[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 15 23:44:24 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
002fa016 by Moritz Muehlenhoff at 2022-07-16T00:43:58+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5315,7 +5315,7 @@ CVE-2022-2101
CVE-2022-33880
RESERVED
CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
@@ -15417,7 +15417,7 @@ CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...)
NOT-FOR-US: clinical-genomics/scout
CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class, used ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3
@@ -29718,7 +29718,7 @@ CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure
CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin
CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4
@@ -30908,7 +30908,7 @@ CVE-2022-24793 (PJSIP is a free and open source multimedia communication library
- asterisk <unfixed> (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -31032,7 +31032,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
- asterisk <unfixed> (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -31040,7 +31040,7 @@ CVE-2022-24763 (PJSIP is a free and open source multimedia communication library
- asterisk <unfixed> (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
NOTE: https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
@@ -31086,7 +31086,7 @@ CVE-2022-24754 (PJSIP is a free and open source multimedia communication library
{DLA-2962-1}
- asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
NOTE: https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...)
@@ -35323,7 +35323,7 @@ CVE-2022-23608 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-005.html
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
@@ -47609,7 +47609,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
[stretch] - ring <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-006.html
@@ -47620,7 +47620,7 @@ CVE-2022-21722 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...)
@@ -48150,7 +48150,7 @@ CVE-2021-43845 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
NOTE: https://github.com/pjsip/pjproject/pull/2924
@@ -48255,7 +48255,7 @@ CVE-2021-43804 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
@@ -50573,7 +50573,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
@@ -50581,7 +50581,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
@@ -50589,7 +50589,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
@@ -50597,7 +50597,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
@@ -50605,7 +50605,7 @@ CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
@@ -67229,7 +67229,7 @@ CVE-2021-37706 (PJSIP is a free and open source multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
@@ -79423,7 +79423,7 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring <unfixed> (bug #1014998)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
@@ -138474,25 +138474,25 @@ CVE-2020-21608
CVE-2020-21607
RESERVED
CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -138504,7 +138504,7 @@ CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weigh
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -138516,7 +138516,7 @@ CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weigh
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -138528,25 +138528,25 @@ CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_p
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/239
CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
- - libde265 <unfixed>
+ - libde265 <unfixed> (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -166544,7 +166544,7 @@ CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where i
NOT-FOR-US: Eclipse Che
CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...)
- resteasy <unfixed> (bug #970328)
- - resteasy3.0 <unfixed>
+ - resteasy3.0 <unfixed> (bug #1015001)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/002fa016f54d625d5b29aff5607c886940d70a48
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/002fa016f54d625d5b29aff5607c886940d70a48
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220715/3abbec69/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list