[Git][security-tracker-team/security-tracker][master] bullseye/buster triage

Wed, 01 Jun 2022 02:56:00 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0aa8bdb3 by Moritz Muehlenhoff at 2022-06-01T11:54:45+02:00
bullseye/buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,13 @@
 CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in 
LineBuffer::Fe ...)
-       - libjpeg <unfixed>
+       - libjpeg <unfixed> (unimportant)
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7
        NOTE: https://github.com/thorfdbg/libjpeg/issues/74
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in 
Component::Sub ...)
-       - libjpeg <unfixed>
+       - libjpeg <unfixed> (unimportant)
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/ea6315164b1649ff932a396b7600eac4bffcfaba
        NOTE: https://github.com/thorfdbg/libjpeg/issues/73
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in 
_dwarf_check_strin ...)
        - dwarfutils <unfixed>
        NOTE: Fixed by: 
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
@@ -1496,9 +1498,10 @@ CVE-2022-31621 (MariaDB Server before 10.7 is vulnerable 
to Denial of Service. I
        NOTE: https://jira.mariadb.org/browse/MDEV-26574
        NOTE: 
https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8
 (mariadb-10.2.41)
 CVE-2022-31620 (In libjpeg before 1.64, BitStream&lt;false&gt;::Get in 
bitstream.hpp h ...)
-       - libjpeg <unfixed>
+       - libjpeg <unfixed> (unimportant)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/70
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-30533
        RESERVED
 CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aa8bdb3a121304a29eb6c5b6d8db25305f59af5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aa8bdb3a121304a29eb6c5b6d8db25305f59af5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to