Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
432d4ffb by Moritz Muehlenhoff at 2022-08-24T10:35:59+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1173,16 +1173,19 @@ CVE-2022-2835
CVE-2022-2834
RESERVED
CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical
bugs. ...)
- - blender 3.2.2+dfsg-1
+ - blender 3.2.2+dfsg-1 (unimportant)
NOTE:
https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
NOTE: https://developer.blender.org/T99711
+ NOTE: Hang in CLI tool, no security impact
CVE-2022-2832 (When rendering with headless builds, show an error instead of
crashing ...)
- blender <unfixed>
+ [bullseye] - blender <no-dsa> (Minor issue)
NOTE: https://developer.blender.org/T99706
NOTE: https://developer.blender.org/D15463
NOTE:
https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c
CVE-2022-2831 (A loaded (and valid) image can be crafted such that an
out-of-bounds r ...)
- blender 3.2.2+dfsg-1
+ [bullseye] - blender <no-dsa> (Minor issue)
NOTE: https://developer.blender.org/T99705
NOTE:
https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
NOTE:
https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535
@@ -2657,13 +2660,19 @@ CVE-2022-37771
RESERVED
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a
segmentation fault ...)
- libjpeg <unfixed>
+ [bullseye] - libjpeg <no-dsa> (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
+ NOTE:
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a
segmentation fault ...)
- libjpeg <unfixed>
+ [bullseye] - libjpeg <no-dsa> (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/78
+ NOTE:
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite
loop via ...)
- - libjpeg <unfixed>
+ - libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/77
+ NOTE:
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
+ NOTE: Hang in CLI tool, no security impact
CVE-2022-37767
RESERVED
CVE-2022-37766
@@ -3437,6 +3446,7 @@ CVE-2022-37429
RESERVED
CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1,
when pro ...)
- pdns-recursor <unfixed>
+ [bullseye] - pdns-recursor <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1
NOTE: https://downloads.powerdns.com/patches/2022-02/
CVE-2022-37427
@@ -3554,10 +3564,11 @@ CVE-2022-2654
CVE-2022-2653 (With this vulnerability an attacker can read many sensitive
files like ...)
NOT-FOR-US: plankanban/planka
CVE-2022-2652 (Depending on the way the format strings in the card label are
crafted ...)
- - v4l2loopback 0.12.7-1 (bug #1016685)
+ - v4l2loopback 0.12.7-1 (unimportant; bug #1016685)
NOTE: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
NOTE:
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd
(main)
NOTE:
https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff
(v0.12.6)
+ NOTE: Negligible security impact
CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository
bookwyr ...)
NOT-FOR-US: BookWyrm
CVE-2022-2650
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/432d4ffb335a8cec10a21f4c75890d617d122720
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/432d4ffb335a8cec10a21f4c75890d617d122720
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
