[Git][security-tracker-team/security-tracker][master] new zoneminder issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 10 15:11:25 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
725f0300 by Moritz Muehlenhoff at 2022-10-10T16:11:05+02:00
new zoneminder issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6531,7 +6531,7 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
 	NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
 	NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
 CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...)
-	TODO: check
+	NOT-FOR-US: Panini Everest Engine
 CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
 	- modsecurity-crs 3.3.4-1 (bug #1021137)
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
@@ -7974,11 +7974,23 @@ CVE-2022-39293
 CVE-2022-39292
 	RESERVED
 CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408
+	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-39290 (ZoneMinder is a free, open source Closed-circuit television software a ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
+	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television software a ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
+	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-39288
 	RESERVED
 CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
@@ -7986,7 +7998,11 @@ CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protect
 CVE-2022-39286
 	RESERVED
 CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59
+	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2022-39283
@@ -7994,7 +8010,7 @@ CVE-2022-39283
 CVE-2022-39282
 	RESERVED
 CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship  ...)
-	TODO: check
+	NOT-FOR-US: fat_free_crm
 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...)
 	NOT-FOR-US: dparse (parser for Python dependency files)
 CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds  ...)
@@ -8010,7 +8026,7 @@ CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected ver
 CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...)
 	TODO: check
 CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...)
-	TODO: check
+	NOT-FOR-US: FlyteAdmin
 CVE-2022-39272
 	RESERVED
 CVE-2022-39271



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/e98320c6/attachment.htm>

More information about the debian-security-tracker-commits mailing list