Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fe0d32f by Moritz Muehlenhoff at 2022-09-05T16:59:40+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4765,6 +4765,7 @@ CVE-2022-2735
- pcs 0.11.3-2 (bug #1018930)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815
+ NOTE:
https://github.com/ClusterLabs/pcs/commit/de068e2066e377d1cc77edf25aed0198e4c77f7b
CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
NOT-FOR-US: OpenEMR
CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository
openemr/op ...)
@@ -34918,24 +34919,28 @@ CVE-2022-27149
REJECTED
CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable
to Integ ...)
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <end-of-life> (EOL in buster LTS)
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2067
NOTE:
https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df
(v2.0.0)
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a
use-after-free v ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2109
NOTE:
https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893
(v2.0.0)
CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a
heap-buffer-overflow vu ...)
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <end-of-life> (EOL in buster LTS)
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2120
NOTE:
https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7
(v2.0.0)
CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a
stack-overflow v ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE:
https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e
(v2.0.0)
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netatalk
--
nodejs
--
+pcs (jmm)
+--
php-horde-mime-viewer
--
php-horde-turba
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe0d32f5f72ecf42066838cdecbeec91194de30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fe0d32f5f72ecf42066838cdecbeec91194de30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
