automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-02 20:10:27 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-02 20:10:27 +0000
commit: 1f1bc5253a8b7d39c874d2db748bb4b8a3f2a6a3 (patch)
tree: 9b7278d84a257aac62eb7ccada95fdcb9ccedf56
parent: 62ac69e93b2774d8a3b33bba24c61ebffe9bd58e (diff)
2 files changed, 30 insertions, 25 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 3a1c5305ab..8120e1036d 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -53,7 +53,7 @@ CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or mor
 	[buster] - expat <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/libexpat/libexpat/issues/531
 	NOTE: https://github.com/libexpat/libexpat/pull/534
-CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8 ...)
+CVE-2021-45959 (** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer over ...)
 	- fmtlib <unfixed> (unimportant)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110
 	NOTE: https://github.com/fmtlib/fmt/issues/2685
@@ -2127,6 +2127,7 @@ CVE-2021-4127
 	RESERVED
 CVE-2021-4126
 	RESERVED
+	{DSA-5034-1}
 	- thunderbird 1:91.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
 CVE-2021-26264
@@ -3692,6 +3693,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
 CVE-2021-44539
 	RESERVED
 CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
+	{DSA-5034-1}
 	- element-web <itp> (bug #866502)
 	- olm 3.2.8~dfsg-1 (bug #1001664)
 	[buster] - olm <not-affected> (Vulnerable code introduced later)
@@ -6154,7 +6156,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re
 CVE-2021-43547
 	RESERVED
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6162,7 +6164,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
 CVE-2021-43545 (Using the Location API in a loop could have caused severe application  ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6173,7 +6175,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s
 	- firefox <not-affected> (Only affects Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6181,7 +6183,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6189,7 +6191,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6200,7 +6202,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a
 	- firefox 95.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm  ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6208,7 +6210,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6216,7 +6218,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6224,7 +6226,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused  ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6232,7 +6234,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 93.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -6240,7 +6242,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -6261,10 +6263,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
 CVE-2021-43529
 	RESERVED
+	{DSA-5034-1}
 	- thunderbird 1:91.3.0-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
 CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
+	{DSA-5034-1}
 	- thunderbird 1:91.4.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
 CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
@@ -18238,7 +18242,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading .
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18246,7 +18250,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18254,7 +18258,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18262,7 +18266,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18277,7 +18281,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with  ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18285,7 +18289,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
-	{DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18293,6 +18297,7 @@ CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT styl
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
 CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
+	{DSA-5034-1}
 	[experimental] - thunderbird 1:91.2.0-1
 	- thunderbird 1:91.2.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
@@ -18304,7 +18309,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
 CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
-	{DSA-4981-1 DLA-2782-1}
+	{DSA-5034-1 DSA-4981-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
 	[experimental] - thunderbird 1:91.2.0-1
@@ -18332,7 +18337,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
 CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while  ...)
-	{DSA-4981-1 DLA-2782-1}
+	{DSA-5034-1 DSA-4981-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
 	[experimental] - thunderbird 1:91.2.0-1
@@ -22485,9 +22490,9 @@ CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current wor
 	NOT-FOR-US: sharkdp BAT
 CVE-2021-36752
 	RESERVED
-CVE-2021-36751
-	RESERVED
-CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used i ...)
+CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such  ...)
+	TODO: check
+CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...)
 	NOT-FOR-US: ENC
 CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
 	- druid <itp> (bug #825797)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index a5e292adef..2bdd67eec1 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -2,8 +2,8 @@ CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as dem
 	TODO: check
 CVE-2022-0081
 	RESERVED
-CVE-2022-0080
-	RESERVED
+CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...)
+	TODO: check
 CVE-2022-0079
 	RESERVED
 CVE-2022-0078
author	security tracker role <sectracker@soriano.debian.org>	2022-01-02 20:10:27 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-02 20:10:27 +0000
commit	1f1bc5253a8b7d39c874d2db748bb4b8a3f2a6a3 (patch)
tree	9b7278d84a257aac62eb7ccada95fdcb9ccedf56
parent	62ac69e93b2774d8a3b33bba24c61ebffe9bd58e (diff)