[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 24 20:10:34 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d33ae3b by Moritz Muehlenhoff at 2022-07-24T21:10:09+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3603,7 +3603,7 @@ CVE-2022-2306 (Old session tokens can be used to authenticate to the application
CVE-2022-2305
RESERVED
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
@@ -3678,7 +3678,7 @@ CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025)
CVE-2022-34910
@@ -3743,7 +3743,7 @@ CVE-2022-34895
CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
@@ -4847,7 +4847,7 @@ CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
NOTE: https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162)
CVE-2022-34493
@@ -6269,7 +6269,7 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al
- commons-configuration2 2.8.0-1 (bug #1014960)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
@@ -6279,17 +6279,17 @@ CVE-2022-2127
RESERVED
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123)
CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122)
CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120)
CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...)
@@ -9951,7 +9951,7 @@ CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of c
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -10749,7 +10749,7 @@ CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerabl
NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
@@ -11699,7 +11699,7 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -12080,13 +12080,13 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t
NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024)
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -12633,7 +12633,7 @@ CVE-2022-1852 (A NULL pointer dereference flaw was found in the Linux kernelR
NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
@@ -13672,7 +13672,7 @@ CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.4
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
NOT-FOR-US: Roxy-WI
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
- - jqueryui <unfixed>
+ - jqueryui <unfixed> (bug #1015982)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
NOTE: https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...)
@@ -14178,7 +14178,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur
NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/4
NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -14549,7 +14549,7 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/dr
NOT-FOR-US: jgraph/drawio
CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...)
{DLA-3053-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
@@ -15580,8 +15580,8 @@ CVE-2022-29470
RESERVED
CVE-2022-28693
RESERVED
+ NOT-FOR-US: Intel
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html
- TODO: check if we want to track src:linux here
CVE-2022-27877
RESERVED
CVE-2022-27808
@@ -16159,7 +16159,7 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in l
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
{DLA-3011-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
@@ -16178,7 +16178,7 @@ CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp
NOTE: Crash in CLI tool, no security impact
CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...)
{DLA-3011-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
@@ -16235,7 +16235,7 @@ CVE-2022-30321 (HashiCorp go-getter through 2.0.2 does not safely perform downlo
NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0)
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...)
{DLA-3011-1}
- - vim <unfixed>
+ - vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
@@ -48817,7 +48817,7 @@ CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions <
CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: JT2Go / Siemens
CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
- - guacamole-client <unfixed>
+ - guacamole-client <unfixed> (bug #1015986)
[stretch] - guacamole-client <not-affected> (SAML is not supported)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -57567,9 +57567,8 @@ CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), i
NOT-FOR-US: JFrog Artifactory
CVE-2021-3859
RESERVED
- - undertow <undetermined>
+ - undertow <unfixed> (bug #1015983)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378
- TODO: check details
CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
{DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
@@ -58217,7 +58216,7 @@ CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices
CVE-2021-41768
RESERVED
CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...)
- - guacamole-client <unfixed>
+ - guacamole-client <unfixed> (bug #1015986)
[stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6
CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
@@ -151385,7 +151384,7 @@ CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vu
CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
NOT-FOR-US: Nagios Log Server
CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
- - perl <unfixed>
+ - perl <unfixed> (bug #1015985)
[bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
[stretch] - perl <no-dsa> (Minor issue)
@@ -162891,7 +162890,7 @@ CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re
- activemq <not-affected> (Only affects 5.15.12)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...)
- - guacamole-client <unfixed>
+ - guacamole-client <unfixed> (bug #1015986)
[stretch] - guacamole-client <ignored> (Minor issue; fix intrusive to backport)
NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E
NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d33ae3bacea265387d891e8afcdc7584ed155f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d33ae3bacea265387d891e8afcdc7584ed155f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220724/6aad866f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list