Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2993daec by Moritz Muehlenhoff at 2022-04-25T13:55:42+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -519,6 +519,8 @@ CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles
Fiat-Shamir generati
TODO: check
CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub
repository mruby ...)
- mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301
NOTE:
https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b
CVE-2022-29565
@@ -4742,9 +4744,10 @@ CVE-2022-28050
CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer
dereference v ...)
NOT-FOR-US: njs
CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of
invalid size i ...)
- - libstb <unfixed>
+ - libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1293
NOTE: https://github.com/nothings/stb/pull/1297
+ NOTE: Negligible security impact
CVE-2022-28047
RESERVED
CVE-2022-28046
@@ -4759,10 +4762,14 @@ CVE-2022-28043
RESERVED
CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based
use-after-fr ...)
- libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1289
NOTE: https://github.com/nothings/stb/pull/1297
CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer
overflow via th ...)
- libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1292
NOTE: https://github.com/nothings/stb/pull/1297
CVE-2022-28040
@@ -6331,14 +6338,20 @@ CVE-2022-27407
RESERVED
CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was
discovere ...)
- freetype <unfixed>
+ [bullseye] - freetype <no-dsa> (Minor issue)
+ [buster] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
(VER-2-12-0)
CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was
discovere ...)
- freetype <unfixed>
+ [bullseye] - freetype <no-dsa> (Minor issue)
+ [buster] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
(VER-2-12-0)
CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was
discovere ...)
- freetype <unfixed>
+ [bullseye] - freetype <no-dsa> (Minor issue)
+ [buster] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
(VER-2-12-0)
CVE-2022-27403
=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ condor/oldstable
--
epiphany-browser
--
+ffmpeg (jmm)
+--
fish/stable
--
freecad (aron)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2993daecc785e23d647037197bac50fea8175b1a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2993daecc785e23d647037197bac50fea8175b1a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
