[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 10 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6ae89fa by security tracker role at 2022-04-10T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository ...)
+ TODO: check
+CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...)
+ TODO: check
CVE-2022-28890
RESERVED
CVE-2021-4226
@@ -8,8 +12,8 @@ CVE-2022-1288 (A vulnerability, which was classified as problematic, has been fo
TODO: check
CVE-2022-1287 (A vulnerability classified as critical was found in School Club Applic ...)
TODO: check
-CVE-2022-1286
- RESERVED
+CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repositor ...)
+ TODO: check
CVE-2022-28888
RESERVED
CVE-2022-28887
@@ -482,8 +486,8 @@ CVE-2022-1278
RESERVED
CVE-2022-1277
RESERVED
-CVE-2022-1276
- RESERVED
+CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby pr ...)
+ TODO: check
CVE-2022-1275
RESERVED
CVE-2022-1274
@@ -563,6 +567,7 @@ CVE-2022-28661
RESERVED
CVE-2022-1271
RESERVED
+ {DLA-2977-1 DLA-2976-1}
- xz-utils 5.2.5-2.1 (bug #1009167)
- gzip 1.12-1 (bug #1009168)
NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
@@ -1462,7 +1467,7 @@ CVE-2022-28290
RESERVED
CVE-2022-28289
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1479,7 +1484,7 @@ CVE-2022-28287
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28287
CVE-2022-28286
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1488,7 +1493,7 @@ CVE-2022-28286
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286
CVE-2022-28285
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1505,7 +1510,7 @@ CVE-2022-28283
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28283
CVE-2022-28282
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1514,7 +1519,7 @@ CVE-2022-28282
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28282
CVE-2022-28281
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1533,11 +1538,12 @@ CVE-2022-1198
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
CVE-2022-1197
RESERVED
+ {DSA-5118-1}
- thunderbird 1:91.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1197
CVE-2022-1196
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
@@ -2198,6 +2204,7 @@ CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7
CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...)
NOT-FOR-US: AttacheCase
CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...)
+ {DLA-2975-1}
- openjpeg2 <unfixed>
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
@@ -2814,7 +2821,7 @@ CVE-2022-26064
RESERVED
CVE-2022-1097
RESERVED
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -6738,31 +6745,37 @@ CVE-2022-26363
CVE-2022-26362
RESERVED
CVE-2022-26361 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
CVE-2022-26360 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
CVE-2022-26359 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
CVE-2022-26358 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-399.html
CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dirty hyp ...)
+ {DSA-5117-1}
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -9520,6 +9533,7 @@ CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions).
NOT-FOR-US: Siemens
CVE-2022-25310
RESERVED
+ {DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi <no-dsa> (Minor issue)
[buster] - fribidi <no-dsa> (Minor issue)
@@ -9528,6 +9542,7 @@ CVE-2022-25310
NOTE: https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f
CVE-2022-25309
RESERVED
+ {DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi <no-dsa> (Minor issue)
[buster] - fribidi <no-dsa> (Minor issue)
@@ -9536,6 +9551,7 @@ CVE-2022-25309
NOTE: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
CVE-2022-25308
RESERVED
+ {DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi <no-dsa> (Minor issue)
[buster] - fribidi <no-dsa> (Minor issue)
@@ -11282,7 +11298,7 @@ CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, framewo
NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf
NOTE: https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293
CVE-2022-24713 (regex is an implementation of regular expressions for the Rust languag ...)
- {DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -17340,16 +17356,19 @@ CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[hi
[buster] - linux 4.19.235-1
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
+ {DSA-5117-1}
- xen 4.16.0+51-g0941d6cb-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-395.html
CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
+ {DSA-5117-1}
- xen 4.16.0+51-g0941d6cb-1
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-394.html
CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
+ {DSA-5117-1}
- xen 4.16.0+51-g0941d6cb-1
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
@@ -67638,6 +67657,7 @@ CVE-2021-29340
CVE-2021-29339
RESERVED
CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
+ {DLA-2975-1}
- openjpeg2 2.4.0-4 (bug #987276)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
@@ -102367,12 +102387,12 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 (v2.4.0)
NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...)
- {DSA-4882-1}
+ {DSA-4882-1 DLA-2975-1}
- openjpeg2 2.4.0-1 (bug #983663)
NOTE: https://github.com/uclouvain/openjpeg/issues/1297
NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0)
CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
- {DSA-4882-1}
+ {DSA-4882-1 DLA-2975-1}
- openjpeg2 2.4.0-1
NOTE: https://github.com/uclouvain/openjpeg/issues/1294
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/fbd30b064f8f9607d500437b6fedc41431fd6cdc (v2.4.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6ae89faee1675db92203675695fcf6025191906
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6ae89faee1675db92203675695fcf6025191906
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/560480bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list