[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 02 Sep 2022 00:10:56 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7fa5035b by Moritz Muehlenhoff at 2022-09-02T09:07:16+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3914,10 +3914,10 @@ CVE-2022-37772
 CVE-2022-37771
        RESERVED
 CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a 
segmentation fault  ...)
-       - libjpeg <unfixed>
-       [bullseye] - libjpeg <no-dsa> (Minor issue)
+       - libjpeg <unfixed> (unimportant)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/79
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a 
segmentation fault  ...)
        - libjpeg <unfixed>
        [bullseye] - libjpeg <no-dsa> (Minor issue)
@@ -5716,11 +5716,13 @@ CVE-2022-37049 (The component tcpprep in Tcpreplay 
v4.4.1 was discovered to cont
        NOTE: https://github.com/appneta/tcpreplay/issues/718
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to 
contain ...)
-       - tcpreplay <unfixed> (bug #1018057)
+       - tcpreplay <unfixed> (unimportant; bug #1018057)
        NOTE: https://github.com/appneta/tcpreplay/issues/735
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to 
contain ...)
-       - tcpreplay <unfixed> (bug #1018057)
+       - tcpreplay <unfixed> (unimportant; bug #1018057)
        NOTE: https://github.com/appneta/tcpreplay/issues/734
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-37046
        RESERVED
 CVE-2022-37045
@@ -7963,11 +7965,13 @@ CVE-2022-36192
        RESERVED
 CVE-2022-36191 (A heap-buffer-overflow had occurred in function 
gf_isom_dovi_config_ge ...)
        - gpac <unfixed>
+       [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2218
        NOTE: 
https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free 
vulnerabili ...)
        - gpac <unfixed>
+       [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2220
        NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218
@@ -10582,8 +10586,9 @@ CVE-2022-35168 (Due to improper input sanitization of 
XML input in SAP Business
 CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was 
discovered  ...)
        NOT-FOR-US: Printix Cloud Print Management
 CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite 
loop via  ...)
-       - libjpeg <unfixed>
+       - libjpeg <unfixed> (unimportant)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/7
+       NOTE: Hang in CLI tool, no security impact
 CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 
allows at ...)
        NOT-FOR-US: Bento4
 CVE-2022-35164 (LibreDWG v0.12.4.4608 &amp; commit f2dea29 was discovered to 
contain a ...)
@@ -41297,6 +41302,7 @@ CVE-2022-21795
        RESERVED
 CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) 
Processors may ...)
        - intel-microcode 3.20220809.1
+       [bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
 CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor 
software  ...)
@@ -43083,6 +43089,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository 
vim/vim prior to 8.2. ...
        NOTE: 
https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa 
(v8.2.4217)
 CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in 
function m ...)
        - libmodbus <unfixed>
+       [bullseye] - libmodbus <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
        NOTE: https://github.com/stephane/libmodbus/issues/614
        NOTE: Fixed by: 
https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
 (v3.1.7)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to