[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 26 20:10:39 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b199b06 by security tracker role at 2022-11-26T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-45910
+	RESERVED
 CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...)
 	TODO: check
 CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...)
@@ -4643,7 +4645,7 @@ CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.1
 	NOTE: https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5 (2022.11)
 CVE-2022-44640 [Invalid free in ASN.1 codec]
 	RESERVED
-	{DSA-5287-1}
+	{DSA-5287-1 DLA-3206-1}
 	- heimdal <unfixed> (bug #1024187)
 	NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
 	NOTE: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1)
@@ -11110,7 +11112,7 @@ CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be
 	NOT-FOR-US: Bentley
 CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
 	RESERVED
-	{DSA-5287-1 DSA-5286-1}
+	{DSA-5287-1 DSA-5286-1 DLA-3206-1}
 	- heimdal <unfixed> (bug #1024187)
 	- krb5 1.20.1-1 (bug #1024267)
 	- samba 2:4.17.3+dfsg-1
@@ -11658,7 +11660,7 @@ CVE-2022-42704
 	RESERVED
 CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
 	RESERVED
-	{DSA-5287-1}
+	{DSA-5287-1 DLA-3206-1}
 	- samba 2:4.16.6+dfsg-1
 	- heimdal <unfixed> (bug #1024187)
 	NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html
@@ -13450,7 +13452,7 @@ CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsea
 CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
 	NOT-FOR-US: OpenSearch
 CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...)
-	{DSA-5287-1}
+	{DSA-5287-1 DLA-3206-1}
 	- heimdal <unfixed> (bug #1024187)
 	NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
 	NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1)
@@ -75197,7 +75199,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During
 	NOT-FOR-US: Pimcore
 CVE-2021-44758 [spnego: send_reject when no mech selected]
 	RESERVED
-	{DSA-5287-1}
+	{DSA-5287-1 DLA-3206-1}
 	- heimdal <unfixed> (bug #1024187)
 	NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
 	NOTE: https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 (heimdal-7.7.1)
@@ -97581,7 +97583,7 @@ CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba S
 CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
 	NOT-FOR-US: Aruba
 CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...)
-	{DSA-5287-1}
+	{DSA-5287-1 DLA-3206-1}
 	- heimdal 7.7.0+dfsg-3 (bug #996586)
 	[stretch] - heimdal <no-dsa> (Minor issue)
 	- samba 2:4.13.13+dfsg-1
@@ -237672,7 +237674,7 @@ CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as u
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	NOTE: https://keithp.com/blogs/picolibc-string-float/
 CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
-	{DLA-2668-1}
+	{DLA-3206-1 DLA-2668-1}
 	- samba 2:4.11.3+dfsg-1
 	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b199b06f8076ca217ccf55c9cbd78b5c14b4bdc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b199b06f8076ca217ccf55c9cbd78b5c14b4bdc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221126/7ff27af5/attachment.htm>

More information about the debian-security-tracker-commits mailing list