[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 16 09:10:21 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fd46de1 by security tracker role at 2022-10-16T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-42969 (The py library through 1.11.0 for Python allows remote attackers to co ...)
+	TODO: check
+CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git backe ...)
+	TODO: check
+CVE-2022-42967
+	RESERVED
+CVE-2022-42966
+	RESERVED
+CVE-2022-42965
+	RESERVED
+CVE-2022-42964
+	RESERVED
 CVE-2022-3520
 	RESERVED
 CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -3968,8 +3980,8 @@ CVE-2022-41325
 	RESERVED
 CVE-2022-41324
 	RESERVED
-CVE-2022-41323
-	RESERVED
+CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...)
+	{DSA-5254-1}
 	- python-django 3:3.2.16-1
 	[buster] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
@@ -16734,6 +16746,7 @@ CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems
 CVE-2022-2502
 	RESERVED
 CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...)
+	{DSA-5254-1}
 	- python-django 3:3.2.15-1
 	[buster] - python-django <not-affected> (Vulnerable code introduced in 2.1)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1
@@ -22562,6 +22575,7 @@ CVE-2022-34267
 CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 a ...)
 	NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package
 CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...)
+	{DSA-5254-1}
 	- python-django 2:4.0.6-1 (bug #1014541)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2
 	NOTE: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
@@ -39216,6 +39230,7 @@ CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 t
 CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 t ...)
 	NOT-FOR-US: ARM Mali GPU driver
 CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...)
+	{DSA-5254-1}
 	- python-django 2:3.2.13-1 (bug #1009677)
 	[stretch] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
@@ -39224,7 +39239,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Dj
 	NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
 	NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
 CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...)
-	{DLA-2982-1}
+	{DSA-5254-1 DLA-2982-1}
 	- python-django 2:3.2.13-1 (bug #1009677)
 	NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
 	NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
@@ -53461,7 +53476,7 @@ CVE-2022-0336 (The Samba AD DC includes checks when adding service principals na
 CVE-2022-23834
 	RESERVED
 CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...)
-	{DLA-2906-1}
+	{DSA-5254-1 DLA-2906-1}
 	- python-django 2:3.2.12-1 (bug #1004752)
 	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
@@ -57085,7 +57100,7 @@ CVE-2022-22820 (Due to the lack of media file checks before rendering, it was po
 CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55 ...)
 	NOT-FOR-US: NXP
 CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
-	{DLA-2906-1}
+	{DSA-5254-1 DLA-2906-1}
 	- python-django 2:3.2.12-1 (bug #1004752)
 	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd46de116b5ba7c56bf9e04e86477f01e663fd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd46de116b5ba7c56bf9e04e86477f01e663fd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221016/6bcad5a1/attachment.htm>

More information about the debian-security-tracker-commits mailing list