[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Fri, 13 May 2022 05:04:09 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
da3ade15 by Moritz Muehlenhoff at 2022-05-13T14:03:31+02:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -958,10 +958,14 @@ CVE-2022-26041
        RESERVED
 CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
        - tiff <unfixed>
+       [bullseye] - tiff <no-dsa> (Minor issue)
+       [buster] - tiff <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
        - tiff <unfixed>
+       [bullseye] - tiff <no-dsa> (Minor issue)
+       [buster] - tiff <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub 
repository vim ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -56,7 +56,10 @@ trafficserver (jmm)
   wait until status for CVE-2021-38161 is clarified (upstream patch got 
reverted)
 --
 unzip
-  no details public yet
+  unclear information, initial report indicates writable memory corruption, but
+  some identified patch is just for a NULL deref, needs more clarification
+--
+waitress (jmm)
 --
 wordpress
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3ade15d88acdb6d41bcf13653cf34c13ccbfe6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3ade15d88acdb6d41bcf13653cf34c13ccbfe6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to