[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 22 21:10:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6de00bfd by security tracker role at 2022-05-22T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to  ...)
+	TODO: check
+CVE-2022-1812
+	RESERVED
+CVE-2022-1811
+	RESERVED
+CVE-2022-1810
+	RESERVED
 CVE-2022-31269
 	RESERVED
 CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading we ...)
@@ -76,6 +84,7 @@ CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
 	NOT-FOR-US: Trudesk
 CVE-2022-1802
 	RESERVED
+	{DSA-5143-1}
 	- firefox 100.0.2-1
 	- firefox-esr 91.9.1esr-1
 	- thunderbird <unfixed>
@@ -3641,6 +3650,7 @@ CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/li
 	NOT-FOR-US: livehelperchat
 CVE-2022-1529
 	RESERVED
+	{DSA-5143-1}
 	- firefox 100.0.2-1
 	- firefox-esr 91.9.1esr-1
 	- thunderbird <unfixed>
@@ -3874,7 +3884,7 @@ CVE-2022-29826
 CVE-2022-29825
 	RESERVED
 CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...)
-	{DLA-3012-1}
+	{DSA-5142-1 DLA-3012-1}
 	- libxml2 2.9.14+dfsg-1 (bug #1010526)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)
@@ -14641,7 +14651,7 @@ CVE-2021-4224
 CVE-2022-26111 (The BeanShell components of IRISNext through 9.8.28 allow execution of ...)
 	NOT-FOR-US: IRISNext
 CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before  ...)
-	{DLA-2984-1}
+	{DSA-5144-1 DLA-2984-1}
 	- condor <unfixed> (bug #1008634)
 	NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
 	NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
@@ -157889,6 +157899,7 @@ CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass au
 CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Samsung Galaxy S10 Firmware
 CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...)
+	{DLA-3014-1}
 	- elog <removed>
 	NOTE: https://elog.psi.ch/elogs/Forum/69114
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-252/
@@ -158385,7 +158396,6 @@ CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory
 CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
-	{DLA-3014-1}
 	- envoyproxy <itp> (bug #987544)
 CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
 	NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
@@ -179255,7 +179265,7 @@ CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200
 CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
-	{DLA-2724-1}
+	{DSA-5144-1 DLA-2724-1}
 	- condor <unfixed> (bug #963777)
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de00bfd95cf07cdd2ccea1cad15afd7bc0e6d4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de00bfd95cf07cdd2ccea1cad15afd7bc0e6d4f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220522/42fbea10/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list