[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 1 21:10:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5c39034 by security tracker role at 2023-04-01T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
CVE-2023-28938
RESERVED
CVE-2023-28736
@@ -52143,6 +52145,7 @@ CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier)
CVE-2022-38102
RESERVED
CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...)
+ {DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
[bullseye] - intel-microcode <no-dsa> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
@@ -57697,6 +57700,7 @@ CVE-2022-34846
CVE-2022-34657
RESERVED
CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...)
+ {DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
[bullseye] - intel-microcode <no-dsa> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
@@ -61759,6 +61763,7 @@ CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) N
CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...)
NOT-FOR-US: Intel
CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...)
+ {DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
[bullseye] - intel-microcode <no-dsa> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
@@ -92307,6 +92312,7 @@ CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Prof
CVE-2022-21795
RESERVED
CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
+ {DLA-3379-1}
- intel-microcode 3.20220809.1
[bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
@@ -105239,6 +105245,7 @@ CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.300
CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
NOT-FOR-US: Adobe
CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
+ {DLA-3380-1}
- firmware-nonfree 20220913-1
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
@@ -105269,6 +105276,7 @@ CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Ki
CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
NOT-FOR-US: Intel
CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...)
+ {DLA-3380-1}
- firmware-nonfree 20220913-1
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
@@ -106267,6 +106275,7 @@ CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() fu
CVE-2021-4036
RESERVED
CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
+ {DLA-3380-1}
- firmware-nonfree 20220913-1
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
@@ -106295,6 +106304,7 @@ CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wirel
CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...)
NOT-FOR-US: Intel
CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...)
+ {DLA-3380-1}
- firmware-nonfree 20220913-1
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
@@ -109590,6 +109600,7 @@ CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access
CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...)
+ {DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
[bullseye] - intel-microcode <no-dsa> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
@@ -110015,6 +110026,7 @@ CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Bui
CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
NOT-FOR-US: Intel
CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
+ {DLA-3380-1}
- firmware-nonfree 20220913-1
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
@@ -192691,7 +192703,7 @@ CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API
CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
NOT-FOR-US: WSO2
CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- {DLA-2690-1 DLA-2689-1}
+ {DLA-3380-1 DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
[experimental] - firmware-nonfree 20210716-1~exp1
@@ -192710,7 +192722,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- {DLA-2690-1 DLA-2689-1}
+ {DLA-3380-1 DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
[experimental] - firmware-nonfree 20210716-1~exp1
@@ -192726,7 +192738,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- {DLA-2690-1 DLA-2689-1}
+ {DLA-3380-1 DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
[experimental] - firmware-nonfree 20210716-1~exp1
@@ -221271,6 +221283,7 @@ CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers
CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...)
+ {DLA-3380-1}
- linux 5.14.6-1
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
@@ -221284,6 +221297,7 @@ CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Win
NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load
NOTE: the updated firmware, thus also marking linux as affected
CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...)
+ {DLA-3380-1}
- linux 5.14.6-1
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
@@ -221297,6 +221311,7 @@ CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for
NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load
NOTE: the updated firmware, thus also marking linux as affected
CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...)
+ {DLA-3380-1}
- linux 5.14.6-1
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c390340094d5a20fbcb46c334139bc456060e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c390340094d5a20fbcb46c334139bc456060e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230401/f5ff8cfc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list