[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 31 20:10:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25ed095d by security tracker role at 2022-12-31T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-4868 (Improper Authorization in GitHub repository froxlor/froxlor prior to 2 ...)
+ TODO: check
+CVE-2022-4867 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
+ TODO: check
+CVE-2022-4866 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4865 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2017-20159 (A vulnerability was found in rf Keynote up to 0.x. It has been rated a ...)
+ TODO: check
+CVE-2017-20158 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yi ...)
+ TODO: check
+CVE-2017-20157 (A vulnerability was found in Ariadne Component Library up to 2.x. It h ...)
+ TODO: check
+CVE-2017-20156 (A vulnerability was found in Exciting Printer and classified as critic ...)
+ TODO: check
+CVE-2014-125027 (A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and ...)
+ TODO: check
CVE-2022-4864 (Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0 ...)
- froxlor <itp> (bug #581792)
CVE-2017-20155 (A vulnerability was found in Sterc Google Analytics Dashboard for MODX ...)
@@ -3841,6 +3859,7 @@ CVE-2022-4517
CVE-2022-4516
REJECTED
CVE-2022-4515 (A flaw was found in Exuberant Ctags in the way it handles the "-o" opt ...)
+ {DLA-3254-1}
- exuberant-ctags 1:5.9~svn20110310-18 (bug #1026995)
- universal-ctags <not-affected> (Fixed before initial upload to Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153519
@@ -5923,6 +5942,7 @@ CVE-2022-4339
REJECTED
CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
RESERVED
+ {DLA-3253-1}
- openvswitch <unfixed> (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -5931,6 +5951,7 @@ CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4
CVE-2022-4337 [Out-of-Bounds Read in Organization Specific TLV]
RESERVED
+ {DLA-3253-1}
- openvswitch <unfixed> (bug #1027273)
NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
@@ -6832,7 +6853,7 @@ CVE-2022-4285
CVE-2022-4284
RESERVED
CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -7330,31 +7351,31 @@ CVE-2022-4225
CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...)
NOT-FOR-US: Sapido
CVE-2022-46344 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8
CVE-2022-46343 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900
CVE-2022-46342 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b
CVE-2022-46341 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b
CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs becuase ...)
- {DSA-5304-1}
+ {DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -8404,6 +8425,7 @@ CVE-2022-45941
CVE-2022-45940
RESERVED
CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...)
+ {DLA-3257-1}
- emacs 1:28.2+1-8 (bug #1025009)
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
CVE-2022-45938
@@ -9050,6 +9072,7 @@ CVE-2022-45695
CVE-2022-45694
RESERVED
CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...)
+ {DLA-3259-1}
- libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/52
CVE-2022-45692
@@ -9067,6 +9090,7 @@ CVE-2022-45687
CVE-2022-45686
RESERVED
CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...)
+ {DLA-3259-1}
- libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/54
CVE-2022-45684
@@ -26730,6 +26754,7 @@ CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to De
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
+ {DLA-3259-1}
- libjettison-java 1.5.3-1 (bug #1022553)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
NOTE: https://github.com/jettison-json/jettison/issues/45
@@ -29947,23 +29972,27 @@ CVE-2022-38868
CVE-2022-38867
RESERVED
CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2401
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ {DLA-3255-1}
- mplayer <unfixed> (bug #1021013)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2406
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391)
CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2405
@@ -29974,11 +30003,13 @@ CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Ov
NOTE: https://trac.mplayerhq.hu/ticket/2400
NOTE: https://trac.mplayerhq.hu/ticket/2404
CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...)
+ {DLA-3255-1}
- mplayer <unfixed> (bug #1021013)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2407
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2402
@@ -29988,6 +30019,7 @@ CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By
CVE-2022-38859
RESERVED
CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2396
@@ -30000,6 +30032,7 @@ CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Ov
NOTE: https://trac.mplayerhq.hu/ticket/2395
NOTE: Crash in CLI tool, no security impact
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2392
@@ -30016,12 +30049,14 @@ CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Ov
CVE-2022-38852
RESERVED
CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2393
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...)
+ {DLA-3255-1}
- mplayer <unfixed> (unimportant)
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
NOTE: https://trac.mplayerhq.hu/ticket/2399
@@ -33649,6 +33684,7 @@ CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in
CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...)
NOT-FOR-US: karma-runner grunt-karma
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
+ {DLA-3258-1}
- node-loader-utils 2.0.3-1
[bullseye] - node-loader-utils 2.0.0-1+deb11u1
NOTE: https://github.com/webpack/loader-utils/issues/212
@@ -70407,6 +70443,7 @@ CVE-2022-24722 (VIewComponent is a framework for building view components in Rub
CVE-2022-24721 (CometD is a scalable comet implementation for web messaging. In any ve ...)
NOT-FOR-US: CometD
CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...)
+ {DSA-5310-1}
- ruby-image-processing 1.10.3-2 (bug #1007225)
NOTE: https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
NOTE: https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada (v1.12.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25ed095df82cf67a6f44d1ec84e40fc470b182cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25ed095df82cf67a6f44d1ec84e40fc470b182cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221231/33c4c985/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list