[Git][security-tracker-team/security-tracker][master] 3 commits: Merge linux changes for bullseye 11.6
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 17 09:32:04 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21fa6c83 by Salvatore Bonaccorso at 2022-12-16T22:22:33+01:00
Merge linux changes for bullseye 11.6
- - - - -
15541984 by Salvatore Bonaccorso at 2022-12-16T22:23:29+01:00
Merge changes for updates via bullseye 11.6
- - - - -
2cb02f69 by Salvatore Bonaccorso at 2022-12-17T09:31:50+00:00
Merge branch 'bullseye-11.6' into 'master'
Merge changes accepted for bullseye 11.6 release
See merge request security-tracker-team/security-tracker!120
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2221,6 +2221,7 @@ CVE-2022-4376
CVE-2022-4378
RESERVED
- linux 6.0.12-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1
NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73
NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c
@@ -3431,7 +3432,7 @@ CVE-2022-46392 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before
CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...)
{DLA-3225-1}
- awstats 7.8-3 (bug #1025410)
- [bullseye] - awstats <no-dsa> (Minor issue)
+ [bullseye] - awstats 7.8-2+deb11u1
NOTE: https://github.com/eldy/AWStats/pull/226
NOTE: Fixed by: https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965
CVE-2022-46390
@@ -3985,7 +3986,7 @@ CVE-2021-46856
CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...)
{DLA-3217-1}
- g810-led 0.4.2-3 (bug #1024998)
- [bullseye] - g810-led <no-dsa> (Minor issue)
+ [bullseye] - g810-led 0.4.2-1+deb11u1
NOTE: https://github.com/MatMoul/g810-led/pull/297
NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3)
CVE-2022-46309
@@ -5031,6 +5032,7 @@ CVE-2022-4140
CVE-2022-4139
RESERVED
- linux 6.0.10-2
+ [bullseye] - linux 5.10.158-1
[buster] - linux <not-affected> (Vulnerable code not present, only affects gen12 video and compute engines)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1
NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550
@@ -13957,7 +13959,7 @@ CVE-2021-46849
REJECTED
CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
- libtasn1-6 4.19.0-2
- [bullseye] - libtasn1-6 <no-dsa> (Minor issue)
+ [bullseye] - libtasn1-6 4.16.0-2+deb11u1
[buster] - libtasn1-6 <no-dsa> (Minor issue)
NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0)
NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/32
@@ -14490,6 +14492,7 @@ CVE-2022-36401
RESERVED
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
- linux 6.0.8-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533
CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- gitlab <unfixed>
@@ -14534,6 +14537,7 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a
CVE-2022-3628
RESERVED
- linux 6.0.8-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
- tiff 4.4.0-5 (bug #1022555)
@@ -14723,6 +14727,7 @@ CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as p
NOTE: https://git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca
CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
CVE-2022-3593
REJECTED
@@ -15694,9 +15699,11 @@ CVE-2022-3566 (A vulnerability, which was classified as problematic, was found i
NOTE: https://git.kernel.org/linus/f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 (6.1-rc1)
CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/2568a7e0832ee30b0a351016d03062ab4e0e0a3f (6.1-rc1)
CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...)
- linux 6.0.8-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966
CVE-2022-3563 (A vulnerability classified as problematic has been found in Linux Kern ...)
- bluez 5.65-1
@@ -15765,6 +15772,7 @@ CVE-2022-3543 (A vulnerability, which was classified as problematic, has been fo
NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1)
CVE-2022-3542 (A vulnerability classified as problematic was found in Linux Kernel. T ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/b43f9acbb8942b05252be83ac25a81cec70cc192 (6.1-rc1)
CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Kernel. ...)
- linux 6.0.3-1
@@ -15817,6 +15825,7 @@ CVE-2022-42970
RESERVED
CVE-2022-3535 (A vulnerability classified as problematic was found in Linux Kernel. A ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0152dfee235e87660f52a117fc9f70dc55956bb4 (6.1-rc1)
CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...)
- libbpf <unfixed> (bug #1023717)
@@ -15853,6 +15862,7 @@ CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/l
NOT-FOR-US: LibreNMS
CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- linux 6.0.7-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
CVE-2022-3523 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
- linux <unfixed>
@@ -15864,6 +15874,7 @@ CVE-2022-3522 (A vulnerability was found in Linux Kernel and classified as probl
NOTE: https://git.kernel.org/linus/f9bf6c03eca1077cae8de0e6d86427656fa42a9b
CVE-2022-3521 (A vulnerability has been found in Linux Kernel and classified as probl ...)
- linux 6.0.10-1 (unimportant)
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
NOTE: In Debian CONFIG_AF_KCM is not set
CVE-2022-42969 (The py library through 1.11.0 for Python allows remote attackers to co ...)
@@ -16031,7 +16042,7 @@ CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally onl
TODO: check with the assigning CNAs which one to retain if confirmed to be handled as duplicate and move CVE-2022-34169 to Apache Xalan Java XSLT use of BCEL only.
CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...)
- node-minimatch 3.0.5+~3.0.5-1
- [bullseye] - node-minimatch <no-dsa> (Minor issue)
+ [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
[buster] - node-minimatch <no-dsa> (Minor issue)
NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5)
@@ -16218,16 +16229,18 @@ CVE-2022-3478
- gitlab <unfixed>
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
- powerline-gitstatus 1.3.2-1
- [bullseye] - powerline-gitstatus <no-dsa> (Minor issue)
+ [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1
[buster] - powerline-gitstatus <ignored> (Minor issue and solution require the user to reconfigure)
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...)
- linux 6.0.7-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4
NOTE: https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...)
- linux 6.0.7-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
NOTE: https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
@@ -16801,6 +16814,7 @@ CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Cle
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...)
- linux 6.0.12-1
+ [bullseye] - linux 5.10.158-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern@kernel.org/T/#u
CVE-2022-42697
@@ -17794,146 +17808,146 @@ CVE-2022-42265
CVE-2022-42264
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42263
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42262
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42261
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42260
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42259
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42258
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42257
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42256
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42255
RESERVED
@@ -17951,17 +17965,17 @@ CVE-2022-42255
CVE-2022-42254
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-42253
RESERVED
@@ -19016,9 +19030,11 @@ CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdif
- rdiffweb <itp> (bug #969974)
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has ...)
- linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
CVE-2022-41848 (drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 ...)
- linux <unfixed>
@@ -22739,7 +22755,7 @@ CVE-2022-3173 (Improper Authentication in GitHub repository snipe/snipe-it prior
- snipe-it <itp> (bug #1005172)
CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffe ...)
- libconfuse 3.3-3 (bug #1019596)
- [bullseye] - libconfuse <no-dsa> (Minor issue)
+ [bullseye] - libconfuse 3.3-2+deb11u1
NOTE: https://github.com/libconfuse/libconfuse/issues/163
NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
CVE-2022-40319
@@ -22939,6 +22955,7 @@ CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software pr
NOT-FOR-US: CERT software
CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...)
- linux 6.0.10-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214771
CVE-2022-3168
@@ -25011,7 +25028,7 @@ CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum
NOT-FOR-US: Rust crate evm
CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
- node-xmldom 0.8.6-1 (bug #1024736)
- [bullseye] - node-xmldom <no-dsa> (Minor issue)
+ [bullseye] - node-xmldom 0.5.0-1+deb11u2
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
NOTE: https://github.com/jindw/xmldom/issues/150
CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine inspired ...)
@@ -26383,21 +26400,24 @@ CVE-2022-38867
RESERVED
CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2401
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- mplayer <unfixed> (bug #1021013)
- [bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2406
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391)
CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2405
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393)
NOTE: Crash in CLI tool, no security impact
@@ -26407,11 +26427,12 @@ CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Ov
NOTE: https://trac.mplayerhq.hu/ticket/2404
CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...)
- mplayer <unfixed> (bug #1021013)
- [bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2407
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2402
NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47 (r38389)
@@ -26420,6 +26441,7 @@ CVE-2022-38859
RESERVED
CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2396
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385)
NOTE: Crash in CLI tool, no security impact
@@ -26431,6 +26453,7 @@ CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Ov
NOTE: Crash in CLI tool, no security impact
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2392
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384)
NOTE: Crash in CLI tool, no security impact
@@ -26446,11 +26469,13 @@ CVE-2022-38852
RESERVED
CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2393
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...)
- mplayer <unfixed> (unimportant)
+ [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2399
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b (r38390)
NOTE: Crash in CLI tool, no security impact
@@ -26640,7 +26665,7 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28719
NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
@@ -27483,7 +27508,7 @@ CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain
NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d
CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...)
- tinyexr 1.0.1+dfsg-4
- [bullseye] - tinyexr <no-dsa> (Minor issue; can be fixed via point release)
+ [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1
NOTE: https://github.com/syoyo/tinyexr/issues/169
NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...)
@@ -28435,7 +28460,7 @@ CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovere
CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows attackers to ...)
{DLA-3233-1}
- leptonlib 1.82.0-1
- [bullseye] - leptonlib <no-dsa> (Minor issue)
+ [bullseye] - leptonlib 1.79.0-1.1+deb11u1
NOTE: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 (1.81.0)
NOTE: https://github.com/tesseract-ocr/tesseract/issues/3498
CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to contain a S ...)
@@ -30043,7 +30068,7 @@ CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in re
CVE-2022-37616 (** DISPUTED ** A prototype pollution vulnerability exists in the funct ...)
{DLA-3154-1}
- node-xmldom 0.8.3-1 (bug #1021618)
- [bullseye] - node-xmldom <no-dsa> (Minor issue)
+ [bullseye] - node-xmldom 0.5.0-1+deb11u1
NOTE: https://github.com/xmldom/xmldom/issues/436
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd (0.9.0-beta.2)
@@ -30074,7 +30099,7 @@ CVE-2022-37604
RESERVED
CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
- node-loader-utils 2.0.4-1
- [bullseye] - node-loader-utils <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - node-loader-utils 2.0.0-1+deb11u1
NOTE: https://github.com/webpack/loader-utils/issues/213
NOTE: https://github.com/webpack/loader-utils/pull/225
NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4)
@@ -30082,14 +30107,14 @@ CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.
NOT-FOR-US: karma-runner grunt-karma
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
- node-loader-utils 2.0.3-1
- [bullseye] - node-loader-utils <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - node-loader-utils 2.0.0-1+deb11u1
NOTE: https://github.com/webpack/loader-utils/issues/212
NOTE: https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c (v2.0.3)
CVE-2022-37600
RESERVED
CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
- node-loader-utils 2.0.4-1
- [bullseye] - node-loader-utils <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - node-loader-utils 2.0.0-1+deb11u1
NOTE: https://github.com/webpack/loader-utils/issues/211
NOTE: https://github.com/webpack/loader-utils/pull/225
NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4)
@@ -31316,7 +31341,7 @@ CVE-2022-37187
CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
RESERVED
- lemonldap-ng 2.0.15+ds-1
- [bullseye] - lemonldap-ng <no-dsa> (Minor issue; user activity tracking by handles disabled by default)
+ [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
[buster] - lemonldap-ng <no-dsa> (Minor issue; user activity tracking by handles disabled by default)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15)
@@ -37657,7 +37682,7 @@ CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in ke
CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...)
{DLA-3111-1}
- mod-wsgi 4.9.0-1.1 (bug #1016476)
- [bullseye] - mod-wsgi <no-dsa> (Minor issue)
+ [bullseye] - mod-wsgi 4.7.1-3+deb11u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3)
NOTE: WSGITrustedProxies and vulnerable code introduced in https://github.com/GrahamDumpleton/mod_wsgi/commit/543fc33c23b4cb5e623d574b7efbf85c8dedb396 (4.4.10)
@@ -38060,110 +38085,110 @@ CVE-2022-34683
CVE-2022-34682
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34681
RESERVED
CVE-2022-34680
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34679
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34678
RESERVED
CVE-2022-34677
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34676
RESERVED
CVE-2022-34675
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34674
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34673
RESERVED
@@ -38174,20 +38199,20 @@ CVE-2022-34671
CVE-2022-34670
RESERVED
- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
- [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers 470.161.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1025280)
- nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281)
- [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1025282)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283)
- [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285)
- [bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286)
CVE-2022-34669
RESERVED
@@ -39267,7 +39292,7 @@ CVE-2022-34301 (A flaw was found in CryptoPro Secure Disk bootloaders before 202
NOTE: is out of scope for the Debian Security Tracker
CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...)
- tinyexr 1.0.1+dfsg-4 (bug #1014980)
- [bullseye] - tinyexr <no-dsa> (Minor issue)
+ [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1
NOTE: https://github.com/syoyo/tinyexr/issues/167
NOTE: https://github.com/syoyo/tinyexr/pull/175
CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...)
@@ -45053,7 +45078,7 @@ CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in i
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26431
CVE-2022-32090
@@ -45061,14 +45086,14 @@ CVE-2022-32090
CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26410
CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26419
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -45076,14 +45101,14 @@ CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26437
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26412
NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
@@ -45091,7 +45116,7 @@ CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26407
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -45099,27 +45124,27 @@ CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26427
CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26047
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26433
CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26420
CVE-2022-32080
@@ -53831,7 +53856,7 @@ CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to ar
NOT-FOR-US: wire-webapp
CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...)
- node-hawk 9.0.1-1
- [bullseye] - node-hawk <no-dsa> (Minor issue)
+ [bullseye] - node-hawk 8.0.1+dfsg-2+deb11u1
NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq
NOTE: https://github.com/mozilla/hawk/pull/286
NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3
@@ -58796,14 +58821,14 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28099
CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28098
@@ -58811,14 +58836,14 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28093
CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28097
@@ -58830,14 +58855,14 @@ CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28090
CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28094
@@ -58847,7 +58872,7 @@ CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28089
@@ -58855,7 +58880,7 @@ CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28095
@@ -58863,14 +58888,14 @@ CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-a
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28099
CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28082
@@ -58878,7 +58903,7 @@ CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28081
@@ -58886,7 +58911,7 @@ CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segme
CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28080
@@ -59037,7 +59062,7 @@ CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a globa
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26422
@@ -59045,7 +59070,7 @@ CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26406
@@ -59060,7 +59085,7 @@ CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracke
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26047
@@ -59068,14 +59093,14 @@ CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26323
CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26402
@@ -59083,7 +59108,7 @@ CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26061
@@ -59091,7 +59116,7 @@ CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Serve
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26280
@@ -59099,7 +59124,7 @@ CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26353
@@ -59107,7 +59132,7 @@ CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26423
@@ -59115,7 +59140,7 @@ CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26281
@@ -59123,7 +59148,7 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26354
@@ -65912,7 +65937,7 @@ CVE-2022-25000
RESERVED
CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...)
- node-qs 6.10.3+ds+~6.9.7-1
- [bullseye] - node-qs <no-dsa> (Minor issue)
+ [bullseye] - node-qs 6.9.4+ds-1+deb11u1
[buster] - node-qs <no-dsa> (Minor issue)
NOTE: https://github.com/ljharb/qs/pull/428
CVE-2022-24998
@@ -68362,7 +68387,7 @@ CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_con
{DLA-3114-1}
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- [bullseye] - mariadb-10.5 <no-dsa> (Minor issue, will be fixed in next point release)
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-25638
CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...)
@@ -71341,7 +71366,7 @@ CVE-2022-23472 (Passeo is an open source python password generator. Versions pri
TODO: check
CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...)
- containerd 1.6.12~ds1-1
- [bullseye] - containerd <no-dsa> (Minor issue)
+ [bullseye] - containerd 1.4.13~ds1-1~deb11u3
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
NOTE: https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrary file ...)
@@ -74533,7 +74558,7 @@ CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4,
CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...)
{DLA-3232-1}
- virglrenderer 0.10.0-1 (bug #1009073)
- [bullseye] - virglrenderer <no-dsa> (Minor issue)
+ [bullseye] - virglrenderer 0.8.2-5+deb11u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec (0.10.0)
@@ -83562,13 +83587,13 @@ CVE-2022-21691 (OnionShare is an open source tool that lets you securely and ano
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766
CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...)
- onionshare 2.5-1 (bug #1014966)
- [bullseye] - onionshare <no-dsa> (Minor issue)
+ [bullseye] - onionshare 2.2-3+deb11u1
[buster] - onionshare <not-affected> (Vulnerable code introduced later in v2.0)
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq
NOTE: https://github.com/onionshare/onionshare/commit/8f1e7ac224e54f57e43321bba2c2f9fdb5143bb0 (v2.5)
CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...)
- onionshare 2.5-1 (bug #1014966)
- [bullseye] - onionshare <no-dsa> (Minor issue)
+ [bullseye] - onionshare 2.2-3+deb11u1
[buster] - onionshare <not-affected> (Vulnerable code not present)
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc
NOTE: https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 (v2.5)
@@ -86455,7 +86480,7 @@ CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service) can
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
{DLA-3176-1}
- clickhouse 18.16.1+ds-7.3 (bug #1008216)
- [bullseye] - clickhouse <no-dsa> (Minor issue)
+ [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
@@ -86463,7 +86488,7 @@ CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
{DLA-3176-1}
- clickhouse 18.16.1+ds-7.3 (bug #1008216)
- [bullseye] - clickhouse <no-dsa> (Minor issue)
+ [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
@@ -90881,7 +90906,7 @@ CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when pars
CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
{DLA-3176-1}
- clickhouse 18.16.1+ds-7.3 (bug #1008216)
- [bullseye] - clickhouse <no-dsa> (Minor issue)
+ [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
@@ -90889,7 +90914,7 @@ CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec wh
CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
{DLA-3176-1}
- clickhouse 18.16.1+ds-7.3 (bug #1008216)
- [bullseye] - clickhouse <no-dsa> (Minor issue)
+ [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
@@ -91459,7 +91484,7 @@ CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directo
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
{DLA-3130-1 DLA-2988-1}
- tinyxml 2.6.2-6
- [bullseye] - tinyxml <no-dsa> (Minor issue)
+ [bullseye] - tinyxml 2.6.2-4+deb11u1
NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
CVE-2021-42259
@@ -96466,6 +96491,7 @@ CVE-2021-40332
RESERVED
CVE-2021-3759 (A memory overflow vulnerability was found in the Linux kernel’s ...)
- linux 5.15.3-1
+ [bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/
CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: bookstack
@@ -96706,6 +96732,7 @@ CVE-2021-40242
RESERVED
CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
- xfig 1:3.2.8a-1 (unimportant; bug #992395)
+ [bullseye] - xfig 1:3.2.8-3+deb11u1
NOTE: https://sourceforge.net/p/mcj/tickets/136/
NOTE: No security impact
CVE-2021-40240
@@ -106436,7 +106463,7 @@ CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux
NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize logout ...)
- libapache2-mod-auth-mellon 0.18.0-1 (bug #991730)
- [bullseye] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ [bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1
[buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
@@ -138986,7 +139013,7 @@ CVE-2021-23451 (The package otp-generator before 3.0.0 are vulnerable to Insecur
NOT-FOR-US: Node otp-generator
CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
- dojo 1.17.2+dfsg1-1 (bug #1014785)
- [bullseye] - dojo <no-dsa> (Minor issue)
+ [bullseye] - dojo 1.15.4+dfsg1-1+deb11u1
[buster] - dojo <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9
@@ -153164,7 +153191,7 @@ CVE-2020-29261
CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak via the f ...)
{DLA-3125-1}
- libvncserver 0.9.13+dfsg-5 (bug #1019228)
- [bullseye] - libvncserver <no-dsa> (Minor issue)
+ [bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1
NOTE: https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
NOT-FOR-US: Online Examination System
=====================================
data/next-point-update.txt
=====================================
@@ -1,267 +1,3 @@
-CVE-2022-37186
- [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
-CVE-2021-23450
- [bullseye] - dojo 1.15.4+dfsg1-1+deb11u1
-CVE-2022-2255
- [bullseye] - mod-wsgi 4.7.1-3+deb11u1
-CVE-2022-38529
- [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1
-CVE-2022-34300
- [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1
-CVE-2022-40320
- [bullseye] - libconfuse 3.3-2+deb11u1
-CVE-2022-37616
- [bullseye] - node-xmldom 0.5.0-1+deb11u1
-CVE-2022-3517
- [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
-CVE-2022-42906
- [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1
-CVE-2021-42260
- [bullseye] - tinyxml 2.6.2-4+deb11u1
-CVE-2021-46848
- [bullseye] - libtasn1-6 4.16.0-2+deb11u1
-CVE-2021-42388
- [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
-CVE-2021-42387
- [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
-CVE-2021-43305
- [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
-CVE-2021-43304
- [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1
-CVE-2021-40241
- [bullseye] - xfig 1:3.2.8-3+deb11u1
-CVE-2022-37601
- [bullseye] - node-loader-utils 2.0.0-1+deb11u1
-CVE-2022-37599
- [bullseye] - node-loader-utils 2.0.0-1+deb11u1
-CVE-2022-37603
- [bullseye] - node-loader-utils 2.0.0-1+deb11u1
-CVE-2022-21690
- [bullseye] - onionshare 2.2-3+deb11u1
-CVE-2022-21689
- [bullseye] - onionshare 2.2-3+deb11u1
-CVE-2020-29260
- [bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1
-CVE-2022-39353
- [bullseye] - node-xmldom 0.5.0-1+deb11u2
-CVE-2022-38866
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38865
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38864
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38863
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38861
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38860
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38858
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38855
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38851
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-38850
- [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
-CVE-2022-46338
- [bullseye] - g810-led 0.4.2-1+deb11u1
-CVE-2022-32081
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32082
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32084
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32089
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32091
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2021-46669
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27376
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27377
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27378
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27379
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27380
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27381
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27382
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27383
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27384
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27386
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27387
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27444
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27445
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27446
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27447
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27448
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27449
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27451
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27452
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27455
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27456
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27457
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-27458
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32083
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32085
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32086
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32087
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-32088
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-38791
- [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
-CVE-2022-24999
- [bullseye] - node-qs 6.9.4+ds-1+deb11u1
-CVE-2022-29167
- [bullseye] - node-hawk 8.0.1+dfsg-2+deb11u1
-CVE-2022-38266
- [bullseye] - leptonlib 1.79.0-1.1+deb11u1
-CVE-2021-3639
- [bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1
-CVE-2022-34670
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34674
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34675
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34677
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34679
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34680
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-34682
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42254
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42256
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42257
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42258
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42259
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42260
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42261
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42262
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42263
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-42264
- [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1
- [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1
- [bullseye] - nvidia-graphics-drivers 470.161.03-1
-CVE-2022-0135
- [bullseye] - virglrenderer 0.8.2-5+deb11u1
-CVE-2022-46391
- [bullseye] - awstats 7.8-2+deb11u1
-CVE-2022-23471
- [bullseye] - containerd 1.4.13~ds1-1~deb11u3
-CVE-2021-3759
- [bullseye] - linux 5.10.158-1
-CVE-2022-3169
- [bullseye] - linux 5.10.158-1
-CVE-2022-3435
- [bullseye] - linux 5.10.158-1
-CVE-2022-3521
- [bullseye] - linux 5.10.158-1
-CVE-2022-3524
- [bullseye] - linux 5.10.158-1
-CVE-2022-3535
- [bullseye] - linux 5.10.158-1
-CVE-2022-3542
- [bullseye] - linux 5.10.158-1
-CVE-2022-3564
- [bullseye] - linux 5.10.158-1
-CVE-2022-3565
- [bullseye] - linux 5.10.158-1
-CVE-2022-3594
- [bullseye] - linux 5.10.158-1
-CVE-2022-3628
- [bullseye] - linux 5.10.158-1
-CVE-2022-3640
- [bullseye] - linux 5.10.158-1
-CVE-2022-4139
- [bullseye] - linux 5.10.158-1
-CVE-2022-41849
- [bullseye] - linux 5.10.158-1
-CVE-2022-41850
- [bullseye] - linux 5.10.158-1
-CVE-2022-42895
- [bullseye] - linux 5.10.158-1
-CVE-2022-42896
- [bullseye] - linux 5.10.158-1
-CVE-2022-4378
- [bullseye] - linux 5.10.158-1
CVE-2022-3650
[bullseye] - ceph 14.2.21-1+deb11u1
CVE-2022-37026
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e82a21b38805b363b5bf7ad66f10b25cdab8d54b...2cb02f6988fc633a14dad6042c1cbbe1c2430c32
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e82a21b38805b363b5bf7ad66f10b25cdab8d54b...2cb02f6988fc633a14dad6042c1cbbe1c2430c32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221217/caaf35f6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list