[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 11 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85ccecc7 by security tracker role at 2022-06-11T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-32985
+ RESERVED
+CVE-2022-32984
+ RESERVED
+CVE-2022-32983
+ RESERVED
+CVE-2022-32982
+ RESERVED
+CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on powerpc ...)
+ TODO: check
+CVE-2022-32980
+ RESERVED
+CVE-2022-32767
+ RESERVED
CVE-2022-32979
RESERVED
CVE-2022-32978 (There is an assertion failure in SingleComponentLSScan::ParseMCU in si ...)
@@ -442,8 +456,8 @@ CVE-2022-2044
RESERVED
CVE-2022-2043
RESERVED
-CVE-2022-2042
- RESERVED
+CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-2041
RESERVED
CVE-2022-2040
@@ -5841,12 +5855,14 @@ CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than
NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4~4)
CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17)
CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
@@ -5854,6 +5870,7 @@ CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17)
NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17)
CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -5863,6 +5880,7 @@ CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memor
NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt
NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/
CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
@@ -5870,6 +5888,7 @@ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17)
NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17)
CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -5879,12 +5898,14 @@ CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fus
NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt
NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/
CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17)
CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -8102,6 +8123,7 @@ CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_r
CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...)
TODO: check
CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...)
+ {DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://github.com/tuxera/ntfs-3g/issues/16
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
@@ -10733,14 +10755,14 @@ CVE-2022-29097
RESERVED
CVE-2022-29096
RESERVED
-CVE-2022-29095
- RESERVED
-CVE-2022-29094
- RESERVED
-CVE-2022-29093
- RESERVED
-CVE-2022-29092
- RESERVED
+CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Del ...)
+ TODO: check
+CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...)
+ TODO: check
+CVE-2022-29093 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...)
+ TODO: check
+CVE-2022-29092 (Dell SupportAssist Client Consumer versions (3.11.0 and versions prior ...)
+ TODO: check
CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...)
NOT-FOR-US: Dell
CVE-2022-29090
@@ -19783,8 +19805,8 @@ CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Com
NOT-FOR-US: git-php
CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...)
NOT-FOR-US: microsoft/workspace-tools
-CVE-2022-25863
- RESERVED
+CVE-2022-25863 (The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.1 ...)
+ TODO: check
CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tricked ...)
NOT-FOR-US: Node sds
CVE-2022-25861
@@ -19807,8 +19829,8 @@ CVE-2022-25853
RESERVED
CVE-2022-25852
RESERVED
-CVE-2022-25851
- RESERVED
+CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...)
+ TODO: check
CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...)
NOT-FOR-US: hoppscotch proxyscotch
CVE-2022-25849
@@ -19819,8 +19841,8 @@ CVE-2022-25847
RESERVED
CVE-2022-25846
RESERVED
-CVE-2022-25845
- RESERVED
+CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
+ TODO: check
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
- angular.js <unfixed>
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
@@ -19935,14 +19957,14 @@ CVE-2022-24431
RESERVED
CVE-2022-24430
RESERVED
-CVE-2022-24429
- RESERVED
+CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
+ TODO: check
CVE-2022-24381
RESERVED
CVE-2022-24377
RESERVED
-CVE-2022-24376
- RESERVED
+CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
+ TODO: check
CVE-2022-24375
RESERVED
CVE-2022-24373
@@ -19951,8 +19973,8 @@ CVE-2022-24298
RESERVED
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
NOT-FOR-US: madlib-object-utils
-CVE-2022-24278
- RESERVED
+CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...)
+ TODO: check
CVE-2022-24068
RESERVED
CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...)
@@ -20009,8 +20031,8 @@ CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulner
NOT-FOR-US: github.com/valyala/fasthttp
CVE-2022-21213
RESERVED
-CVE-2022-21211
- RESERVED
+CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...)
+ TODO: check
CVE-2022-21208
RESERVED
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
@@ -48883,12 +48905,12 @@ CVE-2021-41758
RESERVED
CVE-2021-41757
RESERVED
-CVE-2021-41756
- RESERVED
-CVE-2021-41755
- RESERVED
-CVE-2021-41754
- RESERVED
+CVE-2021-41756 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat parame ...)
+ TODO: check
+CVE-2021-41755 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 param ...)
+ TODO: check
+CVE-2021-41754 (dynamicMarkt <= 3.10 is affected by SQL injection in the parent par ...)
+ TODO: check
CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
NOT-FOR-US: D-Link
CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85ccecc7497fd39b4f900677e4a7d3669f81b9df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85ccecc7497fd39b4f900677e4a7d3669f81b9df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220611/6bcf1b42/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list