[Git][security-tracker-team/security-tracker][master] "new" chromium issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 1 13:30:45 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a06850ba by Moritz Mühlenhoff at 2023-08-01T14:29:34+02:00
"new" chromium issues

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26755,23 +26755,33 @@ CVE-2022-4912 (Type Confusion in MathML in Google Chrome prior to 105.0.5195.52
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-4911 (Insufficient data validation in DevTools in Google Chrome prior to 106 ...)
-	TODO: check
+	{DSA-5244-1}
+	- chromium 106.0.5249.61-1
+	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-4910 (Inappropriate implementation in Autofill in Google Chrome prior to 107 ...)
-	TODO: check
+	{DSA-5261-1}
+	- chromium 107.0.5304.68-1
+	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-4909 (Inappropriate implementation in XML in Google Chrome prior to 107.0.53 ...)
-	TODO: check
+	{DSA-5261-1}
+	- chromium 107.0.5304.68-1
+	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-4908 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior  ...)
-	TODO: check
+	{DSA-5261-1}
+	- chromium 107.0.5304.68-1
+	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-4907 (Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 al ...)
 	TODO: check
 CVE-2022-4906 (Inappropriate implementation in Blink in Google Chrome prior to 108.0. ...)
-	TODO: check
+	{DSA-5293-1}
+	- chromium 108.0.5359.71-1
+	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-48323 (Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0. ...)
 	NOT-FOR-US: Sunlogin Sunflower Simplified
 CVE-2022-48322 (NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stac ...)
 	NOT-FOR-US: NETGEAR
 CVE-2021-4324 (Insufficient policy enforcement in Google Update in Google Chrome prio ...)
-	TODO: check
+	- chromium <not-affected> (Not applicable to Debian builds)
 CVE-2021-4323 (Insufficient validation of untrusted input in Extensions in Google Chr ...)
 	TODO: check
 CVE-2021-4322 (Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allo ...)


=====================================
data/DSA/list
=====================================
@@ -539,7 +539,7 @@
 	{CVE-2021-34055 CVE-2022-41751}
 	[bullseye] - jhead 1:3.04-6+deb11u1
 [03 Dec 2022] DSA-5293-1 chromium - security update
-	{CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195}
+	{CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 CVE-2022-4906}
 	[bullseye] - chromium 108.0.5359.71-2~deb11u1
 [01 Dec 2022] DSA-5292-1 snapd - security update
 	{CVE-2022-3328}
@@ -636,7 +636,7 @@
 	{CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932}
 	[bullseye] - thunderbird 1:102.4.0-1~deb11u1
 [26 Oct 2022] DSA-5261-1 chromium - security update
-	{CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661}
+	{CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661 CVE-2022-4910 CVE-2022-4909 CVE-2022-4908}
 	[bullseye] - chromium 107.0.5304.68-1~deb11u1
 [23 Oct 2022] DSA-5260-1 lava - security update
 	{CVE-2022-42902}
@@ -689,7 +689,7 @@
 	{CVE-2022-3370 CVE-2022-3373}
 	[bullseye] - chromium 106.0.5249.91-1~deb11u1
 [28 Sep 2022] DSA-5244-1 chromium - security update
-	{CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 CVE-2022-3443 CVE-2022-3444}
+	{CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 CVE-2022-3443 CVE-2022-3444 CVE-2022-4911}
 	[bullseye] - chromium 106.0.5249.61-1~deb11u1
 [28 Sep 2022] DSA-5243-1 lighttpd - security update
 	{CVE-2022-37797 CVE-2022-41556}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a06850ba48c9edb4cfaa6cb4e8402921a15794bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a06850ba48c9edb4cfaa6cb4e8402921a15794bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/8c7b20bb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list