Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8cb36f6f by Moritz Muehlenhoff at 2022-06-24T17:57:09+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -297,17 +297,15 @@ CVE-2022-2185
CVE-2022-2184
RESERVED
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
- - vim <unfixed>
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975
NOTE:
https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa
(v8.2.5151)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2182 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- - vim <unfixed>
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8
NOTE:
https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e
(v8.2.5150)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2181
RESERVED
CVE-2021-46824 (Cross Site Scripting (XSS) vulnerability in sourcecodester
School File ...)
@@ -449,11 +447,10 @@ CVE-2022-2177
CVE-2022-2176
RESERVED
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
NOTE:
https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e
(v8.2.5148)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
NOT-FOR-US: microweber
CVE-2022-2173
@@ -3302,8 +3299,9 @@ CVE-2022-33068 (An integer overflow in the component
hb-ot-shape-fallback.cc of
NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557
NOTE:
https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid
arithmetic shi ...)
- - lrzip <unfixed>
+ - lrzip <unfixed> (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/224
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-33066
RESERVED
CVE-2022-33065
@@ -20265,6 +20263,8 @@ CVE-2022-0948 (The Order Listener for WooCommerce
WordPress plugin before 3.2.2
NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [wordpress 5.9.2]
- wordpress 5.9.2+dfsg1-1 (bug #1007145)
+ [bullseye] - wordpress <postponed> (Minor issues, fix along in next
round of updates)
+ [buster] - wordpress <postponed> (Minor issues, fix along in next round
of updates)
[stretch] - wordpress 4.7.23+dfsg-0+deb9u1
NOTE:
https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
CVE-2022-27165 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via
cszcms_admin_Plugin_m ...)
@@ -24288,7 +24288,8 @@ CVE-2022-0727 (Improper Access Control in GitHub
repository chocobozzz/peertube
CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube
prior ...)
- peertube <itp> (bug #950821)
CVE-2022-0725 (A flaw was found in KeePass. The vulnerability occurs due to
logging t ...)
- - keepass2 <unfixed> (bug #1008022)
+ NOTE: Non-issue, broken report against keepass2, couldn't be reproduced
with
+ NOTE: Debian, Fedora and by upstream, see bug #1008022
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052696
NOTE:
https://sourceforge.net/p/keepass/discussion/329220/thread/da7546b7e1/
NOTE:
https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/
=====================================
data/dsa-needed.txt
=====================================
@@ -22,9 +22,7 @@ epiphany-browser
--
freecad (aron)
--
-grub2
---
-kicad
+kicad (jmm)
--
librecad
--
@@ -63,7 +61,5 @@ unzip
unclear information, initial report indicates writable memory corruption, but
some identified patch is just for a NULL deref, needs more clarification
--
-wordpress
---
xen (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb36f6fce2a63c65cb29133360fbfb11c465c87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb36f6fce2a63c65cb29133360fbfb11c465c87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
