[Git][security-tracker-team/security-tracker][master] Reclaim packages
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 726e88a5 by Abhijith PA at 2022-10-24T11:18:55+05:30 Reclaim packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -153,7 +153,7 @@ r-cran-commonmark NOTE: 20221009: Programming language: R. NOTE: 20221009: Please synchronize with ghostwriter. -- -rails +rails (Abhijith PA) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith) NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html (abhijith) @@ -161,6 +161,8 @@ rails NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression causing patch (abhijith) NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith) NOTE: 20221003: https://github.com/rails/rails/issues/45590#issuecomment-1249123907 (abhijith) + NOTE: 20221024: Delay upload, see above comment, users have done workaround. Not a good idea + NOTE: 20221024: to break thrice in less than 2 month. -- rainloop NOTE: 20220913: Programming language: PHP, JavaScript. @@ -197,8 +199,9 @@ sox NOTE: 20220818: Requires some investigation; see #1012138 etc. NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) -- -trafficserver +trafficserver (Abhijith PA) NOTE: 20220905: Programming language: C. + NOTE: 20221024: WIP, big changeset in security fix (abhijith) -- vim NOTE: 20220904: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/726e88a594ac5ee20bb21ef9353741d22f6d7f91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/726e88a594ac5ee20bb21ef9353741d22f6d7f91 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track CVE-2020-1941 as fixed earlier (5.15.12 upstream)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bb734f1 by Salvatore Bonaccorso at 2022-10-24T07:46:25+02:00 Track CVE-2020-1941 as fixed earlier (5.15.12 upstream) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -210744,7 +210744,7 @@ CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, all CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...) - - activemq 5.16.1-1 (unimportant) + - activemq 5.16.0-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.12 CVE-2020-1940 (The optional initial password change and password expiration features ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb734f1d6a7bb4812a0beb894fa23f5a6af34bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb734f1d6a7bb4812a0beb894fa23f5a6af34bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take libxml2 from dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55943056 by Salvatore Bonaccorso at 2022-10-24T07:42:59+02:00 Take libxml2 from dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -22,7 +22,7 @@ frr -- gerbv -- -libxml2 +libxml2 (carnil) -- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55943056bbc9e18584fd416c939a9807a2c027b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55943056bbc9e18584fd416c939a9807a2c027b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark two activemq issues as fixed, thanks to Pierre Gruet
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f0ed3b03 by Moritz Muehlenhoff at 2022-10-24T00:26:20+02:00 mark two activemq issues as fixed, thanks to Pierre Gruet - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -177358,7 +177358,7 @@ CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could se CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...) - - activemq (unimportant) + - activemq 5.16.1-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.13, 5.16.1 CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...) @@ -210744,7 +210744,7 @@ CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, all CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...) - - activemq (unimportant) + - activemq 5.16.1-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.12 CVE-2020-1940 (The optional initial password change and password expiration features ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ed3b03e7df3c833c43a35a8726d34b78996ce1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ed3b03e7df3c833c43a35a8726d34b78996ce1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fcd0fc3e by Moritz Muehlenhoff at 2022-10-24T00:24:19+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -534,11 +534,11 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a CVE-2022-3628 RESERVED CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...) @@ -559,7 +559,7 @@ CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1) CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...) - - exim4 + - exim4 (bug #1022556) [bullseye] - exim4 (Vulnerable code not present) [buster] - exim4 (Vulnerable code not present) NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0) @@ -610,15 +610,15 @@ CVE-2022-3601 CVE-2022-3600 RESERVED CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398 CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413 CVE-2021-46846 @@ -811,7 +811,7 @@ CVE-2022-3572 CVE-2022-3571 RESERVED CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...) - - tiff + - tiff (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/386 @@ -1663,7 +1663,7 @@ CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as probl [buster] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af (libX11-1.7.4) CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...) - - libx11 + - libx11 (bug #1022560) [bullseye] - libx11 (Minor issue) [buster] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef @@ -49205,7 +49205,7 @@ CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape i CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...) - - shapelib + - shapelib (bug #1022557) NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f NOTE: https://github.com/OSGeo/shapelib/issues/39 CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...) @@ -77011,6 +77011,7 @@ CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During - snipe-it (bug #1005172) CVE-2021-42010 RESERVED + NOT-FOR-US: Apache Heron CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcd0fc3e8bd3599153a25565cd6c8917a55a4775
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-3554 & CVE-2022-3555/libx11 postponed on buster
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 865ee048 by Emilio Pozuelo Monfort at 2022-10-24T00:11:49+02:00 CVE-2022-3554 & CVE-2022-3555/libx11 postponed on buster - - - - - d3f7d750 by Emilio Pozuelo Monfort at 2022-10-24T00:13:53+02:00 lts: take xorg-server - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1660,10 +1660,12 @@ CVE-2022-3556 CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as problemati ...) - libx11 2:1.7.4-1 [bullseye] - libx11 (Minor issue) + [buster] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af (libX11-1.7.4) CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...) - libx11 [bullseye] - libx11 (Minor issue) + [buster] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef CVE-2022-3553 (A vulnerability, which was classified as problematic, was found in X.o ...) - xorg-server 2:21.1.4-1 (unimportant) = data/dla-needed.txt = @@ -213,6 +213,8 @@ wireshark wkhtmltopdf NOTE: 20220904: Programming language: C++. -- +xorg-server (Emilio) +-- zabbix NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa9dbf4d14f88227758d1338aaf140b957a7c679...d3f7d750bee1268f1a2021c0b9e4297da94dd689 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa9dbf4d14f88227758d1338aaf140b957a7c679...d3f7d750bee1268f1a2021c0b9e4297da94dd689 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: aa9dbf4d by Anton Gladky at 2022-10-23T23:32:18+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Anton Gladky- - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -153,7 +153,7 @@ r-cran-commonmark NOTE: 20221009: Programming language: R. NOTE: 20221009: Please synchronize with ghostwriter. -- -rails (Abhijith PA) +rails NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith) NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html (abhijith) @@ -197,10 +197,10 @@ sox NOTE: 20220818: Requires some investigation; see #1012138 etc. NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) -- -trafficserver (Abhijith PA) +trafficserver NOTE: 20220905: Programming language: C. -- -vim (Markus Koschany) +vim NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/vim.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa9dbf4d14f88227758d1338aaf140b957a7c679 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa9dbf4d14f88227758d1338aaf140b957a7c679 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8db5037c by Moritz Muehlenhoff at 2022-10-23T23:24:55+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1649,6 +1649,7 @@ CVE-2022-3560 RESERVED CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...) - exim4 4.96-4 + [bullseye] - exim4 (Minor issue) NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 CVE-2022-3558 RESERVED = data/dsa-needed.txt = @@ -22,6 +22,8 @@ frr -- gerbv -- +libxml2 +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db5037cc8de95b1bbb41341b236d5847e6ebda8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db5037cc8de95b1bbb41341b236d5847e6ebda8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b76937aa by security tracker role at 2022-10-23T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2058,6 +2058,7 @@ CVE-2022-42904 CVE-2022-42903 RESERVED CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...) + {DSA-5260-1} - lava 2022.10-1 (bug #1021737) NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834 NOTE: https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b76937aa5ca62539265f191e55068f779f1251cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b76937aa5ca62539265f191e55068f779f1251cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for libjettison-java issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ca0decc by Salvatore Bonaccorso at 2022-10-23T21:21:55+02:00 Add Debian bug references for libjettison-java issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8642,11 +8642,11 @@ CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to De - libxstream-java NOTE: https://github.com/x-stream/xstream/issues/304 CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) - - libjettison-java + - libjettison-java (bug #1022553) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 NOTE: https://github.com/jettison-json/jettison/issues/45 CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) - - libjettison-java + - libjettison-java (bug #1022554) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 NOTE: https://github.com/jettison-json/jettison/issues/45 NOTE: https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811 (jettison-1.5.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0decc17b1bf4b6f1914a46c23c33b40e571a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0decc17b1bf4b6f1914a46c23c33b40e571a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-401{49,50}/libjettison-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afffd8f3 by Salvatore Bonaccorso at 2022-10-23T21:10:15+02:00 Add CVE-2022-401{49,50}/libjettison-java - - - - - 18073d6c by Salvatore Bonaccorso at 2022-10-23T21:10:17+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3648,7 +3648,7 @@ CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution v CVE-2022-42228 RESERVED CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/json ...) - TODO: check + NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint) CVE-2022-42226 RESERVED CVE-2022-42225 @@ -3724,7 +3724,7 @@ CVE-2022-42191 CVE-2022-42190 RESERVED CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (R ...) - TODO: check + NOT-FOR-US: Emlog Pro CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...) NOT-FOR-US: Lavalite CMS CVE-2022-42187 @@ -4818,7 +4818,7 @@ CVE-2022-41711 CVE-2022-41710 RESERVED CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...) - TODO: check + NOT-FOR-US: Markdownify CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) NOT-FOR-US: Relatedcode's Messenger CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) @@ -5020,7 +5020,7 @@ CVE-2022-41577 (The kernel server has a vulnerability of not verifying the lengt CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...) NOT-FOR-US: Huawei CVE-2022-41575 (A credential-exposure vulnerability in the support-bundle mechanism in ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...) NOT-FOR-US: Gradle Enterprise CVE-2022-41573 @@ -7051,7 +7051,7 @@ CVE-2022-40800 CVE-2022-40799 RESERVED CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...) - TODO: check + NOT-FOR-US: OcoMon CVE-2022-40797 RESERVED CVE-2022-40796 @@ -7507,7 +7507,7 @@ CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDeleg NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3) CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...) - TODO: check + NOT-FOR-US: ORing net IAP-420(+) CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journal ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 @@ -8642,9 +8642,14 @@ CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to De - libxstream-java NOTE: https://github.com/x-stream/xstream/issues/304 CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) - TODO: check + - libjettison-java + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 + NOTE: https://github.com/jettison-json/jettison/issues/45 CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) - TODO: check + - libjettison-java + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 + NOTE: https://github.com/jettison-json/jettison/issues/45 + NOTE: https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811 (jettison-1.5.1) CVE-2022-40148 RESERVED CVE-2022-40147 (A vulnerability has been identified in Industrial Edge Management (All ...) @@ -8834,7 +8839,7 @@ CVE-2022-40086 CVE-2022-40085 RESERVED CVE-2022-40084 (OpenCRX before v5.2.2 was discovered to be vulnerable to password enum ...) - TODO: check + NOT-FOR-US: OpenCRX CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...) NOT-FOR-US: Labstack Echo CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...) @@ -9418,7 +9423,7 @@ CVE-2022-39825 CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allows rem ...) NOT-FOR-US: Appsmith CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x bef ...) - TODO: check + NOT-FOR-US: Softing CVE-2022-39822 RESERVED CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...) @@ -15681,7 +15686,7 @@ CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef ha
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c660b8a by Moritz Muehlenhoff at 2022-10-23T21:00:42+02:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1487,28 +1487,36 @@ CVE-2022-43046 RESERVED CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac + [bullseye] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2277 NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac + [bullseye] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2282 NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac + [bullseye] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2276 NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - gpac + [bullseye] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2278 NOTE: https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 CVE-2022-43041 RESERVED CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - gpac + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2280 NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2281 NOTE: https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 CVE-2022-43038 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) @@ -1650,9 +1658,11 @@ CVE-2022-3556 RESERVED CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as problemati ...) - libx11 2:1.7.4-1 + [bullseye] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af (libX11-1.7.4) CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...) - libx11 + [bullseye] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef CVE-2022-3553 (A vulnerability, which was classified as problematic, was found in X.o ...) - xorg-server 2:21.1.4-1 (unimportant) @@ -69162,6 +69172,7 @@ CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E - openjdk-11 11.0.17+8-1 [bullseye] - openjdk-11 (Minor issue, fix along with next CPU) - openjdk-17 + [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-17 17.0.5+8-1 [bullseye] - openjdk-17 (Minor issue, fix along with next CPU) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c660b8add95c68dfc060298c966ae4b674524b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c660b8add95c68dfc060298c966ae4b674524b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lava DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 09635905 by Moritz Mühlenhoff at 2022-10-23T20:13:01+02:00 lava DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[23 Oct 2022] DSA-5260-1 lava - security update + {CVE-2022-42902} + [bullseye] - lava 2020.12-5+deb11u1 [23 Oct 2022] DSA-5257-2 linux - regression update [bullseye] - linux 5.10.149-2 [19 Oct 2022] DSA-5259-1 firefox-esr - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09635905520b5270d610203673020dd84c1d429e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09635905520b5270d610203673020dd84c1d429e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3327/rdiffweb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff3ac434 by Salvatore Bonaccorso at 2022-10-23T17:42:12+02:00 Add CVE-2022-3327/rdiffweb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5184,7 +5184,7 @@ CVE-2022-38099 CVE-2022-3328 RESERVED CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...) - TODO: check + - rdiffweb (bug #969974) CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb (bug #969974) CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3ac434a2087e0f299f74a48b2aceea6269265a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3ac434a2087e0f299f74a48b2aceea6269265a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61331769 by Salvatore Bonaccorso at 2022-10-23T17:41:39+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3740,7 +3740,7 @@ CVE-2022-42178 CVE-2022-42177 RESERVED CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...) - TODO: check + NOT-FOR-US: PCTechSoft PCSecure CVE-2022-42175 RESERVED CVE-2022-42174 @@ -4810,9 +4810,9 @@ CVE-2022-41710 CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...) TODO: check CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) - TODO: check + NOT-FOR-US: Relatedcode's Messenger CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) - TODO: check + NOT-FOR-US: Relatedcode's Messenger CVE-2022-41706 RESERVED CVE-2022-41705 @@ -4923,7 +4923,7 @@ CVE-2022-41643 CVE-2022-41640 RESERVED CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin < ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41635 RESERVED CVE-2022-41634 @@ -5050,7 +5050,7 @@ CVE-2022-40697 CVE-2022-40694 RESERVED CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40218 RESERVED CVE-2022-40216 @@ -5452,7 +5452,7 @@ CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discover CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41479 (The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ...) - TODO: check + NOT-FOR-US: DevExpress CVE-2022-41478 RESERVED CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...) @@ -5582,7 +5582,7 @@ CVE-2022-41417 CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...) - TODO: check + NOT-FOR-US: Acer CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) NOT-FOR-US: Liferay CVE-2022-41413 @@ -5697,7 +5697,7 @@ CVE-2022-41360 CVE-2022-41359 RESERVED CVE-2022-41358 (A stored cross-site scripting (XSS) vulnerability in Garage Management ...) - TODO: check + NOT-FOR-US: Garage Management System CVE-2022-41357 RESERVED CVE-2022-41356 @@ -5916,9 +5916,9 @@ CVE-2022-3265 CVE-2022-3264 RESERVED CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-41309 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) NOT-FOR-US: Autodesk CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) @@ -6867,9 +6867,9 @@ CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vuln CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background. ...) NOT-FOR-US: DedeCMS CVE-2022-40885 (Bento4 v1.6.0-639 has a memory allocation issue that can cause denial ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40884 (Bento4 1.6.0 has memory leaks via the mp4fragment. ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-40883 RESERVED CVE-2022-40882 @@ -7346,7 +7346,7 @@ CVE-2022-38461 CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...) NOT-FOR-US: WordPress plugin CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-38074 @@ -10731,7 +10731,7 @@ CVE-2022-39235 CVE-2022-39234 RESERVED CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of soft ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...) NOT-FOR-US: Discourse CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...) @@ -14251,9 +14251,9 @@ CVE-2022-38110 CVE-2022-38109 RESERVED CVE-2022-38108 (SolarWinds Platform was
[Git][security-tracker-team/security-tracker][master] Add initial tracking for new set of gpac issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bef0596a by Salvatore Bonaccorso at 2022-10-23T17:33:29+02:00 Add initial tracking for new set of gpac issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1486,19 +1486,31 @@ CVE-2022-43047 CVE-2022-43046 RESERVED CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2277 + NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2282 + NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2276 + NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2278 + NOTE: https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 CVE-2022-43041 RESERVED CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2280 + NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2281 + NOTE: https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 CVE-2022-43038 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) NOT-FOR-US: Bento4 CVE-2022-43037 (An issue was discovered in Bento4 1.6.0-639. There is a memory leak in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef0596a0c2ff68582bf37901fde42214e0d3ea0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef0596a0c2ff68582bf37901fde42214e0d3ea0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3606/libbpf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d04c4a9f by Salvatore Bonaccorso at 2022-10-23T17:29:09+02:00 Add CVE-2022-3606/libbpf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -594,7 +594,9 @@ CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) - octoprint (bug #718591) CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - TODO: check + - libbpf + NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2) + NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 CVE-2022-3605 RESERVED CVE-2022-3604 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04c4a9f6fd8f2b6ed6de5ab5f3c80b183c9133c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04c4a9f6fd8f2b6ed6de5ab5f3c80b183c9133c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3619/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f7beff7 by Salvatore Bonaccorso at 2022-10-23T17:25:15+02:00 Add CVE-2022-3619/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -565,7 +565,10 @@ CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0) NOTE: Fixed by: https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...) - TODO: check + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193 CVE-2022-3618 RESERVED CVE-2022-3617 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7beff74f619f279ed38c62932d5cf6c8682dd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7beff74f619f279ed38c62932d5cf6c8682dd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3620/exim4
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dd314af by Salvatore Bonaccorso at 2022-10-23T16:55:02+02:00 Add CVE-2022-3620/exim4 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -559,7 +559,11 @@ CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1) CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...) - TODO: check + - exim4 + [bullseye] - exim4 (Vulnerable code not present) + [buster] - exim4 (Vulnerable code not present) + NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0) + NOTE: Fixed by: https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...) TODO: check CVE-2022-3618 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dd314af09be9fd5a4dce94a97c3551d0199cf7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dd314af09be9fd5a4dce94a97c3551d0199cf7d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3621
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5b744af by Salvatore Bonaccorso at 2022-10-23T09:14:21+02:00 Add CVE-2022-3621 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -555,7 +555,9 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared a CVE-2022-3622 RESERVED CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - TODO: check + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1) CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...) TODO: check CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b744af5a0791efe60c4ec4faad178c34972018 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b744af5a0791efe60c4ec4faad178c34972018 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3623/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 191760e2 by Salvatore Bonaccorso at 2022-10-23T09:12:05+02:00 Add CVE-2022-3623/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -550,7 +550,8 @@ CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as probl - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1) CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) - TODO: check + - linux 6.0.3-1 + NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1) CVE-2022-3622 RESERVED CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/191760e246d763f071bcd6867bb2afc96132fcf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/191760e246d763f071bcd6867bb2afc96132fcf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3624/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ca306c2 by Salvatore Bonaccorso at 2022-10-23T09:09:08+02:00 Add CVE-2022-3624/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -547,7 +547,8 @@ CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6b4db2e528f650c7fb712961aac36455468d5902 (6.0-rc1) CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as problemati ...) - TODO: check + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1) CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) TODO: check CVE-2022-3622 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ca306c24f9594ac6016e4d61cfb9d22cc75323e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ca306c24f9594ac6016e4d61cfb9d22cc75323e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3625/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32710ccd by Salvatore Bonaccorso at 2022-10-23T09:05:41+02:00 Add CVE-2022-3625/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -542,7 +542,10 @@ CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtif NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...) - TODO: check + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6b4db2e528f650c7fb712961aac36455468d5902 (6.0-rc1) CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as problemati ...) TODO: check CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32710ccd25b617ccb554de386d80c781ede8c934 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32710ccd25b617ccb554de386d80c781ede8c934 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits