Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9827f0bd by Chris Lamb at 2022-04-26T10:14:35-07:00
Triage CVE-2015-20107 in python2.7 for stretch LTS.
- - - - -
314d716f by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-27404, CVE-2022-27405 & CVE-2022-27406 in freetype for
stretch LTS.
- - - - -
d120a9b0 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-24765 in git for stretch LTS.
- - - - -
36137555 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2021-41119 in haskell-aeson for stretch LTS.
- - - - -
7f3f7610 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2021-40656, CVE-2021-41715, CVE-2022-27044 & CVE-2022-27046 in
libsixel for stretch LTS.
- - - - -
71375989 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-24851 in ldap-account-manager for stretch LTS.
- - - - -
221eeb69 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2015-20107 in python3.5 for stretch LTS.
- - - - -
bffca032 by Chris Lamb at 2022-04-26T10:14:37-07:00
Actually mark this one as ignored.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1674,9 +1674,11 @@ CVE-2015-20107 (In Python (aka CPython) through 3.10.4,
the mailcap module does
- python3.7 <removed>
[buster] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by
security support)
[buster] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <ignored> (Python 2.7 in stretch LTS not covered
as a runtime concern)
NOTE: https://bugs.python.org/issue24778
NOTE: https://github.com/python/cpython/issues/68966
NOTE: https://github.com/python/cpython/pull/91542
@@ -6444,18 +6446,21 @@ CVE-2022-27406 (FreeType commit
22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was dis
- freetype <unfixed> (bug #1010183)
[bullseye] - freetype <no-dsa> (Minor issue)
[buster] - freetype <no-dsa> (Minor issue)
+ [stretch] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
(VER-2-12-0)
CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was
discovere ...)
- freetype <unfixed> (bug #1010183)
[bullseye] - freetype <no-dsa> (Minor issue)
[buster] - freetype <no-dsa> (Minor issue)
+ [stretch] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
(VER-2-12-0)
CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was
discovere ...)
- freetype <unfixed> (bug #1010183)
[bullseye] - freetype <no-dsa> (Minor issue)
[buster] - freetype <no-dsa> (Minor issue)
+ [stretch] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
(VER-2-12-0)
CVE-2022-27403
@@ -7582,6 +7587,7 @@ CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use
After Free vulnerability
- libsixel 1.10.3-1
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/157
NOTE: https://github.com/libsixel/libsixel/issues/27
NOTE: https://github.com/libsixel/libsixel/pull/28
@@ -7592,6 +7598,7 @@ CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer
Overflow in libsixel/src/qu
- libsixel 1.10.3-1
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/156
NOTE: https://github.com/libsixel/libsixel/issues/25
NOTE: https://github.com/libsixel/libsixel/pull/26
@@ -13558,6 +13565,7 @@ CVE-2022-24852
CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for
managing ...)
- ldap-account-manager 7.9.1-1
[bullseye] - ldap-account-manager <no-dsa> (Minor issue; can be fixed
via point release)
+ [stretch] - ldap-account-manager <no-dsa> (Minor issue)
NOTE:
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
NOTE:
https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49
NOTE: https://github.com/LDAPAccountManager/lam/issues/170
@@ -13803,6 +13811,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git
containing Windows-specific pat
- git 1:2.35.2-1
[bullseye] - git <no-dsa> (Minor issue)
[buster] - git <no-dsa> (Minor issue)
+ [stretch] - git <not-affected> (MS Windows)
NOTE:
https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064
(v2.30.3)
NOTE:
https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595
(v2.30.3)
NOTE:
https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
(v2.30.3)
@@ -39244,6 +39253,7 @@ CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use
after free in libsixel/src/
- libsixel 1.10.3-1
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE:
https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8
(1.10.1)
NOTE: https://github.com/libsixel/libsixel/pull/28
NOTE: https://github.com/libsixel/libsixel/issues/27
@@ -40686,6 +40696,7 @@ CVE-2021-41119 (Wire-server is the system server for
the wire back-end services.
- haskell-aeson <unfixed> (bug #1009678)
[bullseye] - haskell-aeson <no-dsa> (Minor issue)
[buster] - haskell-aeson <no-dsa> (Minor issue)
+ [stretch] - haskell-aeson <no-dsa> (Minor issue)
NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability
NOTE: https://github.com/haskell/aeson/issues/864
NOTE: https://hackage.haskell.org/package/aeson-2.0.1.0
@@ -41841,6 +41852,7 @@ CVE-2021-40656 (libsixel before 1.10 is vulnerable to
Buffer Overflow in libsixe
- libsixel 1.10.3-1
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE:
https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42
(1.10.0)
NOTE: https://github.com/libsixel/libsixel/pull/26
NOTE: https://github.com/libsixel/libsixel/issues/25
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ef9a2fda23f8501698eca5fe3b78e7be56b7b2...bffca03273c7fb0e2f8f54643f99d2f6eac5c991
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ef9a2fda23f8501698eca5fe3b78e7be56b7b2...bffca03273c7fb0e2f8f54643f99d2f6eac5c991
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
