bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 31 Mar 2022 15:05:17 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0b9e2c60 by Moritz Muehlenhoff at 2022-03-31T23:55:12+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -286,6 +286,8 @@ CVE-2022-1173
        RESERVED
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub 
repositor ...)
        - gpac <unfixed>
+       [bullseye] - gpac <ignored> (Minor issue)
+       [buster] - gpac <ignored> (Minor issue)
        NOTE: https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/
        NOTE: https://github.com/gpac/gpac/issues/2153
        NOTE: 
https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
@@ -652,6 +654,8 @@ CVE-2022-25348 (Untrusted search path vulnerability in 
AttacheCase ver.4.0.2.7 a
        NOT-FOR-US: AttacheCase
 CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 
2.4.0 in  ...)
        - openjpeg2 <unfixed>
+       [bullseye] - openjpeg2 <no-dsa> (Minor issue)
+       [buster] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1368
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
 CVE-2022-1121
@@ -1840,6 +1844,8 @@ CVE-2022-1051
        RESERVED
 CVE-2022-1050 (Guest driver might execute HW commands when shared buffers are 
not yet ...)
        - qemu <unfixed>
+       [bullseye] - qemu <no-dsa> (Minor issue)
+       [buster] - qemu <no-dsa> (Minor issue)
        [stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
 CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The 
pcs da ...)
@@ -5362,6 +5368,8 @@ CVE-2022-26292
        RESERVED
 CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency 
use-afte ...)
        - lrzip 0.650-1
+       [bullseye] - lrzip <no-dsa> (Minor issue)
+       [buster] - lrzip <no-dsa> (Minor issue)
        [stretch] - lrzip <postponed> (Minor issue, use-after-free with no 
known impact)
        NOTE: https://github.com/ckolivas/lrzip/issues/206
        NOTE: 
https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4
 (v0.650)
@@ -5387,6 +5395,7 @@ CVE-2022-26281
        RESERVED
 CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds 
read via  ...)
        - libarchive <unfixed>
+       [bullseye] - libarchive <no-dsa> (Minor issue)
        [buster] - libarchive <not-affected> (Vulnerable code not present)
        [stretch] - libarchive <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/libarchive/libarchive/issues/1672



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9e2c60f9c1717df2d3a30942b094ff4cc97fd7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9e2c60f9c1717df2d3a30942b094ff4cc97fd7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to