[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 30 09:10:35 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73bc5f38 by security tracker role at 2022-09-30T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,88 @@
-CVE-2022-41850 [HID: roccat: Fix Use-After-Free in roccat_read]
+CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak exists in A ...)
+	TODO: check
+CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
+	TODO: check
+CVE-2022-41845 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
+	TODO: check
+CVE-2022-41844 (An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch( ...)
+	TODO: check
+CVE-2022-41843 (An issue was discovered in Xpdf 4.04. There is a crash in convertToTyp ...)
+	TODO: check
+CVE-2022-41842 (An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_F ...)
+	TODO: check
+CVE-2022-41841 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
+	TODO: check
+CVE-2022-41829
+	RESERVED
+CVE-2022-41828 (In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or ...)
+	TODO: check
+CVE-2022-41827
+	RESERVED
+CVE-2022-41826
+	RESERVED
+CVE-2022-41825
+	RESERVED
+CVE-2022-41824
+	RESERVED
+CVE-2022-41823
+	RESERVED
+CVE-2022-41822
+	RESERVED
+CVE-2022-41821
+	RESERVED
+CVE-2022-41820
+	RESERVED
+CVE-2022-41819
+	RESERVED
+CVE-2022-41818
+	RESERVED
+CVE-2022-41817
+	RESERVED
+CVE-2022-41816
+	RESERVED
+CVE-2022-41815
+	RESERVED
+CVE-2022-41804
+	RESERVED
+CVE-2022-41803
+	RESERVED
+CVE-2022-41801
+	RESERVED
+CVE-2022-41799
+	RESERVED
+CVE-2022-41782
+	RESERVED
+CVE-2022-41771
+	RESERVED
+CVE-2022-41769
+	RESERVED
+CVE-2022-41699
+	RESERVED
+CVE-2022-41621
+	RESERVED
+CVE-2022-40972
+	RESERVED
+CVE-2022-38973
+	RESERVED
+CVE-2022-3367
+	RESERVED
+CVE-2022-3366
+	RESERVED
+CVE-2022-3365
+	RESERVED
+CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+	TODO: check
+CVE-2022-3363
+	RESERVED
+CVE-2022-3362
+	RESERVED
+CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
-CVE-2022-41849 [video: fbdev: smscufx: Fix use-after-free in ufx_ops_open()]
+CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has  ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
-CVE-2022-41848 [char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops]
+CVE-2022-41848 (drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12  ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270
 CVE-2022-41812
@@ -6031,8 +6109,8 @@ CVE-2022-39234
 	RESERVED
 CVE-2022-39233
 	RESERVED
-CVE-2022-39232
-	RESERVED
+CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...)
+	TODO: check
 CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...)
 	TODO: check
 CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...)
@@ -6043,8 +6121,8 @@ CVE-2022-39228
 	RESERVED
 CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...)
 	NOT-FOR-US: python-jwt (not the same as src:pyjwt)
-CVE-2022-39226
-	RESERVED
+CVE-2022-39226 (Discourse is an open source discussion platform. In versions prior to  ...)
+	TODO: check
 CVE-2022-39225 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Node parse-server
 CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. Versions prior ...)
@@ -8164,8 +8242,8 @@ CVE-2022-38487
 	RESERVED
 CVE-2022-38486
 	RESERVED
-CVE-2022-2922
-	RESERVED
+CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform  ...)
+	TODO: check
 CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
 	NOT-FOR-US: NotrinosERP
 CVE-2022-38485
@@ -9291,8 +9369,8 @@ CVE-2022-2780
 	RESERVED
 CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
 	NOT-FOR-US: SourceCodester Gas Agency Management System
-CVE-2022-2778
-	RESERVED
+CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...)
+	TODO: check
 CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
 	NOT-FOR-US: microweber
 CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -14706,12 +14784,12 @@ CVE-2022-36070 (Poetry is a dependency manager for Python. To handle dependencie
 CVE-2022-36069 (Poetry is a dependency manager for Python. When handling dependencies  ...)
 	NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw
 	TODO: check details, CVE associated with poetry (and fixed in 1.1.9), though changes in poetry-core
-CVE-2022-36068
-	RESERVED
+CVE-2022-36068 (Discourse is an open source discussion platform. In versions prior to  ...)
+	TODO: check
 CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
 	NOT-FOR-US: Node vm2
-CVE-2022-36066
-	RESERVED
+CVE-2022-36066 (Discourse is an open source discussion platform. In versions prior to  ...)
+	TODO: check
 CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...)
 	NOT-FOR-US: GrowthBook
 CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
@@ -43527,8 +43605,8 @@ CVE-2022-24376 (All versions of package git-promise are vulnerable to Command In
 	NOT-FOR-US: Node git-promise
 CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
 	NOT-FOR-US: node-opcua/node-opcua
-CVE-2022-24373
-	RESERVED
+CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are vulnerable t ...)
+	TODO: check
 CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
 	NOT-FOR-US: FreeOpcUa/freeopcua
 CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
@@ -43594,8 +43672,8 @@ CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Ser
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645
 CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...)
 	NOT-FOR-US: cocoapods-downloader
-CVE-2022-21222
-	RESERVED
+CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...)
+	TODO: check
 CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...)
 	NOT-FOR-US: github.com/valyala/fasthttp
 CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...)
@@ -57850,7 +57928,7 @@ CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in th
 	[stretch] - linux 4.9.272-1
 	NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
 CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...)
-	{DLA-3058-1}
+	{DLA-3126-1 DLA-3058-1}
 	- libsndfile 1.1.0-1 (bug #1014713)
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/731
@@ -133094,6 +133172,7 @@ CVE-2020-29262
 CVE-2020-29261
 	RESERVED
 CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak via the f ...)
+	{DLA-3125-1}
 	- libvncserver <unfixed> (bug #1019228)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
 CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System  ...)
@@ -145237,7 +145316,7 @@ CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A heap-buffe
 CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...)
 	NOT-FOR-US: Infinispan
 CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...)
-	{DLA-2451-1}
+	{DLA-3125-1 DLA-2451-1}
 	- libvncserver 0.9.13+dfsg-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/409
 	NOTE: https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73bc5f38146821b42826262b32d1e5969b746fcb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73bc5f38146821b42826262b32d1e5969b746fcb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/11c4e2cf/attachment.htm>

More information about the debian-security-tracker-commits mailing list