[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Nov 13 19:46:48 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
686231bf by Moritz Muehlenhoff at 2022-11-13T20:46:36+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2022-45190
CVE-2022-45189
RESERVED
CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...)
- - netatalk <unfixed>
+ - netatalk <unfixed> (bug #1024021)
NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/
CVE-2022-45187
RESERVED
@@ -519,7 +519,7 @@ CVE-2022-3874
CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of QEMU. ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1024022)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
@@ -1026,11 +1026,11 @@ CVE-2022-44795 (An issue was discovered in Object First 1.0.7.712. A flaw was fo
CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management protocol ...)
NOT-FOR-US: Object First
CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...)
- - net-snmp <unfixed>
+ - net-snmp <unfixed> (bug #1024020)
NOTE: https://github.com/net-snmp/net-snmp/issues/475
NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP ...)
- - net-snmp <unfixed>
+ - net-snmp <unfixed> (bug #1024020)
NOTE: https://github.com/net-snmp/net-snmp/issues/474
NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
CVE-2022-44791
@@ -8592,13 +8592,13 @@ CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git
CVE-2022-42967
RESERVED
CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- - python-cleo <unfixed>
+ - python-cleo <unfixed> (bug #1024018)
NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
NOTE: Doesn't seem to be reported upstream so far
CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
NOT-FOR-US: snowflake-connector-python
CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- - pymatgen <unfixed>
+ - pymatgen <unfixed> (bug #1024017)
NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
NOTE: Doesn't seem to be reported upstream so far
CVE-2022-3520
@@ -17291,11 +17291,11 @@ CVE-2022-39412 (Vulnerability in the Oracle Access Manager product of Oracle Fus
CVE-2022-39411 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
NOT-FOR-US: Oracle
CVE-2022-39410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-39409 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
NOT-FOR-US: Oracle
CVE-2022-39408 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-39407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2022-39406 (Vulnerability in the PeopleSoft Enterprise Common Components product o ...)
@@ -17305,14 +17305,13 @@ CVE-2022-39405 (Vulnerability in the Oracle Access Manager product of Oracle Fus
CVE-2022-39404 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...)
NOT-FOR-US: Oracle
CVE-2022-39403 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...)
- - mysql-8.0 <unfixed>
- TODO: check, component "MySQL Shell", unclear if in src:mysql-8.0
+ NOT-FOR-US: Oracle (MySQL Shell)
CVE-2022-39402 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-11 11.0.17+8-1
[bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
@@ -76239,13 +76238,13 @@ CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitiz
CVE-2022-21641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -76253,9 +76252,9 @@ CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
NOT-FOR-US: Oracle
CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
@@ -76278,7 +76277,7 @@ CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
[bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u352-ga-1
- openjdk-11 11.0.17+8-1
@@ -76307,7 +76306,7 @@ CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-17 17.0.5+8-1
[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
@@ -76319,13 +76318,13 @@ CVE-2022-21613 (Vulnerability in the Oracle Enterprise Data Quality product of O
CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction Server ...)
@@ -76333,7 +76332,7 @@ CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction S
CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of Oracle Da ...)
NOT-FOR-US: Oracle
CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -76343,7 +76342,7 @@ CVE-2022-21601 (Vulnerability in the Oracle Communications Billing and Revenue M
CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
NOT-FOR-US: Oracle
CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
@@ -76353,7 +76352,7 @@ CVE-2022-21596 (Vulnerability in the Oracle Database - Advanced Queuing componen
CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1024016)
CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
NOT-FOR-US: Oracle
CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686231bf5cbed1104e1866a0094be62f0af96001
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686231bf5cbed1104e1866a0094be62f0af96001
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221113/2647baae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list