[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 31 08:10:33 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0513b34 by security tracker role at 2022-10-31T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-20853
+	RESERVED
+CVE-2023-20852
+	RESERVED
+CVE-2022-44448
+	RESERVED
+CVE-2022-44447
+	RESERVED
+CVE-2022-44446
+	RESERVED
+CVE-2022-44445
+	RESERVED
+CVE-2022-44444
+	RESERVED
+CVE-2022-44443
+	RESERVED
+CVE-2022-44442
+	RESERVED
+CVE-2022-44441
+	RESERVED
+CVE-2022-44440
+	RESERVED
+CVE-2022-44439
+	RESERVED
+CVE-2022-44438
+	RESERVED
+CVE-2022-44437
+	RESERVED
+CVE-2022-44436
+	RESERVED
+CVE-2022-44435
+	RESERVED
+CVE-2022-44434
+	RESERVED
+CVE-2022-44433
+	RESERVED
+CVE-2022-44432
+	RESERVED
+CVE-2022-44431
+	RESERVED
+CVE-2022-44430
+	RESERVED
+CVE-2022-44429
+	RESERVED
+CVE-2022-44428
+	RESERVED
+CVE-2022-44427
+	RESERVED
+CVE-2022-44426
+	RESERVED
+CVE-2022-44425
+	RESERVED
+CVE-2022-44424
+	RESERVED
+CVE-2022-44423
+	RESERVED
+CVE-2022-44422
+	RESERVED
+CVE-2022-44421
+	RESERVED
+CVE-2022-44420
+	RESERVED
+CVE-2022-44419
+	RESERVED
+CVE-2022-3760
+	RESERVED
+CVE-2022-3759
+	RESERVED
+CVE-2022-3758
+	RESERVED
 CVE-2022-44418
 	RESERVED
 CVE-2022-44417
@@ -3233,6 +3303,7 @@ CVE-2022-43752
 CVE-2022-43751
 	RESERVED
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
+	{DLA-3173-1}
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 (6.1-rc1)
@@ -3389,7 +3460,7 @@ CVE-2022-43682
 CVE-2022-43681
 	RESERVED
 CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by overeag ...)
-	{DLA-3165-1}
+	{DSA-5266-1 DLA-3165-1}
 	- expat 2.5.0-1 (bug #1022743)
 	NOTE: https://github.com/libexpat/libexpat/issues/649
 	NOTE: https://github.com/libexpat/libexpat/pull/616
@@ -3652,6 +3723,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
 	- ceph <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
 CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+	{DLA-3173-1}
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
@@ -4003,6 +4075,7 @@ CVE-2022-3647 (A vulnerability, which was classified as problematic, was found i
 	NOTE: Crash inside the crash report when redis already crashed due to calling an invalid
 	NOTE: function pointer, negligible security impact
 CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...)
+	{DLA-3173-1}
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1)
@@ -4037,6 +4110,7 @@ CVE-2022-3636 (A vulnerability, which was classified as critical, was found in L
 	- linux <not-affected> (No vulnerable code in any upstream or Debian released version)
 	NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
 CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux 4.19.260-1
@@ -4044,6 +4118,7 @@ CVE-2022-3635 (A vulnerability, which was classified as critical, has been found
 CVE-2022-3634
 	RESERVED
 CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux Kern ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4058,6 +4133,7 @@ CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as p
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 (6.0-rc1)
 CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux 4.19.260-1
@@ -4075,6 +4151,7 @@ CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtif
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4088,6 +4165,7 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared a
 CVE-2022-3622
 	RESERVED
 CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+	{DLA-3173-1}
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1
 	NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1)
@@ -4270,6 +4348,7 @@ CVE-2022-3588
 CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
 	NOT-FOR-US: SourceCodester Simple Cold Storage Management System
 CVE-2022-3586 (A flaw was found in the Linux kernel’s networking code. A use-af ...)
+	{DLA-3173-1}
 	- linux 5.19.11-1
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
@@ -5435,7 +5514,7 @@ CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through Desi
 	NOT-FOR-US: Autodesk
 CVE-2022-42932
 	RESERVED
-	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -5452,7 +5531,7 @@ CVE-2022-42930
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
 CVE-2022-42929
 	RESERVED
-	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -5461,7 +5540,7 @@ CVE-2022-42929
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929
 CVE-2022-42928
 	RESERVED
-	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -5470,7 +5549,7 @@ CVE-2022-42928
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928
 CVE-2022-42927
 	RESERVED
-	{DSA-5262-1 DSA-5259-1 DLA-3156-1}
+	{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
 	- firefox 106.0-1
 	- firefox-esr 102.4.0esr-1
 	- thunderbird 1:102.4.0-1
@@ -6098,28 +6177,28 @@ CVE-2022-42724 (app/Controller/UsersController.php in MISP before 2.4.164 allows
 CVE-2022-42723
 	RESERVED
 CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
 	NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
 	NOTE: https://github.com/PurpleVsGreen/beacown
 CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in the Lin ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
 	NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
 	NOTE: https://github.com/PurpleVsGreen/beacown
 CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the mac80211 sta ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
 	NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
 	NOTE: https://github.com/PurpleVsGreen/beacown
 CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSID elem ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -8484,7 +8563,7 @@ CVE-2022-41676
 CVE-2022-41675
 	RESERVED
 CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers  ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -8897,7 +8976,7 @@ CVE-2022-3304
 	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsystem du ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.19.11-1
 	NOTE: https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5)
 CVE-2022-3302 (The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin  ...)
@@ -9893,6 +9972,7 @@ CVE-2022-40983
 CVE-2022-40693
 	RESERVED
 CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
+	{DLA-3173-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -10791,14 +10871,14 @@ CVE-2022-3229
 	RESERVED
 CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...)
 	TODO: check
-CVE-2022-40742
-	RESERVED
-CVE-2022-40741
-	RESERVED
+CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...)
+	TODO: check
+CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient filtering f ...)
+	TODO: check
 CVE-2022-40740
 	RESERVED
-CVE-2022-40739
-	RESERVED
+CVE-2022-40739 (Ragic report generation page has insufficient filtering for special ch ...)
+	TODO: check
 CVE-2022-3227
 	RESERVED
 CVE-2022-3226
@@ -11179,8 +11259,7 @@ CVE-2022-40619
 	RESERVED
 CVE-2022-40618
 	RESERVED
-CVE-2022-40617
-	RESERVED
+CVE-2022-40617 (strongSwan before 5.9.8 allows remote attackers to cause a denial of s ...)
 	{DSA-5249-1 DLA-3143-1}
 	- strongswan 5.9.8-1 (bug #1021271)
 	NOTE: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
@@ -11455,7 +11534,7 @@ CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DE
 CVE-2022-3177
 	RESERVED
 CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel. Signalf ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.17.3-1
 	NOTE: https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
 CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior  ...)
@@ -11876,7 +11955,7 @@ CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound
 	NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4)
 	NOTE: https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4)
 CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...)
-	{DSA-5257-1 DLA-3131-1}
+	{DSA-5257-1 DLA-3173-1 DLA-3131-1}
 	- linux 5.19.11-1
 	NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
 CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...)
@@ -11885,10 +11964,12 @@ CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.
 	NOT-FOR-US: Canto Cumulus
 CVE-2022-40304 [dict corruption caused by entity reference cycles]
 	RESERVED
+	{DLA-3172-1}
 	- libxml2 <unfixed> (bug #1022225)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b (v2.10.3)
 CVE-2022-40303 [integer overflows with XML_PARSE_HUGE]
 	RESERVED
+	{DLA-3172-1}
 	- libxml2 <unfixed> (bug #1022224)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3)
 CVE-2022-40302
@@ -12981,7 +13062,7 @@ CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave
 CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
 	NOT-FOR-US: Lotus 1-2-3
 CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
-	{DSA-5257-1 DLA-3131-1}
+	{DSA-5257-1 DLA-3173-1 DLA-3131-1}
 	- linux 5.19.6-1 (unimportant)
 	NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4)
 	NOTE: Driver not enabled in Debian configs
@@ -14469,6 +14550,7 @@ CVE-2022-39191
 	RESERVED
 	NOT-FOR-US: Mediawiki extension OAuth
 CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the Linux  ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -14574,7 +14656,7 @@ CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kerne
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
 	NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
 CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...)
-	{DSA-5257-1 DLA-3131-1}
+	{DSA-5257-1 DLA-3173-1 DLA-3131-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
@@ -14884,7 +14966,7 @@ CVE-2022-3063
 CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.18.2-1
 	NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
 CVE-2022-39043
@@ -14917,20 +14999,20 @@ CVE-2022-39030 (smart eVision has inadequate authorization for system informatio
 	NOT-FOR-US: Smart eVision
 CVE-2022-39029 (Smart eVision has inadequate authorization for the database query func ...)
 	NOT-FOR-US: Smart eVision
-CVE-2022-39027
-	RESERVED
-CVE-2022-39026
-	RESERVED
-CVE-2022-39025
-	RESERVED
-CVE-2022-39024
-	RESERVED
-CVE-2022-39023
-	RESERVED
-CVE-2022-39022
-	RESERVED
-CVE-2022-39021
-	RESERVED
+CVE-2022-39027 (U-Office Force Forum function has insufficient filtering for special c ...)
+	TODO: check
+CVE-2022-39026 (U-Office Force UserDefault page has insufficient filtering for special ...)
+	TODO: check
+CVE-2022-39025 (U-Office Force PrintMessage function has insufficient filtering for sp ...)
+	TODO: check
+CVE-2022-39024 (U-Office Force Bulletin function has insufficient filtering for specia ...)
+	TODO: check
+CVE-2022-39023 (U-Office Force Download function has a path traversal vulnerability. A ...)
+	TODO: check
+CVE-2022-39022 (U-Office Force Download function has a path traversal vulnerability. A ...)
+	TODO: check
+CVE-2022-39021 (U-Office Force login function has an Open Redirect vulnerability. An u ...)
+	TODO: check
 CVE-2022-39020
 	RESERVED
 CVE-2022-39019
@@ -15546,7 +15628,7 @@ CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all ve
 CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
 	- routinator <itp> (bug #929024)
 CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
-	{DLA-3131-1}
+	{DLA-3173-1 DLA-3131-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	NOTE: https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
@@ -16666,6 +16748,7 @@ CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available m
 	NOTE: Introduced after: https://gitlab.isc.org/isc-projects/bind9/-/commit/e18777c7582d54d227714882e9e79746ce48e002 (v9_17_20)
 	NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197 (v9_18_7)
 CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's BPF  ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -19302,6 +19385,7 @@ CVE-2022-37456
 CVE-2022-37455
 	RESERVED
 CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
+	{DSA-5267-1}
 	- php8.1 8.1.12-1
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -19573,7 +19657,7 @@ CVE-2020-36571
 CVE-2020-36570
 	RESERVED
 CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...)
-	{DSA-5257-1 DLA-3131-1}
+	{DSA-5257-1 DLA-3173-1 DLA-3131-1}
 	- linux 6.0.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1
 CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...)
@@ -19947,7 +20031,7 @@ CVE-2022-2603 (Use after free in Omnibox in Google Chrome prior to 104.0.5112.79
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-2602 [io_uring/af_unix: defer registered files gc to io_uring release]
 	RESERVED
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 6.0.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80
@@ -28371,7 +28455,7 @@ CVE-2022-2155
 CVE-2022-2154 (An attacker with physical access can exploit this vulnerability to exe ...)
 	NOT-FOR-US: Intel
 CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
-	{DSA-5173-1 DLA-3131-1 DLA-3065-1}
+	{DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1}
 	- linux 5.17.3-1
 	[bullseye] - linux 5.10.140-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736
@@ -38314,7 +38398,7 @@ CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affect
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s Atheros wi ...)
-	{DLA-3131-1}
+	{DLA-3173-1 DLA-3131-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125
@@ -45252,7 +45336,7 @@ CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a
 CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab  ...)
 	- gitlab <unfixed>
 CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
@@ -62240,7 +62324,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
 CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.18.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -70437,7 +70521,7 @@ CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector
 CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...)
 	NOT-FOR-US: Intel
 CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() functio ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.14.6-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
 	NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
@@ -78499,13 +78583,14 @@ CVE-2022-20423 (In rndis_set_response of rndis.c, there is a possible out of bou
 	NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
 	NOTE: https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17)
 CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a possible w ...)
+	{DLA-3173-1}
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
 	NOTE: https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1)
 CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way to cor ...)
-	{DSA-5257-1}
+	{DSA-5257-1 DLA-3173-1}
 	- linux 5.19.11-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://source.android.com/docs/security/bulletin/2022-10-01



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0513b3480fbe948a74531f23f5583bd6a571350

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0513b3480fbe948a74531f23f5583bd6a571350
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221031/56800bea/attachment.htm>

More information about the debian-security-tracker-commits mailing list