[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e61f38f4 by security tracker role at 2021-12-30T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-22282
+	RESERVED
+CVE-2022-22281
+	RESERVED
+CVE-2022-22280
+	RESERVED
+CVE-2022-22279
+	RESERVED
+CVE-2022-22278
+	RESERVED
+CVE-2022-22277
+	RESERVED
+CVE-2022-22276
+	RESERVED
+CVE-2022-22275
+	RESERVED
+CVE-2022-22274
+	RESERVED
+CVE-2022-22273
+	RESERVED
+CVE-2022-22272
+	RESERVED
+CVE-2022-22271
+	RESERVED
+CVE-2022-22270
+	RESERVED
+CVE-2022-22269
+	RESERVED
+CVE-2022-22268
+	RESERVED
+CVE-2022-22267
+	RESERVED
+CVE-2022-22266
+	RESERVED
+CVE-2022-22265
+	RESERVED
+CVE-2022-22264
+	RESERVED
+CVE-2022-22263
+	RESERVED
+CVE-2021-45919
+	RESERVED
+CVE-2021-4190
+	RESERVED
 CVE-2021-4189
 	RESERVED
 CVE-2022-22262
@@ -146,8 +190,8 @@ CVE-2021-45915
 	RESERVED
 CVE-2021-45914
 	RESERVED
-CVE-2021-4188
-	RESERVED
+CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
+	TODO: check
 CVE-2021-45913
 	RESERVED
 CVE-2021-45912
@@ -3661,6 +3705,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
 CVE-2021-4103
 	RESERVED
 CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
+	{DLA-2870-1}
 	- apache-log4j2 2.17.1-1 (bug #1002813)
 	[bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
 	[buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
@@ -5622,7 +5667,7 @@ CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user
 CVE-2021-44158
 	RESERVED
 CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
-	{DSA-5027-1}
+	{DSA-5027-1 DLA-2869-1}
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -5635,13 +5680,13 @@ CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
 CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
-	{DSA-5027-1}
+	{DSA-5027-1 DLA-2869-1}
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
 CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
-	{DSA-5027-1}
+	{DSA-5027-1 DLA-2869-1}
 	- xorg-server 2:1.20.13-3
 	- xwayland 2:21.1.4-1
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -6561,8 +6606,8 @@ CVE-2021-43878
 	RESERVED
 CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: .NET core
-CVE-2021-43876
-	RESERVED
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...)
+	TODO: check
 CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-43874
@@ -182463,7 +182508,7 @@ CVE-2019-9211 (There is a reachable assertion abort in the function write_long_s
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer  ...)
-	{DLA-1702-1}
+	{DLA-2868-1 DLA-1702-1}
 	- advancecomp 2.1-2 (low; bug #923416)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/277/
 	NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
@@ -184870,6 +184915,7 @@ CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9
 CVE-2019-8384
 	RESERVED
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory  ...)
+	{DLA-2868-1}
 	- advancecomp 2.1-2.1 (bug #928730)
 	[jessie] - advancecomp <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/272/
@@ -184883,6 +184929,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc
 CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
 	NOT-FOR-US: Bento4
 CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
+	{DLA-2868-1}
 	- advancecomp 2.1-2.1 (bug #928729)
 	[jessie] - advancecomp <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/271/
@@ -259468,7 +259515,7 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from
 	NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
 	NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
 CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
-	{DLA-1702-1 DLA-1281-1}
+	{DLA-2868-1 DLA-1702-1 DLA-1281-1}
 	- advancecomp 2.1-1 (bug #889270)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/259/
 	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61f38f4608941e624d74aa1aa46886510cbb33e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e61f38f4608941e624d74aa1aa46886510cbb33e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211230/7559529c/attachment.htm>