Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bd5cc0b by Moritz Muehlenhoff at 2022-06-03T12:24:37+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4377,7 +4377,9 @@ CVE-2022-30629
- golang-1.18 1.18.3-1
- golang-1.17 <unfixed>
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- golang-1.7 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg
@@ -8544,6 +8546,8 @@ CVE-2022-29243 (Nextcloud Server is the file server
software for Nextcloud, a se
- nextcloud-server <itp> (bug #941708)
CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST
crypto a ...)
- libengine-gost-openssl1.1 <unfixed>
+ [bullseye] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
+ [buster] - libengine-gost-openssl1.1 <no-dsa> (Minor issue)
NOTE:
https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5
NOTE:
https://github.com/gost-engine/engine/commit/7df766124f87768b43b9e8947c5a01e17545772c
(v3.0.1)
NOTE:
https://github.com/gost-engine/engine/commit/b2b4d629f100eaee9f5942a106b1ccefe85b8808
(v3.0.1)
@@ -10088,6 +10092,8 @@ CVE-2022-1254 (A URL redirection vulnerability in
Skyhigh SWG in main releases 1
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository
strukturag/libde265 pr ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
NOTE:
https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
@@ -43284,24 +43290,24 @@ CVE-2021-42706 (This vulnerability could allow an
attacker to disclose informati
CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a
stack-based buf ...)
NOT-FOR-US: PLC Editor
CVE-2021-42704 (Inkscape version 0.91 is vulnerable to an out-of-bounds write,
which m ...)
- - inkscape 1.0-1
+ - inkscape 1.0-1 (unimportant)
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
- TODO: Unclear if this is really fixed in 1.0+
+ NOTE: oob read/crash in GUI tool, no security impact
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious
Javascrip ...)
NOT-FOR-US: Advantech
CVE-2021-42702 (Inkscape version 0.91 can access an uninitialized pointer,
which may a ...)
- - inkscape 1.0-1
+ - inkscape 1.0-1 (unimportant)
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
- TODO: Unclear if this is really fixed in 1.0+
+ NOTE: oob read/crash in GUI tool, no security impact
CVE-2021-42701 (An attacker could prepare a specially crafted project file
that, if op ...)
NOT-FOR-US: AzeoTech
CVE-2021-42700 (Inkscape 0.91 is vulnerable to an out-of-bounds read, which
may allow ...)
- - inkscape 1.0-1
+ - inkscape 1.0-1 (unimportant)
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
- TODO: Unclear if this is really fixed in 1.0+
+ NOTE: oob read/crash in GUI tool, no security impact
CVE-2021-42699 (The affected product is vulnerable to cookie information being
transmi ...)
NOT-FOR-US: AzeoTech
CVE-2021-42698 (Project files are stored memory objects in the form of binary
serializ ...)
@@ -62728,6 +62734,8 @@ CVE-2021-35453
RESERVED
CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265
v1.0.8 du ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/298
CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an
unauthenti ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -22,6 +22,8 @@ epiphany-browser
--
freecad (aron)
--
+kicad
+--
libpgjava (apo)
--
linux (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd5cc0ba63af33abf50981d733988468b0430ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd5cc0ba63af33abf50981d733988468b0430ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
