diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-02-12 20:10:22 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-12 20:10:22 +0000 |
| commit | ff2279b26476798fccdfa3d297edfe14e1f2de0a (patch) | |
| tree | 7e64661f6a9dc388ae2cbe8ffd703dd9d3fdfeb7 /data | |
| parent | 3738dc8a7e6298ba118873393043cbc92c5a63fa (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2021 | 7 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 28 |
2 files changed, 22 insertions, 13 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 6c16e68bb1..42b7ad2d03 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1274,7 +1274,7 @@ CVE-2021-4201 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 NOTE: https://github.com/libexpat/libexpat/issues/532 NOTE: https://github.com/libexpat/libexpat/pull/538 @@ -1751,7 +1751,7 @@ CVE-2021-45962 CVE-2021-45961 RESERVED CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1002994) NOTE: https://github.com/libexpat/libexpat/issues/531 NOTE: https://github.com/libexpat/libexpat/pull/534 @@ -1948,6 +1948,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denia NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811 CVE-2021-4189 [ftplib should not use the host from the PASV response] RESERVED + {DLA-2919-1} - python3.10 <not-affected> (Fixed before initial upload to Debian unstable) - python3.9 3.9.7-1 [bullseye] - python3.9 <no-dsa> (Minor issue) @@ -52860,7 +52861,7 @@ CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10 NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ NOTE: Disputed/mild security relevance/impact CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...) - {DLA-2619-1} + {DLA-2919-1 DLA-2619-1} - python3.9 3.9.1-3 - python3.8 <removed> - python3.7 <removed> diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 13d21571fa..e9e072e44b 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,11 @@ +CVE-2022-0574 + RESERVED +CVE-2022-0573 + RESERVED +CVE-2022-0572 + RESERVED +CVE-2022-0571 + RESERVED CVE-2022-0570 RESERVED CVE-2022-0569 @@ -39,8 +47,8 @@ CVE-2022-0567 RESERVED CVE-2022-0566 RESERVED -CVE-2022-0565 - RESERVED +CVE-2022-0565 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) + TODO: check CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...) NOT-FOR-US: Portainer CVE-2022-24960 @@ -2568,7 +2576,7 @@ CVE-2022-23992 CVE-2022-23991 RESERVED CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-3 NOTE: https://github.com/libexpat/libexpat/pull/551 NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4) @@ -2972,7 +2980,7 @@ CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21. NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9 NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-2 NOTE: https://github.com/libexpat/libexpat/pull/550 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4) @@ -5807,32 +5815,32 @@ CVE-2022-0156 (vim is vulnerable to Use After Free ...) NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040) CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...) - {DLA-2904-1} + {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) |