[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 1 09:10:23 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
057f046d by security tracker role at 2022-10-01T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...)
+	TODO: check
+CVE-2022-41981
+	RESERVED
+CVE-2022-41977
+	RESERVED
+CVE-2022-41794
+	RESERVED
+CVE-2022-41684
+	RESERVED
+CVE-2022-41649
+	RESERVED
+CVE-2022-41639
+	RESERVED
+CVE-2022-38143
+	RESERVED
+CVE-2022-36354
+	RESERVED
+CVE-2022-3388
+	RESERVED
+CVE-2022-3387
+	RESERVED
+CVE-2022-3386
+	RESERVED
+CVE-2022-3385
+	RESERVED
+CVE-2022-3384
+	RESERVED
+CVE-2022-3383
+	RESERVED
+CVE-2022-3382
+	RESERVED
 CVE-2022-41983
 	RESERVED
 CVE-2022-41976
@@ -6346,8 +6378,8 @@ CVE-2022-39270
 	RESERVED
 CVE-2022-39269
 	RESERVED
-CVE-2022-39268
-	RESERVED
+CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
+	TODO: check
 CVE-2022-39267
 	RESERVED
 CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
@@ -19606,10 +19638,10 @@ CVE-2022-34431
 	RESERVED
 CVE-2022-34430
 	RESERVED
-CVE-2022-34429
-	RESERVED
-CVE-2022-34428
-	RESERVED
+CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability ...)
+	TODO: check
+CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular Expression  ...)
+	TODO: check
 CVE-2022-34427
 	RESERVED
 CVE-2022-34426
@@ -56712,7 +56744,7 @@ CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
 	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25
 CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
-	{DSA-5239-1 DLA-2877-1}
+	{DSA-5239-1 DLA-3129-1 DLA-2877-1}
 	[experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
 	- gdal 3.4.1+dfsg-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
@@ -71852,7 +71884,7 @@ CVE-2021-42262 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. A
 CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
 	NOT-FOR-US: Revisor Video Management System (VMS)
 CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp  ...)
-	{DLA-2988-1}
+	{DLA-3130-1 DLA-2988-1}
 	- tinyxml 2.6.2-6
 	[bullseye] - tinyxml <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
@@ -190611,6 +190643,7 @@ CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility fun
 CVE-2020-7678 (This affects all versions of package node-import. The "params" argumen ...)
 	NOT-FOR-US: Node node-import
 CVE-2020-7677 (This affects the package thenify before 3.3.1. The name argument provi ...)
+	{DLA-3128-1}
 	- node-thenify 3.3.1-1
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690
 	NOTE: https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a (3.3.1)
@@ -215521,7 +215554,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 (v4.1.0)
 	NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
 CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
-	{DLA-2877-1 DLA-1984-1}
+	{DLA-3129-1 DLA-2877-1 DLA-1984-1}
 	- gdal 2.4.2+dfsg-2 (low)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
 	NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057f046dc6ea0596ff8343a397ca64597507c993

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057f046dc6ea0596ff8343a397ca64597507c993
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221001/1ef2e9a3/attachment-0001.htm>
