Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f8eb34f2 by Emilio Pozuelo Monfort at 2022-03-08T11:19:32+01:00
lts: add redis
- - - - -
9ffebca4 by Emilio Pozuelo Monfort at 2022-03-08T11:19:33+01:00
lts: CVE-2021-3596/imagemagick postponed for stretch
- - - - -
dc55b9ae by Emilio Pozuelo Monfort at 2022-03-08T11:19:35+01:00
CVE-2022-0711/haproxy n/a on buster & stretch
- - - - -
76b4cc77 by Emilio Pozuelo Monfort at 2022-03-08T11:19:36+01:00
CVE-2022-24303/pillow n/a on buster and stretch
In those versions, the filenames are quoted before being passed to
the shell.
- - - - -
88494620 by Emilio Pozuelo Monfort at 2022-03-08T11:19:36+01:00
lts: add twisted
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2708,6 +2708,8 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
NOTE:
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses
containin ...)
- haproxy <unfixed>
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053666
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
(v2.6-dev2)
CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for
WordPress is vu ...)
@@ -6241,7 +6243,8 @@ CVE-2022-24303
RESERVED
- pillow 9.0.1-1
[bullseye] - pillow <ignored> (Minor issue)
- [buster] - pillow <ignored> (Minor issue)
+ [buster] - pillow <not-affected> (Vulnerable code introduced later)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
NOTE:
https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
(9.0.1)
@@ -47280,6 +47283,7 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway
<= 3.0.8 a vulnerabilit
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in
versions p ...)
- imagemagick 8:6.9.11.57+dfsg-1
+ [stretch] - imagemagick <postponed> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b
=====================================
data/dla-needed.txt
=====================================
@@ -67,6 +67,8 @@ pjproject (Abhijith PA)
NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith)
NOTE: 20220302: uploading asterisk, ring and pjproject in one go (abhijith)
--
+redis
+--
ring (Abhijith PA)
--
samba
@@ -75,6 +77,8 @@ samba
NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
NOTE: 20220125: ftbfs, wip. (utkarsh)
--
+twisted
+--
vim (Markus)
--
wireshark (Markus Koschany)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7bada13ac6b14bbf64cd7e50080d3e3d39d81a76...88494620eeea2f10852bc59e5eb2730fee607c19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7bada13ac6b14bbf64cd7e50080d3e3d39d81a76...88494620eeea2f10852bc59e5eb2730fee607c19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
