[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 20 20:10:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b831618 by security tracker role at 2022-12-20T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1119,10 +1119,12 @@ CVE-2023-21824
CVE-2022-47522
RESERVED
CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/f9b62f9843c7b0afdaecabbcebf1dbba18599408 (6.1-rc8)
CVE-2022-47520 (An issue was discovered in the Linux kernel before 6.0.11. Missing off ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 (6.1-rc8)
@@ -1135,10 +1137,12 @@ CVE-2022-47515 (An issue was discovered in drachtio-server before 0.8.20. It all
CVE-2022-47514 (An XML external entity (XXE) injection vulnerability in XML-RPC.NET be ...)
NOT-FOR-US: XML-RPC.NET
CVE-2022-47519 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/051ae669e4505abbe05165bebf6be7922de11f41
CVE-2022-47518 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
@@ -3401,6 +3405,7 @@ CVE-2022-4376
RESERVED
CVE-2022-4378
RESERVED
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1
@@ -4542,6 +4547,7 @@ CVE-2022-4285
CVE-2022-4284
RESERVED
CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -5033,26 +5039,31 @@ CVE-2022-4225
CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...)
NOT-FOR-US: Sapido
CVE-2022-46344 (A vulnerability was found in X.Org. This security flaw occurs because ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8
CVE-2022-46343 (A vulnerability was found in X.Org. This security flaw occurs because ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900
CVE-2022-46342 (A vulnerability was found in X.Org. This security flaw occurs because ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b
CVE-2022-46341 (A vulnerability was found in X.Org. This security flaw occurs because ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b
CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs becuase ...)
+ {DSA-5304-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -6212,6 +6223,7 @@ CVE-2022-4140
RESERVED
CVE-2022-4139
RESERVED
+ {DLA-3244-1}
- linux 6.0.10-2
[bullseye] - linux 5.10.158-1
[buster] - linux <not-affected> (Vulnerable code not present, only affects gen12 video and compute engines)
@@ -15663,6 +15675,7 @@ CVE-2022-3645
CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext inst ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It is p ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-423.html
@@ -15674,6 +15687,7 @@ CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolution
CVE-2022-36401
RESERVED
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
+ {DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533
@@ -15719,6 +15733,7 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a
NOTE: https://git.kernel.org/linus/7e97cfed9929eaabc41829c395eb0d1350fccb9d (6.0-rc1)
CVE-2022-3628
RESERVED
+ {DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
@@ -15909,6 +15924,7 @@ CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as p
- linux <not-affected> (Vulnerable code not in any released version in Debian and upstream)
NOTE: https://git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca
CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
@@ -16881,10 +16897,12 @@ CVE-2022-3566 (A vulnerability, which was classified as problematic, was found i
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 (6.1-rc1)
CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/2568a7e0832ee30b0a351016d03062ab4e0e0a3f (6.1-rc1)
CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...)
+ {DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966
@@ -16954,6 +16972,7 @@ CVE-2022-3543 (A vulnerability, which was classified as problematic, has been fo
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1)
CVE-2022-3542 (A vulnerability classified as problematic was found in Linux Kernel. T ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/b43f9acbb8942b05252be83ac25a81cec70cc192 (6.1-rc1)
@@ -17007,6 +17026,7 @@ CVE-2022-42971
CVE-2022-42970
RESERVED
CVE-2022-3535 (A vulnerability classified as problematic was found in Linux Kernel. A ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0152dfee235e87660f52a117fc9f70dc55956bb4 (6.1-rc1)
@@ -17040,6 +17060,7 @@ CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kern
CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/libren ...)
NOT-FOR-US: LibreNMS
CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+ {DLA-3244-1}
- linux 6.0.7-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
@@ -17052,6 +17073,7 @@ CVE-2022-3522 (A vulnerability was found in Linux Kernel and classified as probl
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f9bf6c03eca1077cae8de0e6d86427656fa42a9b
CVE-2022-3521 (A vulnerability has been found in Linux Kernel and classified as probl ...)
+ {DLA-3244-1}
- linux 6.0.10-1 (unimportant)
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
@@ -17417,11 +17439,13 @@ CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allow
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...)
+ {DLA-3244-1}
- linux 6.0.7-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4
NOTE: https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...)
+ {DLA-3244-1}
- linux 6.0.7-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
@@ -17996,6 +18020,7 @@ CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions
CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -18798,11 +18823,13 @@ CVE-2022-42331
CVE-2022-42330
RESERVED
CVE-2022-42329 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-424.html
NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5
CVE-2022-42328 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...)
+ {DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-424.html
@@ -20214,10 +20241,12 @@ CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior
CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has ...)
+ {DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
@@ -24141,6 +24170,7 @@ CVE-2022-40239
CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software prior to ...)
NOT-FOR-US: CERT software
CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...)
+ {DLA-3244-1}
- linux 6.0.10-1
[bullseye] - linux 5.10.158-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341
@@ -97681,6 +97711,7 @@ CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61
CVE-2021-40332
RESERVED
CVE-2021-3759 (A memory overflow vulnerability was found in the Linux kernel’s ...)
+ {DLA-3244-1}
- linux 5.15.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b831618766c4e9a81bc5dd866682cc28660a29b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b831618766c4e9a81bc5dd866682cc28660a29b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/ebcc5745/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list