[Git][security-tracker-team/security-tracker][master] new zoneminder issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Oct 10 15:11:25 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
725f0300 by Moritz Muehlenhoff at 2022-10-10T16:11:05+02:00
new zoneminder issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6531,7 +6531,7 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...)
- TODO: check
+ NOT-FOR-US: Panini Everest Engine
CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- modsecurity-crs 3.3.4-1 (bug #1021137)
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
@@ -7974,11 +7974,23 @@ CVE-2022-39293
CVE-2022-39292
RESERVED
CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- TODO: check
+ - zoneminder <unfixed> (unimportant)
+ NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408
+ NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-39290 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- TODO: check
+ - zoneminder <unfixed> (unimportant)
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+ NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
+ NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- TODO: check
+ - zoneminder <unfixed> (unimportant)
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
+ NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
+ NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-39288
RESERVED
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
@@ -7986,7 +7998,11 @@ CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protect
CVE-2022-39286
RESERVED
CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- TODO: check
+ - zoneminder <unfixed> (unimportant)
+ NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59
+ NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...)
- codeigniter <itp> (bug #471583)
CVE-2022-39283
@@ -7994,7 +8010,7 @@ CVE-2022-39283
CVE-2022-39282
RESERVED
CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship ...)
- TODO: check
+ NOT-FOR-US: fat_free_crm
CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...)
NOT-FOR-US: dparse (parser for Python dependency files)
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...)
@@ -8010,7 +8026,7 @@ CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected ver
CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...)
TODO: check
CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...)
- TODO: check
+ NOT-FOR-US: FlyteAdmin
CVE-2022-39272
RESERVED
CVE-2022-39271
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/725f0300705db81e9ee93c3e1e896276d956ada4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/e98320c6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list