[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 31 20:43:06 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af34593a by Moritz Muehlenhoff at 2022-07-31T21:42:55+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11179,7 +11179,7 @@ CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been de
CVE-2022-32548
RESERVED
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -11189,7 +11189,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -11199,7 +11199,7 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44)
CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -12483,7 +12483,7 @@ CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does
CVE-2022-1950
RESERVED
CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1016446)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781
NOTE: https://github.com/389ds/389-ds-base/issues/5170
CVE-2022-32135
@@ -15645,7 +15645,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ..
NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514
@@ -15703,7 +15703,7 @@ CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisat
CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2179
NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78
@@ -19921,7 +19921,7 @@ CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escala
CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
NOT-FOR-US: Dingtian
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2175
NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
@@ -20112,7 +20112,7 @@ CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command
CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -20649,14 +20649,14 @@ CVE-2022-29342
CVE-2022-29341
RESERVED
CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
NOTE: https://github.com/gpac/gpac/issues/2163
CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -21475,7 +21475,7 @@ CVE-2022-29064
RESERVED
CVE-2022-1319
RESERVED
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1016448)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2073890
CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...)
NOT-FOR-US: Hills ComNav
@@ -22783,7 +22783,7 @@ CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior
CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to ...)
- phpipam <itp> (bug #731713)
CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
@@ -23914,7 +23914,7 @@ CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE vers
CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...)
NOT-FOR-US: Grav CMS
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -26635,7 +26635,7 @@ CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that imag
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1016443)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243
@@ -27927,7 +27927,7 @@ CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.
CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1016445)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
NOTE: https://github.com/389ds/389-ds-base/issues/5242
NOTE: https://github.com/389ds/389-ds-base/commit/caad47ab207d7c5d61521ec4d33091db559c315a (master)
@@ -74453,7 +74453,7 @@ CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJ
NOTE: https://sourceforge.net/p/djvu/bugs/302/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
CVE-2021-3629 (A flaw was found in Undertow. A potential security issue in flow contr ...)
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1016448)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362
NOTE: Make sure to also address followup tracked as CVE-2022-1259:
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2072339
@@ -100498,7 +100498,7 @@ CVE-2021-25745 (A security issue was discovered in ingress-nginx where a user th
CVE-2021-25744
RESERVED
CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
- - kubernetes <unfixed>
+ - kubernetes <unfixed> (bug #1016441)
[bullseye] - kubernetes <no-dsa> (Minor issue)
NOTE: https://github.com/kubernetes/kubernetes/issues/101695
CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af34593a59d0b1fb039477e120b33e80c77f25ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af34593a59d0b1fb039477e120b33e80c77f25ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220731/465bc659/attachment.htm>
More information about the debian-security-tracker-commits
mailing list