Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4819afe by Moritz Muehlenhoff at 2022-08-22T16:43:21+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,6 +316,7 @@ CVE-2022-38494
RESERVED
CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the
RSA priva ...)
- rhonabwy 1.1.7-1
+ [bullseye] - rhonabwy <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399
CVE-2022-38492
RESERVED
@@ -6423,28 +6424,36 @@ CVE-2022-36148 (fdkaac commit 53fe239 was discovered to
contain a floating point
CVE-2022-36147
RESERVED
CVE-2022-36146 (SWFMill commit 53d7690 was discovered to contain a memory
allocation i ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/65
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a
segmentation violat ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/64
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer
overflo ...)
- swfmill <unfixed>
+ [bullseye] - swfmill <no-dsa> (Minor issue)
NOTE: https://github.com/djcsdy/swfmill/issues/63
CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer
overflo ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/62
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36142 (SWFMill commit 53d7690 was discovered to contain a heap-buffer
overflo ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/61
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36141 (SWFMill commit 53d7690 was discovered to contain a
segmentation violat ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/58
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a
segmentation violat ...)
- - swfmill <unfixed>
+ - swfmill <unfixed> (unimportant)
NOTE: https://github.com/djcsdy/swfmill/issues/57
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer
overflo ...)
- swfmill <unfixed>
+ [bullseye] - swfmill <no-dsa> (Minor issue)
NOTE: https://github.com/djcsdy/swfmill/issues/56
CVE-2022-36138
RESERVED
@@ -34931,6 +34940,7 @@ CVE-2022-25758 (All versions of package scss-tokenizer
are vulnerable to Regular
- node-scss-tokenizer <itp> (bug #885456)
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command
Injection via ...)
- ruby-git <unfixed> (bug #1009926)
+ [bullseye] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
@@ -35647,6 +35657,7 @@ CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected
in GitHub repository micro
CVE-2022-0718
RESERVED
- python-oslo.utils 4.10.1-1
+ [bullseye] - python-oslo.utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850
NOTE: https://bugs.launchpad.net/oslo.utils/+bug/1949623
NOTE: Fixed by:
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
(4.12.1)
@@ -57174,6 +57185,7 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX
before 2.10.2 uses $reques
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some
division o ...)
[experimental] - openexr 3.1.3-1
- openexr 3.1.5-2 (bug #1014828)
+ [bullseye] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
@@ -57361,6 +57373,7 @@ CVE-2021-3934 (ohmyzsh is vulnerable to Improper
Neutralization of Special Eleme
CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a
crafted file ...)
[experimental] - openexr 3.1.3-1
- openexr 3.1.5-2 (bug #1014828)
+ [bullseye] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ linux (carnil)
--
maven-shared-utils
--
+minetest
+--
netatalk
open regression with MacOS, tentative patch not yet merged upstream
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4819afe1e521bc33b9ab2494ddabb3ff04b5e94
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4819afe1e521bc33b9ab2494ddabb3ff04b5e94
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
