From 9e98c080d6215fbbc28f3a94486845abcc3ed224 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 3 Jan 2022 08:10:12 +0000 Subject: automatic update --- data/CVE/2021.list | 8 ++++---- data/CVE/2022.list | 8 ++++++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a7c38f1214..d7bc7b8698 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -48615,8 +48615,8 @@ CVE-2021-25996 RESERVED CVE-2021-25995 RESERVED -CVE-2021-25994 - RESERVED +CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...) + TODO: check CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...) TODO: check CVE-2021-25992 @@ -48641,8 +48641,8 @@ CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versi NOT-FOR-US: Factor (App Framework & Headless CMS) CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...) NOT-FOR-US: Factor (App Framework & Headless CMS) -CVE-2021-25981 - RESERVED +CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...) + TODO: check CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...) NOT-FOR-US: Talkyard CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 8f3f417af1..178152a2ed 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,7 @@ +CVE-2022-0083 + RESERVED +CVE-2022-0082 + RESERVED CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...) - dolibarr CVE-2022-0081 @@ -6,8 +10,8 @@ CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...) - mruby NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 -CVE-2022-0079 - RESERVED +CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...) + TODO: check CVE-2022-0078 RESERVED CVE-2022-22292 -- cgit v1.2.3 From 495751cee27237c43d015aadb7d603e9a7b6ffc8 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 3 Jan 2022 09:35:39 +0100 Subject: Process two NFUs --- data/CVE/2021.list | 2 +- data/CVE/2022.list | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index d7bc7b8698..077cc31fa7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -48642,7 +48642,7 @@ CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versi CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...) NOT-FOR-US: Factor (App Framework & Headless CMS) CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...) - TODO: check + NOT-FOR-US: Talkyard CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...) NOT-FOR-US: Talkyard CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 178152a2ed..b009786bcc 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -11,7 +11,7 @@ CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...) NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...) - TODO: check + NOT-FOR-US: showdoc CVE-2022-0078 RESERVED CVE-2022-22292 -- cgit v1.2.3 From 13260c582c1841a1af28b329a61241a102e9a58f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 3 Jan 2022 09:50:21 +0100 Subject: Add new roundcube issue --- data/CVE/2021.list | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 077cc31fa7..2539be681e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-XXXX [XSS vulnerability via HTML messages with malicious CSS content] + - roundcube (bug #1003027) + NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2) + NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13) + NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released + NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released CVE-2021-45984 RESERVED CVE-2021-45983 -- cgit v1.2.3 From 46dab1255ab0ff66c9514abc4aab122a2e52d13f Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Mon, 3 Jan 2022 10:09:42 +0000 Subject: Triage CVE-2021-45960 in expat for stretch LTS. --- data/CVE/2021.list | 1 + 1 file changed, 1 insertion(+) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 2539be681e..231d665c5d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -57,6 +57,7 @@ CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or mor - expat (bug #1002994) [bullseye] - expat (Minor issue; can be fixed via point release) [buster] - expat (Minor issue; can be fixed via point release) + [stretch] - expat (Minor issue) NOTE: https://github.com/libexpat/libexpat/issues/531 NOTE: https://github.com/libexpat/libexpat/pull/534 CVE-2021-45959 (** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer over ...) -- cgit v1.2.3 From 909ea1968179cd76882fd355ae20d8ce65200eea Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 3 Jan 2022 11:44:00 +0100 Subject: buster/bullseye triage --- data/CVE/2021.list | 16 ++++++++++++++++ data/dsa-needed.txt | 2 ++ 2 files changed, 18 insertions(+) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 231d665c5d..6d54b1c401 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -231,6 +231,8 @@ CVE-2021-45919 RESERVED CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811 CVE-2021-4189 [ftplib should not use the host from the PASV response] @@ -334,26 +336,38 @@ CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4. NOT-FOR-US: Stormshield Network Security (SNS) CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...) - wireshark 3.6.0-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737 CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745 CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754 CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755 CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801 CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...) - wireshark + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429 CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...) @@ -1275,6 +1289,8 @@ CVE-2021-45464 RESERVED CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...) - gegl 1:0.4.34-1 (bug #1002661) + [bullseye] - gegl (Minor issue) + [buster] - gegl (Minor issue) [stretch] - gegl (Minor issue; can be fixed later) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34) NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 6d3b23915a..0aaff74514 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -27,6 +27,8 @@ condor -- faad2/oldstable (jmm) -- +ghostscript +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- cgit v1.2.3 From 623640e3d7dc02368ffa2fd3809bbc3a236cc202 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Mon, 3 Jan 2022 12:38:59 +0100 Subject: lts: update notes --- data/dla-needed.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 24aad7e8f4..3c410cd472 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -102,6 +102,7 @@ thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) + NOTE: 20210103: DSA released, DLA will follow today (pochu) -- vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well -- cgit v1.2.3 From 5e367e8a1b45043202e546bbaff661082354647b Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Mon, 3 Jan 2022 13:37:34 +0100 Subject: lts: take clamav --- data/dla-needed.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 3c410cd472..2cbc2914b5 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -24,6 +24,8 @@ apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk) -- +clamav (Emilio) +-- condor (Anton) NOTE: 20211216: full details embargoed NOTE: 20211227: the fix is out and now available; cf: -- cgit v1.2.3 From b046506789e48d1a7d4f0b9568b4089f9e2f4906 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 3 Jan 2022 14:15:13 +0100 Subject: Add additional reference for CVE-2021-45949 --- data/CVE/2021.list | 1 + 1 file changed, 1 insertion(+) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6d54b1c401..77b65ae0d9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -111,6 +111,7 @@ CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds wr CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) - ghostscript 9.55.0~dfsg-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) - assimp 5.1.1~ds0-1 -- cgit v1.2.3 From a84a3b4e9865af15f2ae498c5f42c96130e539a3 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 3 Jan 2022 14:20:44 +0100 Subject: Track fixed version via unstable for CVE-2021-36980/openvswitch --- data/CVE/2021.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 77b65ae0d9..f42e79b4aa 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -22010,7 +22010,7 @@ CVE-2021-23203 CVE-2021-23184 RESERVED CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) - - openvswitch (bug #991308) + - openvswitch 2.15.0+ds1-10 (bug #991308) [bullseye] - openvswitch (Minor issue) [buster] - openvswitch (Vulnerable code not present, introduced in 2.11) [stretch] - openvswitch (Vulnerable code not present, introduced in 2.11) -- cgit v1.2.3