[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 5 08:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d34a521 by security tracker role at 2022-03-05T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-26486
+ RESERVED
+CVE-2022-26485
+ RESERVED
+CVE-2022-26484 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
+ TODO: check
+CVE-2022-26483 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
+ TODO: check
+CVE-2022-26482
+ RESERVED
+CVE-2022-26481
+ RESERVED
+CVE-2022-26480
+ RESERVED
+CVE-2022-26479
+ RESERVED
+CVE-2022-26478
+ RESERVED
+CVE-2022-26477
+ RESERVED
+CVE-2022-0867
+ RESERVED
+CVE-2022-0866
+ RESERVED
+CVE-2022-0865
+ RESERVED
CVE-2022-26476
RESERVED
CVE-2022-26475
@@ -162,8 +188,8 @@ CVE-2022-0857
RESERVED
CVE-2022-0856
RESERVED
-CVE-2022-0855
- RESERVED
+CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...)
+ TODO: check
CVE-2022-0854
RESERVED
CVE-2022-0853
@@ -344,8 +370,8 @@ CVE-2022-26343
RESERVED
CVE-2022-26337
RESERVED
-CVE-2022-26336
- RESERVED
+CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...)
+ TODO: check
CVE-2022-26335
RESERVED
CVE-2022-26334
@@ -442,8 +468,8 @@ CVE-2022-26320
RESERVED
CVE-2022-26319
RESERVED
-CVE-2022-26318
- RESERVED
+CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...)
+ TODO: check
CVE-2022-26317
RESERVED
CVE-2022-26316
@@ -787,126 +813,147 @@ CVE-2022-0810
RESERVED
CVE-2022-0809
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0808
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0807
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0806
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0805
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0804
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0803
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0802
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0801
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0800
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0799
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0798
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0797
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0796
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0795
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0794
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0793
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0792
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0791
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0790
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0789
RESERVED
+ {DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -1531,8 +1578,8 @@ CVE-2022-23923
RESERVED
CVE-2022-23920
RESERVED
-CVE-2022-23915
- RESERVED
+CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...)
+ TODO: check
CVE-2022-23812
RESERVED
CVE-2022-23811
@@ -2147,8 +2194,8 @@ CVE-2022-25625
RESERVED
CVE-2022-25624
RESERVED
-CVE-2022-25623
- RESERVED
+CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...)
+ TODO: check
CVE-2022-25325
RESERVED
CVE-2022-25234
@@ -2530,8 +2577,8 @@ CVE-2022-25467
RESERVED
CVE-2022-25466
RESERVED
-CVE-2022-25465
- RESERVED
+CVE-2022-25465 (Espruino 2v11 release was discovered to contain a stack buffer overflo ...)
+ TODO: check
CVE-2022-25464
RESERVED
CVE-2022-25463
@@ -2921,8 +2968,8 @@ CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm al
NOT-FOR-US: Cerebrate
CVE-2022-25316
RESERVED
-CVE-2022-25312
- RESERVED
+CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was discovered in ...)
+ TODO: check
CVE-2022-21132
RESERVED
CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
@@ -3658,8 +3705,8 @@ CVE-2022-25108
RESERVED
CVE-2022-25107
RESERVED
-CVE-2022-25106
- RESERVED
+CVE-2022-25106 (D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer ov ...)
+ TODO: check
CVE-2022-25105
RESERVED
CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file ...)
@@ -3732,8 +3779,8 @@ CVE-2022-25071
RESERVED
CVE-2022-25070
RESERVED
-CVE-2022-25069
- RESERVED
+CVE-2022-25069 (Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scr ...)
+ TODO: check
CVE-2022-25068
RESERVED
CVE-2022-25067
@@ -3788,8 +3835,8 @@ CVE-2022-25046
RESERVED
CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...)
NOT-FOR-US: Home Owners Collection Management System
-CVE-2022-25044
- RESERVED
+CVE-2022-25044 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
+ TODO: check
CVE-2022-25043
RESERVED
CVE-2022-25042
@@ -4536,8 +4583,8 @@ CVE-2022-24729
RESERVED
CVE-2022-24728
RESERVED
-CVE-2022-24727
- RESERVED
+CVE-2022-24727 (Weblate is a web based localization tool with tight version control in ...)
+ TODO: check
CVE-2022-24726
RESERVED
CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in version ...)
@@ -8209,8 +8256,8 @@ CVE-2022-23731
RESERVED
CVE-2022-23730
RESERVED
-CVE-2022-23729
- RESERVED
+CVE-2022-23729 (When the device is in factory state, it can be access the shell withou ...)
+ TODO: check
CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
NOT-FOR-US: LG
CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
@@ -9313,16 +9360,16 @@ CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by:
NOT-FOR-US: MCMS
CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
NOT-FOR-US: MCMS
-CVE-2021-46384
- RESERVED
+CVE-2021-46384 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. T ...)
+ TODO: check
CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
NOT-FOR-US: MCMS
-CVE-2021-46382
- RESERVED
-CVE-2021-46381
- RESERVED
-CVE-2021-46380
- RESERVED
+CVE-2021-46382 (Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access ...)
+ TODO: check
+CVE-2021-46381 (Local File Inclusion due to path traversal in D-Link DAP-1620 leads to ...)
+ TODO: check
+CVE-2021-46380 (Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Sc ...)
+ TODO: check
CVE-2021-46379 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...)
NOT-FOR-US: D-Link
CVE-2021-46378 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...)
@@ -9375,8 +9422,8 @@ CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). T
NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server)
CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
NOT-FOR-US: Thinfinity VirtualUI
-CVE-2021-46353
- RESERVED
+CVE-2021-46353 (An information disclosure in web interface in D-Link DIR-X1860 before ...)
+ TODO: check
CVE-2021-46352
RESERVED
CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
@@ -9780,10 +9827,10 @@ CVE-2022-23235
RESERVED
CVE-2022-23234
RESERVED
-CVE-2022-23233
- RESERVED
-CVE-2022-23232
- RESERVED
+CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
+ TODO: check
+CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
+ TODO: check
CVE-2022-23231
RESERVED
CVE-2022-23230
@@ -10668,8 +10715,8 @@ CVE-2022-22948
RESERVED
CVE-2022-22947 (In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applicat ...)
TODO: check
-CVE-2022-22946
- RESERVED
+CVE-2022-22946 (In spring cloud gateway versions prior to 3.1.1+ , applications that a ...)
+ TODO: check
CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
NOT-FOR-US: VMware
CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS ...)
@@ -17551,8 +17598,8 @@ CVE-2022-21830
RESERVED
CVE-2022-21829
RESERVED
-CVE-2022-21828
- RESERVED
+CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...)
+ TODO: check
CVE-2022-21827
RESERVED
CVE-2022-21826
@@ -17569,8 +17616,8 @@ CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in
NOT-FOR-US: AFI WebACMS
CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
NOT-FOR-US: ARM
-CVE-2021-44827
- RESERVED
+CVE-2021-44827 (There is remote authenticated OS command injection on TP-Link Archer C ...)
+ TODO: check
CVE-2021-44826
RESERVED
CVE-2021-44825
@@ -22331,8 +22378,8 @@ CVE-2021-43592
RESERVED
CVE-2021-43591
RESERVED
-CVE-2021-43590
- RESERVED
+CVE-2021-43590 (Dell EMC Enterprise Storage Analytics for vRealize Operations, version ...)
+ TODO: check
CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
NOT-FOR-US: EMC
CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
@@ -23239,8 +23286,7 @@ CVE-2021-23222 (A man-in-the-middle attacker can inject false responses to the c
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24)
-CVE-2021-23214
- RESERVED
+CVE-2021-23214 (When the server is configured to use trust authentication with a clien ...)
{DSA-5007-1 DSA-5006-1 DLA-2817-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
@@ -31416,8 +31462,8 @@ CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporte
- mahara <removed>
CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
NOT-FOR-US: Netgear
-CVE-2021-40846
- RESERVED
+CVE-2021-40846 (An issue was discovered in Rhinode Trading Paints through 2.0.36. TP U ...)
+ TODO: check
CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
NOT-FOR-US: Zenitel
CVE-2021-40844
@@ -33150,8 +33196,7 @@ CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond
NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0)
CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
NOT-FOR-US: flatcore-cms
-CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
- RESERVED
+CVE-2021-3744 (A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gc ...)
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -33170,8 +33215,7 @@ CVE-2021-40149
RESERVED
CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2021-3743
- RESERVED
+CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC ...)
{DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
@@ -33194,8 +33238,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resou
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
-CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server]
- RESERVED
+CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...)
{DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
@@ -40734,8 +40777,7 @@ CVE-2021-37141
RESERVED
CVE-2021-37140
RESERVED
-CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
- RESERVED
+CVE-2021-3656 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
{DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
@@ -48580,8 +48622,7 @@ CVE-2021-3577 (An unauthenticated remote code execution vulnerability was report
NOT-FOR-US: Binatone
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
NOT-FOR-US: Bitdefender
-CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
- RESERVED
+CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...)
- openjpeg2 <unfixed> (bug #989775)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
@@ -53241,8 +53282,8 @@ CVE-2021-32010
RESERVED
CVE-2021-32009
RESERVED
-CVE-2021-32008
- RESERVED
+CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...)
+ TODO: check
CVE-2021-32007
RESERVED
CVE-2021-32006
@@ -63421,8 +63462,7 @@ CVE-2021-3429
- cloud-init 20.4.1-2 (bug #985540)
[buster] - cloud-init 20.2-2~deb10u2
NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
-CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
- RESERVED
+CVE-2021-3428 (A flaw was found in the Linux kernel. A denial of service problem is i ...)
{DLA-2689-1 DLA-2610-1}
- linux 5.8.7-1
[buster] - linux 4.19.181-1
@@ -64410,10 +64450,10 @@ CVE-2021-27759
RESERVED
CVE-2021-27758
RESERVED
-CVE-2021-27757
- RESERVED
-CVE-2021-27756
- RESERVED
+CVE-2021-27757 (" Insecure password storage issue.The application stores sensitive inf ...)
+ TODO: check
+CVE-2021-27756 ("TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2. ...)
+ TODO: check
CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
NOT-FOR-US: HCL
CVE-2021-27754
@@ -83807,8 +83847,7 @@ CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/n
[buster] - linux 4.19.208-1
[stretch] - linux <ignored> (s390x not supported in LTS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010090
-CVE-2021-20319
- RESERVED
+CVE-2021-20319 (An improper signature verification vulnerability was found in coreos-i ...)
NOT-FOR-US: coreos-installer
CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
@@ -83902,14 +83941,12 @@ CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode]
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849
NOTE: Negligible security impact
-CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
- RESERVED
+CVE-2021-20303 (A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cp ...)
{DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831
-CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot]
- RESERVED
+CVE-2021-20302 (A flaw was found in OpenEXR's TiledInputFile functionality. This flaw ...)
{DLA-2732-1}
- openexr 2.5.4-1
[buster] - openexr <ignored> (Minor issue)
@@ -83917,8 +83954,7 @@ CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot]
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842
CVE-2021-20301
RESERVED
-CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress]
- RESERVED
+CVE-2021-20300 (A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/I ...)
{DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d34a521062cd84328d582f7f73558e6ab38952f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d34a521062cd84328d582f7f73558e6ab38952f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220305/effbd6ae/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list