[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2022-37035 in frr for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Aug 17 19:33:09 BST 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8295e383 by Chris Lamb at 2022-08-17T11:30:13-07:00
Triage CVE-2022-37035 in frr for buster LTS.
- - - - -
7cac5988 by Chris Lamb at 2022-08-17T11:30:51-07:00
Triage CVE-2022-34526 in tiff for buster LTS.
- - - - -
03f229fe by Chris Lamb at 2022-08-17T11:31:20-07:00
Triage CVE-2022-2347 in u-boot for buster LTS.
- - - - -
1e3e8201 by Chris Lamb at 2022-08-17T11:32:33-07:00
Triage CVE-2022-30698 & CVE-2022-30699 in unbound for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3451,6 +3451,7 @@ CVE-2022-37036
CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
- frr <unfixed> (bug #1016978)
[bullseye] - frr <no-dsa> (Minor issue)
+ [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/11698
CVE-2022-37034
RESERVED
@@ -7489,6 +7490,7 @@ CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU]
RESERVED
- u-boot <unfixed> (bug #1014959)
[bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
CVE-2022-35399
REJECTED
@@ -9745,6 +9747,7 @@ CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a comm
CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...)
- tiff 4.4.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
CVE-2022-34525
@@ -20114,11 +20117,13 @@ CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro
CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...)
- unbound 1.16.2-1 (bug #1016493)
[bullseye] - unbound <no-dsa> (Minor issue)
+ [buster] - unbound <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...)
- unbound 1.16.2-1 (bug #1016493)
[bullseye] - unbound <no-dsa> (Minor issue)
+ [buster] - unbound <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c05d1b7b85e5240667210fc7a3ca6903b0d4ece0...1e3e82011c03652a7212b83fc1c8c0b849c006a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c05d1b7b85e5240667210fc7a3ca6903b0d4ece0...1e3e82011c03652a7212b83fc1c8c0b849c006a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220817/d025b261/attachment.htm>
More information about the debian-security-tracker-commits
mailing list