[Git][security-tracker-team/security-tracker][master] Add several GHSA references for heimdal CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 20 13:23:48 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0babc201 by Salvatore Bonaccorso at 2022-11-20T14:23:13+01:00
Add several GHSA references for heimdal CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3580,6 +3580,7 @@ CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.1
CVE-2022-44640 [Invalid free in ASN.1 codec]
RESERVED
- heimdal <unfixed> (bug #1024187)
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1)
CVE-2022-44639
RESERVED
@@ -10065,6 +10066,7 @@ CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 (master)
NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/b99de751dd35360c0fccac74a40f4a60dbf1ceea (krb5-1.20.1-final)
NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 (krb5-1.19.4-final)
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
NOTE: Heimdal: https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246 (heimdal-7.7.1)
NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
@@ -10609,6 +10611,7 @@ CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
- heimdal <unfixed> (bug #1024187)
NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15134
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j
NOTE: https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3 (heimdal-7.7.1)
NOTE: https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49 (heimdal-7.7.1)
NOTE: https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd (heimdal-7.7.1)
@@ -74065,6 +74068,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During
CVE-2021-44758 [spnego: send_reject when no mech selected]
RESERVED
- heimdal <unfixed> (bug #1024187)
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
NOTE: https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 (heimdal-7.7.1)
CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
NOT-FOR-US: Zoho ManageEngine
@@ -96453,6 +96457,7 @@ CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos s
[stretch] - samba <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-h9qj-cpmq-3562
NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability.
@@ -236529,6 +236534,7 @@ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an
[stretch] - heimdal <no-dsa> (Minor issue)
[jessie] - heimdal <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html
+ NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-q77c-9qvp-qfw4
NOTE: https://github.com/heimdal/heimdal/pull/663
NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch)
NOTE: https://github.com/heimdal/heimdal/commit/0495a19a938ad68283078e62c659e4f1c5980815 (heimdal-7.7.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0babc20175d1d66a898a148cb0753054b3cfae18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0babc20175d1d66a898a148cb0753054b3cfae18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/f00ca105/attachment.htm>
More information about the debian-security-tracker-commits
mailing list