[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Oct 2 19:21:52 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54fe6ddb by Moritz Muehlenhoff at 2022-10-02T20:21:20+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3226,7 +3226,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can
CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
NOT-FOR-US: Delta
CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1021141)
[bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
@@ -4919,21 +4919,21 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
CVE-2022-39959
RESERVED
CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf.
NOTE: https://bugs.debian.org/1020303
CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- - modsecurity-crs <unfixed>
+ - modsecurity-crs <unfixed> (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954
@@ -5340,7 +5340,7 @@ CVE-2022-3101
NOT-FOR-US: tripleo-ansible
CVE-2022-3100 [access policy bypass via query string injection]
RESERVED
- - barbican <unfixed>
+ - barbican <unfixed> (bug #1021139)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404
CVE-2022-39798
RESERVED
@@ -6444,24 +6444,21 @@ CVE-2022-39253
CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
TODO: check
CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- - node-matrix-js-sdk <undetermined>
+ - node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
- TODO: check if affecting the nodejs version of matrix-js-sdk
CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...)
- - node-matrix-js-sdk <undetermined>
+ - node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
- TODO: check if affecting the nodejs version of matrix-js-sdk
CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- - node-matrix-js-sdk <undetermined>
+ - node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061
NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
- TODO: check if affecting the nodejs version of matrix-js-sdk
CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
NOT-FOR-US: Matrix SDK for Android
CVE-2022-39247
@@ -6487,11 +6484,10 @@ CVE-2022-39238 (Arvados is an open source platform for managing and analyzing bi
CVE-2022-39237
RESERVED
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- - node-matrix-js-sdk <undetermined>
+ - node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488
- TODO: check if affects nodejs version of matrix-js-sdk
CVE-2022-39235
RESERVED
CVE-2022-39234
@@ -15061,19 +15057,19 @@ CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.0
CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
NOT-FOR-US: Blue Prism Enterprise
CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...)
- - cargo <unfixed>
+ - cargo <unfixed> (bug #1021142)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <no-dsa> (Minor issue)
- - rust-cargo <unfixed>
+ - rust-cargo <unfixed> (bug #1021142)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <no-dsa> (Minor issue)
NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp
NOTE: https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7
CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a ...)
- - cargo <unfixed>
+ - cargo <unfixed> (bug #1021142)
[bullseye] - cargo <no-dsa> (Minor issue)
[buster] - cargo <no-dsa> (Minor issue)
- - rust-cargo <unfixed>
+ - rust-cargo <unfixed> (bug #1021142)
[bullseye] - rust-cargo <no-dsa> (Minor issue)
[buster] - rust-cargo <no-dsa> (Minor issue)
NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j
@@ -27022,14 +27018,14 @@ CVE-2022-31631
CVE-2022-31630
RESERVED
CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...)
- - php8.1 <unfixed>
+ - php8.1 <unfixed> (bug #1021138)
- php7.4 <removed>
- php7.3 <removed>
NOTE: Fixed in 8.1.11, 7.4.32
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727
NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca
CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...)
- - php8.1 <unfixed>
+ - php8.1 <unfixed> (bug #1021138)
- php7.4 <removed>
- php7.3 <removed>
NOTE: Fixed in 8.1.11, 7.4.32
@@ -92834,7 +92830,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1021135)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
NOTE: https://sourceforge.net/p/sox/bugs/349/
CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
@@ -92849,11 +92845,11 @@ CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1021134)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
NOTE: https://sourceforge.net/p/sox/bugs/350/
CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #1021133)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
NOTE: https://sourceforge.net/p/sox/bugs/352/
CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fe6ddb939e24f082ce80a3ef19f8593f97e985
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221002/16ce5d35/attachment.htm>
More information about the debian-security-tracker-commits
mailing list