Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eaeb30e2 by Moritz Muehlenhoff at 2022-02-15T11:06:57+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -472,6 +472,8 @@ CVE-2022-24981
RESERVED
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to
3.6.1 ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
CVE-2022-0585
@@ -480,14 +482,20 @@ CVE-2022-0584
RESERVED
CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to
3.6.1 and 3 ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark
3.6.0 to ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1
and 3. ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to
22.2.0 ...)
@@ -1093,10 +1101,11 @@ CVE-2022-23104
RESERVED
CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when
compiled with libreadline]
RESERVED
- - util-linux <unfixed>
+ - util-linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
NOTE:
https://lore.kernel.org/util-linux/[email protected]/T/#u
NOTE:
https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+ NOTE: util-linux in Debian not built with readline support
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function
within ...)
- tiff 4.3.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -13087,6 +13096,7 @@ CVE-2021-4116 (yetiforcecrm is vulnerable to Improper
Neutralization of Input Du
CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a
crash]
RESERVED
- policykit-1 <unfixed> (bug #1005784)
+ [bullseye] - policykit-1 <no-dsa> (Minor issue)
[buster] - policykit-1 <not-affected> (Vulnerable code not present,
patch introducing issue not backported)
[stretch] - policykit-1 <not-affected> (Vulnerable code not present,
patch introducing issue not backported)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaeb30e27c7c179334bfb3c7b75b425a26c8d9ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaeb30e27c7c179334bfb3c7b75b425a26c8d9ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
