[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 10 20:10:35 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e70af35 by security tracker role at 2022-12-10T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-46907
+	RESERVED
+CVE-2022-4399
+	RESERVED
+CVE-2022-4398
+	RESERVED
+CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has been c ...)
+	TODO: check
+CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib py ...)
+	TODO: check
 CVE-2022-46906
 	RESERVED
 CVE-2022-46905
@@ -5290,8 +5300,8 @@ CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Manageme
 	NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...)
 	NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
-CVE-2022-45145
-	RESERVED
+CVE-2022-45145 (egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS comman ...)
+	TODO: check
 CVE-2022-45144
 	RESERVED
 CVE-2022-3941 (A vulnerability has been found in Activity Log Plugin and classified a ...)
@@ -8257,7 +8267,7 @@ CVE-2022-3776 (The Restaurant Menu – Food Ordering System – Table Re
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3775
 	RESERVED
-	{DSA-5280-1 DLA-3190-1}
+	{DSA-5280-1 DLA-3190-2 DLA-3190-1}
 	- grub2 2.06-5
 	NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
 CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...)
@@ -16751,6 +16761,7 @@ CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulne
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
 	TODO: check details
 CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...)
+	{DLA-3234-1}
 	- hsqldb 2.7.1-1 (bug #1023573)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
 	NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
@@ -28909,7 +28920,7 @@ CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Passwo
 	NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340
 CVE-2022-2601
 	RESERVED
-	{DSA-5280-1 DLA-3190-1}
+	{DSA-5280-1 DLA-3190-2 DLA-3190-1}
 	- grub2 2.06-5
 	NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
 CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
@@ -74040,6 +74051,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
 	NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
 CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
+	{DSA-5299-1}
 	[experimental] - openexr 3.1.4-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[buster] - openexr <no-dsa> (Minor issue)
@@ -83540,6 +83552,7 @@ CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vul
 CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri  ...)
 	NOT-FOR-US: Apache Apisix
 CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
+	{DSA-5299-1}
 	[experimental] - openexr 3.1.3-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[stretch] - openexr <no-dsa> (Minor issue)
@@ -83727,6 +83740,7 @@ CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-
 CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
 	NOT-FOR-US: ohmyzsh
 CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file  ...)
+	{DSA-5299-1}
 	[experimental] - openexr 3.1.3-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[stretch] - openexr <not-affected> (Vulnerable code not present)
@@ -108196,7 +108210,7 @@ CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of
 CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...)
-	{DLA-2732-1}
+	{DSA-5299-1 DLA-2732-1}
 	- openexr 2.5.7-1 (bug #990899)
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
@@ -108275,7 +108289,7 @@ CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for E
 CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored  ...)
 	NOT-FOR-US: Basix NEX-Forms
 CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in  ...)
-	{DLA-2701-1}
+	{DSA-5299-1 DLA-2701-1}
 	- openexr 2.5.7-1 (bug #990450)
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
@@ -116470,7 +116484,7 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
 	NOTE: Only affects exrcheck, which isn't built into the binary packages
 CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
-	{DLA-2701-1}
+	{DSA-5299-1 DLA-2701-1}
 	- openexr 2.5.7-1 (bug #992703)
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
@@ -116479,7 +116493,7 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5)
 CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
-	{DLA-2701-1}
+	{DSA-5299-1 DLA-2701-1}
 	- openexr 2.5.7-1
 	[buster] - openexr <ignored> (Minor issue, might change ABI)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e70af35a3da5fcc0cca289fe49697764990bcef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e70af35a3da5fcc0cca289fe49697764990bcef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221210/7f2e52e4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list