Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de79c0c0 by Moritz Muehlenhoff at 2022-07-01T10:42:44+02:00
bullseye/buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4801,16 +4801,22 @@ CVE-2017-20052 (A vulnerability classified as
problematic was found in Python 2.
NOT-FOR-US: pgadmin on Windows
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
@@ -40811,6 +40817,8 @@ CVE-2022-21950
RESERVED
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference
vulnerability ...)
- ruby-xmlhash <unfixed> (bug #1010667)
+ [bullseye] - ruby-xmlhash <no-dsa> (Minor issue)
+ [buster] - ruby-xmlhash <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
NOTE:
https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751
(1.3.8)
CVE-2022-21948
@@ -45296,6 +45304,8 @@ CVE-2021-43860 (Flatpak is a Linux application
sandboxing and distribution frame
CVE-2021-43859 (XStream is an open source java library to serialize objects to
XML and ...)
{DLA-2924-1}
- libxstream-java 1.4.19-1
+ [bullseye] - libxstream-java <no-dsa> (Minor issue)
+ [buster] - libxstream-java <no-dsa> (Minor issue)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
NOTE: https://x-stream.github.io/CVE-2021-43859.html
NOTE:
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de79c0c04d75e4cb744f95532bfcf9b0146b34b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de79c0c04d75e4cb744f95532bfcf9b0146b34b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
