buster triage

Moritz Muehlenhoff (@jmm) Wed, 22 Jun 2022 11:36:54 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
880a9d22 by Moritz Muehlenhoff at 2022-06-22T20:36:12+02:00
bullseye/buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1062,7 +1062,9 @@ CVE-2022-33904
 CVE-2022-33903
        RESERVED
        - tor 0.4.7.8-1
-       [stretch] - tor <end-of-life> (Not supported in LTS)
+       [bullseye] - tor <not-affected> (Only affects 0.4.7.x)
+       [buster] - tor <not-affected> (Only affects 0.4.7.x)
+       [stretch] - tor <not-affected> (Only affects 0.4.7.x)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2099227
        NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40626
        NOTE: 
https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html
@@ -14900,18 +14902,26 @@ CVE-2022-28737
 CVE-2022-28736
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28735
        RESERVED
        - grub2 2.06-3 (bug #1001057)
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28734
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28733
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28732
        RESERVED
@@ -50903,11 +50913,10 @@ CVE-2021-42220 (A Cross Site Scripting (XSS) 
vulnerability exists in Dolibarr be
 CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which 
allows at ...)
        - golang-github-go-ethereum <itp> (bug #890541)
 CVE-2021-42218 (OMPL v1.5.2 contains a memory leak in VFRRT.cpp ...)
-       - ompl <unfixed>
-       [bullseye] - ompl <no-dsa> (Minor issue)
-       [stretch] - ompl <not-affected> (VFRRT introduced in v1.2)
+       - ompl <unfixed> (unimportant)
        NOTE: https://github.com/ompl/ompl/issues/839
        NOTE: 
https://github.com/ompl/ompl/commit/abb4fadcb4e4fe4c9cf41e5e7706143a66948eb7
+       NOTE: Negligible security impact
 CVE-2021-42217
        RESERVED
 CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 
0.8.5 via ...)
@@ -52785,8 +52794,9 @@ CVE-2021-41492 (Multiple SQL Injection vulnerabilities 
exist in Sourcecodester S
 CVE-2021-41491
        RESERVED
 CVE-2021-41490 (Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause 
unexpected behavi ...)
-       - ompl <unfixed>
+       - ompl <unfixed> (unimportant)
        NOTE: https://github.com/ompl/ompl/issues/833
+       NOTE: Negligible security impact
 CVE-2021-41489
        RESERVED
 CVE-2021-41488
@@ -60600,14 +60610,20 @@ CVE-2021-3698 (A flaw was found in Cockpit in 
versions prior to 260 in the way i
 CVE-2021-3697
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-3696
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-3695
        RESERVED
        - grub2 2.06-3
+       [bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+       [buster] - grub2 <no-dsa> (Minor issue, fix via point release)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in 
sysusers ...)
        - opensysusers 0.6-3 (bug #992058)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/880a9d224159c8b9ab6d0441cd1f26851b584bc6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/880a9d224159c8b9ab6d0441cd1f26851b584bc6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/buster triage

Reply via email to