[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 17 20:10:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa915aef by security tracker role at 2022-11-17T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-45462
+ RESERVED
+CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
+ TODO: check
+CVE-2022-45460
+ RESERVED
+CVE-2022-4053 (A vulnerability was found in Student Attendance Management System. It ...)
+ TODO: check
+CVE-2022-4052 (A vulnerability was found in Student Attendance Management System and ...)
+ TODO: check
+CVE-2022-4051 (A vulnerability has been found in Hostel Searching Project and classif ...)
+ TODO: check
+CVE-2022-4050
+ RESERVED
+CVE-2022-4049
+ RESERVED
+CVE-2022-4048
+ RESERVED
+CVE-2022-4047
+ RESERVED
+CVE-2022-4046
+ RESERVED
CVE-2022-4045
RESERVED
CVE-2022-4044
@@ -386,7 +408,7 @@ CVE-2023-21419
RESERVED
CVE-2022-45421
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -395,7 +417,7 @@ CVE-2022-45421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421
CVE-2022-45420
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -408,7 +430,7 @@ CVE-2022-45419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45419
CVE-2022-45418
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -421,7 +443,7 @@ CVE-2022-45417
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45417
CVE-2022-45416
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -440,7 +462,7 @@ CVE-2022-45413
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45413
CVE-2022-45412
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -449,7 +471,7 @@ CVE-2022-45412
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412
CVE-2022-45411
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -458,7 +480,7 @@ CVE-2022-45411
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411
CVE-2022-45410
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -467,7 +489,7 @@ CVE-2022-45410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45410
CVE-2022-45409
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -476,7 +498,7 @@ CVE-2022-45409
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45409
CVE-2022-45408
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -489,7 +511,7 @@ CVE-2022-45407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45407
CVE-2022-45406
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -498,7 +520,7 @@ CVE-2022-45406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406
CVE-2022-45405
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -507,7 +529,7 @@ CVE-2022-45405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405
CVE-2022-45404
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -516,7 +538,7 @@ CVE-2022-45404
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404
CVE-2022-45403
RESERVED
- {DSA-5282-1}
+ {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -4242,10 +4264,10 @@ CVE-2022-44405
RESERVED
CVE-2022-44404
RESERVED
-CVE-2022-44403
- RESERVED
-CVE-2022-44402
- RESERVED
+CVE-2022-44403 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-44402 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-44401
RESERVED
CVE-2022-44400
@@ -4280,8 +4302,8 @@ CVE-2022-44386
RESERVED
CVE-2022-44385
RESERVED
-CVE-2022-44384
- RESERVED
+CVE-2022-44384 (An arbitrary file upload vulnerability in rconfig v3.9.6 allows attack ...)
+ TODO: check
CVE-2022-44383
RESERVED
CVE-2022-44382
@@ -9094,16 +9116,16 @@ CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management
NOT-FOR-US: Canteen Management System
CVE-2022-43143
RESERVED
-CVE-2022-43142
- RESERVED
+CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...)
+ TODO: check
CVE-2022-43141
RESERVED
-CVE-2022-43140
- RESERVED
+CVE-2022-43140 (kkFileView v4.1.0 was discovered to contain a Server-Side Request Forg ...)
+ TODO: check
CVE-2022-43139
RESERVED
-CVE-2022-43138
- RESERVED
+CVE-2022-43138 (Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows ...)
+ TODO: check
CVE-2022-43137
RESERVED
CVE-2022-43136
@@ -9915,7 +9937,7 @@ CVE-2022-42904
CVE-2022-42903
RESERVED
CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...)
- {DSA-5260-1}
+ {DSA-5260-1 DLA-3192-1}
- lava 2022.10-1 (bug #1021737)
NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834
NOTE: https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834
@@ -9955,14 +9977,14 @@ CVE-2022-42895 [Bluetooth: L2CAP: Fix attempting to access uninitialized memory]
RESERVED
- linux 6.0.7-1
NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
-CVE-2022-42894
- RESERVED
-CVE-2022-42893
- RESERVED
-CVE-2022-42892
- RESERVED
-CVE-2022-42891
- RESERVED
+CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
+CVE-2022-42893 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
+CVE-2022-42892 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
+CVE-2022-42891 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...)
{DSA-5264-1 DLA-3169-1}
- batik 1.16+dfsg-1
@@ -10371,12 +10393,12 @@ CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119 a
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-42735
RESERVED
-CVE-2022-42734
- RESERVED
-CVE-2022-42733
- RESERVED
-CVE-2022-42732
- RESERVED
+CVE-2022-42734 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
+CVE-2022-42733 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
+CVE-2022-42732 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
+ TODO: check
CVE-2022-3444 (Insufficient data validation in File System API in Google Chrome prior ...)
{DSA-5244-1}
- chromium 106.0.5249.61-1
@@ -12070,11 +12092,13 @@ CVE-2022-42006
CVE-2022-42005
RESERVED
CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource exhaustion can o ...)
+ {DSA-5283-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3582
NOTE: https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 (jackson-databind-2.13.4)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion c ...)
+ {DSA-5283-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3590
NOTE: https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 (jackson-databind-2.14.0-rc1)
@@ -12247,8 +12271,8 @@ CVE-2022-41922
RESERVED
CVE-2022-41921
RESERVED
-CVE-2022-41920
- RESERVED
+CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...)
+ TODO: check
CVE-2022-41919
RESERVED
CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
@@ -15174,8 +15198,8 @@ CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2022-40752 (IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vul ...)
NOT-FOR-US: IBM
-CVE-2022-40751
- RESERVED
+CVE-2022-40751 (IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7 ...)
+ TODO: check
CVE-2022-40750 (IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-s ...)
NOT-FOR-US: IBM
CVE-2022-40749
@@ -18656,6 +18680,7 @@ CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. A
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
NOT-FOR-US: tiny-csrf Nodejs module
CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...)
+ {DLA-3195-1}
- jupyter-core 4.11.2-1 (bug #1023361)
NOTE: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
NOTE: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 (4.11.2)
@@ -21440,8 +21465,8 @@ CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos
NOT-FOR-US: NotrinosERP
CVE-2022-38391
RESERVED
-CVE-2022-38390
- RESERVED
+CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...)
+ TODO: check
CVE-2022-38389
RESERVED
CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a loc ...)
@@ -53878,7 +53903,7 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow
- node-swagger-ui <itp> (bug #871461)
- swagger-ui <itp> (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
- {DLA-2990-1}
+ {DSA-5283-1 DLA-2990-1}
- jackson-databind 2.13.2.2-1 (bug #1007109)
[buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
@@ -54452,6 +54477,7 @@ CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with w
NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68
NOTE: http://www.openwall.com/lists/oss-security/2022/03/10/1
CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...)
+ {DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <postponed> (Fix in next upload)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838
@@ -54780,11 +54806,13 @@ CVE-2022-26501 (Improper authentication in Veeam Backup & Replication 9.5U3,
CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9. ...)
NOT-FOR-US: Veeam
CVE-2022-26499 (An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...)
+ {DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29476
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-002.html
CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...)
+ {DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872
@@ -56645,6 +56673,7 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
NOT-FOR-US: grapejs
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
+ {DLA-3193-1}
- joblib 1.2.0-1 (bug #1020820)
[bullseye] - joblib <no-dsa> (Minor issue)
NOTE: https://github.com/joblib/joblib/issues/1128
@@ -59771,7 +59800,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3036-1}
+ {DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59779,7 +59808,7 @@ CVE-2022-24793 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3036-1}
+ {DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59805,6 +59834,7 @@ CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum vir
CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
NOT-FOR-US: Vyper
CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3194-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59897,7 +59927,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
NOTE: https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rGYTaKQ1i2ihrPmX2Sz3Zxg-y66L+1Qh6g@mail.gmail.com/
NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
@@ -59905,7 +59935,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3036-1}
+ {DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -63564,7 +63594,7 @@ CVE-2022-0336 (The Samba AD DC includes checks when adding service principals na
CVE-2022-23834
RESERVED
CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...)
- {DSA-5254-1 DLA-2906-1}
+ {DSA-5254-1 DLA-3191-1 DLA-2906-1}
- python-django 2:3.2.12-1 (bug #1004752)
NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main)
@@ -64215,7 +64245,7 @@ CVE-2022-23610 (wire-server provides back end services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -67188,7 +67218,7 @@ CVE-2022-22820 (Due to the lack of media file checks before rendering, it was po
CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55 ...)
NOT-FOR-US: NXP
CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
- {DSA-5254-1 DLA-2906-1}
+ {DSA-5254-1 DLA-3191-1 DLA-2906-1}
- python-django 2:3.2.12-1 (bug #1004752)
NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main)
@@ -71362,6 +71392,7 @@ CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max before SRP 2.
CVE-2021-45453
RESERVED
CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
+ {DLA-3191-1}
- python-django 2:3.2.11-1 (bug #1003113)
[bullseye] - python-django 2:2.2.26-1~deb11u1
[stretch] - python-django <postponed> (Minor issue; fix in next update)
@@ -76576,7 +76607,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -76587,7 +76618,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -77134,7 +77165,7 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -77239,7 +77270,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79617,7 +79648,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79625,7 +79656,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79633,7 +79664,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79641,7 +79672,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79649,7 +79680,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -96357,7 +96388,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-2962-1}
+ {DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -115612,6 +115643,7 @@ CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Es
CVE-2021-30131
RESERVED
CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
+ {DLA-3198-1 DLA-3197-1}
- phpseclib 1.0.19-3
- php-phpseclib 2.0.30-2
- php-phpseclib3 3.0.7-1
@@ -234736,6 +234768,7 @@ CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a
CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...)
- centreon-web <itp> (bug #913903)
CVE-2021-46837 (res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17. ...)
+ {DLA-3194-1}
- asterisk 1:18.9.0~dfsg+~cs6.10.40431411-1 (bug #1018073)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-006.html
NOTE: This is related to CVE-2019-15297 symptoms but not for exactly the same reason.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa915aefd0c03b72be3677c63a95a7f2ed4609de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa915aefd0c03b72be3677c63a95a7f2ed4609de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/253dd349/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list