[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e598462 by security tracker role at 2022-02-13T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2022-24976 [authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence]
+CVE-2022-24980
+	RESERVED
+CVE-2022-24979
+	RESERVED
+CVE-2022-24978
+	RESERVED
+CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
+	TODO: check
+CVE-2022-0579
+	RESERVED
+CVE-2022-0578
+	RESERVED
+CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
 	- atheme-services <unfixed>
 	[bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
 	[buster] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
@@ -14,15 +26,14 @@ CVE-2022-0574
 	RESERVED
 CVE-2022-0573
 	RESERVED
-CVE-2022-0572 [crash when repeatedly using :retab]
-	RESERVED
+CVE-2022-0572 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
 	NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
-CVE-2022-0571
-	RESERVED
+CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in Homebrew phoronixtestsuite p ...)
+	TODO: check
 CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1
@@ -7286,7 +7297,7 @@ CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded c
 	NOT-FOR-US: BD Viper LT system
 CVE-2022-22764
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -7295,7 +7306,7 @@ CVE-2022-22764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764
 CVE-2022-22763
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
@@ -7306,7 +7317,7 @@ CVE-2022-22762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
 CVE-2022-22761
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -7315,7 +7326,7 @@ CVE-2022-22761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761
 CVE-2022-22760
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -7324,7 +7335,7 @@ CVE-2022-22760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760
 CVE-2022-22759
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -7342,7 +7353,7 @@ CVE-2022-22757
 	TODO: check if WebDriver enabled, if not demote severity to unimportant
 CVE-2022-22756
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -7355,7 +7366,7 @@ CVE-2022-22755
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
 CVE-2022-22754
 	RESERVED
-	{DSA-5069-1 DLA-2916-1}
+	{DSA-5074-1 DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	- thunderbird 1:91.6.0-1
@@ -13138,8 +13149,7 @@ CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered
 	NOT-FOR-US: D-Link
 CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...)
 	NOT-FOR-US: D-Link
-CVE-2021-44879
-	RESERVED
+CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3,  ...)
 	- linux 5.16.7-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
 	NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e598462d72c5782e825b3f0f1432f22208814c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e598462d72c5782e825b3f0f1432f22208814c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220213/379846c3/attachment.htm>