[Git][security-tracker-team/security-tracker][master] bullseye triage

Fri, 26 Aug 2022 00:50:58 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3d0ad999 by Moritz Muehlenhoff at 2022-08-26T09:50:22+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -62563,18 +62563,22 @@ CVE-2022-20113 (In mPreference of 
DefaultUsbConfigurationPreferenceController.ja
 CVE-2022-20112 (In getAvailabilityStatus of 
PrivateDnsPreferenceController.java, there ...)
        NOT-FOR-US: Android
 CVE-2021-42523 (There are two Information Disclosure vulnerabilities in 
colord, and th ...)
-       - colord 1.4.6-1
+       - colord 1.4.6-1 (unimportant)
        NOTE: https://github.com/hughsie/colord/issues/110
        NOTE: 
https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405
 (1.4.6)
+       NOTE: Memory leak in a system-local daemon, negligible security impact
 CVE-2021-42522 (There is a Information Disclosure vulnerability in 
anjuta/plugins/docu ...)
-       - anjuta <unfixed>
+       - anjuta <unfixed> (unimportant)
        NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12
+       NOTE: Memory leak in GUI application, no security impact
 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and 
it lies  ...)
        - vtk9 <unfixed>
+       [bullseye] - vtk9 <no-dsa> (Minor issue)
        - vtk7 <unfixed>
+       [bullseye] - vtk7 <no-dsa> (Minor issue)
        - vtk6 <unfixed>
+       [bullseye] - vtk6 <no-dsa> (Minor issue)
        NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818
-       TODO: check, potentially as well src:paraview, but needs to check impact
 CVE-2021-42520
        RESERVED
 CVE-2021-42519
@@ -127621,6 +127625,7 @@ CVE-2020-28590 (An out-of-bounds read vulnerability 
exists in the Obj File Trian
        NOTE: Crash in enduser application, no security impact
 CVE-2020-28589 (An improper array index validation vulnerability exists in the 
LoadObj ...)
        - tinyobjloader <unfixed> (bug #1014776)
+       [bullseye] - tinyobjloader <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1212
 CVE-2020-28588 (An information disclosure vulnerability exists in the 
/proc/pid/syscal ...)
        - linux 5.9.15-1


=====================================
data/dsa-needed.txt
=====================================
@@ -51,3 +51,7 @@ sox
 --
 thunderbird (jmm)
 --
+webkit2gtk
+--
+wpewebkit
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d0ad999e218a3e65817af7df4effe54c638657c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d0ad999e218a3e65817af7df4effe54c638657c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to