[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 14 21:10:27 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37b9d5b8 by security tracker role at 2022-05-14T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1717
+	RESERVED
 CVE-2022-1716
 	RESERVED
 CVE-2022-30703
@@ -4084,8 +4086,8 @@ CVE-2022-29267
 	RESERVED
 CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...)
 	- snipe-it <itp> (bug #1005172)
-CVE-2022-1379
-	RESERVED
+CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...)
+	TODO: check
 CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...)
 	NOT-FOR-US: Apache APISIX
 CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
@@ -6253,6 +6255,7 @@ CVE-2022-28465
 CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which ...)
 	NOT-FOR-US: Apifox
 CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ...)
+	{DLA-3007-1}
 	- imagemagick <unfixed>
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -34173,7 +34176,7 @@ CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server
 CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5131-1 DSA-5128-1}
+	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
 	- openjdk-11 11.0.15+10-1
 	- openjdk-17 17.0.3+7-1
@@ -34217,7 +34220,7 @@ CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5131-1 DSA-5128-1}
+	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
 	- openjdk-11 11.0.15+10-1 (bug #1010597)
 	- openjdk-17 17.0.3+7-1
@@ -34292,7 +34295,7 @@ CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed>
 	- mysql-5.7 <removed>
 CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5131-1 DSA-5128-1}
+	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
 	- openjdk-11 11.0.15+10-1
 	- openjdk-17 17.0.3+7-1
@@ -34314,7 +34317,7 @@ CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5131-1 DSA-5128-1}
+	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
 	- openjdk-11 11.0.15+10-1
 	- openjdk-17 17.0.3+7-1
@@ -34335,7 +34338,7 @@ CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-8.0 <unfixed>
 	- mysql-5.7 <removed>
 CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5131-1 DSA-5128-1}
+	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
 	- openjdk-11 11.0.15+10-1
 	- openjdk-17 17.0.3+7-1
@@ -59997,6 +60000,7 @@ CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contain
 CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may  ...)
 	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...)
+	{DLA-3007-1}
 	- imagemagick 8:6.9.11.57+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b9d5b864196c5feb4e6a84fa2312e0b5bbe24b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37b9d5b864196c5feb4e6a84fa2312e0b5bbe24b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220514/6abe8c96/attachment.htm>

More information about the debian-security-tracker-commits mailing list