[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ea9d966 by security tracker role at 2022-01-11T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,251 @@
+CVE-2022-23101
+       RESERVED
+CVE-2022-23100
+       RESERVED
+CVE-2022-23099
+       RESERVED
+CVE-2022-23098
+       RESERVED
+CVE-2022-23097
+       RESERVED
+CVE-2022-23096
+       RESERVED
+CVE-2022-23095
+       RESERVED
+CVE-2022-23094
+       RESERVED
+CVE-2022-23093
+       RESERVED
+CVE-2022-23092
+       RESERVED
+CVE-2022-23091
+       RESERVED
+CVE-2022-23090
+       RESERVED
+CVE-2022-23089
+       RESERVED
+CVE-2022-23088
+       RESERVED
+CVE-2022-23087
+       RESERVED
+CVE-2022-23086
+       RESERVED
+CVE-2022-23085
+       RESERVED
+CVE-2022-23084
+       RESERVED
+CVE-2022-23083
+       RESERVED
+CVE-2022-23082
+       RESERVED
+CVE-2022-23081
+       RESERVED
+CVE-2022-23080
+       RESERVED
+CVE-2022-23079
+       RESERVED
+CVE-2022-23078
+       RESERVED
+CVE-2022-23077
+       RESERVED
+CVE-2022-23076
+       RESERVED
+CVE-2022-23075
+       RESERVED
+CVE-2022-23074
+       RESERVED
+CVE-2022-23073
+       RESERVED
+CVE-2022-23072
+       RESERVED
+CVE-2022-23071
+       RESERVED
+CVE-2022-23070
+       RESERVED
+CVE-2022-23069
+       RESERVED
+CVE-2022-23068
+       RESERVED
+CVE-2022-23067
+       RESERVED
+CVE-2022-23066
+       RESERVED
+CVE-2022-23065
+       RESERVED
+CVE-2022-23064
+       RESERVED
+CVE-2022-23063
+       RESERVED
+CVE-2022-23062
+       RESERVED
+CVE-2022-23061
+       RESERVED
+CVE-2022-23060
+       RESERVED
+CVE-2022-23059
+       RESERVED
+CVE-2022-23058
+       RESERVED
+CVE-2022-23057
+       RESERVED
+CVE-2022-23056
+       RESERVED
+CVE-2022-23055
+       RESERVED
+CVE-2022-23054
+       RESERVED
+CVE-2022-23053
+       RESERVED
+CVE-2022-23052
+       RESERVED
+CVE-2022-23051
+       RESERVED
+CVE-2022-23050
+       RESERVED
+CVE-2022-23049
+       RESERVED
+CVE-2022-23048
+       RESERVED
+CVE-2022-23047
+       RESERVED
+CVE-2022-23046
+       RESERVED
+CVE-2022-23045
+       RESERVED
+CVE-2022-23044
+       RESERVED
+CVE-2022-23043
+       RESERVED
+CVE-2022-23042
+       RESERVED
+CVE-2022-23041
+       RESERVED
+CVE-2022-23040
+       RESERVED
+CVE-2022-23039
+       RESERVED
+CVE-2022-23038
+       RESERVED
+CVE-2022-23037
+       RESERVED
+CVE-2022-23036
+       RESERVED
+CVE-2022-23035
+       RESERVED
+CVE-2022-23034
+       RESERVED
+CVE-2022-23033
+       RESERVED
+CVE-2022-23032
+       RESERVED
+CVE-2022-23031
+       RESERVED
+CVE-2022-23030
+       RESERVED
+CVE-2022-23029
+       RESERVED
+CVE-2022-23028
+       RESERVED
+CVE-2022-23027
+       RESERVED
+CVE-2022-23026
+       RESERVED
+CVE-2022-23025
+       RESERVED
+CVE-2022-23024
+       RESERVED
+CVE-2022-23023
+       RESERVED
+CVE-2022-23022
+       RESERVED
+CVE-2022-23021
+       RESERVED
+CVE-2022-23020
+       RESERVED
+CVE-2022-23019
+       RESERVED
+CVE-2022-23018
+       RESERVED
+CVE-2022-23017
+       RESERVED
+CVE-2022-23016
+       RESERVED
+CVE-2022-23015
+       RESERVED
+CVE-2022-23014
+       RESERVED
+CVE-2022-23013
+       RESERVED
+CVE-2022-23012
+       RESERVED
+CVE-2022-23011
+       RESERVED
+CVE-2022-23010
+       RESERVED
+CVE-2022-23009
+       RESERVED
+CVE-2022-23008
+       RESERVED
+CVE-2022-23007
+       RESERVED
+CVE-2022-23006
+       RESERVED
+CVE-2022-23005
+       RESERVED
+CVE-2022-23004
+       RESERVED
+CVE-2022-23003
+       RESERVED
+CVE-2022-23002
+       RESERVED
+CVE-2022-23001
+       RESERVED
+CVE-2022-23000
+       RESERVED
+CVE-2022-22999
+       RESERVED
+CVE-2022-22998
+       RESERVED
+CVE-2022-22997
+       RESERVED
+CVE-2022-22996
+       RESERVED
+CVE-2022-22995
+       RESERVED
+CVE-2022-22994
+       RESERVED
+CVE-2022-22993
+       RESERVED
+CVE-2022-22992
+       RESERVED
+CVE-2022-22991
+       RESERVED
+CVE-2022-22990
+       RESERVED
+CVE-2022-22989
+       RESERVED
+CVE-2022-22988
+       RESERVED
+CVE-2022-21234
+       RESERVED
+CVE-2022-21210
+       RESERVED
+CVE-2022-21145
+       RESERVED
+CVE-2022-0182
+       RESERVED
+CVE-2022-0181
+       RESERVED
+CVE-2022-0180
+       RESERVED
+CVE-2022-0179
+       RESERVED
+CVE-2022-0178
+       RESERVED
+CVE-2022-0177
+       RESERVED
+CVE-2021-4204
+       RESERVED
 CVE-2022-22983
        RESERVED
 CVE-2022-22982
@@ -642,8 +890,8 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before 
9.0.0 improperly initial
        NOTE: 
https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
 (9.0.0)
 CVE-2022-22814
        RESERVED
-CVE-2022-0155
-       RESERVED
+CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal 
Informa ...)
+       TODO: check
 CVE-2022-22813
        RESERVED
 CVE-2022-22812
@@ -854,8 +1102,8 @@ CVE-2022-22732
        RESERVED
 CVE-2022-22731
        RESERVED
-CVE-2022-0144
-       RESERVED
+CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
+       TODO: check
 CVE-2022-0143
        RESERVED
 CVE-2022-0142
@@ -9096,20 +9344,20 @@ CVE-2022-21674
        RESERVED
 CVE-2022-21673
        RESERVED
-CVE-2022-21672
-       RESERVED
+CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI 
configuratio ...)
+       TODO: check
 CVE-2022-21671
        RESERVED
-CVE-2022-21670
-       RESERVED
+CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, 
special patt ...)
+       TODO: check
 CVE-2022-21669
        RESERVED
-CVE-2022-21668
-       RESERVED
+CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with 
version 20 ...)
+       TODO: check
 CVE-2022-21667 (soketi is an open-source WebSockets server. There is an 
unhandled case ...)
        NOT-FOR-US: soketi
-CVE-2022-21666
-       RESERVED
+CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management 
system (C ...)
+       TODO: check
 CVE-2022-21665
        RESERVED
 CVE-2022-21664 (WordPress is a free and open-source content management system 
written  ...)
@@ -19759,6 +20007,7 @@ CVE-2021-40865 (An Unsafe Deserialization vulnerability 
exists in the worker ser
 CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String 
Comparison ...)
        NOT-FOR-US: Hestia Control Panel
 CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+       {DLA-2876-1}
        - vim 2:8.2.3455-1 (bug #994497)
        [bullseye] - vim 2:8.2.2434-3+deb11u1
        [buster] - vim <no-dsa> (Minor issue)
@@ -20213,6 +20462,7 @@ CVE-2021-40682
 CVE-2021-3779
        RESERVED
 CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+       {DLA-2876-1}
        - vim 2:8.2.3455-1 (bug #994498)
        [bullseye] - vim 2:8.2.2434-3+deb11u1
        [buster] - vim <no-dsa> (Minor issue)
@@ -30588,22 +30838,22 @@ CVE-2021-36416
        RESERVED
 CVE-2021-36415
        RESERVED
-CVE-2021-36414
-       RESERVED
+CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in 
GPAC 1. ...)
+       TODO: check
 CVE-2021-36413
        RESERVED
-CVE-2021-36412
-       RESERVED
-CVE-2021-36411
-       RESERVED
-CVE-2021-36410
-       RESERVED
+CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in 
GPAC 1. ...)
+       TODO: check
+CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect 
access con ...)
+       TODO: check
+CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via 
fallback-motion. ...)
+       TODO: check
 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') 
vulnera ...)
        NOT-FOR-US: Bitdefender
-CVE-2021-36409
-       RESERVED
-CVE-2021-36408
-       RESERVED
+CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' 
failed at ...)
+       TODO: check
+CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a 
Heap-use-after-f ...)
+       TODO: check
 CVE-2021-36407
        RESERVED
 CVE-2021-36406
@@ -32974,8 +33224,8 @@ CVE-2021-35454
        RESERVED
 CVE-2021-35453
        RESERVED
-CVE-2021-35452
-       RESERVED
+CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 
v1.0.8 du ...)
+       TODO: check
 CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an 
unauthenti ...)
        NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
 CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 
6.3.9 an ...)
@@ -48171,8 +48421,8 @@ CVE-2021-29456 (Authelia is an open-source 
authentication and authorization serv
        NOT-FOR-US: Authelia
 CVE-2021-29455 (Grassroot Platform is an application to make it faster, 
cheaper and ea ...)
        NOT-FOR-US: Grassroot Platform
-CVE-2021-29454
-       RESERVED
+CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the 
separation of pr ...)
+       TODO: check
 CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media 
repository for  ...)
        NOT-FOR-US: matrix-media-repo
 CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple 
authentic ...)
@@ -68925,8 +69175,8 @@ CVE-2021-21409 (Netty is an open-source, asynchronous 
event-driven network appli
        NOTE: Fixed by: 
https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
        NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
        NOTE: Is a followup to: 
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
-CVE-2021-21408
-       RESERVED
+CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the 
separation of pr ...)
+       TODO: check
 CVE-2021-21407 (Combodo iTop is an open source, web based IT Service 
Management tool.  ...)
        NOT-FOR-US: Combodo iTop
 CVE-2021-21406 (Combodo iTop is an open source, web based IT Service 
Management tool.  ...)
@@ -89613,8 +89863,8 @@ CVE-2020-25429
        RESERVED
 CVE-2020-25428
        RESERVED
-CVE-2020-25427
-       RESERVED
+CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - 
GPAC versio ...)
+       TODO: check
 CVE-2020-25426
        RESERVED
 CVE-2020-25425
@@ -116760,6 +117010,7 @@ CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read 
flaw was found in the ATI V
        [jessie] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13
 (v4.2.0-rc0)
 CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim 
restricted mode  ...)
+       {DLA-2876-1}
        - vim 2:8.1.2136-1
        [buster] - vim <no-dsa> (Minor issue)
        [jessie] - vim <no-dsa> (Minor issue)
@@ -263642,7 +263893,7 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 
4.0.9 allows remote attack
 CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is 
affected b ...)
        NOT-FOR-US: SyncBreeze
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of 
a .swp f ...)
-       {DLA-1871-1}
+       {DLA-2876-1 DLA-1871-1}
        - vim 2:8.0.1401-1
        [wheezy] - vim <no-dsa> (Minor issue)
        NOTE: 
https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 
(8.0.1263)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea9d96659afc8db8c340e59f90d28a7b6362131

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea9d96659afc8db8c340e59f90d28a7b6362131
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits