[Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 6 20:10:24 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03384338 by security tracker role at 2022-03-06T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-26019
+	RESERVED
+CVE-2022-24299
+	RESERVED
+CVE-2022-0871
+	RESERVED
+CVE-2022-0870
+	RESERVED
+CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...)
+	TODO: check
 CVE-2022-26507
 	RESERVED
 CVE-2022-26506
@@ -49,8 +59,8 @@ CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine compo
 	NOT-FOR-US: Antaris RazorEngine
 CVE-2020-36517
 	RESERVED
-CVE-2022-0868
-	RESERVED
+CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
+	TODO: check
 CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
@@ -4725,12 +4735,14 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when c
 	NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided
 	NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh
 CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within  ...)
+	{DLA-2932-1}
 	- tiff 4.3.0-4
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
 CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within  ...)
+	{DLA-2932-1}
 	- tiff 4.3.0-4
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
@@ -5570,7 +5582,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array,
 	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
 CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does  ...)
-	{DSA-5087-1}
+	{DSA-5087-1 DLA-2931-1}
 	[experimental] - cyrus-sasl2 2.1.28+dfsg-1
 	- cyrus-sasl2 2.1.28+dfsg-2
 	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
@@ -11345,6 +11357,7 @@ CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify tha
 CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...)
 	NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
 CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
+	{DLA-2932-1}
 	- tiff 4.3.0-3
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
@@ -17996,10 +18009,10 @@ CVE-2021-44751
 	RESERVED
 CVE-2021-44750
 	RESERVED
-CVE-2021-44749
-	RESERVED
-CVE-2021-44748
-	RESERVED
+CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...)
+	TODO: check
+CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered whereby ...)
+	TODO: check
 CVE-2021-44747 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033843381c27c5bac5e4dcb6547903560fbd7d76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033843381c27c5bac5e4dcb6547903560fbd7d76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220306/271c47d4/attachment.htm>
