[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Oct 23 23:25:04 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fcd0fc3e by Moritz Muehlenhoff at 2022-10-24T00:24:19+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -534,11 +534,11 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a
 CVE-2022-3628
 	RESERVED
 CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...)
@@ -559,7 +559,7 @@ CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1)
 CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This  ...)
-	- exim4 <unfixed>
+	- exim4 <unfixed> (bug #1022556)
 	[bullseye] - exim4 <not-affected> (Vulnerable code not present)
 	[buster] - exim4 <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0)
@@ -610,15 +610,15 @@ CVE-2022-3601
 CVE-2022-3600
 	RESERVED
 CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
 CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
 CVE-2021-46846
@@ -811,7 +811,7 @@ CVE-2022-3572
 CVE-2022-3571
 	RESERVED
 CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #1022555)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/386
@@ -1663,7 +1663,7 @@ CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as probl
 	[buster] - libx11 <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af (libX11-1.7.4)
 CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...)
-	- libx11 <unfixed>
+	- libx11 <unfixed> (bug #1022560)
 	[bullseye] - libx11 <no-dsa> (Minor issue)
 	[buster] - libx11 <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef
@@ -49205,7 +49205,7 @@ CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape i
 CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0  ...)
-	- shapelib <unfixed>
+	- shapelib <unfixed> (bug #1022557)
 	NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
 	NOTE: https://github.com/OSGeo/shapelib/issues/39
 CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...)
@@ -77011,6 +77011,7 @@ CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During
 	- snipe-it <itp> (bug #1005172)
 CVE-2021-42010
 	RESERVED
+	NOT-FOR-US: Apache Heron
 CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
 	NOT-FOR-US: Apache Traffic Control
 CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcd0fc3e8bd3599153a25565cd6c8917a55a4775

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcd0fc3e8bd3599153a25565cd6c8917a55a4775
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221023/5746ad84/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list