[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 11 21:10:30 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57351cea by security tracker role at 2022-09-11T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2603,8 +2603,7 @@ CVE-2022-39137
 	RESERVED
 CVE-2022-39136
 	RESERVED
-CVE-2022-39135
-	RESERVED
+CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...)
 	NOT-FOR-US: Apache Calcite
 CVE-2022-39134
 	RESERVED
@@ -8400,7 +8399,7 @@ CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Netw
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-2588
 	RESERVED
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	NOTE: https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
@@ -8408,14 +8407,14 @@ CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome on
 	- chromium <not-affected> (Chrome on Chrome OS)
 CVE-2022-2586
 	RESERVED
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	NOTE: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/5
 CVE-2022-2585
 	RESERVED
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
@@ -8678,7 +8677,7 @@ CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This
 CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...)
 	NOT-FOR-US: FastStone Image Viewer
 CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...)
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
 	NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
@@ -8871,7 +8870,7 @@ CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform SS
 CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows  ...)
 	NOT-FOR-US: Webmin module
 CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfrm_expa ...)
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8)
 CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...)
@@ -9812,6 +9811,7 @@ CVE-2022-2527
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...)
+	{DSA-5228-1}
 	- gdk-pixbuf 2.42.8+dfsg-1
 	[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present; GIF animation support added later)
 	NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
@@ -25948,7 +25948,7 @@ CVE-2022-26844 (Insufficiently protected credentials in the installation binarie
 CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
 	NOT-FOR-US: Intel
 CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...)
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.16-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
 	NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
@@ -27821,13 +27821,13 @@ CVE-2022-29902
 CVE-2022-1526 (A vulnerability, which was classified as problematic, was found in Eml ...)
 	NOT-FOR-US: Emlog Pro
 CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Spectre  ...)
-	{DSA-5207-1}
+	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.14-1
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
 CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow arbit ...)
-	{DSA-5207-1 DSA-5184-1}
+	{DSA-5207-1 DSA-5184-1 DLA-3102-1}
 	- linux 5.18.14-1
 	- xen 4.16.2-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
@@ -39109,8 +39109,8 @@ CVE-2022-26060
 	RESERVED
 CVE-2022-26050
 	RESERVED
-CVE-2022-26049
-	RESERVED
+CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before 3.37.2. It  ...)
+	TODO: check
 CVE-2022-26048
 	RESERVED
 CVE-2022-26046
@@ -41167,8 +41167,8 @@ CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. Th
 	NOT-FOR-US: drogon
 CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...)
 	NOT-FOR-US: Node bodymen
-CVE-2022-25295
-	RESERVED
+CVE-2022-25295 (This affects the package github.com/gophish/gophish before 0.12.0. The ...)
+	TODO: check
 CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...)
 	NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows
 CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox and XTM ap ...)
@@ -57184,6 +57184,7 @@ CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows rem
 CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
 	- python-django-cms <itp> (bug #516183)
 CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
+	{DSA-5228-1}
 	- gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600)
 	[buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
 	[stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57351ceab2760a3f77d826a4fb4213292299052d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57351ceab2760a3f77d826a4fb4213292299052d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/93d1bc2e/attachment.htm>

More information about the debian-security-tracker-commits mailing list