[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jun 12 21:10:23 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
695bb17c by security tracker role at 2022-06-12T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 0.9. ...)
+	TODO: check
 CVE-2022-32985
 	RESERVED
 CVE-2022-32984
@@ -1088,11 +1090,13 @@ CVE-2022-2012
 	RESERVED
 CVE-2022-2011
 	RESERVED
+	{DSA-5163-1}
 	- chromium 102.0.5005.115-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2010
 	RESERVED
+	{DSA-5163-1}
 	- chromium 102.0.5005.115-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -1100,11 +1104,13 @@ CVE-2022-2009
 	RESERVED
 CVE-2022-2008
 	RESERVED
+	{DSA-5163-1}
 	- chromium 102.0.5005.115-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2007
 	RESERVED
+	{DSA-5163-1}
 	- chromium 102.0.5005.115-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -1643,18 +1649,18 @@ CVE-2018-25041
 	RESERVED
 CVE-2018-25040
 	RESERVED
-CVE-2018-25039
-	RESERVED
-CVE-2018-25038
-	RESERVED
-CVE-2018-25037
-	RESERVED
-CVE-2018-25036
-	RESERVED
-CVE-2018-25035
-	RESERVED
-CVE-2018-25034
-	RESERVED
+CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been de ...)
+	TODO: check
+CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been cl ...)
+	TODO: check
+CVE-2018-25037 (A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified  ...)
+	TODO: check
+CVE-2018-25036 (A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classi ...)
+	TODO: check
+CVE-2018-25035 (A vulnerability, which was classified as problematic, was found in Tho ...)
+	TODO: check
+CVE-2018-25034 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2017-20017 (A vulnerability, which was classified as critical, has been found in T ...)
 	NOT-FOR-US: Genealogy Sitebuilding
 CVE-2020-36544 (A vulnerability has been found in SialWeb CMS and classified as proble ...)
@@ -5050,6 +5056,7 @@ CVE-2022-31031 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
 	TODO: check impact for src:asterisk and src:ring and update entry
 CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...)
+	{DSA-5162-1}
 	- containerd 1.6.6~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
 CVE-2022-31029
@@ -23213,6 +23220,7 @@ CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of T
 CVE-2022-24770 (`gradio` is an open source framework for building interactive machine  ...)
 	NOT-FOR-US: gradio
 CVE-2022-24769 (Moby is an open-source project created by Docker to enable and acceler ...)
+	{DSA-5162-1}
 	- containerd 1.6.2~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
 CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -48963,10 +48971,10 @@ CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototy
 	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
 	NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2
-CVE-2021-41750
-	RESERVED
-CVE-2021-41749
-	RESERVED
+CVE-2021-41750 (A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4. ...)
+	TODO: check
+CVE-2021-41749 (In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible fo ...)
+	TODO: check
 CVE-2021-41748
 	REJECTED
 CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
@@ -49198,8 +49206,8 @@ CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodest
 	NOT-FOR-US: Sourcecodester
 CVE-2021-41642
 	RESERVED
-CVE-2021-41641
-	RESERVED
+CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links correctly ...)
+	TODO: check
 CVE-2021-41640
 	RESERVED
 CVE-2021-41639



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/695bb17c9c66293655c19271a0aa04c31b677242

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/695bb17c9c66293655c19271a0aa04c31b677242
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220612/72f1d18b/attachment.htm>
