[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 19 20:10:27 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02084dc9 by security tracker role at 2022-02-19T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-25368
+	RESERVED
+CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+	TODO: check
+CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
+	TODO: check
+CVE-2022-0688
+	RESERVED
+CVE-2022-0687
+	RESERVED
+CVE-2022-0686
+	RESERVED
+CVE-2022-0685
+	RESERVED
+CVE-2022-0684
+	RESERVED
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
+	TODO: check
+CVE-2021-4222
+	RESERVED
 CVE-2022-25367
 	RESERVED
 CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it  ...)
@@ -96,8 +116,8 @@ CVE-2022-0680
 	RESERVED
 CVE-2022-0679
 	RESERVED
-CVE-2022-0678
-	RESERVED
+CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+	TODO: check
 CVE-2022-0677
 	RESERVED
 CVE-2021-4221
@@ -375,12 +395,12 @@ CVE-2022-0634
 	RESERVED
 CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0632
-	RESERVED
+CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
 	TODO: check
-CVE-2022-0630
-	RESERVED
+CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	TODO: check
 CVE-2022-0628
@@ -6160,10 +6180,10 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2
 	NOT-FOR-US: TastyIgniter
 CVE-2022-23377
 	RESERVED
-CVE-2022-23376
-	RESERVED
-CVE-2022-23375
-	RESERVED
+CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on  ...)
+	TODO: check
+CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...)
+	TODO: check
 CVE-2022-23374
 	RESERVED
 CVE-2022-23373
@@ -9069,6 +9089,7 @@ CVE-2022-22621
 	RESERVED
 CVE-2022-22620 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.6-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.6-1
@@ -9136,6 +9157,7 @@ CVE-2022-22591
 	RESERVED
 CVE-2022-22589 [A validation issue was addressed with improved input sanitization]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
@@ -17338,6 +17360,7 @@ CVE-2022-21714
 CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...)
 	- grafana <removed>
 CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
+	{DLA-2927-1}
 	- twisted 22.1.0-1
 	[bullseye] - twisted <no-dsa> (Minor issue)
 	[buster] - twisted <no-dsa> (Minor issue)
@@ -73849,6 +73872,7 @@ CVE-2021-22591
 	RESERVED
 CVE-2022-22590 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
@@ -104992,6 +105016,7 @@ CVE-2020-22593
 	RESERVED
 CVE-2022-22592 [A logic issue was addressed with improved state management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
@@ -136619,13 +136644,13 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Incons
 CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information  ...)
 	NOT-FOR-US: Citrix
 CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
-	{DLA-2145-1}
+	{DLA-2927-1 DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
-	{DLA-2145-1}
+	{DLA-2927-1 DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
@@ -352725,8 +352750,7 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb
 	- tomcat7 7.0.70-3
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
-CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
-	RESERVED
+CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted code fro ...)
 	- duck 0.10
 	[jessie] - duck 0.7+deb8u1
 	NOTE: https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02084dc97b1013ce97e12ae75e54cc46b45bcf59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02084dc97b1013ce97e12ae75e54cc46b45bcf59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220219/b340fafb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list