[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jan 18 08:10:27 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b855a931 by security tracker role at 2022-01-18T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-23312
+	RESERVED
+CVE-2022-23311
+	RESERVED
+CVE-2022-23310
+	RESERVED
+CVE-2022-23309
+	RESERVED
+CVE-2022-23308
+	RESERVED
+CVE-2022-0266
+	RESERVED
+CVE-2022-0265
+	RESERVED
 CVE-2022-23307
 	RESERVED
 CVE-2022-23306
@@ -55,8 +69,8 @@ CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch]
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6)
-CVE-2022-0245
-	RESERVED
+CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...)
+	TODO: check
 CVE-2022-0244
 	RESERVED
 CVE-2022-0243
@@ -2033,8 +2047,8 @@ CVE-2022-22705
 	RESERVED
 CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
 	NOT-FOR-US: zabbix-agent2 package for Alpine
-CVE-2022-22703
-	RESERVED
+CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...)
+	TODO: check
 CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...)
 	NOT-FOR-US: PartKeepr
 CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
@@ -3610,7 +3624,8 @@ CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (calle
 	NOT-FOR-US: wasm3
 CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
 	NOT-FOR-US: wasm3
-CVE-2021-45945 (** DISPUTED ** uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds  ...)
+CVE-2021-45945
+	REJECTED
 	NOT-FOR-US: uWebSockets
 CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
 	{DSA-5038-1 DLA-2879-1}
@@ -17230,8 +17245,7 @@ CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘ad
 	NOT-FOR-US: WP DSGVO Tools (GDPR)
 CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-42357
-	RESERVED
+CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted  ...)
 	NOT-FOR-US: Apache Knox
 CVE-2021-42356
 	RESERVED
@@ -32931,7 +32945,7 @@ CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecode
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811
 	NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml
-CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...)
+CVE-2020-36406 (** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffe ...)
 	NOT-FOR-US: uWebSockets
 CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...)
 	NOT-FOR-US: keystone engine



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b855a931074fda7249c45646e9cf061ca6c58fd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b855a931074fda7249c45646e9cf061ca6c58fd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220118/6b1fb5b0/attachment.htm>
