Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
93a402ef by Moritz Muehlenhoff at 2022-09-01T15:44:24+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7076,23 +7076,26 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
NOTE:
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
(v9.0.0061)
CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid
pointer free ...)
- - tiff <unfixed>
+ - tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc
assertion f ...)
- - tiff <unfixed>
+ - tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2519 (There is a double free or corruption in rotateImage() at
tiffcrop.c:88 ...)
- - tiff <unfixed>
+ - tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2518
RESERVED
CVE-2022-2517
@@ -7756,7 +7759,8 @@ CVE-2022-36187
RESERVED
CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC
2.1-DEV-revUNK ...)
- gpac <unfixed>
- [buster] - gpac <end-of-life> (EOL in buster LTS)
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2223
NOTE:
https://github.com/gpac/gpac/commit/b43f9d1a4b4e33d08edaef6d313e6ce4bdf554d3
CVE-2022-36185
@@ -54042,6 +54046,7 @@ CVE-2021-44716 (net/http in Go before 1.16.12 and
1.17.x before 1.17.5 allows un
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1
+ [bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
- golang-golang-x-net-dev <removed>
[stretch] - golang-golang-x-net-dev <postponed> (Limited support in
stretch)
NOTE: https://github.com/golang/go/issues/50058
@@ -100469,6 +100474,7 @@ CVE-2021-28133 (Zoom through 5.5.4 sometimes allows
attackers to read private in
NOT-FOR-US: Zoom
CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted
torrent file. ...)
- deluge <unfixed>
+ [bullseye] - deluge <no-dsa> (Minor issue)
NOTE: https://dev.deluge-torrent.org/ticket/3459
NOTE: https://dev.deluge-torrent.org/changeset/8ece03677
NOTE: https://dev.deluge-torrent.org/changeset/a5503c0c606
=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ asterisk (apo)
--
chromium
--
+connman
+--
freecad (aron)
--
gdk-pixbuf (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a402efa03e97dd44b9c75612815b4e025ae670
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a402efa03e97dd44b9c75612815b4e025ae670
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
