Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d2c0910 by Moritz Muehlenhoff at 2022-06-17T17:16:22+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2032,9 +2032,10 @@ CVE-2022-32767
CVE-2022-32979
RESERVED
CVE-2022-32978 (There is an assertion failure in
SingleComponentLSScan::ParseMCU in si ...)
- - libjpeg <unfixed>
+ - libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/75
NOTE:
https://github.com/thorfdbg/libjpeg/commit/4746b577931e926a49e50de9720a4946de3069a7
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-32977
RESERVED
CVE-2022-32976
@@ -2476,11 +2477,10 @@ CVE-2022-2044
CVE-2022-2043
RESERVED
CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
NOTE:
https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835
(v8.2.5072)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2041
RESERVED
CVE-2022-2040
@@ -2974,6 +2974,8 @@ CVE-2022-32548
RESERVED
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type
'double', ...)
- imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813
NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033
NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034
@@ -2981,6 +2983,8 @@ CVE-2022-32547 (In ImageMagick, there is load of
misaligned address for type 'do
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
(6.9.12-45)
CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside
the range ...)
- imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985
NOTE: https://github.com/ImageMagick/ImageMagick/pull/4986
@@ -2988,6 +2992,8 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick,
causing an outside the
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943
(6.9.12-44)
CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside
the range ...)
- imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962
NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963
@@ -6449,6 +6455,8 @@ CVE-2022-31292
RESERVED
CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8
allows atta ...)
- dlt-daemon <unfixed>
+ [bullseye] - dlt-daemon <no-dsa> (Minor issue)
+ [buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/COVESA/dlt-daemon/pull/376
NOTE:
https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
CVE-2022-31290
@@ -19998,6 +20006,8 @@ CVE-2022-26636
RESERVED
CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL
termination w ...)
- php-memcached <unfixed> (bug #1009328)
+ [bullseye] - php-memcached <no-dsa> (Minor issue)
+ [buster] - php-memcached <no-dsa> (Minor issue)
[stretch] - php-memcached <no-dsa> (Minor issue)
NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
CVE-2022-26634 (HMA VPN v5.3.5913.0 contains an unquoted service path which
allows att ...)
@@ -20314,6 +20324,8 @@ CVE-2022-26492
CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote
attacker who ...)
{DLA-3043-1}
- pidgin 2.14.9-1
+ [bullseye] - pidgin <no-dsa> (Minor issue)
+ [buster] - pidgin <no-dsa> (Minor issue)
NOTE: https://pidgin.im/about/security/advisories/cve-2022-26491/
NOTE: https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc
CVE-2022-26489
@@ -25435,6 +25447,8 @@ CVE-2022-24724 (cmark-gfm is GitHub's extended version
of the C reference implem
- python-cmarkgfm 0.7.0-1 (bug #1006758)
- ruby-commonmarker <unfixed> (bug #1006759)
- r-cran-commonmark 1.8.0-1 (bug #1006760)
+ [bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
+ [buster] - r-cran-commonmark <no-dsa> (Minor issue)
NOTE:
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
NOTE: https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.3
NOTE:
https://github.com/github/cmark-gfm/commit/ac80f7b56522ffa158e1f0c14a611ffccacd4027
(0.29.0.gfm.3)
@@ -35031,12 +35045,18 @@ CVE-2021-4187 (vim is vulnerable to Use After Free
...)
CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based
buffer ...)
{DLA-2937-1}
- gif2apng <removed> (bug #1002687)
+ [bullseye] - gif2apng <no-dsa> (Minor issue)
+ [buster] - gif2apng <no-dsa> (Minor issue)
CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based
buffer ...)
{DLA-2937-1}
- gif2apng <removed> (bug #1002667)
+ [bullseye] - gif2apng <no-dsa> (Minor issue)
+ [buster] - gif2apng <no-dsa> (Minor issue)
CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based
buffer ...)
{DLA-2937-1}
- gif2apng <removed> (bug #1002668)
+ [bullseye] - gif2apng <no-dsa> (Minor issue)
+ [buster] - gif2apng <no-dsa> (Minor issue)
CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a
stack-based buffer ...)
- gif2apng <removed> (bug #1002669; unimportant)
NOTE: Negligible security impact
@@ -53748,6 +53768,8 @@ CVE-2021-40634
RESERVED
CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in
giflib 5 ...)
- giflib <unfixed>
+ [bullseye] - giflib <no-dsa> (Minor issue)
+ [buster] - giflib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/giflib/bugs/157/
CVE-2021-40632
RESERVED
@@ -53839,8 +53861,9 @@ CVE-2021-40591
CVE-2021-40590
RESERVED
CVE-2021-40589 (ZAngband zangband-data 2.7.5 is affected by an integer
underflow vulne ...)
- - zangband <unfixed>
+ - zangband <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/zangband/bugs/671/
+ NOTE: Negligible security impact
CVE-2021-40588
RESERVED
CVE-2021-40587
=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,7 @@ curl
--
epiphany-browser
--
-firejail
+firejail (jmm)
--
freecad (aron)
--
@@ -53,7 +53,7 @@ salt
--
slurm-llnl/oldstable
--
-slurm-wlm/stable
+slurm-wlm/stable (jmm)
Maintainer proposed an update for bullseye-security
--
sox
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d2c09103b65a0d8bd455a44398c269ad53c0719
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d2c09103b65a0d8bd455a44398c269ad53c0719
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
