Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0980c6ec by Moritz Muehlenhoff at 2022-03-16T09:50:28+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -694,6 +694,8 @@ CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in
GitHub repository vim
NOTE:
https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3
(v8.2.4563)
CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in
compilePassOpcode in ...)
- liblouis <unfixed>
+ [bullseye] - liblouis <no-dsa> (Minor issue)
+ [buster] - liblouis <no-dsa> (Minor issue)
NOTE: https://github.com/liblouis/liblouis/issues/1171
CVE-2022-26980
RESERVED
@@ -1831,6 +1833,8 @@ CVE-2022-26506
RESERVED
CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before
1.3.1 a ...)
- minidlna <unfixed> (bug #1006798)
+ [bullseye] - minidlna <no-dsa> (Minor issue)
+ [buster] - minidlna <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1
CVE-2022-26504
@@ -6542,6 +6546,8 @@ CVE-2022-24757
RESERVED
CVE-2022-24756 (Bareos is open source software for backup, archiving, and
recovery of ...)
- bareos <removed>
+ [buster] - bareos <not-affected> (PAM support not yet present)
+ [stretch] - bareos <not-affected> (PAM support not yet present)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j
NOTE: https://github.com/bareos/bareos/pull/1115
NOTE: https://github.com/bareos/bareos/pull/1119
@@ -6549,6 +6555,8 @@ CVE-2022-24756 (Bareos is open source software for
backup, archiving, and recove
NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
CVE-2022-24755 (Bareos is open source software for backup, archiving, and
recovery of ...)
- bareos <removed>
+ [buster] - bareos <not-affected> (PAM support not yet present)
+ [stretch] - bareos <not-affected> (PAM support not yet present)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26
NOTE: https://github.com/bareos/bareos/pull/1115
NOTE: https://github.com/bareos/bareos/pull/1119
@@ -6593,6 +6601,8 @@ CVE-2022-24738 (Evmos is the Ethereum Virtual Machine
(EVM) Hub on the Cosmos Ne
NOT-FOR-US: Evmos
CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical
concept ...)
- httpie <unfixed>
+ [bullseye] - httpie <no-dsa> (Minor issue)
+ [buster] - httpie <no-dsa> (Minor issue)
NOTE:
https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq
NOTE: Fixed by:
https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
(3.1.0)
CVE-2022-24736
@@ -8180,6 +8190,8 @@ CVE-2022-0431
RESERVED
CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
- httpie <unfixed>
+ [bullseye] - httpie <no-dsa> (Minor issue)
+ [buster] - httpie <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
NOTE: Fixed by:
https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
(3.1.0)
CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress
plugin ...)
@@ -44782,7 +44794,7 @@ CVE-2021-36370 (An issue was discovered in Midnight
Commander through 4.8.26. Wh
CVE-2021-36369
RESERVED
CVE-2021-36368 (** DISPUTED ** An issue was discovered in OpenSSH before 8.9.
If a cli ...)
- - openssh 1:8.9p1-1
+ - openssh 1:8.9p1-1 (unimportant)
NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316
NOTE: https://docs.ssh-mitm.at/trivialauth.html
CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session
even if i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980c6ec2cdc73108891cda6ad02e303d35615e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980c6ec2cdc73108891cda6ad02e303d35615e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
