[Git][security-tracker-team/security-tracker][master] Update references for apache2 advisories

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f91ec73 by Salvatore Bonaccorso at 2022-06-08T17:43:20+02:00
Update references for apache2 advisories

Directly link to the respective CVE entry on the apache.org site and add
the oss-security references as well while at it.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1822,10 +1822,11 @@ CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk pr
 	NOT-FOR-US: Trudesk
 CVE-2022-1946
 	RESERVED
-CVE-2022-31813
+CVE-2022-31813 [mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
 CVE-2022-31812
 	RESERVED
 CVE-2022-31811
@@ -5441,10 +5442,11 @@ CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. T
 	[bullseye] - linux 5.10.113-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
 	NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1)
-CVE-2022-30556
+CVE-2022-30556 [Information Disclosure in mod_lua with websockets]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
 CVE-2022-30555
 	RESERVED
 CVE-2022-30554
@@ -5615,10 +5617,11 @@ CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextO
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...)
 	NOT-FOR-US: Trend Micro
-CVE-2022-30522
+CVE-2022-30522 [mod_sed denial of service]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
 CVE-2022-1642
 	RESERVED
 CVE-2022-1641
@@ -8917,10 +8920,11 @@ CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1
 	NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
-CVE-2022-29404
+CVE-2022-29404 [Denial of service in mod_lua r:parsebody]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404
 CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vim/vim ...)
 	- vim 2:8.2.4793-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -11115,14 +11119,16 @@ CVE-2022-28617 (A remote bypass security restrictions vulnerability was discover
 	NOT-FOR-US: HPE OneView
 CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
 	NOT-FOR-US: HPE OneView
-CVE-2022-28615
+CVE-2022-28615 [Read beyond bounds in ap_strcmp_match()]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
-CVE-2022-28614
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615
+CVE-2022-28614 [read beyond bounds via ap_rwrite()]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
 CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...)
 	NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware
 CVE-2022-28610
@@ -11822,10 +11828,11 @@ CVE-2022-28332
 	RESERVED
 CVE-2022-28331
 	RESERVED
-CVE-2022-28330
+CVE-2022-28330 [read beyond bounds in mod_isapi]
 	RESERVED
 	- apache2 <not-affected> (Windows specific)
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/3
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330
 CVE-2022-28329 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
 	NOT-FOR-US: Siemens SCALANCE
 CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
@@ -17597,10 +17604,11 @@ CVE-2022-26379
 	RESERVED
 CVE-2022-26378
 	RESERVED
-CVE-2022-26377
+CVE-2022-26377 [mod_proxy_ajp: Possible request smuggling]
 	RESERVED
 	- apache2 <unfixed>
-	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f91ec731c3d79cf94ef0a78f9cbed07b27e3432

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f91ec731c3d79cf94ef0a78f9cbed07b27e3432
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/47ec30c6/attachment.htm>