buster triage

Moritz Muehlenhoff (@jmm) Thu, 23 Jun 2022 08:25:20 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
247caf1a by Moritz Muehlenhoff at 2022-06-23T17:23:28+02:00
bullseye/buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -100,9 +100,12 @@ CVE-2022-34301
        RESERVED
 CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in 
tinyexr::D ...)
        - tinyexr <unfixed>
+       [bullseye] - tinyexr <no-dsa> (Minor issue)
        NOTE: https://github.com/syoyo/tinyexr/issues/167
 CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This 
issue i ...)
        - dwarfutils <unfixed>
+       [bullseye] - dwarfutils <no-dsa> (Minor issue)
+       [buster] - dwarfutils <no-dsa> (Minor issue)
        NOTE: 
https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162
        NOTE: https://github.com/davea42/libdwarf-code/issues/119
        NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001
@@ -2937,11 +2940,10 @@ CVE-2022-33107
 CVE-2022-33106
        RESERVED
 CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the 
component s ...)
-       - redis 5:7.0.1-4
+       - redis <not-affected> (No vulnerable version 7.x was uploaded to 
unstable)
        NOTE: 
https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef 
(7.0.1)
        NOTE: https://github.com/redis/redis/pull/10753
        NOTE: https://github.com/redis/redis/pull/10829
-       TODO: check, if it affects only the v7.0 series, if so there was never 
an affected version in Debian unstable
 CVE-2022-33104
        RESERVED
 CVE-2022-33103
@@ -3018,6 +3020,8 @@ CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an 
assertion failure via SMTE
        TODO: check
 CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc 
of Harfbu ...)
        - harfbuzz <unfixed>
+       [bullseye] - harfbuzz <no-dsa> (Minor issue)
+       [buster] - harfbuzz <no-dsa> (Minor issue)
        NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557
        NOTE: 
https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
 CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid 
arithmetic shi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247caf1a09229e860ddc6f7e841e848553050d74

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247caf1a09229e860ddc6f7e841e848553050d74
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/buster triage

Reply via email to