[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 30 16:12:41 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0374758e by Moritz Muehlenhoff at 2022-09-30T17:12:05+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3391,7 +3391,7 @@ CVE-2022-40470
CVE-2022-40469
RESERVED
CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...)
- - tinyproxy <unfixed>
+ - tinyproxy <unfixed> (bug #1021015)
[bullseye] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
NOTE: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
@@ -3989,7 +3989,7 @@ CVE-2022-3166
RESERVED
CVE-2022-3165 [VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1021019)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129739
@@ -6269,7 +6269,7 @@ CVE-2022-39175
CVE-2022-39174
RESERVED
CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
CVE-2022-39172
RESERVED
CVE-2022-39171
@@ -7090,7 +7090,7 @@ CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2406
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391)
CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -7099,12 +7099,12 @@ CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Ov
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393)
NOTE: Crash in CLI tool, no security impact
CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
[bullseye] - mplayer <no-dsa> (Minor issue)
NOTE: https://trac.mplayerhq.hu/ticket/2400
NOTE: https://trac.mplayerhq.hu/ticket/2404
CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2407
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
@@ -7123,7 +7123,7 @@ CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Ov
CVE-2022-38857
RESERVED
CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2395
TODO: Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -7484,7 +7484,7 @@ CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O conta
CVE-2022-2994
RESERVED
CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
- - snakeyaml <unfixed>
+ - snakeyaml <unfixed> (bug #1021014)
[bullseye] - snakeyaml <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not public)
@@ -8000,7 +8000,7 @@ CVE-2022-38602
CVE-2022-38601
RESERVED
CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380)
NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392)
@@ -8156,7 +8156,7 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer o
NOTE: https://github.com/syoyo/tinyexr/issues/169
NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1021018)
[bullseye] - assimp <no-dsa> (Minor issue)
[buster] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
@@ -9458,11 +9458,11 @@ CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted appl
CVE-2022-38154
RESERVED
CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
[bullseye] - wolfssl <not-affected> (Vulnerable code not present and session tickets not enabled)
NOTE: https://github.com/wolfSSL/wolfssl/pull/5476
CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #1021021)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/5468
CVE-2022-38151
@@ -10512,7 +10512,7 @@ CVE-2022-37705
CVE-2022-37704
RESERVED
CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...)
- - amanda <unfixed>
+ - amanda <unfixed> (bug #1021017)
[bullseye] - amanda <no-dsa> (Minor issue)
[buster] - amanda <no-dsa> (Minor issue)
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
@@ -12240,7 +12240,7 @@ CVE-2022-37034
CVE-2022-37033
RESERVED
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
- - frr <unfixed>
+ - frr <unfixed> (bug #1021016)
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
CVE-2022-37031
RESERVED
@@ -23464,7 +23464,7 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encr
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...)
[experimental] - samba 2:4.17.0+dfsg-1
- - samba <unfixed>
+ - samba <unfixed> (bug #1021022)
[bullseye] - samba <no-dsa> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...)
@@ -30694,7 +30694,7 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)
[experimental] - samba 2:4.17.0+dfsg-1
- - samba <unfixed>
+ - samba <unfixed> (bug #1021024)
[bullseye] - samba <postponed> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0374758ec051525f2d1bd0b82ba2347a68c0603e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/9e669e61/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list