Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f808e6c8 by Moritz Muehlenhoff at 2022-07-08T14:27:59+02:00
buster/bullseye triage
cyclonedds/fastdds fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18819,11 +18819,10 @@ CVE-2022-28508 (An XSS issue was discovered in
browser_search_plugin.php in Mant
CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware
BDT-121 versio ...)
NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware
BDT-121
CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function
DumpScreen2RG ...)
- - giflib <unfixed>
- [bullseye] - giflib <no-dsa> (Minor issue)
- [buster] - giflib <no-dsa> (Minor issue)
- [stretch] - giflib <no-dsa> (Minor issue)
+ - giflib <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/giflib/bugs/159/
+ NOTE: https://sourceforge.net/p/giflib/code/merge-requests/11/
+ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
CVE-2022-28505 (Jfinal_cms 5.1.0 is vulnerable to SQL Injection via
com.jflyfox.system ...)
NOT-FOR-US: Jfinal_cms
CVE-2022-28504
@@ -58275,11 +58274,9 @@ CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL
injection in ChooseCpSearch
CVE-2021-40634
RESERVED
CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in
giflib 5 ...)
- - giflib <unfixed>
- [bullseye] - giflib <no-dsa> (Minor issue)
- [buster] - giflib <no-dsa> (Minor issue)
- [stretch] - giflib <no-dsa> (Minor issue)
+ - giflib <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/giflib/bugs/157/
+ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
CVE-2021-40632
RESERVED
CVE-2021-40631
@@ -63764,19 +63761,19 @@ CVE-2021-38445 (OCI OpenDDS versions prior to 3.18.1
do not handle a length para
CVE-2021-38444
RESERVED
CVE-2021-38443 (Eclipse CycloneDDS versions prior to 0.8.0 improperly handle
invalid s ...)
- - cyclonedds <undetermined>
+ - cyclonedds 0.8.1-2
+ [bullseye] - cyclonedds <no-dsa> (Minor issue)
NOTE: No mention of CVE upstream
NOTE: https://projects.eclipse.org/projects/iot.cyclonedds
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
- TODO: check for upstream commit
CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
NOT-FOR-US: FATEK Automation
CVE-2021-38441 (Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a
write-w ...)
- - cyclonedds <undetermined>
+ - cyclonedds 0.8.1-2
+ [bullseye] - cyclonedds <no-dsa> (Minor issue)
NOTE: No mention of CVE upstream
NOTE: https://projects.eclipse.org/projects/iot.cyclonedds
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
- TODO: check for upstream commit
CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is
vulnerable to ...)
NOT-FOR-US: FATEK Automation
CVE-2021-38439 (All versions of GurumDDS are vulnerable to heap-based buffer
overflow, ...)
@@ -63808,10 +63805,11 @@ CVE-2021-38427 (RTI Connext DDS Professional and
Connext DDS Secure Versions 4.2
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
NOT-FOR-US: FATEK Automation
CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are
susceptible to e ...)
- - fastdds <unfixed>
+ - fastdds 2.6.1+ds-1
[bullseye] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/eProsima/Fast-DDS/issues/2267
NOTE: https://github.com/eProsima/Fast-DDS/pull/2269
+ NOTE:
https://github.com/eProsima/Fast-DDS/commit/01550cfa1b8313c4cb39529960b41f95e4820312
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions
1.2.4.0 and pr ...)
NOT-FOR-US: Delta Electronics DIALink
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f808e6c84e6e3672c539fa964edade80b20ca059
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f808e6c84e6e3672c539fa964edade80b20ca059
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
