[Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 3 09:10:27 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8dc4c5b by security tracker role at 2022-04-03T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-28377
+	RESERVED
+CVE-2022-28376 (Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (kn ...)
+	TODO: check
+CVE-2022-28375
+	RESERVED
+CVE-2022-28374
+	RESERVED
+CVE-2022-28373
+	RESERVED
+CVE-2022-28372
+	RESERVED
+CVE-2022-28371
+	RESERVED
+CVE-2022-28370
+	RESERVED
+CVE-2022-28369
+	RESERVED
+CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...)
+	TODO: check
+CVE-2022-28367
+	RESERVED
+CVE-2022-28366
+	RESERVED
+CVE-2022-28365
+	RESERVED
+CVE-2022-28364
+	RESERVED
+CVE-2022-28363
+	RESERVED
+CVE-2022-28362
+	RESERVED
+CVE-2022-28361
+	RESERVED
+CVE-2022-28360
+	RESERVED
+CVE-2022-28359
+	RESERVED
+CVE-2022-28358
+	RESERVED
+CVE-2022-28357
+	RESERVED
+CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...)
+	TODO: check
+CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable values. ...)
+	TODO: check
+CVE-2022-28354
+	RESERVED
+CVE-2022-28353
+	RESERVED
+CVE-2022-1210
+	RESERVED
 CVE-2021-46782
 	RESERVED
 CVE-2021-46781
@@ -1553,7 +1605,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo
 	NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
 	NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
 CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...)
-	{DSA-5111-1}
+	{DSA-5111-1 DLA-2968-1}
 	- zlib 1:1.2.11.dfsg-4 (bug #1008265)
 	- libz-mingw-w64 1.2.11+dfsg-5
 	[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
@@ -2721,8 +2773,8 @@ CVE-2022-27308
 	RESERVED
 CVE-2022-27307
 	RESERVED
-CVE-2022-27306 (The function url.parse() in Node.js v17.7.0 allows attackers to spoof  ...)
-	TODO: check
+CVE-2022-27306
+	REJECTED
 CVE-2022-27305
 	RESERVED
 CVE-2022-27304
@@ -99734,6 +99786,7 @@ CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The min
 	NOTE: Follow-up: https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2 (v3002.6)
 	NOTE: Follow-up doc: https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54 (next commit)
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
+	{DLA-2969-1}
 	- asterisk 1:16.15.0~dfsg-1 (bug #974713)
 	[buster] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29013
@@ -169450,6 +169503,7 @@ CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middlewa
 CVE-2019-18977
 	RESERVED
 CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...)
+	{DLA-2969-1}
 	- asterisk 1:16.1.1~dfsg-1
 	[jessie] - asterisk <not-affected> (Vulnerable code not present)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-008.html
@@ -169979,7 +170033,7 @@ CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to byp
 CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...)
 	NOT-FOR-US: Lexmark
 CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
-	{DLA-2017-1}
+	{DLA-2969-1 DLA-2017-1}
 	- asterisk 1:16.10.0~dfsg-1 (bug #947381)
 	[buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
@@ -172602,7 +172656,7 @@ CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.3
 CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34 for Me ...)
 	NOT-FOR-US: CheckUser MediaWiki extension
 CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
-	{DLA-2017-1}
+	{DLA-2969-1 DLA-2017-1}
 	- asterisk 1:16.10.0~dfsg-1 (bug #947377)
 	[buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
@@ -191084,6 +191138,7 @@ CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This
 CVE-2019-13162
 	RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x  ...)
+	{DLA-2969-1}
 	- asterisk 1:16.2.1~dfsg-2 (low; bug #931981)
 	[buster] - asterisk 1:16.2.1~dfsg-1+deb10u1
 	[jessie] - asterisk <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8dc4c5bef2ed7288502eec9fb55c35e1a40a2e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8dc4c5bef2ed7288502eec9fb55c35e1a40a2e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220403/776c5cf6/attachment.htm>
