[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 17 08:10:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a1eb34d by security tracker role at 2022-03-17T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,13 @@
+CVE-2022-27228
+ RESERVED
+CVE-2022-27227
+ RESERVED
+CVE-2022-27226
+ RESERVED
+CVE-2022-0999
+ RESERVED
CVE-2022-0998
+ RESERVED
- linux <unfixed> (unimportant)
NOTE: https://git.kernel.org/linus/870aaff92e959e29d40f9cfdb5ed06ba2fc2dae0 (5.17-rc1)
NOTE: CONFIG_VHOST_VDPA not set in Debian
@@ -1794,8 +1803,8 @@ CVE-2022-26536
RESERVED
CVE-2022-26535
RESERVED
-CVE-2022-26534
- RESERVED
+CVE-2022-26534 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...)
+ TODO: check
CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site scriptin ...)
NOT-FOR-US: Alist
CVE-2022-25960
@@ -2490,8 +2499,8 @@ CVE-2022-26305
RESERVED
CVE-2022-26301
RESERVED
-CVE-2022-26300
- RESERVED
+CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...)
+ TODO: check
CVE-2022-26299
RESERVED
CVE-2022-26298
@@ -2500,12 +2509,12 @@ CVE-2022-26297
RESERVED
CVE-2022-26296
RESERVED
-CVE-2022-26295
- RESERVED
+CVE-2022-26295 (A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user ...)
+ TODO: check
CVE-2022-26294
RESERVED
-CVE-2022-26293
- RESERVED
+CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to contain a ...)
+ TODO: check
CVE-2022-26292
RESERVED
CVE-2022-26291
@@ -4495,12 +4504,12 @@ CVE-2022-25518
RESERVED
CVE-2022-25517
RESERVED
-CVE-2022-25516
- RESERVED
-CVE-2022-25515
- RESERVED
-CVE-2022-25514
- RESERVED
+CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+ TODO: check
+CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+ TODO: check
+CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
+ TODO: check
CVE-2022-25513
RESERVED
CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...)
@@ -8785,14 +8794,14 @@ CVE-2022-24077
RESERVED
CVE-2022-24076
RESERVED
-CVE-2022-24075
- RESERVED
-CVE-2022-24074
- RESERVED
-CVE-2022-24073
- RESERVED
-CVE-2022-24072
- RESERVED
+CVE-2022-24075 (Whale browser before 3.12.129.18 allowed extensions to replace JavaScr ...)
+ TODO: check
+CVE-2022-24074 (Whale Bridge, a default extension in Whale browser before 3.12.129.18, ...)
+ TODO: check
+CVE-2022-24073 (The Web Request API in Whale browser before 3.12.129.18 allowed to den ...)
+ TODO: check
+CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed extension ...)
+ TODO: check
CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
NOT-FOR-US: Whale browser
CVE-2022-24070
@@ -10698,8 +10707,8 @@ CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giv
NOT-FOR-US: OpenMRS
CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
-CVE-2022-23610
- RESERVED
+CVE-2022-23610 (wire-server provides back end services for Wire, an open source messen ...)
+ TODO: check
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -15824,8 +15833,8 @@ CVE-2022-22275
RESERVED
CVE-2022-22274
RESERVED
-CVE-2022-22273
- RESERVED
+CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Ele ...)
+ TODO: check
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
NOT-FOR-US: Samsung
CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...)
@@ -30310,8 +30319,8 @@ CVE-2021-42221
RESERVED
CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...)
- dolibarr <removed>
-CVE-2021-42219
- RESERVED
+CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...)
+ TODO: check
CVE-2021-42218
RESERVED
CVE-2021-42217
@@ -95604,6 +95613,7 @@ CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a
CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...)
NOT-FOR-US: Android media framework
CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a ...)
+ {DLA-2951-1}
- flac 1.3.4-1 (bug #1006339)
[bullseye] - flac <no-dsa> (Minor issue)
[buster] - flac <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a1eb34dd02e77fc23d78cde011e0174d97c78e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a1eb34dd02e77fc23d78cde011e0174d97c78e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220317/c1014178/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list