bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 04 Jul 2022 01:29:12 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
67a08c8b by Moritz Muehlenhoff at 2022-07-04T10:28:41+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,9 +27,10 @@ CVE-2022-34911 (An issue was discovered in MediaWiki before 
1.35.7, 1.36.x and 1
 CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
zadam/tril ...)
        TODO: check
 CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
-       - vim <unfixed>
+       - vim <unfixed> (unimportant)
        NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/
        NOTE: 
https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e 
(v9.0.0026)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. 
...)
        - vim <unfixed>
        NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
@@ -28580,12 +28581,16 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. 
HTTPie has the practical c
 CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to 
version ...)
        [experimental] - redis 5:7.0.0-1
        - redis 5:7.0.1-4
+       [bullseye] - redis <no-dsa> (Minor issue)
+       [buster] - redis <no-dsa> (Minor issue)
        [stretch] - redis <no-dsa> (Minor issue, problematic to backport patch 
to embedded Lua engine)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984
        NOTE: https://github.com/redis/redis/pull/10651
 CVE-2022-24735 (Redis is an in-memory database that persists on disk. By 
exploiting we ...)
        [experimental] - redis 5:7.0.0-1
        - redis 5:7.0.1-4
+       [bullseye] - redis <no-dsa> (Minor issue)
+       [buster] - redis <no-dsa> (Minor issue)
        [stretch] - redis <no-dsa> (Minor issue, problematic to backport patch 
to embedded Lua engine)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq
        NOTE: https://github.com/redis/redis/pull/10651



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a08c8b7180bd8df0d1998dd1d4000be48645cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a08c8b7180bd8df0d1998dd1d4000be48645cf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to