[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jan 30 20:10:27 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9daa1ec7 by security tracker role at 2022-01-30T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-0418
+	RESERVED
+CVE-2022-0417
+	RESERVED
+CVE-2022-0416
+	RESERVED
+CVE-2022-0415
+	RESERVED
 CVE-2022-24129
 	RESERVED
 CVE-2022-24128
@@ -34,8 +42,8 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application
 	NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
 CVE-2022-0414
 	RESERVED
-CVE-2022-0413
-	RESERVED
+CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-0412
 	RESERVED
 CVE-2022-0411
@@ -67,10 +75,10 @@ CVE-2022-24113
 	RESERVED
 CVE-2022-0409
 	RESERVED
-CVE-2022-0408
-	RESERVED
-CVE-2022-0407
-	RESERVED
+CVE-2022-0408 (Stack-based Buffer Overflow in Conda vim prior to 8.2. ...)
+	TODO: check
+CVE-2022-0407 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-24112
 	RESERVED
 CVE-2022-0406
@@ -1351,8 +1359,8 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) th
 	- epub2txt2 <itp> (bug #1004115)
 CVE-2022-23849
 	RESERVED
-CVE-2022-0339
-	RESERVED
+CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
+	TODO: check
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
 	- loguru <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -2695,8 +2703,8 @@ CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_
 	NOT-FOR-US: Reolink
 CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
 	NOT-FOR-US: Orchard CMS
-CVE-2022-0273
-	RESERVED
+CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
+	TODO: check
 CVE-2022-0272
 	RESERVED
 CVE-2022-0271



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9daa1ec76189fff7e2f7932de4e17925e5d94897

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9daa1ec76189fff7e2f7932de4e17925e5d94897
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220130/fe0047f7/attachment.htm>
