[Git][security-tracker-team/security-tracker][master] Add new bind9 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 21 12:29:36 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9acc44f1 by Salvatore Bonaccorso at 2022-09-21T13:29:04+02:00
Add new bind9 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4837,8 +4837,10 @@ CVE-2022-3082
 	RESERVED
 CVE-2022-3081
 	RESERVED
-CVE-2022-3080
+CVE-2022-3080 [BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly]
 	RESERVED
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-3080
 CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow ...)
 	NOT-FOR-US: Festo
 CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...)
@@ -6731,8 +6733,10 @@ CVE-2022-2907
 	[experimental] - gitlab 15.2.3+ds1-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2906
+CVE-2022-2906 [Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs]
 	RESERVED
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-2906
 CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's BPF  ...)
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
@@ -6950,8 +6954,10 @@ CVE-2022-2883
 	RESERVED
 CVE-2022-2882
 	RESERVED
-CVE-2022-2881
+CVE-2022-2881 [Buffer overread in statistics channel code]
 	RESERVED
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-2881
 CVE-2022-2880
 	RESERVED
 CVE-2022-2879
@@ -7626,10 +7632,14 @@ CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider
 	NOT-FOR-US: JetBrains Ktor
 CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...)
 	NOT-FOR-US: JetBrains Ktor
-CVE-2022-38178
+CVE-2022-38178 [Memory leaks in EdDSA DNSSEC verification code]
 	RESERVED
-CVE-2022-38177
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-38178
+CVE-2022-38177 [Memory leak in ECDSA DNSSEC verification code]
 	RESERVED
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-38177
 CVE-2022-2808
 	RESERVED
 CVE-2022-2807
@@ -7656,8 +7666,10 @@ CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodeste
 	NOT-FOR-US: SourceCodester Student Information System
 CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
-CVE-2022-2795
+CVE-2022-2795 [Processing large delegations may severely degrade resolver performance]
 	RESERVED
+	- bind9 <unfixed>
+	NOTE: https://kb.isc.org/docs/cve-2022-2795
 CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect priv ...)
 	NOT-FOR-US: YSoft
 CVE-2022-38175



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acc44f1b2270c60dd75dddf0d8cb89e4910617e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acc44f1b2270c60dd75dddf0d8cb89e4910617e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/569e24f8/attachment.htm>


More information about the debian-security-tracker-commits mailing list