[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 28 18:12:08 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96f9432b by Moritz Mühlenhoff at 2022-12-28T19:11:18+01:00
bugnums
record protobuf fix in sid
mark png report as non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11178,7 +11178,7 @@ CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
 	RESERVED
-	- libpng1.6 <undetermined>
+	NOTE: Unreproducible libpng issue
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
 	NOTE: https://sourceforge.net/p/libpng/bugs/300/
 CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
@@ -12287,11 +12287,10 @@ CVE-2022-3855
 	RESERVED
 CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
 	RESERVED
-	- ceph <undetermined>
+	- ceph <unfixed> (bug #1027151)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025
 	NOTE: https://tracker.ceph.com/issues/55765
-	TODO: check details, none provided in RHBZ#2139925, SuSE contains excerpt from the closed bugzilla entry
 CVE-2022-44664
 	RESERVED
 CVE-2022-44663
@@ -18754,7 +18753,8 @@ CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to dis
 CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...)
-	- protobuf <unfixed>
+	[experimental] - protobuf 3.21.7-1
+	- protobuf 3.21.9-3
 	[bullseye] - protobuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...)
@@ -23100,7 +23100,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 	NOTE: Crash in CLI toool, no security impact
 CVE-2022-3277 [unrestricted creation of security groups]
 	RESERVED
-	- neutron <unfixed>
+	- neutron <unfixed> (bug #1027150)
 	[bullseye] - neutron <no-dsa> (Minor issue)
 	[buster] - neutron <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
@@ -23110,7 +23110,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin
 	NOTE: https://github.com/hapijs/hoek/issues/352
 	NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3)
 CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to  ...)
-	- puppet-module-puppetlabs-mysql <unfixed>
+	- puppet-module-puppetlabs-mysql <unfixed> (bug #1027154)
 	NOTE: https://puppet.com/security/cve/CVE-2022-3276
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0)
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0)
@@ -73938,17 +73938,17 @@ CVE-2022-23522
 CVE-2022-23521
 	RESERVED
 CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	- ruby-rails-html-sanitizer <unfixed>
+	- ruby-rails-html-sanitizer <unfixed> (bug #1027153)
 	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
 CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	- ruby-rails-html-sanitizer <unfixed>
+	- ruby-rails-html-sanitizer <unfixed> (bug #1027153)
 	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
 CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	- ruby-rails-html-sanitizer <unfixed>
+	- ruby-rails-html-sanitizer <unfixed> (bug #1027153)
 	NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
 	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
 CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
-	- ruby-rails-html-sanitizer <unfixed>
+	- ruby-rails-html-sanitizer <unfixed> (bug #1027153)
 	NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
 	NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f9432b2b4e296632acc4545d33539e6c3f4ca4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/645bcb6d/attachment.htm>

More information about the debian-security-tracker-commits mailing list