From 4745bf1ee8e16d2f23bbc0a2dd2525f7a939f3fc Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Sat, 19 Feb 2022 20:10:18 +0000
Subject: automatic update

---
 data/CVE/list.2016 |  3 +--
 data/CVE/list.2020 |  4 ++--
 data/CVE/list.2021 |  4 ++++
 data/CVE/list.2022 | 41 +++++++++++++++++++++++++++++++----------
 4 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 0195236e5c..cef3871438 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -29783,8 +29783,7 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb
 	- tomcat7 7.0.70-3
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
-CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
-	RESERVED
+CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted code fro ...)
 	- duck 0.10
 	[jessie] - duck 0.7+deb8u1
 	NOTE: https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 9ceea64af2..4f293a4e01 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -49584,13 +49584,13 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Incons
 CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information  ...)
 	NOT-FOR-US: Citrix
 CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
-	{DLA-2145-1}
+	{DLA-2927-1 DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
-	{DLA-2145-1}
+	{DLA-2927-1 DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 2a936cfccd..9ed81bf571 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,7 @@
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
+	TODO: check
+CVE-2021-4222
+	RESERVED
 CVE-2021-4221
 	RESERVED
 CVE-2021-46699
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 0657ddedf8..7bff249fe0 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,19 @@
+CVE-2022-25368
+	RESERVED
+CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+	TODO: check
+CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
+	TODO: check
+CVE-2022-0688
+	RESERVED
+CVE-2022-0687
+	RESERVED
+CVE-2022-0686
+	RESERVED
+CVE-2022-0685
+	RESERVED
+CVE-2022-0684
+	RESERVED
 CVE-2022-25367
 	RESERVED
 CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it  ...)
@@ -94,8 +110,8 @@ CVE-2022-0680
 	RESERVED
 CVE-2022-0679
 	RESERVED
-CVE-2022-0678
-	RESERVED
+CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+	TODO: check
 CVE-2022-0677
 	RESERVED
 CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
@@ -369,12 +385,12 @@ CVE-2022-0634
 	RESERVED
 CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0632
-	RESERVED
+CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
 	TODO: check
-CVE-2022-0630
-	RESERVED
+CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	TODO: check
 CVE-2022-0628
@@ -5443,10 +5459,10 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2
 	NOT-FOR-US: TastyIgniter
 CVE-2022-23377
 	RESERVED
-CVE-2022-23376
-	RESERVED
-CVE-2022-23375
-	RESERVED
+CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on  ...)
+	TODO: check
+CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...)
+	TODO: check
 CVE-2022-23374
 	RESERVED
 CVE-2022-23373
@@ -7705,6 +7721,7 @@ CVE-2022-22621
 	RESERVED
 CVE-2022-22620 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.6-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.6-1
@@ -7772,6 +7789,7 @@ CVE-2022-22591
 	RESERVED
 CVE-2022-22589 [A validation issue was addressed with improved input sanitization]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
@@ -9887,6 +9905,7 @@ CVE-2022-21714
 CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...)
 	- grafana <removed>
 CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
+	{DLA-2927-1}
 	- twisted 22.1.0-1
 	[bullseye] - twisted <no-dsa> (Minor issue)
 	[buster] - twisted <no-dsa> (Minor issue)
@@ -13268,12 +13287,14 @@ CVE-2022-20001
 	RESERVED
 CVE-2022-22590 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
 CVE-2022-22592 [A logic issue was addressed with improved state management]
 	RESERVED
+	{DSA-5084-1 DSA-5083-1}
 	- webkit2gtk 2.34.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.5-1
-- 
cgit v1.2.3