[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 11 Aug 2022 15:17:36 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1fb5242a by Moritz Muehlenhoff at 2022-08-12T00:16:58+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6836,6 +6836,7 @@ CVE-2022-2348
 CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU]
        RESERVED
        - u-boot <unfixed> (bug #1014959)
+       [bullseye] - u-boot <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
 CVE-2022-35399
        REJECTED
@@ -19437,10 +19438,12 @@ CVE-2022-30700 (An incorrect permission assignment 
vulnerability in Trend Micro
        NOT-FOR-US: Trend Micro
 CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is 
vulnerable  ...)
        - unbound <unfixed> (bug #1016493)
+       [bullseye] - unbound <no-dsa> (Minor issue)
        NOTE: 
https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
        NOTE: 
https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
 (release-1.16.2)
 CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is 
vulnerable t ...)
        - unbound <unfixed> (bug #1016493)
+       [bullseye] - unbound <no-dsa> (Minor issue)
        NOTE: 
https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
        NOTE: 
https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
 (release-1.16.2)
 CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. 
The fol ...)
@@ -63241,6 +63244,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T 
is affected by Stored Cros
        NOT-FOR-US: Sofico
 CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 
allows an ou ...)
        - squirrel3 <unfixed> (bug #1016212)
+       [bullseye] - squirrel3 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
 (v3.2)
        NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
 CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 
21.3.3.815 (a  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ ruby-tzinfo
 --
 salt
 --
+sofia-sip
+--
 sox
   patch needed for CVE-2021-40426, check with upstream
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to