[Git][security-tracker-team/security-tracker][master] Add CVE-2022-23220/usbview

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4be556e by Salvatore Bonaccorso at 2022-01-21T15:52:58+01:00
Add CVE-2022-23220/usbview

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1632,8 +1632,14 @@ CVE-2022-23223
 	RESERVED
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	TODO: check
-CVE-2022-23220
-	RESERVED
+CVE-2022-23220 [usbview polkit policy local root exploit]
+	RESERVED
+	- usbview <unfixed>
+	[stretch] - usbview <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
+	NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1)
+	NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2)
+	NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2)
 CVE-2022-0237
 	RESERVED
 CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4be556e8b8bb63a91c7bd6dba749bb8852aa10d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4be556e8b8bb63a91c7bd6dba749bb8852aa10d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220121/a15ee3d7/attachment.htm>