[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 12 08:10:28 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efaf8ea4 by security tracker role at 2022-12-12T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-46908 (SQLite through 3.40.0, when relying on --safe for execution of an untr ...)
+	TODO: check
+CVE-2022-4416
+	RESERVED
+CVE-2022-4415
+	RESERVED
+CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
+	TODO: check
+CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...)
+	TODO: check
 CVE-2022-4412
 	RESERVED
 CVE-2022-4411
@@ -3393,16 +3403,16 @@ CVE-2022-45762
 	RESERVED
 CVE-2022-45761
 	RESERVED
-CVE-2022-45760
-	RESERVED
-CVE-2022-45759
-	RESERVED
-CVE-2022-45758
-	RESERVED
+CVE-2022-45760 (SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. ...)
+	TODO: check
+CVE-2022-45759 (SENS v1.0 has a file upload vulnerability. ...)
+	TODO: check
+CVE-2022-45758 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzh ...)
+	TODO: check
 CVE-2022-45757
 	RESERVED
-CVE-2022-45756
-	RESERVED
+CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...)
+	TODO: check
 CVE-2022-45755
 	RESERVED
 CVE-2022-45754
@@ -5022,10 +5032,10 @@ CVE-2022-45230
 	RESERVED
 CVE-2022-45229
 	RESERVED
-CVE-2022-45228
-	RESERVED
-CVE-2022-45227
-	RESERVED
+CVE-2022-45228 (Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross- ...)
+	TODO: check
+CVE-2022-45227 (The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the director ...)
+	TODO: check
 CVE-2022-45226
 	RESERVED
 CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
@@ -7664,8 +7674,8 @@ CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 (pixman-0.42.2)
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2345
-CVE-2022-44637
-	RESERVED
+CVE-2022-44637 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...)
+	TODO: check
 CVE-2022-44636
 	RESERVED
 CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...)
@@ -9186,8 +9196,8 @@ CVE-2022-44032 (An issue was discovered in the Linux kernel through 6.0.6. drive
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/
 	NOTE: https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/
-CVE-2022-44031
-	RESERVED
+CVE-2022-44031 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...)
+	TODO: check
 CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments of any ...)
 	- redmine <unfixed>
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -44669,8 +44679,8 @@ CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects - ver
 	NOT-FOR-US: SAP
 CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAP ...)
 	NOT-FOR-US: SAP
-CVE-2022-31596
-	RESERVED
+CVE-2022-31596 (Under certain conditions, an attacker authenticated as a CMS administr ...)
+	TODO: check
 CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not perform ne ...)
 	NOT-FOR-US: SAP
 CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...)
@@ -61446,10 +61456,10 @@ CVE-2022-0744
 	RESERVED
 CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...)
 	NOT-FOR-US: Laravel Fortify
-CVE-2022-25837
-	RESERVED
-CVE-2022-25836
-	RESERVED
+CVE-2022-25837 (Bluetooth® Pairing in Bluetooth Core Specification v1.0B through  ...)
+	TODO: check
+CVE-2022-25836 (Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4. ...)
+	TODO: check
 CVE-2022-25835
 	RESERVED
 CVE-2022-25834
@@ -74108,7 +74118,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
 	NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
 CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
-	{DSA-5299-1}
+	{DSA-5299-1 DLA-3236-1}
 	[experimental] - openexr 3.1.4-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[stretch] - openexr <no-dsa> (Minor issue)
@@ -83608,7 +83618,7 @@ CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vul
 CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri  ...)
 	NOT-FOR-US: Apache Apisix
 CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
-	{DSA-5299-1}
+	{DSA-5299-1 DLA-3236-1}
 	[experimental] - openexr 3.1.3-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[stretch] - openexr <no-dsa> (Minor issue)
@@ -83796,7 +83806,7 @@ CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-
 CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
 	NOT-FOR-US: ohmyzsh
 CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file  ...)
-	{DSA-5299-1}
+	{DSA-5299-1 DLA-3236-1}
 	[experimental] - openexr 3.1.3-1
 	- openexr 3.1.5-2 (bug #1014828)
 	[stretch] - openexr <not-affected> (Vulnerable code not present)
@@ -108269,7 +108279,7 @@ CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of
 CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...)
-	{DSA-5299-1 DLA-2732-1}
+	{DSA-5299-1 DLA-3236-1 DLA-2732-1}
 	- openexr 2.5.7-1 (bug #990899)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master)
@@ -108347,7 +108357,7 @@ CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for E
 CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored  ...)
 	NOT-FOR-US: Basix NEX-Forms
 CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in  ...)
-	{DSA-5299-1 DLA-2701-1}
+	{DSA-5299-1 DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.7-1 (bug #990450)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
@@ -116541,7 +116551,7 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
 	NOTE: Only affects exrcheck, which isn't built into the binary packages
 CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
-	{DSA-5299-1 DLA-2701-1}
+	{DSA-5299-1 DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.7-1 (bug #992703)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
@@ -116549,7 +116559,7 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5)
 CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
-	{DSA-5299-1 DLA-2701-1}
+	{DSA-5299-1 DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.7-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
@@ -121630,13 +121640,13 @@ CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL p
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
 	NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
 CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
 CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
@@ -121644,7 +121654,7 @@ CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in
 	NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5)
 CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
@@ -122241,17 +122251,17 @@ CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNa
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
 	NOTE: https://issues.apache.org/jira/browse/IO-556
 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker  ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
@@ -146006,30 +146016,31 @@ CVE-2021-20304 (A flaw was found in OpenEXR's hufDecode functionality. This flaw
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849
 	NOTE: Negligible security impact
 CVE-2021-20303 (A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...)
-	{DLA-2732-1}
+	{DLA-3236-1 DLA-2732-1}
 	- openexr 2.5.4-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831
 CVE-2021-20302 (A flaw was found in OpenEXR's TiledInputFile functionality. This flaw  ...)
-	{DLA-2732-1}
+	{DLA-3236-1 DLA-2732-1}
 	- openexr 2.5.4-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842
 CVE-2021-20301
 	REJECTED
 CVE-2021-20300 (A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/I ...)
-	{DLA-2732-1}
+	{DLA-3236-1 DLA-2732-1}
 	- openexr 2.5.4-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x)
 CVE-2021-20299 (A flaw was found in OpenEXR's Multipart input file functionality. A cr ...)
-	{DLA-2732-1}
+	{DLA-3236-1 DLA-2732-1}
 	- openexr 2.5.4-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f
 CVE-2021-20298 (A flaw was found in OpenEXR's B44Compressor. This flaw allows an attac ...)
+	{DLA-3236-1}
 	- openexr 2.5.4-1
 	[stretch] - openexr <postponed> (Minor issue, OOM, revisit when there's a full fix upstream)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913
@@ -146043,7 +146054,7 @@ CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Se
 	NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
 CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.4-1 (bug #986796)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
@@ -183125,17 +183136,17 @@ CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4
 	NOTE: binutils not covered by security support
 CVE-2020-16589 (A head-based buffer overflow exists in Academy Software Foundation Ope ...)
-	{DLA-2491-1}
+	{DLA-3236-1 DLA-2491-1}
 	- openexr 2.5.3-2
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/494
 CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Foundation O ...)
-	{DLA-2491-1}
+	{DLA-3236-1 DLA-2491-1}
 	- openexr 2.5.3-2
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493
 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software  ...)
-	{DLA-2701-1}
+	{DLA-3236-1 DLA-2701-1}
 	- openexr 2.5.3-2
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efaf8ea4250bff9567ff401cd59e62a96c55059b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efaf8ea4250bff9567ff401cd59e62a96c55059b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221212/a646aa54/attachment.htm>

More information about the debian-security-tracker-commits mailing list