[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 26 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
949ff0ec by security tracker role at 2022-09-26T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,429 @@
+CVE-2022-41553
+ RESERVED
+CVE-2022-41552
+ RESERVED
+CVE-2022-41551
+ RESERVED
+CVE-2022-41550
+ RESERVED
+CVE-2022-41549
+ RESERVED
+CVE-2022-41548
+ RESERVED
+CVE-2022-41547
+ RESERVED
+CVE-2022-41546
+ RESERVED
+CVE-2022-41545
+ RESERVED
+CVE-2022-41544
+ RESERVED
+CVE-2022-41543
+ RESERVED
+CVE-2022-41542
+ RESERVED
+CVE-2022-41541
+ RESERVED
+CVE-2022-41540
+ RESERVED
+CVE-2022-41539
+ RESERVED
+CVE-2022-41538
+ RESERVED
+CVE-2022-41537
+ RESERVED
+CVE-2022-41536
+ RESERVED
+CVE-2022-41535
+ RESERVED
+CVE-2022-41534
+ RESERVED
+CVE-2022-41533
+ RESERVED
+CVE-2022-41532
+ RESERVED
+CVE-2022-41531
+ RESERVED
+CVE-2022-41530
+ RESERVED
+CVE-2022-41529
+ RESERVED
+CVE-2022-41528
+ RESERVED
+CVE-2022-41527
+ RESERVED
+CVE-2022-41526
+ RESERVED
+CVE-2022-41525
+ RESERVED
+CVE-2022-41524
+ RESERVED
+CVE-2022-41523
+ RESERVED
+CVE-2022-41522
+ RESERVED
+CVE-2022-41521
+ RESERVED
+CVE-2022-41520
+ RESERVED
+CVE-2022-41519
+ RESERVED
+CVE-2022-41518
+ RESERVED
+CVE-2022-41517
+ RESERVED
+CVE-2022-41516
+ RESERVED
+CVE-2022-41515
+ RESERVED
+CVE-2022-41514
+ RESERVED
+CVE-2022-41513
+ RESERVED
+CVE-2022-41512
+ RESERVED
+CVE-2022-41511
+ RESERVED
+CVE-2022-41510
+ RESERVED
+CVE-2022-41509
+ RESERVED
+CVE-2022-41508
+ RESERVED
+CVE-2022-41507
+ RESERVED
+CVE-2022-41506
+ RESERVED
+CVE-2022-41505
+ RESERVED
+CVE-2022-41504
+ RESERVED
+CVE-2022-41503
+ RESERVED
+CVE-2022-41502
+ RESERVED
+CVE-2022-41501
+ RESERVED
+CVE-2022-41500
+ RESERVED
+CVE-2022-41499
+ RESERVED
+CVE-2022-41498
+ RESERVED
+CVE-2022-41497
+ RESERVED
+CVE-2022-41496
+ RESERVED
+CVE-2022-41495
+ RESERVED
+CVE-2022-41494
+ RESERVED
+CVE-2022-41493
+ RESERVED
+CVE-2022-41492
+ RESERVED
+CVE-2022-41491
+ RESERVED
+CVE-2022-41490
+ RESERVED
+CVE-2022-41489
+ RESERVED
+CVE-2022-41488
+ RESERVED
+CVE-2022-41487
+ RESERVED
+CVE-2022-41486
+ RESERVED
+CVE-2022-41485
+ RESERVED
+CVE-2022-41484
+ RESERVED
+CVE-2022-41483
+ RESERVED
+CVE-2022-41482
+ RESERVED
+CVE-2022-41481
+ RESERVED
+CVE-2022-41480
+ RESERVED
+CVE-2022-41479
+ RESERVED
+CVE-2022-41478
+ RESERVED
+CVE-2022-41477
+ RESERVED
+CVE-2022-41476
+ RESERVED
+CVE-2022-41475
+ RESERVED
+CVE-2022-41474
+ RESERVED
+CVE-2022-41473
+ RESERVED
+CVE-2022-41472
+ RESERVED
+CVE-2022-41471
+ RESERVED
+CVE-2022-41470
+ RESERVED
+CVE-2022-41469
+ RESERVED
+CVE-2022-41468
+ RESERVED
+CVE-2022-41467
+ RESERVED
+CVE-2022-41466
+ RESERVED
+CVE-2022-41465
+ RESERVED
+CVE-2022-41464
+ RESERVED
+CVE-2022-41463
+ RESERVED
+CVE-2022-41462
+ RESERVED
+CVE-2022-41461
+ RESERVED
+CVE-2022-41460
+ RESERVED
+CVE-2022-41459
+ RESERVED
+CVE-2022-41458
+ RESERVED
+CVE-2022-41457
+ RESERVED
+CVE-2022-41456
+ RESERVED
+CVE-2022-41455
+ RESERVED
+CVE-2022-41454
+ RESERVED
+CVE-2022-41453
+ RESERVED
+CVE-2022-41452
+ RESERVED
+CVE-2022-41451
+ RESERVED
+CVE-2022-41450
+ RESERVED
+CVE-2022-41449
+ RESERVED
+CVE-2022-41448
+ RESERVED
+CVE-2022-41447
+ RESERVED
+CVE-2022-41446
+ RESERVED
+CVE-2022-41445
+ RESERVED
+CVE-2022-41444
+ RESERVED
+CVE-2022-41443
+ RESERVED
+CVE-2022-41442
+ RESERVED
+CVE-2022-41441
+ RESERVED
+CVE-2022-41440
+ RESERVED
+CVE-2022-41439
+ RESERVED
+CVE-2022-41438
+ RESERVED
+CVE-2022-41437
+ RESERVED
+CVE-2022-41436
+ RESERVED
+CVE-2022-41435
+ RESERVED
+CVE-2022-41434
+ RESERVED
+CVE-2022-41433
+ RESERVED
+CVE-2022-41432
+ RESERVED
+CVE-2022-41431
+ RESERVED
+CVE-2022-41430
+ RESERVED
+CVE-2022-41429
+ RESERVED
+CVE-2022-41428
+ RESERVED
+CVE-2022-41427
+ RESERVED
+CVE-2022-41426
+ RESERVED
+CVE-2022-41425
+ RESERVED
+CVE-2022-41424
+ RESERVED
+CVE-2022-41423
+ RESERVED
+CVE-2022-41422
+ RESERVED
+CVE-2022-41421
+ RESERVED
+CVE-2022-41420
+ RESERVED
+CVE-2022-41419
+ RESERVED
+CVE-2022-41418
+ RESERVED
+CVE-2022-41417
+ RESERVED
+CVE-2022-41416
+ RESERVED
+CVE-2022-41415
+ RESERVED
+CVE-2022-41414
+ RESERVED
+CVE-2022-41413
+ RESERVED
+CVE-2022-41412
+ RESERVED
+CVE-2022-41411
+ RESERVED
+CVE-2022-41410
+ RESERVED
+CVE-2022-41409
+ RESERVED
+CVE-2022-41408
+ RESERVED
+CVE-2022-41407
+ RESERVED
+CVE-2022-41406
+ RESERVED
+CVE-2022-41405
+ RESERVED
+CVE-2022-41404
+ RESERVED
+CVE-2022-41403
+ RESERVED
+CVE-2022-41402
+ RESERVED
+CVE-2022-41401
+ RESERVED
+CVE-2022-41400
+ RESERVED
+CVE-2022-41399
+ RESERVED
+CVE-2022-41398
+ RESERVED
+CVE-2022-41397
+ RESERVED
+CVE-2022-41396
+ RESERVED
+CVE-2022-41395
+ RESERVED
+CVE-2022-41394
+ RESERVED
+CVE-2022-41393
+ RESERVED
+CVE-2022-41392
+ RESERVED
+CVE-2022-41391
+ RESERVED
+CVE-2022-41390
+ RESERVED
+CVE-2022-41389
+ RESERVED
+CVE-2022-41388
+ RESERVED
+CVE-2022-41387
+ RESERVED
+CVE-2022-41386
+ RESERVED
+CVE-2022-41385
+ RESERVED
+CVE-2022-41384
+ RESERVED
+CVE-2022-41383
+ RESERVED
+CVE-2022-41382
+ RESERVED
+CVE-2022-41381
+ RESERVED
+CVE-2022-41380
+ RESERVED
+CVE-2022-41379
+ RESERVED
+CVE-2022-41378
+ RESERVED
+CVE-2022-41377
+ RESERVED
+CVE-2022-41376
+ RESERVED
+CVE-2022-41375
+ RESERVED
+CVE-2022-41374
+ RESERVED
+CVE-2022-41373
+ RESERVED
+CVE-2022-41372
+ RESERVED
+CVE-2022-41371
+ RESERVED
+CVE-2022-41370
+ RESERVED
+CVE-2022-41369
+ RESERVED
+CVE-2022-41368
+ RESERVED
+CVE-2022-41367
+ RESERVED
+CVE-2022-41366
+ RESERVED
+CVE-2022-41365
+ RESERVED
+CVE-2022-41364
+ RESERVED
+CVE-2022-41363
+ RESERVED
+CVE-2022-41362
+ RESERVED
+CVE-2022-41361
+ RESERVED
+CVE-2022-41360
+ RESERVED
+CVE-2022-41359
+ RESERVED
+CVE-2022-41358
+ RESERVED
+CVE-2022-41357
+ RESERVED
+CVE-2022-41356
+ RESERVED
+CVE-2022-41355
+ RESERVED
+CVE-2022-41354
+ RESERVED
+CVE-2022-41353
+ RESERVED
+CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...)
+ TODO: check
+CVE-2022-41351
+ RESERVED
+CVE-2022-41350
+ RESERVED
+CVE-2022-41349
+ RESERVED
+CVE-2022-41348
+ RESERVED
+CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...)
+ TODO: check
+CVE-2022-41346
+ RESERVED
+CVE-2022-41345
+ RESERVED
+CVE-2022-41344
+ RESERVED
+CVE-2022-40984
+ RESERVED
+CVE-2022-3299
+ RESERVED
+CVE-2022-3298
+ RESERVED
CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...)
TODO: check
CVE-2022-36368
@@ -6124,7 +6550,7 @@ CVE-2022-3011
CVE-2022-38785
REJECTED
CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...)
- {DSA-5224-1}
+ {DSA-5224-1 DLA-3120-1}
- poppler 22.08.0-2.1 (bug #1018971)
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52 (poppler-22.09.0)
NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
@@ -38159,7 +38585,7 @@ CVE-2022-27339
CVE-2022-27338
RESERVED
CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...)
- {DSA-5224-1}
+ {DSA-5224-1 DLA-3120-1}
- poppler 22.08.0-2 (bug #1010695)
[stretch] - poppler <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
@@ -42392,8 +42818,8 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem
NOT-FOR-US: node nconf
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
NOT-FOR-US: grapejs
-CVE-2022-21797
- RESERVED
+CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
+ TODO: check
CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...)
NOT-FOR-US: github.com/masterminds/vcs
CVE-2022-21232
@@ -42436,8 +42862,8 @@ CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injec
NOT-FOR-US: libvcs
CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable ...)
NOT-FOR-US: acrontum/filesystem-template
-CVE-2022-21169
- RESERVED
+CVE-2022-21169 (The package express-xss-sanitizer before 1.1.3 are vulnerable to Proto ...)
+ TODO: check
CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary ...)
NOT-FOR-US: masuit.tools
CVE-2022-21165 (All versions of package font-converter are vulnerable to Arbitrary Com ...)
@@ -138531,6 +138957,7 @@ CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem
- grub2 2.04-16
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
+ {DLA-3120-1}
- poppler 0.85.0-2
[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
@@ -223236,7 +223663,7 @@ CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
- 3proxy <itp> (bug #718219)
CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
- {DLA-2440-1}
+ {DLA-3120-1 DLA-2440-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (bug #933812)
[jessie] - poppler <no-dsa> (Minor issue)
@@ -237595,7 +238022,7 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
- {DLA-2440-1 DLA-1963-1}
+ {DLA-3120-1 DLA-2440-1 DLA-1963-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #941776)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
@@ -237785,6 +238212,7 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv
[jessie] - graphviz <no-dsa> (Minor issue)
NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
+ {DLA-3120-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #925264)
[stretch] - poppler <ignored> (Minor issue)
@@ -255179,7 +255607,7 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
- {DLA-2440-1 DLA-1939-1}
+ {DLA-3120-1 DLA-2440-1 DLA-1939-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #917974)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
@@ -267305,7 +267733,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0)
NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
- {DLA-2440-1 DLA-1706-1}
+ {DLA-3120-1 DLA-2440-1 DLA-1706-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #913177)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
@@ -267684,6 +268112,7 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.
NOTE: https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b
NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
+ {DLA-3120-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #913164)
[stretch] - poppler <ignored> (Negligible security impact)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949ff0ec9cd1f6db381796491d5ff63f5e875d3a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949ff0ec9cd1f6db381796491d5ff63f5e875d3a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220926/d1dff223/attachment.htm>
More information about the debian-security-tracker-commits
mailing list