Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03384338 by security tracker role at 2022-03-06T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-26019
+ RESERVED
+CVE-2022-24299
+ RESERVED
+CVE-2022-0871
+ RESERVED
+CVE-2022-0870
+ RESERVED
+CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior
to 0.1 ...)
+ TODO: check
CVE-2022-26507
RESERVED
CVE-2022-26506
@@ -49,8 +59,8 @@ CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the
IsolatedRazorEngine compo
NOT-FOR-US: Antaris RazorEngine
CVE-2020-36517
RESERVED
-CVE-2022-0868
- RESERVED
+CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to
1.19.10. ...)
+ TODO: check
CVE-2022-26490 (st21nfca_connectivity_event_received in
drivers/nfc/st21nfca/se.c in t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
@@ -4725,12 +4735,14 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn
and chsh utilities when c
NOTE: util-linux in Debian does build with readline support but chfn
and chsh are provided
NOTE: by src:shadow and util-linux is configured with
--disable-chfn-chsh
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function
within ...)
+ {DLA-2932-1}
- tiff 4.3.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function
within ...)
+ {DLA-2932-1}
- tiff 4.3.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
@@ -5570,7 +5582,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads
past the end of an array,
[stretch] - atftp <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
(v0.7.5)
CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28,
plugins/sql.c does ...)
- {DSA-5087-1}
+ {DSA-5087-1 DLA-2931-1}
[experimental] - cyrus-sasl2 2.1.28+dfsg-1
- cyrus-sasl2 2.1.28+dfsg-2
NOTE: Fixed by:
https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
(cyrus-sasl-2.1.28)
@@ -11345,6 +11357,7 @@ CVE-2022-22846 (The dnslib package through 0.9.16 for
Python does not verify tha
CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the
same 167 ...)
NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in
tif_unix.c i ...)
+ {DLA-2932-1}
- tiff 4.3.0-3
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
@@ -17996,10 +18009,10 @@ CVE-2021-44751
RESERVED
CVE-2021-44750
RESERVED
-CVE-2021-44749
- RESERVED
-CVE-2021-44748
- RESERVED
+CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was
discove ...)
+ TODO: check
+CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered
whereby ...)
+ TODO: check
CVE-2021-44747 (A Denial-of-Service (DoS) vulnerability was discovered in
F-Secure Lin ...)
NOT-FOR-US: F-Secure
CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0
and prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033843381c27c5bac5e4dcb6547903560fbd7d76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033843381c27c5bac5e4dcb6547903560fbd7d76
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
