[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 2 08:10:29 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c79f014 by security tracker role at 2022-02-02T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-24308
+	RESERVED
+CVE-2022-24307
+	RESERVED
+CVE-2022-24306
+	RESERVED
+CVE-2022-24305
+	RESERVED
+CVE-2022-24304
+	RESERVED
+CVE-2022-24303
+	RESERVED
+CVE-2022-24302
+	RESERVED
+CVE-2022-24296
+	RESERVED
+CVE-2022-24295
+	RESERVED
+CVE-2022-22986
+	RESERVED
+CVE-2022-0472
+	RESERVED
+CVE-2022-0471
+	RESERVED
 CVE-2022-24294
 	RESERVED
 CVE-2022-24293
@@ -19,78 +43,97 @@ CVE-2022-21799
 CVE-2022-21173
 	RESERVED
 CVE-2022-0470
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0469
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0468
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0467
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0466
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0465
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0464
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0463
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0462
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0461
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0460
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0459
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0458
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0457
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0456
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0455
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0454
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0453
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0452
+	RESERVED
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -392,12 +435,12 @@ CVE-2022-24200
 	RESERVED
 CVE-2022-24199
 	RESERVED
-CVE-2022-24198
-	RESERVED
-CVE-2022-24197
-	RESERVED
-CVE-2022-24196
-	RESERVED
+CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...)
+	TODO: check
+CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2022-24196 (iText v7.1.17 was discovered to contain an out-of-memory error via the ...)
+	TODO: check
 CVE-2022-24195
 	RESERVED
 CVE-2022-24194
@@ -1906,7 +1949,7 @@ CVE-2022-0340
 	RESERVED
 CVE-2021-4209
 	RESERVED
-CVE-2022-24300 [ItemStack meta injection vulnerability]
+CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...)
 	- minetest 5.4.1+repack-1 (bug #1004223)
 	NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
 	NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0)
@@ -1914,7 +1957,7 @@ CVE-2022-24300 [ItemStack meta injection vulnerability]
 	NOTE: which is not a vulnerability by itself, and won't get a CVE assigned:
 	NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr
 	NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0)
-CVE-2022-24301 [Players can access the inventories of other players]
+CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...)
 	- minetest 5.4.1+repack-1
 	NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5
 	NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0)
@@ -11493,7 +11536,7 @@ CVE-2021-44792 (Single Connect does not perform an authorization check when usin
 CVE-2021-44791
 	RESERVED
 CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
-	{DSA-5035-1}
+	{DSA-5035-1 DLA-2907-1}
 	- apache2 2.4.52-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
 	NOTE: Fixed by: https://svn.apache.org/r1896039
@@ -13209,7 +13252,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien
 	NOTE: https://github.com/acassen/keepalived/pull/2063
 	NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
 CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
-	{DSA-5035-1}
+	{DSA-5035-1 DLA-2907-1}
 	- apache2 2.4.52-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
 	NOTE: Fixed by: https://svn.apache.org/r1895955
@@ -19440,8 +19483,8 @@ CVE-2021-42640
 	RESERVED
 CVE-2021-42639
 	RESERVED
-CVE-2021-42638
-	RESERVED
+CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
+	TODO: check
 CVE-2021-42637
 	RESERVED
 CVE-2021-42636



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c79f014842e1597817afa55d17810d8d9370d24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c79f014842e1597817afa55d17810d8d9370d24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220202/ae620537/attachment.htm>

More information about the debian-security-tracker-commits mailing list