[Git][security-tracker-team/security-tracker][master] 5 commits: Add Debian bug reference for CVE-2022-2989/libpod

Mon Sep 12 20:07:41 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54f1474b by Salvatore Bonaccorso at 2022-09-12T20:50:17+02:00
Add Debian bug reference for CVE-2022-2989/libpod

- - - - -
1c4dfecb by Salvatore Bonaccorso at 2022-09-12T20:53:05+02:00
Add Debian bug references for vim issues

- - - - -
1038d615 by Salvatore Bonaccorso at 2022-09-12T20:55:17+02:00
Add Debian bug references for dpdk issues

- - - - -
1b6a97ab by Salvatore Bonaccorso at 2022-09-12T20:58:56+02:00
Add Debian bug references for advancecomp issues

- - - - -
e992e0fc by Salvatore Bonaccorso at 2022-09-12T21:06:57+02:00
Add upstream tag information for CVE-2019-17546/gdal

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1178,7 +1178,7 @@ CVE-2022-39960
 CVE-2022-3135
 	RESERVED
 CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1019590)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
 	NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
@@ -2794,7 +2794,7 @@ CVE-2022-39199
 CVE-2022-39198
 	RESERVED
 CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1019590)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
 	NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
@@ -3391,7 +3391,7 @@ CVE-2022-3038
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1019590)
 	NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
 	NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
 CVE-2022-3036
@@ -4097,7 +4097,7 @@ CVE-2022-2990
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453
 CVE-2022-2989
 	RESERVED
-	- libpod <unfixed>
+	- libpod <unfixed> (bug #1019591)
 	NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
 CVE-2022-2988
@@ -4146,7 +4146,7 @@ CVE-2022-2984
 CVE-2022-2983
 	RESERVED
 CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1019590)
 	NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
 	NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260)
 CVE-2022-2981
@@ -4412,7 +4412,7 @@ CVE-2022-38649
 CVE-2022-38648
 	RESERVED
 CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1019590)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
 	NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246)
@@ -13894,37 +13894,37 @@ CVE-2022-35022
 CVE-2022-35021
 	RESERVED
 CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via  ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (bug #1019592)
 	[buster] - advancecomp <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md
 	TODO: check, unclear reporting to upstream
 CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via  ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
-	- advancecomp <unfixed> (unimportant)
+	- advancecomp <unfixed> (unimportant; bug #1019592)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md
 	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
@@ -16418,7 +16418,7 @@ CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't v
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK. This issue ...)
 	{DSA-5222-1 DLA-3092-1}
-	- dpdk <unfixed>
+	- dpdk <unfixed> (bug #1019589)
 	NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031
 	NOTE: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main)
 	NOTE: https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717 (main)
@@ -33260,7 +33260,7 @@ CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfg
 	NOT-FOR-US: NVIDIA
 CVE-2022-28199 (NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DP ...)
 	{DSA-5222-1}
-	- dpdk <unfixed>
+	- dpdk <unfixed> (bug #1019589)
 	[buster] - dpdk <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa (main)
 	NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45 (v21.11.2)
@@ -211443,7 +211443,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
 	- gdal <unfixed> (unimportant)
 	- tiff 4.0.10+git190818-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
-	NOTE: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
+	NOTE: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf (v3.1.0RC1)
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
 	NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
 CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/429e9dd62bd0fc13ab79a48744daf436ddc794af...e992e0fc7b213492c6721ee1d632978dabbdd13a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/429e9dd62bd0fc13ab79a48744daf436ddc794af...e992e0fc7b213492c6721ee1d632978dabbdd13a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/376ac7ad/attachment.htm>
