Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfbf4d8b by Moritz Muehlenhoff at 2022-07-01T14:35:53+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5864,6 +5864,8 @@ CVE-2022-32533
RESERVED
CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be
misconfigured ...)
- shiro <unfixed>
+ [bullseye] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
CVE-2022-32531
RESERVED
@@ -11315,6 +11317,8 @@ CVE-2022-XXXX [RUSTSEC-2022-0019]
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0019.html
CVE-2022-XXXX [RUSTSEC-2022-0020]
- rust-crossbeam <unfixed>
+ [bullseye] - rust-crossbeam <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html
CVE-2022-30600 (A flaw was found in moodle where logic used to count failed
login atte ...)
- moodle <removed>
@@ -28322,6 +28326,8 @@ CVE-2022-24759 (`@chainsafe/libp2p-noise` contains
TypeScript implementation of
NOT-FOR-US: chainsafe/libp2p-noise
CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for
interacti ...)
- jupyter-notebook <unfixed>
+ [bullseye] - jupyter-notebook <no-dsa> (Minor issue)
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
NOTE:
https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55
NOTE:
https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e
(6.4.10)
CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core
services, APIs, ...)
@@ -32468,6 +32474,8 @@ CVE-2022-23640 (Excel-Streaming-Reader is an
easy-to-use implementation of a str
NOT-FOR-US: Excel-Streaming-Reader
CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives,
scoped t ...)
- rust-crossbeam-utils 0.8.8-1
+ [bullseye] - rust-crossbeam-utils <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam-utils <no-dsa> (Minor issue)
- rust-crossbeam-utils-0.7 <unfixed>
NOTE:
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781
=====================================
data/dsa-needed.txt
=====================================
@@ -12,7 +12,7 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
--
-asterisk/oldstable
+asterisk
--
blender (jmm)
--
@@ -34,6 +34,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
+logrotate
+--
ndpi/oldstable
--
netatalk
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbf4d8b1b0cdc87216552c0e02165d0cdb8a460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbf4d8b1b0cdc87216552c0e02165d0cdb8a460
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
