[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0145217 by Moritz Muehlenhoff at 2022-07-27T23:23:52+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2022-2551
 CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1016142)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537
@@ -11765,7 +11765,7 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in t
 	NOT-FOR-US: Veeam
 CVE-2022-32224
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #1016140)
 	NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
 CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
 	- nodejs <not-affected> (Only affects Windows)
@@ -33350,27 +33350,27 @@ CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to
 	NOT-FOR-US: Combodi
 CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
 	RESERVED
-	- net-snmp <unfixed>
+	- net-snmp <unfixed> (bug #1016139)
 	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24804 (Discourse is an open source platform for community discussion. In stab ...)
 	NOT-FOR-US: Discourse
@@ -63927,7 +63927,7 @@ CVE-2021-39949
 CVE-2021-39948
 	RESERVED
 CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...)
-	- gitlab-ci-multi-runner <unfixed>
+	- gitlab-ci-multi-runner <unfixed> (bug #1016138)
 CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
 	- gitlab <unfixed>
 CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01452174c8838a19000aea8a572946f527d98c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01452174c8838a19000aea8a572946f527d98c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220727/adeb4e6c/attachment.htm>