[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 29 09:10:22 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9259172c by security tracker role at 2022-10-29T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-43997
+	RESERVED
+CVE-2022-43996
+	RESERVED
+CVE-2022-43995
+	RESERVED
+CVE-2022-43994
+	RESERVED
+CVE-2022-43993
+	RESERVED
+CVE-2022-43992
+	RESERVED
+CVE-2022-43991
+	RESERVED
+CVE-2022-43990
+	RESERVED
+CVE-2022-43989
+	RESERVED
+CVE-2022-43988
+	RESERVED
+CVE-2022-43987
+	RESERVED
+CVE-2022-43986
+	RESERVED
+CVE-2022-43985
+	RESERVED
+CVE-2022-43984
+	RESERVED
+CVE-2022-43983
+	RESERVED
+CVE-2022-3752
+	RESERVED
+CVE-2022-3751
+	RESERVED
 CVE-2022-43982
 	RESERVED
 CVE-2022-43981
@@ -3635,20 +3669,20 @@ CVE-2022-43288
 	RESERVED
 CVE-2022-43287
 	RESERVED
-CVE-2022-43286
-	RESERVED
-CVE-2022-43285
-	RESERVED
-CVE-2022-43284
-	RESERVED
-CVE-2022-43283
-	RESERVED
-CVE-2022-43282
-	RESERVED
-CVE-2022-43281
-	RESERVED
-CVE-2022-43280
-	RESERVED
+CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug c ...)
+	TODO: check
+CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation in ...)
+	TODO: check
+CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...)
+	TODO: check
+CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. ...)
+	TODO: check
+CVE-2022-43282 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...)
+	TODO: check
+CVE-2022-43281 (wasm-interp v1.0.29 was discovered to contain a heap overflow via the  ...)
+	TODO: check
+CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...)
+	TODO: check
 CVE-2022-43279
 	RESERVED
 CVE-2022-43278
@@ -4628,8 +4662,7 @@ CVE-2022-42918
 	RESERVED
 CVE-2022-42917
 	RESERVED
-CVE-2022-42916 [HSTS bypass via IDN]
-	RESERVED
+CVE-2022-42916 (In curl before 7.86.0, the HSTS check could be bypassed to trick it in ...)
 	- curl 7.86.0-1
 	[buster] - curl <not-affected> (Vulnerable code not present)
 	NOTE: https://curl.se/docs/CVE-2022-42916.html
@@ -16223,8 +16256,8 @@ CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal i
 	NOT-FOR-US: Octopus Server
 CVE-2022-2827
 	RESERVED
-CVE-2022-2826
-	RESERVED
+CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-38361
@@ -18029,8 +18062,8 @@ CVE-2022-37623
 	RESERVED
 CVE-2022-37622
 	RESERVED
-CVE-2022-37621
-	RESERVED
+CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
+	TODO: check
 CVE-2022-37620
 	RESERVED
 CVE-2022-37619



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9259172c29f30c79f9b429908d2a444c9439fa4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9259172c29f30c79f9b429908d2a444c9439fa4f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221029/e6cac4e9/attachment.htm>
