[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 11 08:10:24 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ea9d966 by security tracker role at 2022-01-11T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,251 @@
+CVE-2022-23101
+	RESERVED
+CVE-2022-23100
+	RESERVED
+CVE-2022-23099
+	RESERVED
+CVE-2022-23098
+	RESERVED
+CVE-2022-23097
+	RESERVED
+CVE-2022-23096
+	RESERVED
+CVE-2022-23095
+	RESERVED
+CVE-2022-23094
+	RESERVED
+CVE-2022-23093
+	RESERVED
+CVE-2022-23092
+	RESERVED
+CVE-2022-23091
+	RESERVED
+CVE-2022-23090
+	RESERVED
+CVE-2022-23089
+	RESERVED
+CVE-2022-23088
+	RESERVED
+CVE-2022-23087
+	RESERVED
+CVE-2022-23086
+	RESERVED
+CVE-2022-23085
+	RESERVED
+CVE-2022-23084
+	RESERVED
+CVE-2022-23083
+	RESERVED
+CVE-2022-23082
+	RESERVED
+CVE-2022-23081
+	RESERVED
+CVE-2022-23080
+	RESERVED
+CVE-2022-23079
+	RESERVED
+CVE-2022-23078
+	RESERVED
+CVE-2022-23077
+	RESERVED
+CVE-2022-23076
+	RESERVED
+CVE-2022-23075
+	RESERVED
+CVE-2022-23074
+	RESERVED
+CVE-2022-23073
+	RESERVED
+CVE-2022-23072
+	RESERVED
+CVE-2022-23071
+	RESERVED
+CVE-2022-23070
+	RESERVED
+CVE-2022-23069
+	RESERVED
+CVE-2022-23068
+	RESERVED
+CVE-2022-23067
+	RESERVED
+CVE-2022-23066
+	RESERVED
+CVE-2022-23065
+	RESERVED
+CVE-2022-23064
+	RESERVED
+CVE-2022-23063
+	RESERVED
+CVE-2022-23062
+	RESERVED
+CVE-2022-23061
+	RESERVED
+CVE-2022-23060
+	RESERVED
+CVE-2022-23059
+	RESERVED
+CVE-2022-23058
+	RESERVED
+CVE-2022-23057
+	RESERVED
+CVE-2022-23056
+	RESERVED
+CVE-2022-23055
+	RESERVED
+CVE-2022-23054
+	RESERVED
+CVE-2022-23053
+	RESERVED
+CVE-2022-23052
+	RESERVED
+CVE-2022-23051
+	RESERVED
+CVE-2022-23050
+	RESERVED
+CVE-2022-23049
+	RESERVED
+CVE-2022-23048
+	RESERVED
+CVE-2022-23047
+	RESERVED
+CVE-2022-23046
+	RESERVED
+CVE-2022-23045
+	RESERVED
+CVE-2022-23044
+	RESERVED
+CVE-2022-23043
+	RESERVED
+CVE-2022-23042
+	RESERVED
+CVE-2022-23041
+	RESERVED
+CVE-2022-23040
+	RESERVED
+CVE-2022-23039
+	RESERVED
+CVE-2022-23038
+	RESERVED
+CVE-2022-23037
+	RESERVED
+CVE-2022-23036
+	RESERVED
+CVE-2022-23035
+	RESERVED
+CVE-2022-23034
+	RESERVED
+CVE-2022-23033
+	RESERVED
+CVE-2022-23032
+	RESERVED
+CVE-2022-23031
+	RESERVED
+CVE-2022-23030
+	RESERVED
+CVE-2022-23029
+	RESERVED
+CVE-2022-23028
+	RESERVED
+CVE-2022-23027
+	RESERVED
+CVE-2022-23026
+	RESERVED
+CVE-2022-23025
+	RESERVED
+CVE-2022-23024
+	RESERVED
+CVE-2022-23023
+	RESERVED
+CVE-2022-23022
+	RESERVED
+CVE-2022-23021
+	RESERVED
+CVE-2022-23020
+	RESERVED
+CVE-2022-23019
+	RESERVED
+CVE-2022-23018
+	RESERVED
+CVE-2022-23017
+	RESERVED
+CVE-2022-23016
+	RESERVED
+CVE-2022-23015
+	RESERVED
+CVE-2022-23014
+	RESERVED
+CVE-2022-23013
+	RESERVED
+CVE-2022-23012
+	RESERVED
+CVE-2022-23011
+	RESERVED
+CVE-2022-23010
+	RESERVED
+CVE-2022-23009
+	RESERVED
+CVE-2022-23008
+	RESERVED
+CVE-2022-23007
+	RESERVED
+CVE-2022-23006
+	RESERVED
+CVE-2022-23005
+	RESERVED
+CVE-2022-23004
+	RESERVED
+CVE-2022-23003
+	RESERVED
+CVE-2022-23002
+	RESERVED
+CVE-2022-23001
+	RESERVED
+CVE-2022-23000
+	RESERVED
+CVE-2022-22999
+	RESERVED
+CVE-2022-22998
+	RESERVED
+CVE-2022-22997
+	RESERVED
+CVE-2022-22996
+	RESERVED
+CVE-2022-22995
+	RESERVED
+CVE-2022-22994
+	RESERVED
+CVE-2022-22993
+	RESERVED
+CVE-2022-22992
+	RESERVED
+CVE-2022-22991
+	RESERVED
+CVE-2022-22990
+	RESERVED
+CVE-2022-22989
+	RESERVED
+CVE-2022-22988
+	RESERVED
+CVE-2022-21234
+	RESERVED
+CVE-2022-21210
+	RESERVED
+CVE-2022-21145
+	RESERVED
+CVE-2022-0182
+	RESERVED
+CVE-2022-0181
+	RESERVED
+CVE-2022-0180
+	RESERVED
+CVE-2022-0179
+	RESERVED
+CVE-2022-0178
+	RESERVED
+CVE-2022-0177
+	RESERVED
+CVE-2021-4204
+	RESERVED
 CVE-2022-22983
 	RESERVED
 CVE-2022-22982
@@ -642,8 +890,8 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initial
 	NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
 CVE-2022-22814
 	RESERVED
-CVE-2022-0155
-	RESERVED
+CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
+	TODO: check
 CVE-2022-22813
 	RESERVED
 CVE-2022-22812
@@ -854,8 +1102,8 @@ CVE-2022-22732
 	RESERVED
 CVE-2022-22731
 	RESERVED
-CVE-2022-0144
-	RESERVED
+CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
+	TODO: check
 CVE-2022-0143
 	RESERVED
 CVE-2022-0142
@@ -9096,20 +9344,20 @@ CVE-2022-21674
 	RESERVED
 CVE-2022-21673
 	RESERVED
-CVE-2022-21672
-	RESERVED
+CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...)
+	TODO: check
 CVE-2022-21671
 	RESERVED
-CVE-2022-21670
-	RESERVED
+CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...)
+	TODO: check
 CVE-2022-21669
 	RESERVED
-CVE-2022-21668
-	RESERVED
+CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...)
+	TODO: check
 CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...)
 	NOT-FOR-US: soketi
-CVE-2022-21666
-	RESERVED
+CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...)
+	TODO: check
 CVE-2022-21665
 	RESERVED
 CVE-2022-21664 (WordPress is a free and open-source content management system written  ...)
@@ -19759,6 +20007,7 @@ CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker ser
 CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+	{DLA-2876-1}
 	- vim 2:8.2.3455-1 (bug #994497)
 	[bullseye] - vim 2:8.2.2434-3+deb11u1
 	[buster] - vim <no-dsa> (Minor issue)
@@ -20213,6 +20462,7 @@ CVE-2021-40682
 CVE-2021-3779
 	RESERVED
 CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+	{DLA-2876-1}
 	- vim 2:8.2.3455-1 (bug #994498)
 	[bullseye] - vim 2:8.2.2434-3+deb11u1
 	[buster] - vim <no-dsa> (Minor issue)
@@ -30588,22 +30838,22 @@ CVE-2021-36416
 	RESERVED
 CVE-2021-36415
 	RESERVED
-CVE-2021-36414
-	RESERVED
+CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+	TODO: check
 CVE-2021-36413
 	RESERVED
-CVE-2021-36412
-	RESERVED
-CVE-2021-36411
-	RESERVED
-CVE-2021-36410
-	RESERVED
+CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+	TODO: check
+CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
+	TODO: check
+CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
+	TODO: check
 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
 	NOT-FOR-US: Bitdefender
-CVE-2021-36409
-	RESERVED
-CVE-2021-36408
-	RESERVED
+CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
+	TODO: check
+CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
+	TODO: check
 CVE-2021-36407
 	RESERVED
 CVE-2021-36406
@@ -32974,8 +33224,8 @@ CVE-2021-35454
 	RESERVED
 CVE-2021-35453
 	RESERVED
-CVE-2021-35452
-	RESERVED
+CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
+	TODO: check
 CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...)
 	NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
 CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...)
@@ -48171,8 +48421,8 @@ CVE-2021-29456 (Authelia is an open-source authentication and authorization serv
 	NOT-FOR-US: Authelia
 CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
 	NOT-FOR-US: Grassroot Platform
-CVE-2021-29454
-	RESERVED
+CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+	TODO: check
 CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for  ...)
 	NOT-FOR-US: matrix-media-repo
 CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
@@ -68925,8 +69175,8 @@ CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network appli
 	NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
 	NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
-CVE-2021-21408
-	RESERVED
+CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+	TODO: check
 CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool.  ...)
 	NOT-FOR-US: Combodo iTop
 CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool.  ...)
@@ -89613,8 +89863,8 @@ CVE-2020-25429
 	RESERVED
 CVE-2020-25428
 	RESERVED
-CVE-2020-25427
-	RESERVED
+CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
+	TODO: check
 CVE-2020-25426
 	RESERVED
 CVE-2020-25425
@@ -116760,6 +117010,7 @@ CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI V
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0)
 CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode  ...)
+	{DLA-2876-1}
 	- vim 2:8.1.2136-1
 	[buster] - vim <no-dsa> (Minor issue)
 	[jessie] - vim <no-dsa> (Minor issue)
@@ -263642,7 +263893,7 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attack
 CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected b ...)
 	NOT-FOR-US: SyncBreeze
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...)
-	{DLA-1871-1}
+	{DLA-2876-1 DLA-1871-1}
 	- vim 2:8.0.1401-1
 	[wheezy] - vim <no-dsa> (Minor issue)
 	NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea9d96659afc8db8c340e59f90d28a7b6362131

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea9d96659afc8db8c340e59f90d28a7b6362131
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220111/6515e384/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list