[Git][security-tracker-team/security-tracker][master] 4 commits: Expand one note for CVE-2022-2211

Sun Jul 10 21:11:20 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8eb2366 by Salvatore Bonaccorso at 2022-07-10T22:10:53+02:00
Expand one note for CVE-2022-2211

- - - - -
ed83f0f0 by Salvatore Bonaccorso at 2022-07-10T22:10:55+02:00
Process some NFUs

- - - - -
67e0bd82 by Salvatore Bonaccorso at 2022-07-10T22:10:56+02:00
Update todo for CVE-2022-2191

- - - - -
1187e1af by Salvatore Bonaccorso at 2022-07-10T22:10:58+02:00
Add CVE-2022-204{7,8}/jetty9

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -288,7 +288,7 @@ CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 (v9.0.0045)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
-	TODO: check
+	NOT-FOR-US: outline
 CVE-2022-2341
 	RESERVED
 CVE-2022-2340
@@ -1169,7 +1169,7 @@ CVE-2022-2291
 CVE-2022-34915
 	RESERVED
 CVE-2022-34914 (Webswing before 22.1.3 allows X-Forwarded-For header injection. The cl ...)
-	TODO: check
+	NOT-FOR-US: Webswing
 CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Mar ...)
 	TODO: check
 CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...)
@@ -2336,8 +2336,8 @@ CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
 	NOTE: In 1:1.46.2-1 of src:libguestfs the tools were split out to src:guestfs-tools, marking that as fixed version
 	NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029274.html
 	NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029277.html
-	NOTE: https://github.com/libguestfs/libguestfs-common/commit/35467027f657
-	NOTE: https://github.com/libguestfs/libguestfs/commit/99844660b48e
+	NOTE: https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57
+	NOTE: Documentation: https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53
 CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
@@ -2751,7 +2751,7 @@ CVE-2022-2193
 CVE-2022-2192
 	RESERVED
 CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...)
-	TODO: check
+	TODO: check, claims to affect only 10.x and 11.x series, check for jetty9
 CVE-2022-34362
 	RESERVED
 CVE-2022-34361
@@ -3652,7 +3652,7 @@ CVE-2022-34009
 CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...)
 	NOT-FOR-US: Comodo Antivirus
 CVE-2022-34007 (EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafte ...)
-	TODO: check
+	NOT-FOR-US: EQS Integrity Line
 CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
 	NOT-FOR-US: TitanFTP
 CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
@@ -6637,9 +6637,11 @@ CVE-2022-26842
 CVE-2022-2049
 	RESERVED
 CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
-	TODO: check
+	- jetty9 <unfixed>
+	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
 CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...)
-	TODO: check
+	- jetty9 <unfixed>
+	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
 CVE-2022-2046
 	RESERVED
 CVE-2022-2045



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dc69a91ee68a180a9614e2e8d90f468bd687614...1187e1af6914c33d80a6bae706d2930be4658535

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dc69a91ee68a180a9614e2e8d90f468bd687614...1187e1af6914c33d80a6bae706d2930be4658535
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220710/6edbfe9f/attachment.htm>
