[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 21 22:03:12 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
708529c3 by Salvatore Bonaccorso at 2023-02-21T23:02:36+01:00
Process some NFUs
- - - - -
5dc185f6 by Salvatore Bonaccorso at 2023-02-21T23:02:38+01:00
Add CVE-2022-31394/rust-hyper
- - - - -
8aececb2 by Salvatore Bonaccorso at 2023-02-21T23:02:40+01:00
Add CVE-2022-0337/chromium
- - - - -
766e033a by Salvatore Bonaccorso at 2023-02-21T23:02:41+01:00
Add CVE-2021-46023/mruby
- - - - -
f7242da2 by Salvatore Bonaccorso at 2023-02-21T23:02:43+01:00
Add CVE-2021-4128/firefox from mfsa2021-52
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62497,7 +62497,7 @@ CVE-2022-31396
CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware ...)
NOT-FOR-US: Algo Communication Products
CVE-2022-31394 (Hyperium Hyper before 0.14.19 does not allow for customization of the ...)
- TODO: check
+ - rust-hyper 0.14.19-1
CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...)
NOT-FOR-US: Jizhicms
CVE-2022-31392
@@ -62870,7 +62870,7 @@ CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging o
CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
NOT-FOR-US: keylime
CVE-2022-31249 (A Improper Neutralization of Special Elements used in an OS Command (' ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
NOT-FOR-US: Uyuni
CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...)
@@ -78544,7 +78544,7 @@ CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tr
CVE-2022-25861
RESERVED
CVE-2022-25860 (Versions of the package simple-git before 3.16.0 are vulnerable to Rem ...)
- TODO: check
+ NOT-FOR-US: Node simple-git
CVE-2022-25859
RESERVED
CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...)
@@ -85699,7 +85699,7 @@ CVE-2022-23836
CVE-2022-23835 (** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02 ...)
NOT-FOR-US: Visual Voice Mail (VVM) application
CVE-2022-0337 (Inappropriate implementation in File System API in Google Chrome on Wi ...)
- TODO: check
+ - chromium <not-affected> (Chrome on Windows)
CVE-2022-0336 (The Samba AD DC includes checks when adding service principals names ( ...)
[experimental] - samba 2:4.16.0+dfsg-1
- samba 2:4.16.0+dfsg-2 (bug #1004694)
@@ -91302,7 +91302,8 @@ CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <
CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...)
NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php
CVE-2021-46023 (An Untrusted Pointer Dereference was discovered in function mrb_vm_exe ...)
- TODO: check
+ - mruby 3.1.0-1
+ NOTE: https://github.com/mruby/mruby/issues/5613
CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
- recutils <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html
@@ -93275,7 +93276,7 @@ CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Netwo
CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...)
NOT-FOR-US: Juniper
CVE-2022-22184 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...)
NOT-FOR-US: Juniper
CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...)
@@ -94666,7 +94667,8 @@ CVE-2021-4129 (Mozilla developers and community members Julian Hector, Randell J
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-4129
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-4129
CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics object wa ...)
- TODO: check
+ - firefox <not-affected> (Only affects MacOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4128
CVE-2021-4127 (An out of date graphics library (Angle) likely contained vulnerabiliti ...)
{DSA-4876-1 DSA-4874-1}
- firefox-esr 78.9.0esr-1
@@ -105684,11 +105686,11 @@ CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A
CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...)
NOT-FOR-US: Unisoc
CVE-2022-20215 (In onCreate of MasterClearConfirmFragment.java, there is a possible fa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20214 (In Car Settings app, the toggle button in Modify system settings is vu ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20213 (In ApplicationsDetailsActivity of AndroidManifest.xml, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...)
NOT-FOR-US: Android
CVE-2022-20211
@@ -109230,9 +109232,9 @@ CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During
CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: code-server
CVE-2021-3809 (Potential security vulnerabilities have been identified in the BIOS (U ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3808 (Potential security vulnerabilities have been identified in the BIOS (U ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
- node-ansi-regex 5.0.1-1 (bug #994568)
[bullseye] - node-ansi-regex 5.0.1-1~deb11u1
@@ -109427,7 +109429,7 @@ CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdow
CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...)
NOT-FOR-US: Thunderdome
CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...)
NOT-FOR-US: Pomerium
CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...)
@@ -109679,9 +109681,9 @@ CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
NOT-FOR-US: Tuleap
CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -111209,7 +111211,7 @@ CVE-2021-40557
CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in ASUS RT- ...)
NOT-FOR-US: ASUS
CVE-2021-40555 (Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows ...)
- TODO: check
+ NOT-FOR-US: flatCore-CMS
CVE-2021-40554
RESERVED
CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerabili ...)
@@ -114616,7 +114618,7 @@ CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. W
CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
NOT-FOR-US: wasmtime
CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
NOT-FOR-US: wasmtime
CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f015e6825bcd314633c129a827cd8d66804394a6...f7242da2d64818f1fdb565b2369c0f48b88a617f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f015e6825bcd314633c129a827cd8d66804394a6...f7242da2d64818f1fdb565b2369c0f48b88a617f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/5cda8fc2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list