED
+CVE-2022-40649
+   RESERVED
+CVE-2022-40648
+   RESERVED
+CVE-2022-40647
+   RESERVED
+CVE-2022-40646
+   RESERVED
+CVE-2022-40645
+   RESERVED
+CVE-2022-40644
+   RESERVED
+CVE-2022-40643
+   RESERVED
+CVE-2022-40642
+   RESERVED
+CVE-2022-40641
+   RESERVED
+CVE-2022-40640
+   RESERVED
+CVE-2022-40639
+   RESERVED
+CVE-2022-40638
+   RESERVED
+CVE-2022-40637
+   RESERVED
+CVE-2022-40636
+   RESERVED
+CVE-2022-3210
+   RESERVED
+CVE-2022-31735
+   RESERVED
+CVE-2021-46838
+   RESERVED
 CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources 
vulnerability i ...)
NOT-FOR-US: Crafter Studio of Crafter CMS
 CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources 
vulnerability i ...)
@@ -18,8 +98,8 @@ CVE-2022-3207
RESERVED
 CVE-2022-3206
RESERVED
-CVE-2022-3205
-   RESERVED
+CVE-2022-3205 (An XSS exists in automation controller UI where the project 
name is su ...)
+   TODO: check
 CVE-2022-3204
RESERVED
 CVE-2022-3203
@@ -57,18 +137,18 @@ CVE-2022-40628
RESERVED
 CVE-2022-40627
RESERVED
-CVE-2022-40626
-   RESERVED
+CVE-2022-40626 (An unauthenticated user can create a link with reflected 
Javascript co ...)
+   TODO: check
 CVE-2022-40625
RESERVED
 CVE-2022-40624
RESERVED
-CVE-2022-40623
-   RESERVED
-CVE-2022-40622
-   RESERVED
-CVE-2022-40621
-   RESERVED
+CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version 
M31G3.V5030 ...)
+   TODO: check
+CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version 
M31G3.V5030 ...)
+   TODO: check
+CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware 
version M31 ...)
+   TODO: check
 CVE-2022-40620
RESERVED
 CVE-2022-40619
@@ -119,8 +199,8 @@ CVE-2022-3184
RESERVED
 CVE-2022-3183
RESERVED
-CVE-2022-3182
-   RESERVED
+CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor 
of Dev ...)
+   TODO: check
 CVE-2022-40606
RESERVED
 CVE-2022-40605
@@ -1844,22 +1924,22 @@ CVE-2022-39823
RESERVED
 CVE-2022-39822
RESERVED
-CVE-2022-39821
-   RESERVED
+CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information 
into an ...)
+   TODO: check
 CVE-2022-39820
RESERVED
-CVE-2022-39819
-   RESERVED
+CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection 
vulnerabilities ...)
+   TODO: check
 CVE-2022-39818
RESERVED
-CVE-2022-39817
-   RESERVED
-CVE-2022-39816
-   RESERVED
-CVE-2022-39815
-   RESERVED
-CVE-2022-39814
-   RESERVED
+CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection 
vulnerabilities occur  ...)
+   TODO: check
+CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials 
(clearte ...)
+   TODO: check
+CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection 
vulnerabilities ...)
+   TODO: check
+CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs 
is the  ...)
+   TODO: check
 CVE-2022-39813
RESERVED
 CVE-2022-39812
@@ -4349,14 +4429,14 @@ CVE-2022-3000
RESERVED
 CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, 
Network Co ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-38771
-   RESERVED
-CVE-2022-38770
-   RESERVED
-CVE-2022-38769
-   RESERVED
-CVE-2022-38768
-   RESERVED
+CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset 
Management ...)
+   TODO: check
+CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed 

[Git][security-tracker-team/security-tracker][master] two samba issues fixed in experimental

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb1d5493 by Moritz Muehlenhoff at 2022-09-14T09:55:36+02:00
two samba issues fixed in experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -20171,6 +20171,7 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC 
accepts kpasswd requests encr
[buster] - samba  (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
 CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for 
the dNSH ...)
+   [experimental] - samba 2:4.17.0+dfsg-1
- samba 
[bullseye] - samba  (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
@@ -27379,6 +27380,7 @@ CVE-2022-29483 (Incorrect Default Permissions 
vulnerability in ABB e-Design allo
 CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design 
allows att ...)
NOT-FOR-US: ABB e-Design
 CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable 
random val ...)
+   [experimental] - samba 2:4.17.0+dfsg-1
- samba 
[bullseye] - samba  (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1d5493ae8b559d87e5ff2cb8378c1dea746e42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1d5493ae8b559d87e5ff2cb8378c1dea746e42
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1278/wildfly

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0edd7b03 by Salvatore Bonaccorso at 2022-09-14T09:02:23+02:00
Add CVE-2022-1278/wildfly

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -32120,7 +32120,7 @@ CVE-2022-1280 (A use-after-free vulnerability was found 
in drm_lease_held in dri
 CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS 
messages in  ...)
NOT-FOR-US: ebics-java
 CVE-2022-1278 (A flaw was found in WildFly, where an attacker can see 
deployment name ...)
-   TODO: check
+   - wildfly  (bug #752018)
 CVE-2022-1277 (Inavitas Solar Log product has an unauthenticated SQL Injection 
vulner ...)
NOT-FOR-US: Inavitas Solar Log
 CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository 
mruby/mruby pr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edd7b03a55c95d0bb64af4e1aa72eb20b853bea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edd7b03a55c95d0bb64af4e1aa72eb20b853bea
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-3193 as NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
738a74e3 by Salvatore Bonaccorso at 2022-09-14T08:58:25+02:00
Mark CVE-2022-3193 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -48,6 +48,7 @@ CVE-2022-3194
RESERVED
 CVE-2022-3193
RESERVED
+   NOT-FOR-US: ovirt-engine
 CVE-2022-40630
RESERVED
 CVE-2022-40629



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738a74e39c881551427f83faec9d3c3dd1b1df40

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738a74e39c881551427f83faec9d3c3dd1b1df40
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3202/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f461908b by Salvatore Bonaccorso at 2022-09-14T08:53:36+02:00
Add CVE-2022-3202/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -26,6 +26,10 @@ CVE-2022-3203
RESERVED
 CVE-2022-3202
RESERVED
+   - linux 5.17.3-1
+   [bullseye] - linux 5.10.113-1
+   [buster] - linux 4.19.249-1
+   NOTE: 
https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
 CVE-2022-3201
RESERVED
 CVE-2022-3200



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f461908b4755ee2c397dc8aa12ef42e8e155b512

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f461908b4755ee2c397dc8aa12ef42e8e155b512
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark ntp as removed from unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
638d973c by Salvatore Bonaccorso at 2022-09-14T08:48:27+02:00
Mark ntp as removed from unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -283075,7 +283075,7 @@ CVE-2018-12329 (Protection Mechanism Failure in ECOS 
Secure Boot Stick (aka SBS)
 CVE-2018-12328
RESERVED
 CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 
4.2.8p11  ...)
-   - ntp  (unimportant)
+   - ntp  (unimportant)
NOTE: 
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
NOTE: Negligible security impact
 CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x 
before 5.0 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638d973c86d87fdad1c9b621da6893a807a1d4fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638d973c86d87fdad1c9b621da6893a807a1d4fd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits