[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 6 22:11:32 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce15aa28 by Moritz Muehlenhoff at 2022-07-06T23:11:11+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2554,7 +2554,7 @@ CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tiny
 	[bullseye] - tinyexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/syoyo/tinyexr/issues/167
 CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...)
-	- dwarfutils <unfixed>
+	- dwarfutils <unfixed> (bug #1014493)
 	[bullseye] - dwarfutils <no-dsa> (Minor issue)
 	[buster] - dwarfutils <no-dsa> (Minor issue)
 	[stretch] - dwarfutils <no-dsa> (Minor issue)
@@ -5774,21 +5774,21 @@ CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plu
 CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13.  ...)
 	NOT-FOR-US: pgadmin on Windows
 CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to  ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1014494)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
@@ -10866,14 +10866,14 @@ CVE-2022-31093 (NextAuth.js is a complete open source authentication solution fo
 CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platform. P ...)
 	NOT-FOR-US: Pimcore
 CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...)
-	- guzzle <unfixed>
+	- guzzle <unfixed> (bug #1014492)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
 	NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5)
 CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...)
-	- guzzle <unfixed>
+	- guzzle <unfixed> (bug #1014492)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
@@ -42595,11 +42595,11 @@ CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows a
 CVE-2021-44976
 	RESERVED
 CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014490)
 	NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
 	NOTE: Fixed in 5.6.0
 CVE-2021-44974 (radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014490)
 	NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
 	NOTE: Fixed in 5.5.4
 CVE-2021-44973
@@ -45060,7 +45060,7 @@ CVE-2021-44222
 CVE-2021-44221
 	RESERVED
 CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014490)
 	NOTE: https://github.com/radareorg/radare2/issues/19436
 	NOTE: https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02
 CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce15aa2874c0cf538a76eb53c80cbb5e6775c8d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce15aa2874c0cf538a76eb53c80cbb5e6775c8d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/1eb1c28c/attachment.htm>

More information about the debian-security-tracker-commits mailing list