[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 12 21:58:34 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c450ca7 by Moritz Muehlenhoff at 2022-09-12T22:58:12+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -592,7 +592,7 @@ CVE-2022-40321
CVE-2022-3173
RESERVED
CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffe ...)
- - libconfuse <unfixed>
+ - libconfuse <unfixed> (bug #1019596)
[bullseye] - libconfuse <no-dsa> (Minor issue)
NOTE: https://github.com/libconfuse/libconfuse/issues/163
NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
@@ -1695,12 +1695,12 @@ CVE-2022-39834
CVE-2022-39833
RESERVED
CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
- - pspp <unfixed>
+ - pspp <unfixed> (bug #1019598)
[bullseye] - pspp <no-dsa> (Minor issue)
[buster] - pspp <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?63000
CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
- - pspp <unfixed>
+ - pspp <unfixed> (bug #1019597)
[bullseye] - pspp <no-dsa> (Minor issue)
[buster] - pspp <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?62977
@@ -4929,7 +4929,7 @@ CVE-2022-38532
CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2216
@@ -5944,7 +5944,7 @@ CVE-2022-38225
CVE-2022-38224
RESERVED
CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...)
- - w3m <unfixed>
+ - w3m <unfixed> (bug #1019599)
[bullseye] - w3m <no-dsa> (Minor issue)
[buster] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/242
@@ -11177,13 +11177,13 @@ CVE-2022-36193
CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2218
NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2220
@@ -11196,7 +11196,7 @@ CVE-2022-36188
CVE-2022-36187
RESERVED
CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #1019595)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2223
@@ -11291,7 +11291,7 @@ CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation
NOTE: https://github.com/djcsdy/swfmill/issues/64
NOTE: Crash in CLI tool, no security impact
CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (bug #1019600)
[bullseye] - swfmill <no-dsa> (Minor issue)
[buster] - swfmill <no-dsa> (Minor issue)
NOTE: https://github.com/djcsdy/swfmill/issues/63
@@ -11312,7 +11312,7 @@ CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation
NOTE: https://github.com/djcsdy/swfmill/issues/57
NOTE: Crash in CLI tool, no security impact
CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (bug #1019600)
[bullseye] - swfmill <no-dsa> (Minor issue)
[buster] - swfmill <no-dsa> (Minor issue)
NOTE: https://github.com/djcsdy/swfmill/issues/56
@@ -11425,7 +11425,7 @@ CVE-2022-36111
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...)
NOT-FOR-US: Netmaker
CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (bug #1019601)
[bullseye] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
@@ -12896,191 +12896,191 @@ CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting
CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...)
- zammad <itp> (bug #841355)
CVE-2022-35486 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35480
RESERVED
CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35473 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35472 (OTFCC v0.10.4 was discovered to contain a global overflow via /release ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35471 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
CVE-2022-35470 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35469 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35468 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
CVE-2022-35467 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
CVE-2022-35466 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35465 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35464 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35463 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35462 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35461 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35460 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35459 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
CVE-2022-35458 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35457
RESERVED
CVE-2022-35456 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35455 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35454 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35453 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35452 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35451 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35450 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35449 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35448 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
CVE-2022-35447 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
- - texlive-bin <unfixed> (unimportant)
+ - texlive-bin <unfixed> (unimportant; bug #1019602)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact)
@@ -104105,7 +104105,7 @@ CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote a
CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
NOT-FOR-US: Zoom
CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...)
- - deluge <unfixed>
+ - deluge <unfixed> (bug #1019594)
[bullseye] - deluge <no-dsa> (Minor issue)
[buster] - deluge <no-dsa> (Minor issue)
NOTE: https://dev.deluge-torrent.org/ticket/3459
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c450ca7e6b115c3c676aa18cca24f29d6185029
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c450ca7e6b115c3c676aa18cca24f29d6185029
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/9c7a23f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list