Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdb2437a by Moritz Muehlenhoff at 2022-06-30T16:53:55+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4382,6 +4382,8 @@ CVE-2022-33071
RESERVED
CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid
arithmetic shif ...)
- protobuf-c <unfixed>
+ [bullseye] - protobuf-c <no-dsa> (Minor issue)
+ [buster] - protobuf-c <no-dsa> (Minor issue)
NOTE: https://github.com/protobuf-c/protobuf-c/issues/506
NOTE: https://github.com/protobuf-c/protobuf-c/pull/508
CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via
SMTEncoder ...)
@@ -44708,6 +44710,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a
command shell for interactive
NOTE:
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
CVE-2022-21698 (client_golang is the instrumentation library for Go
applications in Pr ...)
- golang-github-prometheus-client-golang 1.11.1-1 (bug #1008008)
+ [bullseye] - golang-github-prometheus-client-golang <no-dsa> (Minor
issue)
+ [buster] - golang-github-prometheus-client-golang <no-dsa> (Minor issue)
[stretch] - golang-github-prometheus-client-golang <postponed> (Minor
issue, DoS in specific conditions, requires rebuilding reverse-dependencies;
Limited support in stretch)
NOTE:
https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
NOTE: https://github.com/prometheus/client_golang/pull/962
@@ -130529,11 +130533,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows
attackers to cause a denial of
CVE-2020-23905
RESERVED
CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex
v1.2 all ...)
- - speex <unfixed>
- [bullseye] - speex <no-dsa> (Minor issue)
- [buster] - speex <no-dsa> (Minor issue)
- [stretch] - speex <no-dsa> (Minor issue)
- NOTE: https://github.com/xiph/speex/issues/14
+ NOTE: Disputed speex issue
CVE-2020-23903 (A Divide by Zero vulnerability in the function static int
read_samples ...)
- speex 1.2~rc1.2-2
[bullseye] - speex <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -14,7 +14,7 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
asterisk/oldstable
--
-cacti
+blender (jmm)
--
curl
--
@@ -24,6 +24,8 @@ freecad (aron)
--
kicad (jmm)
--
+ldap-account-manager
+--
librecad
--
libpgjava (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb2437a55973d996f4af95c0efcd1f2b683e4c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb2437a55973d996f4af95c0efcd1f2b683e4c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
