[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 3 20:10:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b316b69 by security tracker role at 2022-02-03T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-24399
+ RESERVED
+CVE-2022-24398
+ RESERVED
+CVE-2022-24397
+ RESERVED
+CVE-2022-24396
+ RESERVED
+CVE-2022-24395
+ RESERVED
+CVE-2022-24394
+ RESERVED
+CVE-2022-24393
+ RESERVED
+CVE-2022-24392
+ RESERVED
+CVE-2022-24391
+ RESERVED
+CVE-2022-24390
+ RESERVED
+CVE-2022-24389
+ RESERVED
+CVE-2022-24388
+ RESERVED
+CVE-2022-24387
+ RESERVED
+CVE-2022-24386
+ RESERVED
+CVE-2022-24385
+ RESERVED
+CVE-2022-24384
+ RESERVED
+CVE-2022-21241
+ RESERVED
+CVE-2022-0486
+ RESERVED
+CVE-2022-0485
+ RESERVED
+CVE-2022-0484
+ RESERVED
+CVE-2022-0483
+ RESERVED
+CVE-2022-0482
+ RESERVED
CVE-2022-24372
RESERVED
CVE-2022-24371
@@ -166,8 +210,8 @@ CVE-2022-0473
RESERVED
CVE-2022-24308
RESERVED
-CVE-2022-24307
- RESERVED
+CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
+ TODO: check
CVE-2022-24306
RESERVED
CVE-2022-24305
@@ -2808,12 +2852,12 @@ CVE-2022-23571
RESERVED
CVE-2022-23570
RESERVED
-CVE-2022-23569
- RESERVED
-CVE-2022-23568
- RESERVED
-CVE-2022-23567
- RESERVED
+CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...)
+ TODO: check
+CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
CVE-2022-23566
RESERVED
CVE-2022-23565
@@ -9760,16 +9804,19 @@ CVE-2021-45345
CVE-2021-45344
RESERVED
CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
+ {DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
+ {DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
+ {DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
@@ -10695,7 +10742,7 @@ CVE-2021-45081
CVE-2021-45080
RESERVED
CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
- {DSA-5056-1}
+ {DSA-5056-1 DLA-2909-1}
- strongswan 5.9.5-1
NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/
@@ -11454,8 +11501,8 @@ CVE-2021-44868
RESERVED
CVE-2021-44867
RESERVED
-CVE-2021-44866
- RESERVED
+CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
+ TODO: check
CVE-2021-44865
RESERVED
CVE-2021-44864
@@ -14324,40 +14371,40 @@ CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
[stretch] - vim <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
-CVE-2022-21741
- RESERVED
-CVE-2022-21740
- RESERVED
-CVE-2022-21739
- RESERVED
-CVE-2022-21738
- RESERVED
-CVE-2022-21737
- RESERVED
-CVE-2022-21736
- RESERVED
-CVE-2022-21735
- RESERVED
-CVE-2022-21734
- RESERVED
-CVE-2022-21733
- RESERVED
-CVE-2022-21732
- RESERVED
-CVE-2022-21731
- RESERVED
-CVE-2022-21730
- RESERVED
-CVE-2022-21729
- RESERVED
-CVE-2022-21728
- RESERVED
-CVE-2022-21727
- RESERVED
-CVE-2022-21726
- RESERVED
-CVE-2022-21725
- RESERVED
+CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...)
+ TODO: check
+CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ TODO: check
+CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...)
+ TODO: check
CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...)
TODO: check
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -22953,7 +23000,7 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int
CVE-2021-41820
RESERVED
CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...)
- {DLA-2853-1}
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
- ruby3.0 <unfixed> (bug #1002995)
- ruby2.7 2.7.5-1
- ruby2.5 <removed>
@@ -22964,7 +23011,7 @@ CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security pref
CVE-2021-41818
RESERVED
CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...)
- {DLA-2853-1}
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
- ruby3.0 <unfixed> (bug #1002995)
- ruby2.7 2.7.5-1
- ruby2.5 <removed>
@@ -22977,6 +23024,7 @@ CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (
NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
RESERVED
+ {DSA-5067-1}
- ruby3.0 <unfixed> (bug #1002995)
- ruby2.7 2.7.5-1
- ruby2.5 <not-affected> (Vulnerable code introduced later)
@@ -46854,7 +46902,7 @@ CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab
CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
NOT-FOR-US: Mitel
CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -47772,7 +47820,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -47833,7 +47881,7 @@ CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in
[stretch] - impacket <no-dsa> (Minor issue)
NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...)
- {DLA-2780-1}
+ {DSA-5066-1 DLA-2780-1}
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -55221,6 +55269,7 @@ CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a c
- ruby2.7 <not-affected> (Windows-specific)
NOTE: https://hackerone.com/reports/1131465
CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
+ {DSA-5066-1}
- ruby2.7 2.7.3-1 (bug #986807)
- ruby2.5 <removed>
- ruby2.3 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b316b69108cadcadf3e91695fcc735a042dda45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b316b69108cadcadf3e91695fcc735a042dda45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/876fefa1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list