date:20221202

[Git][security-tracker-team/security-tracker][master] NFU

2022-12-02 Thread Henri Salo (@hsalo-guest)



Henri Salo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility 
package to build export
NOTE: 
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: 
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
 (v0.8.2)
 CVE-2022-46145 (authentik is an open-source identity provider. Versions prior 
to 2022. ...)
-   TODO: check
+   NOT-FOR-US: authentik
 CVE-2022-46144
RESERVED
 CVE-2022-46143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3218-1 for libpgjava

2022-12-02 Thread Utkarsh Gupta (@utkarsh)



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46b5fa25 by Utkarsh Gupta at 2022-12-03T04:31:16+05:30
Reserve DLA-3218-1 for libpgjava

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[03 Dec 2022] DLA-3218-1 libpgjava - security update
+   {CVE-2022-41946}
+   [buster] - libpgjava 42.2.5-2+deb10u3
 [03 Dec 2022] DLA-3217-1 g810-led - security update
{CVE-2022-46338}
[buster] - g810-led 0.3.3-2+deb10u1


=
data/dla-needed.txt
=
@@ -111,12 +111,6 @@ libde265
   NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are 
fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk)
   NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk)
 --
-libpgjava
-  NOTE: 20221128: Programming language: Java.
-  NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/libpgjava.git
-  NOTE: 20221128: Please check, whether CVE-2022-41946 affects modern systems 
(gladk).
-  NOTE: 20221128: If not - please mark it as  (gladk).
---
 libreoffice
   NOTE: 20221012: Programming language: C++.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b5fa250947f217c76a49672eb1ba1b87dc1af5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b5fa250947f217c76a49672eb1ba1b87dc1af5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3217-1 for g810-led

2022-12-02 Thread Utkarsh Gupta (@utkarsh)



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
249814c5 by Utkarsh Gupta at 2022-12-03T04:30:17+05:30
Reserve DLA-3217-1 for g810-led

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[03 Dec 2022] DLA-3217-1 g810-led - security update
+   {CVE-2022-46338}
+   [buster] - g810-led 0.3.3-2+deb10u1
 [03 Dec 2022] DLA-3216-1 vlc - security update
{CVE-2022-41325}
[buster] - vlc 3.0.17.4-0+deb10u2


=
data/dla-needed.txt
=
@@ -47,12 +47,6 @@ firmware-nonfree (Markus Koschany)
 fwupd (Stefano Rivera)
   NOTE: 20221003: Programming language: C++.
 --
-g810-led
-  NOTE: 20221130: Programming language: C++.
-  NOTE: 20221130: VCS: https://salsa.debian.org/lts-team/packages/g810-led.git
-  NOTE: 20221130: The issue in the udev-rules, not in the package itself 
(gladk).
-  NOTE: 20221130: https://gitlab.com/qemu-project/qemu/-/issues/1268 (gladk).
---
 git
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/git.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249814c5930122b412487c540419aee886402f8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249814c5930122b412487c540419aee886402f8d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3216-1 for vlc

2022-12-02 Thread Utkarsh Gupta (@utkarsh)



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d595ef5e by Utkarsh Gupta at 2022-12-03T04:29:27+05:30
Reserve DLA-3216-1 for vlc

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[03 Dec 2022] DLA-3216-1 vlc - security update
+   {CVE-2022-41325}
+   [buster] - vlc 3.0.17.4-0+deb10u2
 [02 Dec 2022] DLA-3215-1 snapd - security update
{CVE-2022-3328}
[buster] - snapd 2.37.4-1+deb10u2


=
data/dla-needed.txt
=
@@ -340,12 +340,6 @@ trafficserver
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --
-vlc
-  NOTE: 20221201: Programming language: C.
-  NOTE: 20221201: VCS: https://salsa.debian.org/lts-team/packages/vlc.git
-  NOTE: 20221201: Please try to find a real patch for CVE-2022-41325 (gladk).
-  NOTE: 20221201: Backporting of a new version would be not the best idea. 
(gladk).
---
 xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d595ef5ed52d38fe9f3d243f74b5ac0052d0bdab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d595ef5ed52d38fe9f3d243f74b5ac0052d0bdab
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3520/vim

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
970fae5b by Salvatore Bonaccorso at 2022-12-02T21:23:37+01:00
Add CVE-2022-3520/vim

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -12311,7 +12311,9 @@ CVE-2022-42964 (An exponential ReDoS (Regular 
Expression Denial of Service) can
NOTE: 
https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
NOTE: Doesn't seem to be reported upstream so far
 CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.0 ...)
-   TODO: check
+   - vim 2:9.0.0813-1
+   NOTE: https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
+   NOTE: 
https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b 
(v9.0.0765)
 CVE-2022-3519 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-3518 (A vulnerability classified as problematic has been found in 
SourceCode ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970fae5b02272670d706434159a37f9c5e013332

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970fae5b02272670d706434159a37f9c5e013332
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3591/vim

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d32814c0 by Salvatore Bonaccorso at 2022-12-02T21:22:14+01:00
Add CVE-2022-3591/vim

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11168,7 +11168,9 @@ CVE-2022-43397 (A vulnerability has been identified in 
Parasolid V34.0 (All vers
 CVE-2022-43396
RESERVED
 CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. 
...)
-   TODO: check
+   - vim 2:9.0.0813-1
+   NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
+   NOTE: 
https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad 
(v9.0.0789)
 CVE-2022-3590
RESERVED
 CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all 
versions wa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d32814c0595cea62e89dc196d238c23d48bb72a2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d32814c0595cea62e89dc196d238c23d48bb72a2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf6ef250 by Salvatore Bonaccorso at 2022-12-02T21:20:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29,9 +29,9 @@ CVE-2022-46364
 CVE-2022-46363
RESERVED
 CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
osticket/o ...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files 
Web ver ...)
-   TODO: check
+   NOT-FOR-US: M-Files Web
 CVE-2022-4269
RESERVED
 CVE-2022-4268
@@ -876,7 +876,7 @@ CVE-2022-46161
 CVE-2022-46160
RESERVED
 CVE-2022-46159 (Discourse is an open-source discussion platform. In version 
2.8.13 and ...)
-   TODO: check
+   NOT-FOR-US: Discourse
 CVE-2022-46158
RESERVED
 CVE-2022-46157
@@ -3539,7 +3539,7 @@ CVE-2022-45217
 CVE-2022-45216
RESERVED
 CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store 
Management Sy ...)
-   TODO: check
+   NOT-FOR-US: Book Store Management System
 CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization 
Management  ...)
NOT-FOR-US: Sanitization Management System
 CVE-2022-45213
@@ -7031,13 +7031,13 @@ CVE-2022-44350
 CVE-2022-44349
RESERVED
 CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: Sanitization Management System
 CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: Sanitization Management System
 CVE-2022-44346
RESERVED
 CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: Sanitization Management System
 CVE-2022-44344
RESERVED
 CVE-2022-44343
@@ -7173,7 +7173,7 @@ CVE-2022-44279 (Garage Management System v1.0 is 
vulnerable to Cross Site Script
 CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
NOT-FOR-US: Sanitization Management System
 CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: Sanitization Management System
 CVE-2022-44276
RESERVED
 CVE-2022-44275



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf6ef250fbea101c87286dd4774714cb93de107a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf6ef250fbea101c87286dd4774714cb93de107a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5eb4473c by Salvatore Bonaccorso at 2022-12-02T21:12:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2060,73 +2060,73 @@ CVE-2022-45676
 CVE-2022-45675
RESERVED
 CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request 
Forgery ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request 
Forgery ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request 
Forgery ( ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request 
Forgery ( ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45666
RESERVED
 CVE-2022-45665
RESERVED
 CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45662
RESERVED
 CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45642
RESERVED
 CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow 
via formSe ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer 
overflow. Cause ...)
NOT-FOR-US: Tenda
 CVE-2022-45639
@@ -6993,17 +6993,17 @@ CVE-2022-44369
 CVE-2022-44368
RESERVED
 CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-37769/libjpeg

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7a976bc by Salvatore Bonaccorso at 2022-12-02T21:10:47+01:00
Add Debian bug reference for CVE-2022-37769/libjpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -26055,7 +26055,7 @@ CVE-2022-37770 (libjpeg commit 281daa9 was discovered 
to contain a segmentation
NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
NOTE: Crash in CLI tool, no security impact
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a 
segmentation fault  ...)
-   - libjpeg 
+   - libjpeg  (bug #1025339)
[bullseye] - libjpeg  (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/78
NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a976bcb5010aa3d71c79f69c7c50e54bfd7c1c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a976bcb5010aa3d71c79f69c7c50e54bfd7c1c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
70c29c14 by security tracker role at 2022-12-02T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2022-46378
+   RESERVED
+CVE-2022-46377
+   RESERVED
+CVE-2022-46376
+   RESERVED
+CVE-2022-46375
+   RESERVED
+CVE-2022-46374
+   RESERVED
+CVE-2022-46373
+   RESERVED
+CVE-2022-46372
+   RESERVED
+CVE-2022-46371
+   RESERVED
+CVE-2022-46370
+   RESERVED
+CVE-2022-46369
+   RESERVED
+CVE-2022-46368
+   RESERVED
+CVE-2022-46367
+   RESERVED
+CVE-2022-46365
+   RESERVED
+CVE-2022-46364
+   RESERVED
+CVE-2022-46363
+   RESERVED
+CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
osticket/o ...)
+   TODO: check
+CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files 
Web ver ...)
+   TODO: check
+CVE-2022-4269
+   RESERVED
+CVE-2022-4268
+   RESERVED
+CVE-2022-4267
+   RESERVED
+CVE-2022-4266
+   RESERVED
+CVE-2022-4265
+   RESERVED
+CVE-2022-4264
+   RESERVED
+CVE-2022-4263
+   RESERVED
 CVE-2022- [node-d3-color redos]
- node-d3-color 1.2.8-5
[bullseye] - node-d3-color  (Minor issue)
@@ -238,7 +286,7 @@ CVE-2022-4247 (A vulnerability classified as critical was 
found in Movie Ticket
NOT-FOR-US: Movie Ticket Booking System
 CVE-2022-4246 (A vulnerability classified as problematic has been found in 
Kakao PotP ...)
NOT-FOR-US: Kakao PotPlayer
-CVE-2022-46366
+CVE-2022-46366 (** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows 
deserializa ...)
NOT-FOR-US: Apache Tapestry
 CVE-2022-46361
RESERVED
@@ -811,8 +859,8 @@ CVE-2022-46169
RESERVED
 CVE-2022-46168
RESERVED
-CVE-2022-46167
-   RESERVED
+CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for 
Kubernetes.  ...)
+   TODO: check
 CVE-2022-46166
RESERVED
 CVE-2022-46165
@@ -827,8 +875,8 @@ CVE-2022-46161
RESERVED
 CVE-2022-46160
RESERVED
-CVE-2022-46159
-   RESERVED
+CVE-2022-46159 (Discourse is an open-source discussion platform. In version 
2.8.13 and ...)
+   TODO: check
 CVE-2022-46158
RESERVED
 CVE-2022-46157
@@ -863,8 +911,8 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility 
package to build export
NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1
NOTE: 
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: 
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
 (v0.8.2)
-CVE-2022-46145
-   RESERVED
+CVE-2022-46145 (authentik is an open-source identity provider. Versions prior 
to 2022. ...)
+   TODO: check
 CVE-2022-46144
RESERVED
 CVE-2022-46143
@@ -2011,74 +2059,74 @@ CVE-2022-45676
RESERVED
 CVE-2022-45675
RESERVED
-CVE-2022-45674
-   RESERVED
-CVE-2022-45673
-   RESERVED
-CVE-2022-45672
-   RESERVED
-CVE-2022-45671
-   RESERVED
-CVE-2022-45670
-   RESERVED
-CVE-2022-45669
-   RESERVED
-CVE-2022-45668
-   RESERVED
-CVE-2022-45667
-   RESERVED
+CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request 
Forgery ...)
+   TODO: check
+CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request 
Forgery ...)
+   TODO: check
+CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
+CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
+CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
+CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
+CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request 
Forgery ( ...)
+   TODO: check
+CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request 
Forgery ( ...)
+   TODO: check
 CVE-2022-45666
RESERVED
 CVE-2022-45665
RESERVED
-CVE-2022-45664
-   RESERVED
-CVE-2022-45663
-   RESERVED
+CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
+CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer 
overflow v ...)
+   TODO: check
 CVE-2022-45662
RESERVED
-CVE-2022-45661
-   RESERVED
-CVE-2022-45660
-   RESERVED
-CVE-2022-45659
-   RESERVED
-CVE-2022-45658
-   RESERVED
-CVE-2022-45657
-   RESERVED
-CVE-2022-45656
-   RESERVED
-CVE-2022-45655
-   RESERVED
-CVE-2022-45654
-   RESERVED
-CVE-2022-45653
-   RESERVED
-CVE-2022-45652
-

[Git][security-tracker-team/security-tracker][master] nextcloud-desktop no-dsa

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
42b3b9fd by Moritz Muehlenhoff at 2022-12-02T20:59:15+01:00
nextcloud-desktop no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21355,21 +21355,25 @@ CVE-2022-39335
RESERVED
 CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. 
Versions p ...)
- nextcloud-desktop 3.6.1-1
+   [bullseye] - nextcloud-desktop  (Minor issue)
NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
NOTE: https://github.com/nextcloud/desktop/issues/4927
NOTE: https://github.com/nextcloud/desktop/pull/5022
 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
- nextcloud-desktop 3.6.1-1
+   [bullseye] - nextcloud-desktop  (Minor issue)
NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1711847
 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
- nextcloud-desktop 3.6.1-1
+   [bullseye] - nextcloud-desktop  (Minor issue)
NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1668028
 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
- nextcloud-desktop 3.6.1-1
+   [bullseye] - nextcloud-desktop  (Minor issue)
NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
NOTE: https://github.com/nextcloud/desktop/pull/4944
NOTE: https://hackerone.com/reports/1668028



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b3b9fdcefc31ece880b0846ec0bee98a3b8024

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b3b9fdcefc31ece880b0846ec0bee98a3b8024
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-3715/bash

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74dd01d3 by Salvatore Bonaccorso at 2022-12-02T20:53:09+01:00
Track fixed version for CVE-2022-3715/bash

Issue introduced in bash-5.1 and fixed with bash-5.2 (but still present
in 5.2~rc2).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9611,7 +9611,7 @@ CVE-2022-3716 (A vulnerability classified as problematic 
was found in SourceCode
NOT-FOR-US: SourceCodester Online Medicine Ordering System
 CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
RESERVED
-   - bash 
+   - bash 5.2-1
[bullseye] - bash  (Minor issue)
[buster] - bash  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74dd01d3ae165e0bd819e36583a10c1ab47dfeed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74dd01d3ae165e0bd819e36583a10c1ab47dfeed
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ac86dc36 by Salvatore Bonaccorso at 2022-12-02T20:34:33+01:00
Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -76808,7 +76808,7 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability 
in the admin interface, wh
NOT-FOR-US: NVIDIA
 CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow 
vulnerability in  ...)
[experimental] - nvidia-cuda-toolkit 11.6.2-1
-   - nvidia-cuda-toolkit  (bug #1008695)
+   - nvidia-cuda-toolkit 11.6.2-2 (bug #1008695)
[bullseye] - nvidia-cuda-toolkit  (Non-free not supported)
[buster] - nvidia-cuda-toolkit  (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5334



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac86dc365e5a6f3219ecb36aac9a067edcfa0496

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac86dc365e5a6f3219ecb36aac9a067edcfa0496
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46366 as NFU

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e4e9aa2 by Salvatore Bonaccorso at 2022-12-02T20:19:30+01:00
Add CVE-2022-46366 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -238,6 +238,8 @@ CVE-2022-4247 (A vulnerability classified as critical was 
found in Movie Ticket
NOT-FOR-US: Movie Ticket Booking System
 CVE-2022-4246 (A vulnerability classified as problematic has been found in 
Kakao PotP ...)
NOT-FOR-US: Kakao PotPlayer
+CVE-2022-46366
+   NOT-FOR-US: Apache Tapestry
 CVE-2022-46361
RESERVED
 CVE-2022-43485



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4e9aa22fc2fdf431a3a0bea1b058ead3a8758a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4e9aa22fc2fdf431a3a0bea1b058ead3a8758a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add additional references for node-d3-color issue

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
11a3cbde by Salvatore Bonaccorso at 2022-12-02T17:46:53+01:00
Add additional references for node-d3-color issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2,6 +2,8 @@ CVE-2022- [node-d3-color redos]
- node-d3-color 1.2.8-5
[bullseye] - node-d3-color  (Minor issue)
NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58
+   NOTE: https://github.com/d3/d3-color/issues/97
+   NOTE: https://github.com/d3/d3-color/pull/100
 CVE-2023-21623
RESERVED
 CVE-2023-21622



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a3cbde09a2a551d90489489d609eb24a1de76e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a3cbde09a2a551d90489489d609eb24a1de76e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new d3-color issue

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c71d607c by Moritz Muehlenhoff at 2022-12-02T15:15:54+01:00
new d3-color issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2022- [node-d3-color redos]
+   - node-d3-color 1.2.8-5
+   [bullseye] - node-d3-color  (Minor issue)
+   NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58
 CVE-2023-21623
RESERVED
 CVE-2023-21622



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71d607c89bbd296d9a58b28db477aa26ea15d73

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71d607c89bbd296d9a58b28db477aa26ea15d73
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc795767 by Moritz Muehlenhoff at 2022-12-02T15:14:36+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3505,16 +3505,15 @@ CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to 
contain a SQL injection vuln
 CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection 
vulnerabil ...)
NOT-FOR-US: Jeecg-boot
 CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to 
contain a mem ...)
-   - gpac 
-   [buster] - gpac  (EOL in buster LTS)
+   - gpac  (Vulnerable code not present in any version in 
the archive)
NOTE: https://github.com/gpac/gpac/issues/2307
NOTE: Introduced by: 
https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da
NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f
-   TODO: double check, but introducing commit is the fix for CVE-2022-45202
 CVE-2022-45203
RESERVED
 CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to 
contain a sta ...)
- gpac 
+   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7957675e39777a56317d5322e533584051dcf5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7957675e39777a56317d5322e533584051dcf5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3215-1 for snapd

2022-12-02 Thread Utkarsh Gupta (@utkarsh)



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
023bfa7d by Utkarsh Gupta at 2022-12-02T19:16:43+05:30
Reserve DLA-3215-1 for snapd

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[02 Dec 2022] DLA-3215-1 snapd - security update
+   {CVE-2022-3328}
+   [buster] - snapd 2.37.4-1+deb10u2
 [30 Nov 2022] DLA-3214-1 libraw - security update
{CVE-2020-15503}
[buster] - libraw 0.19.2-2+deb10u2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/023bfa7df8eda5d405a1323949f4ab1da5469843

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/023bfa7df8eda5d405a1323949f4ab1da5469843
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
384c30ea by Salvatore Bonaccorso at 2022-12-02T13:14:47+01:00
Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149

As RUSTSEC-2022-0068 now mentions that the same CVE as used for
src:capnproto .

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,3 @@
-CVE-2022- [rust capnp: out-of-bounds read possible when setting 
list-of-pointers]
-   - rust-capnp 
-   NOTE: 
https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
-   NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html
 CVE-2023-21623
RESERVED
 CVE-2023-21622
@@ -845,8 +841,11 @@ CVE-2022-46150 (Discourse is an open-source discussion 
platform. Prior to versio
NOT-FOR-US: Discourse
 CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure 
call (RP ...)
- capnproto 
+   - rust-capnp 
NOTE: 
https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
NOTE: 
https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9
+   NOTE: 
https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html
 CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 
2.8.10 and ...)
NOT-FOR-US: Discourse
 CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style 
problem, wher ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c30ea59d5911aee4492fcc5f456cfd8c6a501

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c30ea59d5911aee4492fcc5f456cfd8c6a501
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34d7eefd by Moritz Muehlenhoff at 2022-12-02T12:10:03+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3768,7 +3768,7 @@ CVE-2022-3943 (A vulnerability was found in ForU CMS. It 
has been classified as
 CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization 
Management Sy ...)
NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle 
BC-FJA b ...)
-   TODO: check
+   NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian 
package for Bouncycastle
 CVE-2022-45145
RESERVED
 CVE-2022-45144



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new rust-capnp issue

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
882125c8 by Moritz Muehlenhoff at 2022-12-02T11:43:06+01:00
new rust-capnp issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2022- [rust capnp: out-of-bounds read possible when setting 
list-of-pointers]
+   - rust-capnp 
+   NOTE: 
https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html
 CVE-2023-21623
RESERVED
 CVE-2023-21622



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882125c86e15d20a2ef639ceda35f96a8b67ff05

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882125c86e15d20a2ef639ceda35f96a8b67ff05
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46508902 by Moritz Muehlenhoff at 2022-12-02T11:41:02+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19266,6 +19266,7 @@ CVE-2022-3168
[experimental] - android-platform-tools 33.0.3-1~exp1
- android-platform-tools 
- android-platform-system-core 
+   [bullseye] - android-platform-system-core  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5
 CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x 
through 2.1 ...)
- openvswitch  (bug #1021740)
@@ -23110,6 +23111,7 @@ CVE-2022-2991 (A heap-based buffer overflow was found 
in the Linux kernel's Ligh
NOTE: CONFIG_NVM not enabled in Debian
 CVE-2022-2990 (An incorrect handling of the supplementary groups in the 
Buildah conta ...)
- golang-github-containers-buildah 1.28.0+ds1-2
+   [bullseye] - golang-github-containers-buildah  (Minor issue)
NOTE: 
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
NOTE: https://github.com/containers/buildah/pull/4200
NOTE: 
https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255
 (v1.28.0)
@@ -54601,6 +54603,7 @@ CVE-2022-27652 (A flaw was found in cri-o, where 
containers were incorrectly sta
 CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly 
started  ...)
[experimental] - golang-github-containers-buildah 1.27.0+ds1-2
- golang-github-containers-buildah 1.28.0+ds1-2 (bug #1009882)
+   [bullseye] - golang-github-containers-buildah  (Minor issue)
NOTE: 
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
 (v1.25.1)
NOTE: 
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
 CVE-2022-27650 (A flaw was found in crun where containers were incorrectly 
started wit ...)
@@ -86744,6 +86747,7 @@ CVE-2022-20128
[experimental] - android-platform-tools 33.0.3-1~exp1
- android-platform-tools 
- android-platform-system-core 
+   [bullseye] - android-platform-system-core  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5
 CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of 
bounds w ...)
NOT-FOR-US: Android



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4650890261b3ab4aebfd56d3ad49b2d564ec226c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4650890261b3ab4aebfd56d3ad49b2d564ec226c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43df9bef by Salvatore Bonaccorso at 2022-12-02T11:33:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4379,11 +4379,11 @@ CVE-2022-44932
 CVE-2022-44931
RESERVED
 CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command 
injection ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows 
unauthent ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command 
injecti ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2022-44927
RESERVED
 CVE-2022-44926
@@ -7245,9 +7245,9 @@ CVE-2022-44214
 CVE-2022-44213
RESERVED
 CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote 
attacker to ac ...)
-   TODO: check
+   NOT-FOR-US: GL.iNet Goodcloud
 CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a 
remote atta ...)
-   TODO: check
+   NOT-FOR-US: GL.iNet Goodcloud
 CVE-2022-44210
RESERVED
 CVE-2022-44209
@@ -11299,7 +11299,7 @@ CVE-2022-43335
 CVE-2022-43334
RESERVED
 CVE-2022-4 (Telenia Software s.r.l TVox before v22.0.17 was discovered to 
contain  ...)
-   TODO: check
+   NOT-FOR-US: Telenia Software s.r.l TVox
 CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 
allows  ...)
NOT-FOR-US: Wondercms
 CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df9befeb5c4552ce021bf90d5804dbd99e477a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df9befeb5c4552ce021bf90d5804dbd99e477a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: drop libarchive

2022-12-02 Thread Sylvain Beucler (@beuc)



Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
680465e8 by Sylvain Beucler at 2022-12-02T10:30:17+01:00
dla: drop libarchive
Last DLA was uploaded only last week, theres only one minor CVE, and 
bullseye wont fix it now
A future FD will add it back when there are new CVEs, or a bullseye fix that 
will show up in lts-cve-triage.py

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -30065,6 +30065,7 @@ CVE-2022-36228
 CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error 
after ca ...)
- libarchive  (bug #1024669)
[bullseye] - libarchive  (Minor issue)
+   [buster] - libarchive  (Minor issue, clean crash, follow 
bullseye updates)
NOTE: https://github.com/libarchive/libarchive/issues/1754
NOTE: https://github.com/libarchive/libarchive/pull/1759
NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5


=
data/dla-needed.txt
=
@@ -108,10 +108,6 @@ lava
 libapreq2
   NOTE: 20221031: Programming language: C.
 --
-libarchive
-  NOTE: 20221128: Programming language: C.
-  NOTE: 20221128: VCS: 
https://salsa.debian.org/lts-team/packages/libarchive.git
---
 libcommons-jxpath-java
   NOTE: 20221027: Programming language: Java.
   NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream 
discussion. See CVE-2022-41852 for pull requests.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/680465e84cef049390d402f516625e9874a4af95

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/680465e84cef049390d402f516625e9874a4af95
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: drop vim

2022-12-02 Thread Sylvain Beucler (@beuc)



Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
52ac9b58 by Sylvain Beucler at 2022-12-02T10:23:02+01:00
dla: drop vim
if we need to wait for new CVEs to appear, then theres no need to keep it 
in dla-needed.txt, a future FD will take care of adding it back

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -1428,6 +1428,7 @@ CVE-2022-4142
 CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by 
allowing a ...)
- vim 
[bullseye] - vim  (Minor issue)
+   [buster] - vim  (Minor issue)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
NOTE: 
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 
(v9.0.0947)
 CVE-2022-4140


=
data/dla-needed.txt
=
@@ -341,11 +341,6 @@ trafficserver
   NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith)
   NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith)
 --
-vim
-  NOTE: 20221128: Programming language: C.
-  NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/vim.git
-  NOTE: 20221128: Please wait till at least several CVEs appear before upload 
(gladk).
---
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ac9b58b0ae36eb6bd8031ff882110bdf68ad6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ac9b58b0ae36eb6bd8031ff882110bdf68ad6e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] more mariadb spu updates

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7cb5b9f by Moritz Muehlenhoff at 2022-12-02T10:20:17+01:00
more mariadb spu updates

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=
data/CVE/list
=
@@ -22913,6 +22913,7 @@ CVE-2022-38791 (In MariaDB before 10.9.2, 
compress_write in extra/mariabackup/ds
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-28719
NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
@@ -55054,6 +55055,7 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was 
discovered to contain an us
 CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an 
use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.4 onwards)
- mariadb-10.1  (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28098
@@ -55318,6 +55320,7 @@ CVE-2022-27383 (MariaDB Server v10.6 and below was 
discovered to contain an use-
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
- mariadb-10.1 
NOTE: https://jira.mariadb.org/browse/MDEV-26323


=
data/next-point-update.txt
=
@@ -158,3 +158,5 @@ CVE-2022-32087
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
 CVE-2022-32088
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-38791
+   [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cb5b9f8ab949f25d7c7b88c72f117c8cc46d18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cb5b9f8ab949f25d7c7b88c72f117c8cc46d18
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] mariadb spu

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ccc01a3 by Moritz Mühlenhoff at 2022-12-02T09:56:15+01:00
mariadb spu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=
data/CVE/list
=
@@ -41311,6 +41311,7 @@ CVE-2022-32091 (MariaDB v10.7 was discovered to contain 
an use-after-poison in i
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26431
 CVE-2022-32090
@@ -41318,12 +41319,14 @@ CVE-2022-32090
 CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a 
segmentation fault  ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26410
 CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a 
segmentation fault  ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26419
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -41331,12 +41334,14 @@ CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered 
to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26437
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
 CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a 
segmentation fault  ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26412
NOTE: Fixed in:  10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
@@ -41344,6 +41349,7 @@ CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered 
to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26407
NOTE: Fixed in:  10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -41351,23 +41357,27 @@ CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered 
to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26427
 CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a 
segmentation faul ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
NOTE: https://jira.mariadb.org/browse/MDEV-26047
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 
10.8.3
 CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion 
failure  ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26433
 CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an 
use-after-poison i ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26420
 CVE-2022-32080
@@ -55037,6 +55047,7 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was 
discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
- mariadb-10.1 
NOTE: https://jira.mariadb.org/browse/MDEV-28099
@@ -55050,12 +55061,14 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was 
discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3 
- mariadb-10.1 
NOTE: https://jira.mariadb.org/browse/MDEV-28093
 CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an 
use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 
+   [bullseye] - mariadb-10.5  (Will be fixed via spu)
- mariadb-10.3  (Only affects MariaDB 10.4 onwards)

[Git][security-tracker-team/security-tracker][master] NFUs

2022-12-02 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4fbe7725 by Moritz Muehlenhoff at 2022-12-02T09:38:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -231,7 +231,7 @@ CVE-2022-4248 (A vulnerability, which was classified as 
critical, has been found
 CVE-2022-4247 (A vulnerability classified as critical was found in Movie 
Ticket Booki ...)
NOT-FOR-US: Movie Ticket Booking System
 CVE-2022-4246 (A vulnerability classified as problematic has been found in 
Kakao PotP ...)
-   TODO: check
+   NOT-FOR-US: Kakao PotPlayer
 CVE-2022-46361
RESERVED
 CVE-2022-43485
@@ -309,7 +309,7 @@ CVE-2022-4226
 CVE-2022-4225
RESERVED
 CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and 
RB1732 a ...)
-   TODO: check
+   NOT-FOR-US: Sapido
 CVE-2022-46344
RESERVED
 CVE-2022-46343
@@ -826,15 +826,15 @@ CVE-2022-46158
 CVE-2022-46157
RESERVED
 CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic 
Monitoring appl ...)
-   TODO: check
+   NOT-FOR-US: Grafana Synthetic Monitoring
 CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to 
version 0. ...)
-   TODO: check
+   NOT-FOR-US: Airtable.js
 CVE-2022-46154
RESERVED
 CVE-2022-46153
RESERVED
 CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE 
project, ...)
-   TODO: check
+   NOT-FOR-US: OP-TEE
 CVE-2022-46151
RESERVED
 CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to 
version 2.8. ...)
@@ -846,7 +846,7 @@ CVE-2022-46149 (Cap'n Proto is a data interchange format 
and remote procedure ca
 CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 
2.8.10 and ...)
NOT-FOR-US: Discourse
 CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style 
problem, wher ...)
-   TODO: check
+   NOT-FOR-US: Drag and Drop XBlock
 CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build 
exporters. P ...)
- golang-github-prometheus-exporter-toolkit 0.8.2-1 (bug #1025127)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1
@@ -875,7 +875,7 @@ CVE-2022-4171
 CVE-2022-4170
RESERVED
 CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to 
authori ...)
-   TODO: check
+   NOT-FOR-US: Polylang
 CVE-2022-4168
RESERVED
 CVE-2022-4167
@@ -1361,7 +1361,7 @@ CVE-2022-45923
 CVE-2022-45922
RESERVED
 CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the 
application root ...)
-   TODO: check
+   NOT-FOR-US: FusionAuth
 CVE-2022-45920
RESERVED
 CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In 
drivers ...)
@@ -2224,7 +2224,7 @@ CVE-2022-45564
 CVE-2022-45563
RESERVED
 CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 
to v1.4.9 ...)
-   TODO: check
+   NOT-FOR-US: Telos Alliance Omnia MPX Node
 CVE-2022-45561
RESERVED
 CVE-2022-45560
@@ -2384,7 +2384,7 @@ CVE-2022-45484
 CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript 
which co ...)
NOT-FOR-US: kiwi Test Plan
 CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by 
passing  ...)
-   TODO: check
+   NOT-FOR-US: Tenable
 CVE-2022-4103
RESERVED
 CVE-2022-4102
@@ -2650,7 +2650,7 @@ CVE-2022-4022 (The SVG Support plugin for WordPress 
defaults to insecure setting
 CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable 
to Cross ...)
NOT-FOR-US: Permalink Manager Lite plugin for WordPress
 CVE-2022-4020 (Vulnerability in the HQSwSmiDxe DXE driver on some consumer 
Acer Noteb ...)
-   TODO: check
+   NOT-FOR-US: Acer
 CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks 
plugin a ...)
NOT-FOR-US: Mattermost plugin
 CVE-2022-4018 (Missing Authentication for Critical Function in GitHub 
repository ikus ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbe77256bd5f39d02930a300b1fc2e234f8fd83

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbe77256bd5f39d02930a300b1fc2e234f8fd83
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2022-12-02 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46276672 by security tracker role at 2022-12-02T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,105 @@
+CVE-2023-21623
+   RESERVED
+CVE-2023-21622
+   RESERVED
+CVE-2023-21621
+   RESERVED
+CVE-2023-21620
+   RESERVED
+CVE-2023-21619
+   RESERVED
+CVE-2023-21618
+   RESERVED
+CVE-2023-21617
+   RESERVED
+CVE-2023-21616
+   RESERVED
+CVE-2023-21615
+   RESERVED
+CVE-2023-21614
+   RESERVED
+CVE-2023-21613
+   RESERVED
+CVE-2023-21612
+   RESERVED
+CVE-2023-21611
+   RESERVED
+CVE-2023-21610
+   RESERVED
+CVE-2023-21609
+   RESERVED
+CVE-2023-21608
+   RESERVED
+CVE-2023-21607
+   RESERVED
+CVE-2023-21606
+   RESERVED
+CVE-2023-21605
+   RESERVED
+CVE-2023-21604
+   RESERVED
+CVE-2023-21603
+   RESERVED
+CVE-2023-21602
+   RESERVED
+CVE-2023-21601
+   RESERVED
+CVE-2023-21600
+   RESERVED
+CVE-2023-21599
+   RESERVED
+CVE-2023-21598
+   RESERVED
+CVE-2023-21597
+   RESERVED
+CVE-2023-21596
+   RESERVED
+CVE-2023-21595
+   RESERVED
+CVE-2023-21594
+   RESERVED
+CVE-2023-21593
+   RESERVED
+CVE-2023-21592
+   RESERVED
+CVE-2023-21591
+   RESERVED
+CVE-2023-21590
+   RESERVED
+CVE-2023-21589
+   RESERVED
+CVE-2023-21588
+   RESERVED
+CVE-2023-21587
+   RESERVED
+CVE-2023-21586
+   RESERVED
+CVE-2023-21585
+   RESERVED
+CVE-2023-21584
+   RESERVED
+CVE-2023-21583
+   RESERVED
+CVE-2023-21582
+   RESERVED
+CVE-2023-21581
+   RESERVED
+CVE-2023-21580
+   RESERVED
+CVE-2023-21579
+   RESERVED
+CVE-2023-21578
+   RESERVED
+CVE-2023-21577
+   RESERVED
+CVE-2023-21576
+   RESERVED
+CVE-2023-21575
+   RESERVED
+CVE-2023-21574
+   RESERVED
+CVE-2022-4262
+   RESERVED
 CVE-2023-21573
RESERVED
 CVE-2023-21572
@@ -2121,8 +2223,8 @@ CVE-2022-45564
RESERVED
 CVE-2022-45563
RESERVED
-CVE-2022-45562
-   RESERVED
+CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 
to v1.4.9 ...)
+   TODO: check
 CVE-2022-45561
RESERVED
 CVE-2022-45560
@@ -4275,12 +4377,12 @@ CVE-2022-44932
RESERVED
 CVE-2022-44931
RESERVED
-CVE-2022-44930
-   RESERVED
-CVE-2022-44929
-   RESERVED
-CVE-2022-44928
-   RESERVED
+CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command 
injection ...)
+   TODO: check
+CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows 
unauthent ...)
+   TODO: check
+CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command 
injecti ...)
+   TODO: check
 CVE-2022-44927
RESERVED
 CVE-2022-44926
@@ -7141,10 +7243,10 @@ CVE-2022-44214
RESERVED
 CVE-2022-44213
RESERVED
-CVE-2022-44212
-   RESERVED
-CVE-2022-44211
-   RESERVED
+CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote 
attacker to ac ...)
+   TODO: check
+CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a 
remote atta ...)
+   TODO: check
 CVE-2022-44210
RESERVED
 CVE-2022-44209
@@ -11195,8 +11297,8 @@ CVE-2022-43335
RESERVED
 CVE-2022-43334
RESERVED
-CVE-2022-4
-   RESERVED
+CVE-2022-4 (Telenia Software s.r.l TVox before v22.0.17 was discovered to 
contain  ...)
+   TODO: check
 CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 
allows  ...)
NOT-FOR-US: Wondercms
 CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
@@ -11211,8 +11313,8 @@ CVE-2022-43327
RESERVED
 CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in 
the passwo ...)
NOT-FOR-US: Telos Alliance Omnia MPX Node
-CVE-2022-43325
-   RESERVED
+CVE-2022-43325 (An unauthenticated command injection vulnerability in the 
product lice ...)
+   TODO: check
 CVE-2022-43324
RESERVED
 CVE-2022-43323 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site 
Request ...)
@@ -12968,8 +13070,8 @@ CVE-2022-42719 (A use-after-free in the mac80211 stack 
when parsing a multi-BSSI
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: 
https://lore.kernel.org/netdev/20221013100522.46346-1-johan...@sipsolutions.net/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
-CVE-2022-42718
-   RESERVED
+CVE-2022-42718 (Incorrect default permissions in the installation folder for 
NI LabVIE ...)
+   TODO: check
 CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The 
recommen ...)
NOT-FOR-US: Hashicorp Packer
 CVE-2022-42716
@@ -14037,8 +14139,8 @@ CVE-2022-42264
-

[Git][security-tracker-team/security-tracker][master] NFU

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3218-1 for libpgjava

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3217-1 for g810-led

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3216-1 for vlc

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3520/vim

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3591/vim

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-37769/libjpeg

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] nextcloud-desktop no-dsa

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-3715/bash

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable

[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46366 as NFU

[Git][security-tracker-team/security-tracker][master] Add additional references for node-d3-color issue

[Git][security-tracker-team/security-tracker][master] new d3-color issue

[Git][security-tracker-team/security-tracker][master] bullseye triage

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3215-1 for snapd

[Git][security-tracker-team/security-tracker][master] Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149

[Git][security-tracker-team/security-tracker][master] NFU

[Git][security-tracker-team/security-tracker][master] new rust-capnp issue

[Git][security-tracker-team/security-tracker][master] bullseye triage

[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Git][security-tracker-team/security-tracker][master] dla: drop libarchive

[Git][security-tracker-team/security-tracker][master] dla: drop vim

[Git][security-tracker-team/security-tracker][master] more mariadb spu updates

[Git][security-tracker-team/security-tracker][master] mariadb spu

[Git][security-tracker-team/security-tracker][master] NFUs

[Git][security-tracker-team/security-tracker][master] automatic update

29 matches

Site Navigation

Mail list logo

Footer information