[Git][security-tracker-team/security-tracker][master] new hdf5 issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 21 14:52:42 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
050c1ae5 by Moritz Muehlenhoff at 2023-02-21T15:50:57+01:00
new hdf5 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22326,9 +22326,8 @@ CVE-2022-41659
 CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
 	NOT-FOR-US: Listingo WordPress theme
 CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...)
-	- consul <undetermined>
+	- consul <not-affected> (Vulnerable code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
-	TODO: check if affecting versions before 1.13.0
 CVE-2022-45108
 	RESERVED
 CVE-2022-45107
@@ -75798,11 +75797,14 @@ CVE-2022-26892
 CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
-	TODO: check
+	- hdf5 <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
 CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
-	TODO: check
+	- hdf5 <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
 CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
-	TODO: check
+	- hdf5 <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
 CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-26886



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/050c1ae5ff260dafdd0ca8ef7b1bbcf7f4d2bde1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/050c1ae5ff260dafdd0ca8ef7b1bbcf7f4d2bde1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/aa27c415/attachment.htm>

More information about the debian-security-tracker-commits mailing list