Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72eca0ba by Moritz Muehlenhoff at 2022-11-07T17:40:29+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7908,6 +7908,7 @@ CVE-2022-3552 (Unrestricted Upload of File with Dangerous
Type in GitHub reposit
NOT-FOR-US: boxbilling
CVE-2022-3551 (A vulnerability, which was classified as problematic, has been
found i ...)
- xorg-server <unfixed>
+ [bullseye] - xorg-server <no-dsa> (Minor issue)
- xwayland <unfixed>
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
CVE-2022-3550 (A vulnerability classified as critical was found in X.org
Server. Affe ...)
@@ -12258,7 +12259,9 @@ CVE-2022-3276 (Command injection is possible in the
puppetlabs-mysql module prio
NOTE:
https://github.com/puppetlabs/puppetlabs-mysql/commit/e70e7fd130aaa2fe1cefe4ccb628b304ad3c180a
(v13.0.0)
CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module
prior to ve ...)
- puppet-module-puppetlabs-apt <unfixed>
+ [bullseye] - puppet-module-puppetlabs-apt <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2022-3275
+ NOTE:
https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb
CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository
ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3273 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
@@ -20310,9 +20313,10 @@ CVE-2022-38219
CVE-2022-38218
RESERVED
CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213.
...)
- - vim 2:9.0.0229-1
+ - vim 2:9.0.0229-1 (unimportant)
NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
NOTE:
https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
(v9.0.0213)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to
9.0.0212. ...)
- vim 2:9.0.0229-1 (unimportant)
NOTE: https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58
@@ -22822,9 +22826,10 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress
plugin through 5.4.1 does not s
CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository
vim/vim prior ...)
- - vim 2:9.0.0135-1
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
NOTE:
https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
(v9.0.0101)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch
prior to ...)
@@ -23554,9 +23559,10 @@ CVE-2022-37014
CVE-2022-2572 (In affected versions of Octopus Server where access is managed
by an e ...)
NOT-FOR-US: Octopus Server
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- - vim 2:9.0.0135-1
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
NOTE:
https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614
(v9.0.0102)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2570
RESERVED
CVE-2022-37013
@@ -24941,9 +24947,10 @@ CVE-2022-34147
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
NOT-FOR-US: Roxy-WI
CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- - vim 2:9.0.0135-1 (bug #1016068)
+ - vim 2:9.0.0135-1 (unimportant; bug #1016068)
NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
NOTE:
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
(v9.0.0061)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid
pointer free ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
@@ -88172,8 +88179,9 @@ CVE-2021-40243
CVE-2021-40242
RESERVED
CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
- - xfig 1:3.2.8a-1 (bug #992395)
+ - xfig 1:3.2.8a-1 (unimportant; bug #992395)
NOTE: https://sourceforge.net/p/mcj/tickets/136/
+ NOTE: No security impact
CVE-2021-40240
RESERVED
CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version
of Minift ...)
@@ -94463,6 +94471,7 @@ CVE-2021-37790
RESERVED
CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in
stbi__jpeg_load, lead ...)
- libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1178
CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603
could all ...)
NOT-FOR-US: Gurock TestRail
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72eca0ba17291157d7b144079218f99fa96ccf44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72eca0ba17291157d7b144079218f99fa96ccf44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
