[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Oct 2 19:21:52 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54fe6ddb by Moritz Muehlenhoff at 2022-10-02T20:21:20+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3226,7 +3226,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can
 CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
 	NOT-FOR-US: Delta
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #1021141)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
@@ -4919,21 +4919,21 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
 CVE-2022-39959
 	RESERVED
 CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #1021137)
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
 	NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #1021137)
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
 	NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #1021137)
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
 	NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 	NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf.
 	NOTE: https://bugs.debian.org/1020303
 CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
-	- modsecurity-crs <unfixed>
+	- modsecurity-crs <unfixed> (bug #1021137)
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
 	NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39954
@@ -5340,7 +5340,7 @@ CVE-2022-3101
 	NOT-FOR-US: tripleo-ansible
 CVE-2022-3100 [access policy bypass via query string injection]
 	RESERVED
-	- barbican <unfixed>
+	- barbican <unfixed> (bug #1021139)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404
 CVE-2022-39798
 	RESERVED
@@ -6444,24 +6444,21 @@ CVE-2022-39253
 CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
 	TODO: check
 CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	- node-matrix-js-sdk <undetermined>
+	- node-matrix-js-sdk <unfixed> (bug #1021136)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
-	TODO: check if affecting the nodejs version of matrix-js-sdk
 CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...)
-	- node-matrix-js-sdk <undetermined>
+	- node-matrix-js-sdk <unfixed> (bug #1021136)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
-	TODO: check if affecting the nodejs version of matrix-js-sdk
 CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	- node-matrix-js-sdk <undetermined>
+	- node-matrix-js-sdk <unfixed> (bug #1021136)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061
 	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
-	TODO: check if affecting the nodejs version of matrix-js-sdk
 CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
 	NOT-FOR-US: Matrix SDK for Android
 CVE-2022-39247
@@ -6487,11 +6484,10 @@ CVE-2022-39238 (Arvados is an open source platform for managing and analyzing bi
 CVE-2022-39237
 	RESERVED
 CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	- node-matrix-js-sdk <undetermined>
+	- node-matrix-js-sdk <unfixed> (bug #1021136)
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
 	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488
-	TODO: check if affects nodejs version of matrix-js-sdk
 CVE-2022-39235
 	RESERVED
 CVE-2022-39234
@@ -15061,19 +15057,19 @@ CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.0
 CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In  ...)
 	NOT-FOR-US: Blue Prism Enterprise
 CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...)
-	- cargo <unfixed>
+	- cargo <unfixed> (bug #1021142)
 	[bullseye] - cargo <no-dsa> (Minor issue)
 	[buster] - cargo <no-dsa> (Minor issue)
-	- rust-cargo <unfixed>
+	- rust-cargo <unfixed> (bug #1021142)
 	[bullseye] - rust-cargo <no-dsa> (Minor issue)
 	[buster] - rust-cargo <no-dsa> (Minor issue)
 	NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp
 	NOTE: https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7
 CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a  ...)
-	- cargo <unfixed>
+	- cargo <unfixed> (bug #1021142)
 	[bullseye] - cargo <no-dsa> (Minor issue)
 	[buster] - cargo <no-dsa> (Minor issue)
-	- rust-cargo <unfixed>
+	- rust-cargo <unfixed> (bug #1021142)
 	[bullseye] - rust-cargo <no-dsa> (Minor issue)
 	[buster] - rust-cargo <no-dsa> (Minor issue)
 	NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j
@@ -27022,14 +27018,14 @@ CVE-2022-31631
 CVE-2022-31630
 	RESERVED
 CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...)
-	- php8.1 <unfixed>
+	- php8.1 <unfixed> (bug #1021138)
 	- php7.4 <removed>
 	- php7.3 <removed>
 	NOTE: Fixed in 8.1.11, 7.4.32
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727
 	NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca
 CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...)
-	- php8.1 <unfixed>
+	- php8.1 <unfixed> (bug #1021138)
 	- php7.4 <removed>
 	- php7.3 <removed>
 	NOTE: Fixed in 8.1.11, 7.4.32
@@ -92834,7 +92830,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
 CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1021135)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
 	NOTE: https://sourceforge.net/p/sox/bugs/349/
 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
@@ -92849,11 +92845,11 @@ CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1021134)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
 	NOTE: https://sourceforge.net/p/sox/bugs/350/
 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1021133)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
 	NOTE: https://sourceforge.net/p/sox/bugs/352/
 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221002/16ce5d35/attachment.htm>


More information about the debian-security-tracker-commits mailing list