[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-45136/apache-jena

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de8c1656 by Salvatore Bonaccorso at 2022-11-24T07:21:19+01:00
Add Debian bug reference for CVE-2022-45136/apache-jena

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2228,7 +2228,7 @@ CVE-2022-45138
 CVE-2022-45137
RESERVED
 CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and 
earlier is  ...)
-   - apache-jena 
+   - apache-jena  (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
TODO: check correctness/details if src:apache-jena affected
 CVE-2022-45135



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8c1656b5e8d5543482648d02be14a61ca52687

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8c1656b5e8d5543482648d02be14a61ca52687
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-39353/node-xmldom

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd1bf6c9 by Salvatore Bonaccorso at 2022-11-24T07:04:52+01:00
Add Debian bug reference for CVE-2022-39353/node-xmldom

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19525,7 +19525,7 @@ CVE-2022-39355 (Discourse Patreon enables 
syncronization between Discourse Group
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of 
Ethereum Virtu ...)
NOT-FOR-US: Rust crate evm
 CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 
2 Core)  ...)
-   - node-xmldom 
+   - node-xmldom  (bug #1024736)
NOTE: 
https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
NOTE: https://github.com/jindw/xmldom/issues/150
 CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine 
inspired ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1bf6c9d4451b43aba1c4d3cc86843ced00237a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1bf6c9d4451b43aba1c4d3cc86843ced00237a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-3970/tiff

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8969b911 by Salvatore Bonaccorso at 2022-11-24T07:04:10+01:00
Add Debian bug reference for CVE-2022-3970/tiff

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2019,7 +2019,7 @@ CVE-2022-3972 (A vulnerability was found in Pingkon 
HMS-PHP. It has been rated a
 CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 
0.35.1. It ha ...)
NOT-FOR-US: matrix-appservice-irc
 CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as 
critic ...)
-   - tiff 
+   - tiff  (bug #1024737)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
NOTE: https://oss-fuzz.com/download?testcase_id=5738253143900160



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8969b91120f22f855604d0e68038e7f533023e42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8969b91120f22f855604d0e68038e7f533023e42
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-4127/ipxe issue

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cb13d782 by Salvatore Bonaccorso at 2022-11-24T06:57:10+01:00
Update status for CVE-2022-4127/ipxe issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -876,9 +876,9 @@ CVE-2022-4089
 CVE-2022-4088
RESERVED
 CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as 
problematic ...)
-   - ipxe 
+   - ipxe  (Vulnerable code not present)
+   NOTE: Introduced by: 
https://github.com/ipxe/ipxe/commit/634a86093af9a6d134be8662f25616f4edfec683
NOTE: Fixed by: 
https://github.com/ipxe/ipxe/commit/186306d6199096b7a7c4b4574d4be8cdb8426729
-   TODO: check, might be introduced later than the packaged version
 CVE-2022-4086
REJECTED
 CVE-2022-4085



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb13d78298edaed2a63e6c0baee37a8198e8e63c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb13d78298edaed2a63e6c0baee37a8198e8e63c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4127/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8613eb24 by Salvatore Bonaccorso at 2022-11-24T06:36:10+01:00
Add CVE-2022-4127/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -144,6 +144,8 @@ CVE-2022-4128
NOTE: 
https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7)
 CVE-2022-4127
RESERVED
+   - linux  (Vulnerable code only in 5.19-rcX versions)
+   NOTE: 
https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
 CVE-2022-4126
RESERVED
 CVE-2022-4125



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8613eb24e991ed8c467afda35409d79d33518d4d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8613eb24e991ed8c467afda35409d79d33518d4d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4128/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f54197b by Salvatore Bonaccorso at 2022-11-24T06:31:58+01:00
Add CVE-2022-4128/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -138,6 +138,10 @@ CVE-2022-4129
NOTE: 
https://lore.kernel.org/all/20221114191619.124659-1-ja...@cloudflare.com/t
 CVE-2022-4128
RESERVED
+   - linux 5.18.14-1
+   [bullseye] - linux  (Vulnerable code not present)
+   [buster] - linux  (Vulnerable code not present)
+   NOTE: 
https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7)
 CVE-2022-4127
RESERVED
 CVE-2022-4126



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f54197bbff67115f67872c3305cc94b9b433673

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f54197bbff67115f67872c3305cc94b9b433673
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4129/linux

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15e03eaa by Salvatore Bonaccorso at 2022-11-24T06:16:14+01:00
Add CVE-2022-4129/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -134,6 +134,8 @@ CVE-2022-4130
RESERVED
 CVE-2022-4129
RESERVED
+   - linux 
+   NOTE: 
https://lore.kernel.org/all/20221114191619.124659-1-ja...@cloudflare.com/t
 CVE-2022-4128
RESERVED
 CVE-2022-4127



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15e03eaa93db0779ce9eb28939ab345e6942f597

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15e03eaa93db0779ce9eb28939ab345e6942f597
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: claim curl in dla-needed.txt

[@roberto]

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
92825cd5 by Roberto C. Sánchez at 2022-11-23T21:45:46-05:00
LTS: claim curl in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -29,7 +29,7 @@ consul
   NOTE: 20221031: Programming language: Go.
   NOTE: 20221031: Concluded that the package should be fixed by the CVE 
description. Source code not analyzed in detail.
 --
-curl
+curl (Roberto C. Sánchez)
   NOTE: 20220901: Programming language: C.
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git
   NOTE: 20220904: Special attention: high popcon!.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92825cd50cd6241b0aec3bd93ba6443e1cb5896e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92825cd50cd6241b0aec3bd93ba6443e1cb5896e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim heimdal

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f462e6ab by Guilhem Moulin at 2022-11-23T23:55:33+01:00
claim heimdal

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -79,7 +79,7 @@ golang-websocket
   NOTE: 20220915: 1 CVE fixed in stretch and bullseye 
(golang-github-gorilla-websocket) (Beuc/front-desk)
   NOTE: 20220915: Special attention: limited support; requires rebuilding 
reverse dependencies
 --
-heimdal
+heimdal (guilhem)
   NOTE: 20221117: Programming language: C.
 --
 hsqldb



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f462e6ab9698669c220734a3c385d93494320ea9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f462e6ab9698669c220734a3c385d93494320ea9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2009-114{2,3}/open-vm-tools

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ec37e33 by Salvatore Bonaccorso at 2022-11-23T22:27:57+01:00
Add CVE-2009-114{2,3}/open-vm-tools

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -544185,9 +544185,14 @@ CVE-2009-1145
 CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of 
Xpdf befo ...)
- xpdf  (Gentoo specific vulnerability in building xpdf)
 CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. 
Local user ...)
-   TODO: check
+   - open-vm-tools 2:12.0.0-1
+   [bullseye] - open-vm-tools  (Minor issue; mount.vmhgfs not suid 
root in Debian)
+   NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
+   NOTE: Removing hgfsmounter/mount.vmhgfs: 
https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9
 (stable-12.0.0)
 CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. 
Local user ...)
-   TODO: check
+   - open-vm-tools 2:8.4.2+2011.08.21-471295-1
+   NOTE: https://bugzilla.suse.com/show_bug.cgi?id=474285
+   NOTE: 
https://github.com/vmware/open-vm-tools/commit/76dccec4dd4002cec240e71e0042cdacfae6cca7
 (2011.03.28-387002)
 CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and 
Server 20 ...)
NOT-FOR-US: Microsoft
 CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for 
Windows XP SP ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec37e33a9233a98ed30aee7ed1077b61656138e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec37e33a9233a98ed30aee7ed1077b61656138e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-41922/yii

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eacc683d by Salvatore Bonaccorso at 2022-11-23T21:50:07+01:00
Add CVE-2022-41922/yii

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13276,7 +13276,7 @@ CVE-2022-41924 (A vulnerability identified in the 
Tailscale Windows client allow
 CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege 
escalati ...)
TODO: check
 CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote 
Code Exec ...)
-   TODO: check
+   - yii  (bug #597899)
 CVE-2022-41921
RESERVED
 CVE-2022-41920 (Lancet is a general utility library for the go programming 
language. A ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eacc683d96201d67c954d034cd134944dceb10f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eacc683d96201d67c954d034cd134944dceb10f7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
96b89fb1 by Salvatore Bonaccorso at 2022-11-23T21:45:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -995,7 +995,7 @@ CVE-2022-4055 (When xdg-mail is configured to use 
thunderbird for mailto URLs, i
 CVE-2022-4054
RESERVED
 CVE-2022-45462 (Alarm instance management has command injection when there is 
a specif ...)
-   TODO: check
+   NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and 
related V ...)
NOT-FOR-US: Veritas NetBackup
 CVE-2022-45460
@@ -5515,11 +5515,11 @@ CVE-2022-44282
 CVE-2022-44281
RESERVED
 CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete 
any fil ...)
-   TODO: check
+   NOT-FOR-US: Automotive Shop Management System
 CVE-2022-44279
RESERVED
 CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: Sanitization Management System
 CVE-2022-44277
RESERVED
 CVE-2022-44276
@@ -,29 +,29 @@ CVE-2022-44262
 CVE-2022-44261
RESERVED
 CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
pre-authentication bu ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2022-44248
RESERVED
 CVE-2022-44247
@@ -5797,7 +5797,7 @@ CVE-2022-44141
 CVE-2022-44140
RESERVED
 CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL 
Injectio ...)
-   TODO: check
+   NOT-FOR-US: Apartment Visitor Management System
 CVE-2022-44138
RESERVED
 CVE-2022-44137
@@ -13264,9 +13264,9 @@ CVE-2022-41930
 CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing 
authorization in  ...)
TODO: check
 CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of 
Directives in  ...)
-   TODO: check
+   NOT-FOR-US: XWiki
 CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery 
(CSRF) that ...)
-   TODO: check
+   NOT-FOR-US: XWiki
 CVE-2022-41926
RESERVED
 CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a 
malicious  ...)
@@ -16151,9 +16151,9 @@ CVE-2022-40774 (An issue was discovered in Bento4 
through 1.6.0-639. There is a
 CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and 
SupportCenter  ...)
NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG 
initializati ...)
@@ -23415,11 +23415,11 @@ CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, 
and 7.1.0, it is possible
NOTE: Fixed by: 
https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d
 (master)
NOTE: Fixed by: 
https://github.com/varnis

[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2021-46849 (duplicate of CVE-2021-29421)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
29fc6588 by Salvatore Bonaccorso at 2022-11-23T21:34:15+01:00
Remove notes from CVE-2021-46849 (duplicate of CVE-2021-29421)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8734,10 +8734,6 @@ CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 
and Vesta Control Panel
NOT-FOR-US: myVesta Control Panel
 CVE-2021-46849
REJECTED
-   - pikepdf 3.2.0+dfsg-1
-   [bullseye] - pikepdf  (Minor issue)
-   [buster] - pikepdf  (Minor issue)
-   NOTE: 
https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array 
size check ...)
- libtasn1-6 4.19.0-2
[bullseye] - libtasn1-6  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29fc65888a786b5273d35b9cb19d1caba3c3621c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29fc65888a786b5273d35b9cb19d1caba3c3621c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1c138355 by security tracker role at 2022-11-23T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,149 @@
+CVE-2022-45865
+   RESERVED
+CVE-2022-45864
+   RESERVED
+CVE-2022-45863
+   RESERVED
+CVE-2022-45862
+   RESERVED
+CVE-2022-45861
+   RESERVED
+CVE-2022-45860
+   RESERVED
+CVE-2022-45859
+   RESERVED
+CVE-2022-45858
+   RESERVED
+CVE-2022-45857
+   RESERVED
+CVE-2022-45856
+   RESERVED
+CVE-2022-45855
+   RESERVED
+CVE-2022-45854
+   RESERVED
+CVE-2022-45853
+   RESERVED
+CVE-2022-45852
+   RESERVED
+CVE-2022-45851
+   RESERVED
+CVE-2022-45850
+   RESERVED
+CVE-2022-45849
+   RESERVED
+CVE-2022-45848
+   RESERVED
+CVE-2022-45847
+   RESERVED
+CVE-2022-45846
+   RESERVED
+CVE-2022-45845
+   RESERVED
+CVE-2022-45844
+   RESERVED
+CVE-2022-45843
+   RESERVED
+CVE-2022-45842
+   RESERVED
+CVE-2022-45841
+   RESERVED
+CVE-2022-45840
+   RESERVED
+CVE-2022-45839
+   RESERVED
+CVE-2022-45838
+   RESERVED
+CVE-2022-45837
+   RESERVED
+CVE-2022-45836
+   RESERVED
+CVE-2022-45835
+   RESERVED
+CVE-2022-45834
+   RESERVED
+CVE-2022-45833
+   RESERVED
+CVE-2022-45832
+   RESERVED
+CVE-2022-45831
+   RESERVED
+CVE-2022-45830
+   RESERVED
+CVE-2022-45829
+   RESERVED
+CVE-2022-45828
+   RESERVED
+CVE-2022-45827
+   RESERVED
+CVE-2022-45826
+   RESERVED
+CVE-2022-45825
+   RESERVED
+CVE-2022-45824
+   RESERVED
+CVE-2022-45823
+   RESERVED
+CVE-2022-45822
+   RESERVED
+CVE-2022-45821
+   RESERVED
+CVE-2022-45820
+   RESERVED
+CVE-2022-45819
+   RESERVED
+CVE-2022-45818
+   RESERVED
+CVE-2022-45817
+   RESERVED
+CVE-2022-45816
+   RESERVED
+CVE-2022-45815
+   RESERVED
+CVE-2022-45814
+   RESERVED
+CVE-2022-45813
+   RESERVED
+CVE-2022-45812
+   RESERVED
+CVE-2022-45811
+   RESERVED
+CVE-2022-45810
+   RESERVED
+CVE-2022-45809
+   RESERVED
+CVE-2022-45808
+   RESERVED
+CVE-2022-45807
+   RESERVED
+CVE-2022-45806
+   RESERVED
+CVE-2022-45805
+   RESERVED
+CVE-2022-45804
+   RESERVED
+CVE-2022-45803
+   RESERVED
+CVE-2022-45802
+   RESERVED
+CVE-2022-45801
+   RESERVED
+CVE-2022-4131
+   RESERVED
+CVE-2022-4130
+   RESERVED
+CVE-2022-4129
+   RESERVED
+CVE-2022-4128
+   RESERVED
+CVE-2022-4127
+   RESERVED
+CVE-2022-4126
+   RESERVED
+CVE-2022-4125
+   RESERVED
+CVE-2022-4124
+   RESERVED
 CVE-2022-45800
RESERVED
 CVE-2022-45799
@@ -848,8 +994,8 @@ CVE-2022-4055 (When xdg-mail is configured to use 
thunderbird for mailto URLs, i
NOTE: 
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
 CVE-2022-4054
RESERVED
-CVE-2022-45462
-   RESERVED
+CVE-2022-45462 (Alarm instance management has command injection when there is 
a specif ...)
+   TODO: check
 CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and 
related V ...)
NOT-FOR-US: Veritas NetBackup
 CVE-2022-45460
@@ -1987,14 +2133,11 @@ CVE-2022-45153
 CVE-2022-45152
RESERVED
- moodle 
-CVE-2022-45151
-   RESERVED
+CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which 
exists due ...)
- moodle 
-CVE-2022-45150
-   RESERVED
+CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered 
in Moodl ...)
- moodle 
-CVE-2022-45149
-   RESERVED
+CVE-2022-45149 (A vulnerability was found in Moodle which exists due to 
insufficient v ...)
- moodle 
 CVE-2022-45148
RESERVED
@@ -5371,12 +5514,12 @@ CVE-2022-44282
RESERVED
 CVE-2022-44281
RESERVED
-CVE-2022-44280
-   RESERVED
+CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete 
any fil ...)
+   TODO: check
 CVE-2022-44279
RESERVED
-CVE-2022-44278
-   RESERVED
+CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
+   TODO: check
 CVE-2022-44277
RESERVED
 CVE-2022-44276
@@ -5411,30 +5554,30 @@ CVE-2022-44262
RESERVED
 CVE-2022-44261
RESERVED
-CVE-2022-44260
-   RESERVED
-CVE-2022-44259
-   RESERVED
-CVE-2022-44258
-   RESERVED
-CVE-2022-44257
-   RESERVED
-CVE-2022-44256
-   RESERVED
-CVE-2022-44255
-   RESERVED
-CVE-2022-44254
-   RESERVED
-CVE-2022-44253
-   RESERVED
-CVE-2022-44252
-   RESERVED
-CVE-2022-44251
-   RESERVED
-CVE-2022-44250
-   RESERVED
-CVE-2022-44249
-   RESERVED
+CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
+   TODO: check
+CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contai

[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55038710 by Moritz Muehlenhoff at 2022-11-23T21:06:46+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -7864,6 +7864,7 @@ CVE-2022-3716 (A vulnerability classified as problematic 
was found in SourceCode
 CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
RESERVED
- bash 
+   [bullseye] - bash  (Minor issue)
[buster] - bash  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720
NOTE: https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html
@@ -8590,6 +8591,7 @@ CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 
and Vesta Control Panel
NOT-FOR-US: myVesta Control Panel
 CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP 
metadata pa ...)
- pikepdf 3.2.0+dfsg-1
+   [bullseye] - pikepdf  (Minor issue)
[buster] - pikepdf  (Minor issue)
NOTE: 
https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array 
size check ...)
@@ -19642,6 +19644,7 @@ CVE-2022-39261 (Twig is a template language for PHP. 
Versions 1.x prior to 1.44.
NOTE: 
https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b 
(v1.44.7, v2.15.3, v3.4.3)
 CVE-2022-39260 (Git is an open source, scalable, distributed revision control 
system.  ...)
- git 1:2.38.1-1 (bug #1022046)
+   [bullseye] - git  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
NOTE: 
https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa 
(v2.30.6)
@@ -19664,6 +19667,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client 
library, designed according
NOTE: 
https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0
 (0.20.0)
 CVE-2022-39253 (Git is an open source, scalable, distributed revision control 
system.  ...)
- git 1:2.38.1-1 (bug #1022046)
+   [bullseye] - git  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
NOTE: 
https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 
(v2.30.6)
@@ -19723,6 +19727,7 @@ CVE-2022-39238 (Arvados is an open source platform for 
managing and analyzing bi
NOT-FOR-US: Arvados
 CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference 
implementa ...)
- golang-github-sylabs-sif  (bug #1023570)
+   [bullseye] - golang-github-sylabs-sif  (Minor issue)
- singularity-container 3.10.3+ds1-1
NOTE: 
https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
NOTE: 
https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 
(v2.8.1)
@@ -38927,10 +38932,10 @@ CVE-2022-1969 (The Mobile browser color select plugin 
for WordPress is vulnerabl
NOT-FOR-US: Mobile browser color select plugin for WordPress
 CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3182-1 DLA-3053-1}
-   - vim 2:9.0.0135-1 (bug #1015984)
-   [bullseye] - vim  (Minor issue)
+   - vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
NOTE: 
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 
(v8.2.5050)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF 
checks ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-1966
@@ -40316,10 +40321,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub 
repository radareorg/radare2 prior t
NOTE: 
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
 CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3182-1 DLA-3053-1}
-   - vim 2:9.0.0135-1 (bug #1015984)
-   [bullseye] - vim  (Minor issue)
+   - vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
NOTE: 
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a 
(v8.2.5024)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 
...)
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim  (Minor issue)
@@ -40922,10 +40927,10 @@ CVE-2022-1852 (A NULL pointer dereference flaw was 
found in the Linux kernelR
NOTE: 
https://git.kernel.org/linus/fee060cd

[Git][security-tracker-team/security-tracker][master] Update information on CVE-2021-46854/proftpd-dfsg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
66f84df3 by Salvatore Bonaccorso at 2022-11-23T14:05:48+01:00
Update information on CVE-2021-46854/proftpd-dfsg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9,8 +9,9 @@ CVE-2022-4123
 CVE-2022-4122
RESERVED
 CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure 
to RADIUS ...)
-   - proftpd-dfsg 1.3.7c+dfsg-1
-   [bullseye] - proftpd-dfsg  (Minor issue)
+   - proftpd-dfsg 1.3.7c+dfsg-1 (bug #993173)
+   [bullseye] - proftpd-dfsg 1.3.7a+dfsg-12+deb11u1
+   [buster] - proftpd-dfsg 1.3.6-4+deb10u6
NOTE: https://github.com/proftpd/proftpd/issues/1284
NOTE: https://github.com/proftpd/proftpd/pull/1285
NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
 (v1.3.8rc2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f84df30b9fd4b8484f1443044b0d0b4fcd0093

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f84df30b9fd4b8484f1443044b0d0b4fcd0093
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
70450616 by Moritz Muehlenhoff at 2022-11-23T12:29:05+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -10,6 +10,7 @@ CVE-2022-4122
RESERVED
 CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure 
to RADIUS ...)
- proftpd-dfsg 1.3.7c+dfsg-1
+   [bullseye] - proftpd-dfsg  (Minor issue)
NOTE: https://github.com/proftpd/proftpd/issues/1284
NOTE: https://github.com/proftpd/proftpd/pull/1285
NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
 (v1.3.8rc2)
@@ -42870,10 +42871,10 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in 
GitHub repository jgraph/dr
NOT-FOR-US: jgraph/drawio
 CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub 
repository vim/v ...)
{DLA-3182-1 DLA-3053-1}
-   - vim 2:9.0.0135-1 (bug #1015984)
-   [bullseye] - vim  (Minor issue)
+   - vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
NOTE: 
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c 
(v8.2.4956)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository 
polonel/t ...)
NOT-FOR-US: Trudesk
 CVE-2022-1718 (The trudesk application allows large characters to insert in 
the input ...)
@@ -44485,11 +44486,10 @@ CVE-2022-1622 (LibTIFF master branch has an 
out-of-bounds read in LZWDecode in l
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub 
repository vim ...)
{DLA-3011-1}
-   - vim 2:9.0.0135-1 (bug #1015984)
-   [bullseye] - vim  (Minor issue)
-   [buster] - vim  (Minor issue)
+   - vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
NOTE: 
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b 
(v8.2.4919)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in 
stl_update_ ...)
{DLA-3019-1}
- admesh 0.98.4-2 (bug #1010770)
@@ -44504,11 +44504,10 @@ CVE-2022-1620 (NULL Pointer Dereference in function 
vim_regexec_string at regexp
NOTE: Crash in CLI tool, no security impact
 CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in 
GitHub r ...)
{DLA-3011-1}
-   - vim 2:9.0.0135-1 (bug #1015984)
-   [bullseye] - vim  (Minor issue)
-   [buster] - vim  (Minor issue)
+   - vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
NOTE: 
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe 
(v8.2.4899)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2022-1618
RESERVED
 CVE-2022-1617
@@ -46905,11 +46904,11 @@ CVE-2022-1422 (The Discy WordPress theme before 5.2 
does not check for CSRF toke
 CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some 
AJAX ac ...)
NOT-FOR-US: WordPress theme
 CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
-   - vim 2:8.2.4793-1
-   [bullseye] - vim  (Minor issue)
+   - vim 2:8.2.4793-1 (unimportant)
[buster] - vim  (method call operator -> introduced in 
8.1.1803)
NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
NOTE: 
https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca 
(v8.2.4774)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 
5.6, due ...)
{DSA-5171-1}
- squid 5.6-1
@@ -51061,10 +51060,10 @@ CVE-2022-1155 (Old sessions are not blocked by the 
login enable function. in Git
- snipe-it  (bug #1005172)
 CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim 
prior to 8 ...)
{DLA-3182-1 DLA-3011-1}
-   - vim 2:8.2.4659-1
-   [bullseye] - vim  (Minor issue)
+   - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
NOTE: 
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 
(v8.2.4646)
+   NOTE: Crash in CLI tool, no security impact
 CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise 
and es ...)
NOT-FOR-US: WordPress plugin
 CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and 
escape t ...)



View it on GitLab: 
https://salsa.debian.org/security-tra

[Git][security-tracker-team/security-tracker][master] drop ELTS annotation for vim to allow changing it in ELTS tracker

[Helmut Grohne (@helmutg)]

Helmut Grohne pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1564b16c by Helmut Grohne at 2022-11-23T11:39:16+01:00
drop ELTS annotation for vim to allow changing it in ELTS tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -90090,7 +90090,6 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
- vim 2:8.2.3455-1 (bug #994076)
[bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim 2:8.1.0875-5+deb10u1
-   [stretch] - vim  (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
NOTE: Fixed by: 
https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 
(v8.2.3402)
NOTE: Followup fix for introduced memory leak: 
https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1b6e08e 
(v8.2.3403)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1564b16c9015e1bc4d03afcef255966277748156

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1564b16c9015e1bc4d03afcef255966277748156
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-42095/backdrop, itp'ed

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
689969d1 by Salvatore Bonaccorso at 2022-11-23T10:52:24+01:00
Add CVE-2022-42095/backdrop, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12759,7 +12759,7 @@ CVE-2022-42097 (Backdrop CMS version 1.23.0 was 
discovered to contain a stored c
 CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored 
cross-s ...)
- backdrop  (bug #914257)
 CVE-2022-42095 (Backdrop CMS version 1.23.0 was discovered to contain a stored 
cross-s ...)
-   TODO: check
+   - backdrop  (bug #914257)
 CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored 
cross-s ...)
- backdrop  (bug #914257)
 CVE-2022-42093



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689969d1eddca8fbb74aa0fd1167b8291b9f5c66

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689969d1eddca8fbb74aa0fd1167b8291b9f5c66
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
09893385 by Salvatore Bonaccorso at 2022-11-23T10:51:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1532,9 +1532,9 @@ CVE-2022-45333
 CVE-2022-45332
RESERVED
 CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-45329
RESERVED
 CVE-2022-45328
@@ -8318,7 +8318,7 @@ CVE-2022-43753 (A Improper Limitation of a Pathname to a 
Restricted Directory ('
 CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 
1/13, when u ...)
NOT-FOR-US: Oracle Solaris
 CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an 
uncontrol ...)
-   TODO: check
+   NOT-FOR-US: McAfee
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 
5.19.15 ...)
{DLA-3173-1}
- linux 6.0.2-1
@@ -9828,7 +9828,7 @@ CVE-2022-43215 (Billing System Project v1.0 was 
discovered to contain a SQL inje
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
NOT-FOR-US: Billing System Project
 CVE-2022-43213 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
-   TODO: check
+   NOT-FOR-US: Billing System Project
 CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
NOT-FOR-US: Billing System Project
 CVE-2022-43211
@@ -16013,7 +16013,7 @@ CVE-2022-40772
 CVE-2022-40771
RESERVED
 CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG 
initializati ...)
NOT-FOR-US: profanity (not same as src:profanity)
 CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows 
local us ...)
@@ -21261,7 +21261,7 @@ CVE-2022-38726
 CVE-2022-38725
RESERVED
 CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, 
silverstripe/asset ...)
-   TODO: check
+   NOT-FOR-US: SilverStripe CMS
 CVE-2022-38723
RESERVED
 CVE-2022-38722
@@ -23039,7 +23039,7 @@ CVE-2022-2793 (Emerson Electric's Proficy Machine 
Edition Version 9.00 and prior
 CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
NOT-FOR-US: Emerson
 CVE-2022-2791 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
-   TODO: check
+   NOT-FOR-US: Emerson Electric's Proficy Machine Edition
 CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
NOT-FOR-US: Emerson
 CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
@@ -23165,11 +23165,11 @@ CVE-2022-38149 (HashiCorp Consul Template up to 
0.27.2, 0.28.2, and 0.29.1 may e
 CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL 
Injection. ...)
NOT-FOR-US: SilverStripe CMS
 CVE-2022-38147 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 3 o ...)
-   TODO: check
+   NOT-FOR-US: SilverStripe CMS
 CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 2 o ...)
NOT-FOR-US: SilverStripe CMS
 CVE-2022-38145 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 1 o ...)
-   TODO: check
+   NOT-FOR-US: SilverStripe CMS
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key 
could be wr ...)
NOT-FOR-US: JetBrains TeamCity
 CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while 
Registr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/098933859d0beb653536b20d2cf5f90613490045

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/098933859d0beb653536b20d2cf5f90613490045
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-404{4,5}/mattermost-server

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d86ed13 by Salvatore Bonaccorso at 2022-11-23T10:50:41+01:00
Add CVE-2022-404{4,5}/mattermost-server

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -869,9 +869,9 @@ CVE-2022-4047
 CVE-2022-4046
RESERVED
 CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an 
authenti ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an 
authenticate ...)
-   TODO: check
+   - mattermost-server  (bug #823556)
 CVE-2022-4043
RESERVED
 CVE-2022-4042



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d86ed1338e5014a5859c8262d0c05dcad04e6fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d86ed1338e5014a5859c8262d0c05dcad04e6fd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7fbbc639 by Salvatore Bonaccorso at 2022-11-23T09:49:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -572,9 +572,9 @@ CVE-2022-45538
 CVE-2022-45537
RESERVED
 CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-45534
RESERVED
 CVE-2022-45533
@@ -586,7 +586,7 @@ CVE-2022-45531
 CVE-2022-45530
RESERVED
 CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: AeroCMS
 CVE-2022-45528
RESERVED
 CVE-2022-45527



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fbbc639b1486ccd48fb14f5a6e1b21189a745a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fbbc639b1486ccd48fb14f5a6e1b21189a745a4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-46854/proftpd-dfsg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18af4dcd by Salvatore Bonaccorso at 2022-11-23T09:37:22+01:00
Add CVE-2021-46854/proftpd-dfsg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9,7 +9,11 @@ CVE-2022-4123
 CVE-2022-4122
RESERVED
 CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure 
to RADIUS ...)
-   TODO: check
+   - proftpd-dfsg 1.3.7c+dfsg-1
+   NOTE: https://github.com/proftpd/proftpd/issues/1284
+   NOTE: https://github.com/proftpd/proftpd/pull/1285
+   NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
 (v1.3.8rc2)
+   NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8
 (v1.3.7c)
 CVE-2022-45797
RESERVED
 CVE-2022-45796



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18af4dcd08761919fc2c0f0bee99a36f8b517617

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18af4dcd08761919fc2c0f0bee99a36f8b517617
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed libvncserver update for bullseye-pu

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7eeba1c0 by Salvatore Bonaccorso at 2022-11-23T09:23:46+01:00
Track proposed libvncserver update for bullseye-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -64,3 +64,5 @@ CVE-2022-21690
[bullseye] - onionshare 2.2-3+deb11u1
 CVE-2022-21689
[bullseye] - onionshare 2.2-3+deb11u1
+CVE-2020-29260
+   [bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eeba1c0a87fd1da06e3e2649907dc51068f455b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eeba1c0a87fd1da06e3e2649907dc51068f455b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f568f619 by security tracker role at 2022-11-23T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,15 @@
+CVE-2022-45800
+   RESERVED
+CVE-2022-45799
+   RESERVED
+CVE-2022-45798
+   RESERVED
+CVE-2022-4123
+   RESERVED
+CVE-2022-4122
+   RESERVED
+CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure 
to RADIUS ...)
+   TODO: check
 CVE-2022-45797
RESERVED
 CVE-2022-45796
@@ -555,10 +567,10 @@ CVE-2022-45538
RESERVED
 CVE-2022-45537
RESERVED
-CVE-2022-45536
-   RESERVED
-CVE-2022-45535
-   RESERVED
+CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
+   TODO: check
+CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
+   TODO: check
 CVE-2022-45534
RESERVED
 CVE-2022-45533
@@ -569,8 +581,8 @@ CVE-2022-45531
RESERVED
 CVE-2022-45530
RESERVED
-CVE-2022-45529
-   RESERVED
+CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
+   TODO: check
 CVE-2022-45528
RESERVED
 CVE-2022-45527
@@ -785,8 +797,8 @@ CVE-2022-45474 (drachtio-server 0.8.18 has a 
request-handler.cpp event_cb use-af
NOT-FOR-US: drachtio-server
 CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and 
drachti ...)
NOT-FOR-US: drachtio-server
-CVE-2022-45472
-   RESERVED
+CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r 
patch 6 ...)
+   TODO: check
 CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed 
when sendin ...)
NOT-FOR-US: JetBrains Hub
 CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in 
Apache Ham ...)
@@ -852,10 +864,10 @@ CVE-2022-4047
RESERVED
 CVE-2022-4046
RESERVED
-CVE-2022-4045
-   RESERVED
-CVE-2022-4044
-   RESERVED
+CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an 
authenti ...)
+   TODO: check
+CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an 
authenticate ...)
+   TODO: check
 CVE-2022-4043
RESERVED
 CVE-2022-4042
@@ -930,8 +942,8 @@ CVE-2022-4021 (The Permalink Manager Lite plugin for 
WordPress is vulnerable to
NOT-FOR-US: Permalink Manager Lite plugin for WordPress
 CVE-2022-4020
RESERVED
-CVE-2022-4019
-   RESERVED
+CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks 
plugin a ...)
+   TODO: check
 CVE-2022-4018 (Missing Authentication for Critical Function in GitHub 
repository ikus ...)
- rdiffweb  (bug #969974)
 CVE-2022-4017
@@ -1515,10 +1527,10 @@ CVE-2022-45333
RESERVED
 CVE-2022-45332
RESERVED
-CVE-2022-45331
-   RESERVED
-CVE-2022-45330
-   RESERVED
+CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
+   TODO: check
+CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
+   TODO: check
 CVE-2022-45329
RESERVED
 CVE-2022-45328
@@ -8301,8 +8313,8 @@ CVE-2022-43753 (A Improper Limitation of a Pathname to a 
Restricted Directory ('
NOT-FOR-US: Uyuni
 CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 
1/13, when u ...)
NOT-FOR-US: Oracle Solaris
-CVE-2022-43751
-   RESERVED
+CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an 
uncontrol ...)
+   TODO: check
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 
5.19.15 ...)
{DLA-3173-1}
- linux 6.0.2-1
@@ -9637,9 +9649,9 @@ CVE-2022-43287
RESERVED
 CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a 
heap-use-after-free bug c ...)
NOT-FOR-US: njs
-CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation 
violation in ...)
+CVE-2022-43285 (** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a 
segmentati ...)
NOT-FOR-US: njs
-CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a 
segmentation vi ...)
+CVE-2022-43284 (** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to 
contain a  ...)
NOT-FOR-US: njs
 CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in 
CWriter::Write. ...)
- wabt  (unimportant)
@@ -9811,8 +9823,8 @@ CVE-2022-43215 (Billing System Project v1.0 was 
discovered to contain a SQL inje
NOT-FOR-US: Billing System Project
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
NOT-FOR-US: Billing System Project
-CVE-2022-43213
-   RESERVED
+CVE-2022-43213 (Billing System Project v1.0 was discover

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for four tiff issues, #1024670

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
776c2ad2 by Salvatore Bonaccorso at 2022-11-23T09:06:25+01:00
Add Debian bug reference for four tiff issues, #1024670

Signed-off-by: Salvatore Bonaccorso 

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21433,7 +21433,7 @@ CVE-2022-38668 (HTTP applications (servers) based on 
Crow through 1.0+4 may reve
 CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may 
allow a Us ...)
NOT-FOR-US: CrowCpp
 CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection 
in tool ...)
-   - tiff  (unimportant)
+   - tiff  (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
@@ -27515,21 +27515,21 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
NOTE: 
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 
(v9.0.0061)
NOTE: Crash in CLI tool, no security impact
 CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid 
pointer free ...)
-   - tiff  (unimportant)
+   - tiff  (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
 CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc 
assertion f ...)
-   - tiff  (unimportant)
+   - tiff  (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
 CVE-2022-2519 (There is a double free or corruption in rotateImage() at 
tiffcrop.c:88 ...)
-   - tiff  (unimportant)
+   - tiff  (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776c2ad2e6592d29ca04cad7303b16b1df93c286

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776c2ad2e6592d29ca04cad7303b16b1df93c286
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits