[Git][security-tracker-team/security-tracker][master] bugnums

Wed Aug 10 21:21:25 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88eeaa02 by Moritz Muehlenhoff at 2022-08-10T22:20:49+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1711,7 +1711,7 @@ CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog c
 CVE-2022-37395
 	RESERVED
 CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
-	- nova <unfixed>
+	- nova <unfixed> (bug #1016980)
 	NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
 	NOTE: https://review.opendev.org/c/openstack/nova/+/849985
 	NOTE: https://review.opendev.org/c/openstack/nova/+/850003
@@ -2591,7 +2591,7 @@ CVE-2022-2590
 	NOTE: https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2bed92@redhat.com/
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1
 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
-	- fava <unfixed>
+	- fava <unfixed> (bug #1016971)
 	NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/
 	NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3)
 CVE-2022-37037
@@ -2599,7 +2599,7 @@ CVE-2022-37037
 CVE-2022-37036
 	RESERVED
 CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
-	- frr <unfixed>
+	- frr <unfixed> (bug #1016978)
 	NOTE: https://github.com/FRRouting/frr/issues/11698
 CVE-2022-37034
 	RESERVED
@@ -4058,7 +4058,7 @@ CVE-2022-34859
 CVE-2022-33963
 	RESERVED
 CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
-	- fava <unfixed>
+	- fava <unfixed> (bug #1016971)
 	NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
 	NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2)
 CVE-2022-36381
@@ -4195,7 +4195,7 @@ CVE-2022-33142
 CVE-2022-2515
 	RESERVED
 CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
-	- fava <unfixed>
+	- fava <unfixed> (bug #1016971)
 	NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
 	NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22)
 CVE-2022-2513
@@ -7639,9 +7639,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL
 CVE-2022-34944
 	RESERVED
 CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...)
-	- php-laravel-framework <undetermined>
+	- php-laravel-framework <unfixed> (bug #1016977)
 	NOTE: https://github.com/beicheng-maker/vulns/issues/1
-	TODO: check, unclear if upstream reported
 CVE-2022-34942
 	RESERVED
 CVE-2022-34941
@@ -8869,7 +8868,7 @@ CVE-2022-34522
 CVE-2022-34521
 	RESERVED
 CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1016979)
 	NOTE: https://github.com/radareorg/radare2/issues/20354
 	NOTE: https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5 (5.7.4)
 CVE-2022-34519
@@ -8910,7 +8909,7 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
 	NOTE: Negligible security impact
 CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1016979)
 	NOTE: https://github.com/radareorg/radare2/issues/20336
 	NOTE: https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4 (5.7.2)
 CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...)
@@ -9552,7 +9551,7 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
 CVE-2022-34294
 	RESERVED
 CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...)
-	- wolfssl <unfixed>
+	- wolfssl <unfixed> (bug #1016981)
 	NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
 CVE-2022-34292
 	RESERVED
@@ -14455,12 +14454,12 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
 	NOT-FOR-US: Zimbra
 CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
-	- connman <unfixed>
+	- connman <unfixed> (bug #1016976)
 	NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
 	NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190
 CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...)
-	- connman <unfixed>
+	- connman <unfixed> (bug #1016976)
 	NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189
 CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...)
@@ -16502,7 +16501,7 @@ CVE-2022-31629
 CVE-2022-31628
 	RESERVED
 CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...)
-	- php8.1 <unfixed>
+	- php8.1 <unfixed> (bug #1016972)
 	- php7.4 <not-affected> (Only affects 8.1 and later)
 	- php7.3 <not-affected> (Only affects 8.1 and later)
 	NOTE: Fixed in 8.1.8
@@ -18296,17 +18295,17 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t
 CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the  ...)
 	NOT-FOR-US: CVEProject/cve-services
 CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
-	- sofia-sip <unfixed>
+	- sofia-sip <unfixed> (bug #1016974)
 	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
 CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
-	- sofia-sip <unfixed>
+	- sofia-sip <unfixed> (bug #1016974)
 	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
 CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
-	- sofia-sip <unfixed>
+	- sofia-sip <unfixed> (bug #1016974)
 	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8)
@@ -31405,7 +31404,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-sit
 CVE-2022-26563
 	RESERVED
 CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 ...)
-	- kopanocore <unfixed>
+	- kopanocore <unfixed> (bug #1016973)
 CVE-2022-26561
 	RESERVED
 CVE-2022-26560
@@ -41312,7 +41311,7 @@ CVE-2022-23439
 CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
-	- libxerces2-java <unfixed>
+	- libxerces2-java <unfixed> (bug #1016975)
 	[bullseye] - libxerces2-java <postponed> (revisit when/if fix is complete)
 	[buster] - libxerces2-java <postponed> (revisit when/if fix is complete)
 	[stretch] - libxerces2-java <postponed> (revisit when/if fix is complete)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88eeaa02b451e42bef4227867fb435a9a686e68f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220810/71f53121/attachment.htm>
