bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 01 Jun 2022 11:30:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
92e43a19 by Moritz Muehlenhoff at 2022-06-01T20:30:00+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,6 +10,8 @@ CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer 
dereference in Componen
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in 
_dwarf_check_strin ...)
        - dwarfutils <unfixed>
+       [bullseye] - dwarfutils <no-dsa> (Minor issue)
+       [buster] - dwarfutils <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
        NOTE: https://github.com/davea42/libdwarf-code/issues/116
        NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001
@@ -50031,20 +50033,22 @@ CVE-2021-40403 (An information disclosure 
vulnerability exists in the pick-and-p
        NOTE: https://github.com/gerbv/gerbv/issues/82
        NOTE: Fixed by: 
https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878 
(v2.9.1-rc.1)
 CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X 
aperture mac ...)
-       - gerbv <unfixed>
+       - gerbv <unfixed> (unimportant)
        NOTE: https://github.com/gerbv/gerbv/issues/80
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
+       NOTE: Crash in GUI tool, no security impact
 CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture 
definiti ...)
        - gerbv <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
        NOTE: Fixed by: 
https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 
(v2.9.0-rc.1)
        NOTE: https://github.com/gerbv/gerbv/issues/81
 CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X 
aperture mac ...)
-       - gerbv <unfixed>
+       - gerbv <unfixed> (unimportant)
        NOTE: https://github.com/gerbv/gerbv/issues/79
        NOTE: https://github.com/gerbv/gerbv/pull/124
        NOTE: Fixed by: 
https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
+       NOTE: Crash in GUI tool, no security impact
 CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS 
Spreadsheets ...)
        NOT-FOR-US: WPS Office
 CVE-2021-40398 (An out-of-bounds write vulnerability exists in the 
parse_raster_data f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e43a19c4806603684092f0394aaffe05b14c92

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e43a19c4806603684092f0394aaffe05b14c92
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to