[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Aug 10 21:21:25 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88eeaa02 by Moritz Muehlenhoff at 2022-08-10T22:20:49+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1711,7 +1711,7 @@ CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog c
CVE-2022-37395
RESERVED
CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
- - nova <unfixed>
+ - nova <unfixed> (bug #1016980)
NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
NOTE: https://review.opendev.org/c/openstack/nova/+/849985
NOTE: https://review.opendev.org/c/openstack/nova/+/850003
@@ -2591,7 +2591,7 @@ CVE-2022-2590
NOTE: https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2bed92@redhat.com/
NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1
CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
- - fava <unfixed>
+ - fava <unfixed> (bug #1016971)
NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/
NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3)
CVE-2022-37037
@@ -2599,7 +2599,7 @@ CVE-2022-37037
CVE-2022-37036
RESERVED
CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
- - frr <unfixed>
+ - frr <unfixed> (bug #1016978)
NOTE: https://github.com/FRRouting/frr/issues/11698
CVE-2022-37034
RESERVED
@@ -4058,7 +4058,7 @@ CVE-2022-34859
CVE-2022-33963
RESERVED
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
- - fava <unfixed>
+ - fava <unfixed> (bug #1016971)
NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2)
CVE-2022-36381
@@ -4195,7 +4195,7 @@ CVE-2022-33142
CVE-2022-2515
RESERVED
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
- - fava <unfixed>
+ - fava <unfixed> (bug #1016971)
NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22)
CVE-2022-2513
@@ -7639,9 +7639,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL
CVE-2022-34944
RESERVED
CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...)
- - php-laravel-framework <undetermined>
+ - php-laravel-framework <unfixed> (bug #1016977)
NOTE: https://github.com/beicheng-maker/vulns/issues/1
- TODO: check, unclear if upstream reported
CVE-2022-34942
RESERVED
CVE-2022-34941
@@ -8869,7 +8868,7 @@ CVE-2022-34522
CVE-2022-34521
RESERVED
CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...)
- - radare2 <unfixed>
+ - radare2 <unfixed> (bug #1016979)
NOTE: https://github.com/radareorg/radare2/issues/20354
NOTE: https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5 (5.7.4)
CVE-2022-34519
@@ -8910,7 +8909,7 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
NOTE: Negligible security impact
CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...)
- - radare2 <unfixed>
+ - radare2 <unfixed> (bug #1016979)
NOTE: https://github.com/radareorg/radare2/issues/20336
NOTE: https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4 (5.7.2)
CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...)
@@ -9552,7 +9551,7 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
CVE-2022-34294
RESERVED
CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1016981)
NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
CVE-2022-34292
RESERVED
@@ -14455,12 +14454,12 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
NOT-FOR-US: Zimbra
CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
- - connman <unfixed>
+ - connman <unfixed> (bug #1016976)
NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190
CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...)
- - connman <unfixed>
+ - connman <unfixed> (bug #1016976)
NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189
CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...)
@@ -16502,7 +16501,7 @@ CVE-2022-31629
CVE-2022-31628
RESERVED
CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...)
- - php8.1 <unfixed>
+ - php8.1 <unfixed> (bug #1016972)
- php7.4 <not-affected> (Only affects 8.1 and later)
- php7.3 <not-affected> (Only affects 8.1 and later)
NOTE: Fixed in 8.1.8
@@ -18296,17 +18295,17 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t
CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- - sofia-sip <unfixed>
+ - sofia-sip <unfixed> (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- - sofia-sip <unfixed>
+ - sofia-sip <unfixed> (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
- - sofia-sip <unfixed>
+ - sofia-sip <unfixed> (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8)
@@ -31405,7 +31404,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-sit
CVE-2022-26563
RESERVED
CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 ...)
- - kopanocore <unfixed>
+ - kopanocore <unfixed> (bug #1016973)
CVE-2022-26561
RESERVED
CVE-2022-26560
@@ -41312,7 +41311,7 @@ CVE-2022-23439
CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
- - libxerces2-java <unfixed>
+ - libxerces2-java <unfixed> (bug #1016975)
[bullseye] - libxerces2-java <postponed> (revisit when/if fix is complete)
[buster] - libxerces2-java <postponed> (revisit when/if fix is complete)
[stretch] - libxerces2-java <postponed> (revisit when/if fix is complete)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220810/71f53121/attachment.htm>
More information about the debian-security-tracker-commits
mailing list