[Git][security-tracker-team/security-tracker][master] various bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 8 17:07:24 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43783539 by Moritz Muehlenhoff at 2022-06-08T18:06:54+02:00
various bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -997,7 +997,7 @@ CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Componen
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/73
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...)
-	- dwarfutils <unfixed>
+	- dwarfutils <unfixed> (bug #1012515)
 	[bullseye] - dwarfutils <no-dsa> (Minor issue)
 	[buster] - dwarfutils <no-dsa> (Minor issue)
 	[stretch] - dwarfutils <no-dsa> (Minor issue)
@@ -1824,7 +1824,7 @@ CVE-2022-1946
 	RESERVED
 CVE-2022-31813 [mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
 CVE-2022-31812
@@ -2416,12 +2416,12 @@ CVE-2022-31653
 CVE-2022-31652
 	RESERVED
 CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1012516)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1012516)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
@@ -5444,7 +5444,7 @@ CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. T
 	NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1)
 CVE-2022-30556 [Information Disclosure in mod_lua with websockets]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
 CVE-2022-30555
@@ -5619,7 +5619,7 @@ CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and b
 	NOT-FOR-US: Trend Micro
 CVE-2022-30522 [mod_sed denial of service]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
 CVE-2022-1642
@@ -8922,7 +8922,7 @@ CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
 	NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
 CVE-2022-29404 [Denial of service in mod_lua r:parsebody]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404
 CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vim/vim ...)
@@ -9373,7 +9373,7 @@ CVE-2022-29244
 CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...)
-	- libengine-gost-openssl1.1 <unfixed>
+	- libengine-gost-openssl1.1 <unfixed> (bug #1012512)
 	[bullseye] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
 	[buster] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
 	NOTE: https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5
@@ -11121,12 +11121,12 @@ CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was di
 	NOT-FOR-US: HPE OneView
 CVE-2022-28615 [Read beyond bounds in ap_strcmp_match()]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615
 CVE-2022-28614 [read beyond bounds via ap_rwrite()]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
 CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...)
@@ -17606,7 +17606,7 @@ CVE-2022-26378
 	RESERVED
 CVE-2022-26377 [mod_proxy_ajp: Possible request smuggling]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1012513)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43783539477ece2bfbec29dd45022826f37c6e8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43783539477ece2bfbec29dd45022826f37c6e8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/50ae28d3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list