Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d5c39034 by security tracker role at 2023-04-01T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check CVE-2023-28938 RESERVED CVE-2023-28736 @@ -52143,6 +52145,7 @@ CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) CVE-2022-38102 RESERVED CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...) + {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html @@ -57697,6 +57700,7 @@ CVE-2022-34846 CVE-2022-34657 RESERVED CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...) + {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html @@ -61759,6 +61763,7 @@ CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) N CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...) NOT-FOR-US: Intel CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...) + {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html @@ -92307,6 +92312,7 @@ CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Prof CVE-2022-21795 RESERVED CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...) + {DLA-3379-1} - intel-microcode 3.20220809.1 [bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html @@ -105239,6 +105245,7 @@ CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.300 CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) NOT-FOR-US: Adobe CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html @@ -105269,6 +105276,7 @@ CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Ki CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) NOT-FOR-US: Intel CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) + {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html @@ -106267,6 +106275,7 @@ CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() fu CVE-2021-4036 RESERVED CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html @@ -106295,6 +106304,7 @@ CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wirel CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...) NOT-FOR-US: Intel CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html @@ -109590,6 +109600,7 @@ CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it <itp> (bug #1005172) CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...) + {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode <no-dsa> (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html @@ -110015,6 +110026,7 @@ CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Bui CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) NOT-FOR-US: Intel CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html @@ -192691,7 +192703,7 @@ CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...) NOT-FOR-US: WSO2 CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - {DLA-2690-1 DLA-2689-1} + {DLA-3380-1 DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 @@ -192710,7 +192722,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - {DLA-2690-1 DLA-2689-1} + {DLA-3380-1 DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 @@ -192726,7 +192738,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - {DLA-2690-1 DLA-2689-1} + {DLA-3380-1 DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 @@ -221271,6 +221283,7 @@ CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) + {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux <ignored> (Too intrusive to backport) [buster] - linux <ignored> (Too intrusive to backport) @@ -221284,6 +221297,7 @@ CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Win NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) + {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux <ignored> (Too intrusive to backport) [buster] - linux <ignored> (Too intrusive to backport) @@ -221297,6 +221311,7 @@ CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) + {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux <ignored> (Too intrusive to backport) [buster] - linux <ignored> (Too intrusive to backport) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c390340094d5a20fbcb46c334139bc456060e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c390340094d5a20fbcb46c334139bc456060e4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits