[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 29 20:10:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6dc3feab by security tracker role at 2022-01-29T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-0414
+ RESERVED
+CVE-2022-0413
+ RESERVED
+CVE-2022-0412
+ RESERVED
+CVE-2022-0411
+ RESERVED
+CVE-2022-0410
+ RESERVED
CVE-2022-24120
RESERVED
CVE-2022-24119
@@ -160,7 +170,7 @@ CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
NOT-FOR-US: livehelperchat
CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0393 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -234,7 +244,7 @@ CVE-2022-21798
RESERVED
CVE-2022-21154
RESERVED
-CVE-2022-0392 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -700,7 +710,7 @@ CVE-2022-23942
RESERVED
CVE-2022-21184
RESERVED
-CVE-2022-0368 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -718,7 +728,7 @@ CVE-2022-0363
RESERVED
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0361 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -726,7 +736,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
CVE-2022-0360
RESERVED
-CVE-2022-0359 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -915,7 +925,7 @@ CVE-2022-23865
RESERVED
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
NOT-FOR-US: calibre-web
-CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim prior to ...)
+CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -21331,7 +21341,7 @@ CVE-2021-3868
RESERVED
CVE-2021-3867
RESERVED
-CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...)
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
- zulip-server <itp> (bug #800052)
NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
CVE-2021-42060
@@ -205740,6 +205750,7 @@ CVE-2018-20367 (The "mall some commodity details: commodity consultation" compon
CVE-2018-20366
RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917111)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/195
@@ -205747,6 +205758,7 @@ CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer ov
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917112)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/194
@@ -205754,6 +205766,7 @@ CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917113)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/193
@@ -253290,17 +253303,17 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
@@ -253311,6 +253324,7 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter
NOTE: http://seclists.org/bugtraq/2018/Jul/58
NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
+ {DLA-2903-1}
- libraw 0.18.13-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2018/Jul/58
@@ -253321,18 +253335,22 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and
NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
+ {DLA-2903-1}
- libraw 0.18.11-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
@@ -253343,23 +253361,27 @@ CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcr
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.11-1
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
@@ -253368,19 +253390,19 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
@@ -270548,12 +270570,14 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
@@ -277975,7 +277999,7 @@ CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file
- kannel <not-affected> (No real security issue in combination with start-stop-daemon from dpkg, see #877361)
NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...)
- {DLA-1109-1}
+ {DLA-2903-1 DLA-1109-1}
- libraw 0.18.5-1 (low)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
@@ -278749,6 +278773,7 @@ CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGIma
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
[jessie] - libraw <not-affected> (Vulnerable code not present)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
@@ -278964,6 +278989,7 @@ CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow v
NOTE: are addressed with the same patch:
NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
@@ -280521,6 +280547,7 @@ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magi
- graphicsmagick <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...)
+ {DLA-2903-1}
- libraw 0.18.5-1 (low; bug #874729)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc3feabc247cd8f3b090dfaaf2e61a7cc9153b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc3feabc247cd8f3b090dfaaf2e61a7cc9153b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220129/807a4c04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list