[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 14 08:10:30 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02d91ddf by security tracker role at 2022-11-14T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. ...)
+	TODO: check
+CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...)
+	TODO: check
+CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...)
+	TODO: check
 CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...)
 	TODO: check
 CVE-2022-3977
@@ -66,8 +72,8 @@ CVE-2022-45185
 	RESERVED
 CVE-2022-45184
 	RESERVED
-CVE-2022-45183
-	RESERVED
+CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...)
+	TODO: check
 CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module  ...)
 	NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV)
 CVE-2022-45181
@@ -17398,6 +17404,7 @@ CVE-2022-39379 (Fluentd collects events from various data sources and writes the
 CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...)
 	NOT-FOR-US: Discourse
 CVE-2022-39377 (sysstat is a set of system performance tools for the Linux operating s ...)
+	{DLA-3188-1}
 	- sysstat <unfixed> (bug #1023832)
 	[bullseye] - sysstat <no-dsa> (Minor issue)
 	NOTE: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
@@ -38539,8 +38546,7 @@ CVE-2022-31632
 	RESERVED
 CVE-2022-31631
 	RESERVED
-CVE-2022-31630
-	RESERVED
+CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imagelo ...)
 	{DSA-5277-1}
 	- php8.1 8.1.12-1
 	- php7.4 <removed>
@@ -92216,10 +92222,10 @@ CVE-2021-38830
 	RESERVED
 CVE-2021-38829
 	RESERVED
-CVE-2021-38828
-	RESERVED
-CVE-2021-38827
-	RESERVED
+CVE-2021-38828 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...)
+	TODO: check
+CVE-2021-38827 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...)
+	TODO: check
 CVE-2021-38826
 	RESERVED
 CVE-2021-38825
@@ -98454,6 +98460,7 @@ CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. Wh
 	[stretch] - mc <no-dsa> (Minor issue)
 	NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f
 CVE-2021-36369 (An issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ...)
+	{DLA-3187-1}
 	- dropbear 2022.82-1
 	[bullseye] - dropbear <no-dsa> (Minor issue)
 	NOTE: https://github.com/mkj/dropbear/pull/128
@@ -214685,6 +214692,7 @@ CVE-2017-18640 (The Alias feature in SnakeYAML before 1.26 allows entity expansi
 CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root because a c ...)
 	NOT-FOR-US: OpenBSD
 CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...)
+	{DLA-3188-1}
 	- sysstat 12.2.0-2 (unimportant; bug #946657)
 	[stretch] - sysstat <not-affected> (Vulnerable code introduced in v11.7.1)
 	[jessie] - sysstat <not-affected> (Vulnerable code introduced in v11.7.1)
@@ -231138,6 +231146,7 @@ CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and 12
 CVE-2019-16169
 	RESERVED
 CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...)
+	{DLA-3188-1}
 	- sysstat 12.1.7-1 (bug #939914)
 	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
 	[jessie] - sysstat <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02d91ddff178ef1131b0f9a73d980d3744e1639d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02d91ddff178ef1131b0f9a73d980d3744e1639d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/9c8d5e1a/attachment.htm>

More information about the debian-security-tracker-commits mailing list