Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b725961 by Salvatore Bonaccorso at 2022-07-14T22:17:30+02:00
Process some NFUs
- - - - -
d92def6d by Salvatore Bonaccorso at 2022-07-14T22:19:38+02:00
Replace annotation with previous ones indicating the DSA 4677-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1367,7 +1367,7 @@ CVE-2022-35285
CVE-2022-35284
RESERVED
CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an
authentica ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35282
RESERVED
CVE-2022-35281
@@ -15908,7 +15908,7 @@ CVE-2022-29901 (Intel microprocessor generations 6 to 8
are affected by a new Sp
CVE-2022-29900 (AMD microprocessor families 15h to 18h are affected by a new
Spectre v ...)
- linux <unfixed>
- xen <unfixed>
- [buster] - xen <end-of-life> (No longer supported in buster)
+ [buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
@@ -34542,7 +34542,7 @@ CVE-2022-23825 [AMD CPUs exhibit phantom jumps]
RESERVED
- linux <unfixed>
- xen <unfixed>
- [buster] - xen <end-of-life> (No longer supported in buster)
+ [buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE:
https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
@@ -34569,7 +34569,7 @@ CVE-2022-23816
RESERVED
- linux <unfixed>
- xen <unfixed>
- [buster] - xen <end-of-life> (No longer supported in buster)
+ [buster] - xen <end-of-life> (DSA 4677-1)
NOTE: This is the AMD assigned CVE for Retbleed (CVE-2022-29900), as
AMD did not
NOTE: agree on the coverage for CVE-2022-29900: As stated in the Xen
advisory 407:
NOTE: On AMD CPUs, Retbleed is one specific instance of a more general
@@ -39401,7 +39401,7 @@ CVE-2022-22479 (IBM Spectrum Copy Data Management
2.2.0.0through 2.2.15.0 is vul
CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores
user crede ...)
NOT-FOR-US: IBM
CVE-2022-22477 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through
22.0.0.7 and ...)
NOT-FOR-US: IBM
CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty
17.0.0.3 thr ...)
@@ -39409,7 +39409,7 @@ CVE-2022-22475 (IBM WebSphere Application Server
Liberty and Open Liberty 17.0.0
CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc,
and dsmcsv ...)
NOT-FOR-US: IBM
CVE-2022-22473 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5
through ...)
NOT-FOR-US: IBM
CVE-2022-22471
@@ -39435,7 +39435,7 @@ CVE-2022-22462
CVE-2022-22461
RESERVED
CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22459
RESERVED
CVE-2022-22458
@@ -39449,13 +39449,13 @@ CVE-2022-22455
CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally
authentic ...)
NOT-FOR-US: IBM
CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than
expected cr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22452 (IBM Security Verify Identity Manager 10.0 uses an inadequate
account l ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22451
RESERVED
CVE-2022-22450 (IBM Security Verify Identity Manager 10.0 could allow a
privileged use ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22449
RESERVED
CVE-2022-22448
@@ -63571,7 +63571,7 @@ CVE-2021-39030
CVE-2021-39029
RESERVED
CVE-2021-39028 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6,
6.0.6.1, 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a
structur ...)
NOT-FOR-US: IBM
CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could
allow a r ...)
@@ -63589,15 +63589,15 @@ CVE-2021-39021 (IBM Guardium Data Encryption (GDE)
5.0.0.2 behaves differently o
CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores
sensitive ...)
NOT-FOR-US: IBM
CVE-2021-39019 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6,
6.0.6.1, 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39018 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6,
6.0.6.1, 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39017 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6,
6.0.6.1, 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6,
6.0.6.1, 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0,
7.0.1, and 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39014
RESERVED
CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and
1.7.0.0 could ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f601883cf5e432afdf28ddb4f4648a6ba3b05dad...d92def6d5f9799bd0900a69846733e799bd76a02
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f601883cf5e432afdf28ddb4f4648a6ba3b05dad...d92def6d5f9799bd0900a69846733e799bd76a02
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
