[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 30 16:12:41 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0374758e by Moritz Muehlenhoff at 2022-09-30T17:12:05+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3391,7 +3391,7 @@ CVE-2022-40470
 CVE-2022-40469
 	RESERVED
 CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...)
-	- tinyproxy <unfixed>
+	- tinyproxy <unfixed> (bug #1021015)
 	[bullseye] - tinyproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
 	NOTE: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
@@ -3989,7 +3989,7 @@ CVE-2022-3166
 	RESERVED
 CVE-2022-3165 [VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1021019)
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129739
@@ -6269,7 +6269,7 @@ CVE-2022-39175
 CVE-2022-39174
 	RESERVED
 CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...)
-	- wolfssl <unfixed>
+	- wolfssl <unfixed> (bug #1021021)
 CVE-2022-39172
 	RESERVED
 CVE-2022-39171
@@ -7090,7 +7090,7 @@ CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (bug #1021013)
 	NOTE: https://trac.mplayerhq.hu/ticket/2406
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391)
 CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -7099,12 +7099,12 @@ CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Ov
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (bug #1021013)
 	[bullseye] - mplayer <no-dsa> (Minor issue)
 	NOTE: https://trac.mplayerhq.hu/ticket/2400
 	NOTE: https://trac.mplayerhq.hu/ticket/2404
 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory  ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (bug #1021013)
 	NOTE: https://trac.mplayerhq.hu/ticket/2407
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
 CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero  ...)
@@ -7123,7 +7123,7 @@ CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Ov
 CVE-2022-38857
 	RESERVED
 CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (bug #1021013)
 	NOTE: https://trac.mplayerhq.hu/ticket/2395
 	TODO: Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue
 CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -7484,7 +7484,7 @@ CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O conta
 CVE-2022-2994
 	RESERVED
 CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
-	- snakeyaml <unfixed>
+	- snakeyaml <unfixed> (bug #1021014)
 	[bullseye] - snakeyaml <no-dsa> (Minor issue)
 	NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not public)
@@ -8000,7 +8000,7 @@ CVE-2022-38602
 CVE-2022-38601
 	RESERVED
 CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (bug #1021013)
 	NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380)
 	NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392)
@@ -8156,7 +8156,7 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer o
 	NOTE: https://github.com/syoyo/tinyexr/issues/169
 	NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
 CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...)
-	- assimp <unfixed>
+	- assimp <unfixed> (bug #1021018)
 	[bullseye] - assimp <no-dsa> (Minor issue)
 	[buster] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/4662
@@ -9458,11 +9458,11 @@ CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted appl
 CVE-2022-38154
 	RESERVED
 CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...)
-	- wolfssl <unfixed>
+	- wolfssl <unfixed> (bug #1021021)
 	[bullseye] - wolfssl <not-affected> (Vulnerable code not present and session tickets not enabled)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/5476
 CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...)
-	- wolfssl <unfixed>
+	- wolfssl <unfixed> (bug #1021021)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/5468
 CVE-2022-38151
@@ -10512,7 +10512,7 @@ CVE-2022-37705
 CVE-2022-37704
 	RESERVED
 CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...)
-	- amanda <unfixed>
+	- amanda <unfixed> (bug #1021017)
 	[bullseye] - amanda <no-dsa> (Minor issue)
 	[buster] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
@@ -12240,7 +12240,7 @@ CVE-2022-37034
 CVE-2022-37033
 	RESERVED
 CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
-	- frr <unfixed>
+	- frr <unfixed> (bug #1021016)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
 CVE-2022-37031
 	RESERVED
@@ -23464,7 +23464,7 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encr
 	NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
 CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...)
 	[experimental] - samba 2:4.17.0+dfsg-1
-	- samba <unfixed>
+	- samba <unfixed> (bug #1021022)
 	[bullseye] - samba <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
 CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...)
@@ -30694,7 +30694,7 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
 	NOT-FOR-US: ABB e-Design
 CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)
 	[experimental] - samba 2:4.17.0+dfsg-1
-	- samba <unfixed>
+	- samba <unfixed> (bug #1021024)
 	[bullseye] - samba <postponed> (Minor issue)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
 	NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/9e669e61/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list