[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Fri, 09 Sep 2022 02:49:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cacc85a3 by Moritz Muehlenhoff at 2022-09-09T11:49:27+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,9 +17,10 @@ CVE-2022-40300
        RESERVED
 CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used 
(e.g., b ...)
        [experimental] - singular 1:4.3.1-p1+ds-1
-       - singular <unfixed>
+       - singular <unfixed> (unimportant)
        NOTE: 
https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
 (Release-4-3-1)
        NOTE: https://github.com/Singular/Singular/issues/1137
+       NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2022-40298
        RESERVED
 CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode 
to be use ...)
@@ -4926,9 +4927,10 @@ CVE-2022-2850 [SIGSEGV in sync_repl]
        NOTE: 
https://github.com/389ds/389-ds-base/commit/bd566957f85c889f13cd24f903c91c16c955acbd
 (389-ds-base-1.3.10)
        NOTE: Results from an incomplete fix for CVE-2021-3514
 CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.0 ...)
-       - vim 2:9.0.0229-1
+       - vim 2:9.0.0229-1 (unimportant)
        NOTE: https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
        NOTE: 
https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 
(v9.0.0220)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2848
        RESERVED
 CVE-2022-2847 (A vulnerability, which was classified as critical, has been 
found in S ...)
@@ -4936,9 +4938,10 @@ CVE-2022-2847 (A vulnerability, which was classified as 
critical, has been found
 CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar 
Event  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 
9.0.0218. ...)
-       - vim 2:9.0.0229-1
+       - vim 2:9.0.0229-1 (unimportant)
        NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
        NOTE: 
https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c 
(v9.0.0218)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2844 (A vulnerability classified as problematic has been found in 
MotoPress  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event 
Schedule. I ...)
@@ -24497,6 +24500,7 @@ CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead 
Generation Plugin WordPr
        NOT-FOR-US: WordPress plugin
 CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed 
gf_utf8_wcsl ...)
        - gpac <unfixed> (bug #1016443)
+       [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        [stretch] - gpac <end-of-life> (No longer supported in LTS)
        NOTE: https://github.com/gpac/gpac/issues/2179
@@ -43496,6 +43500,7 @@ CVE-2022-24576 (GPAC 1.0.1 is affected by Use After 
Free through MP4Box. ...)
        NOTE: 
https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae 
(v2.0.0)
 CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow 
through MP4Box ...)
        - gpac 2.0.0+dfsg1-2
+       [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        [stretch] - gpac <end-of-life> (No longer supported in LTS)
        NOTE: https://github.com/gpac/gpac/issues/2058
@@ -63757,6 +63762,7 @@ CVE-2021-43178
        REJECTED
 CVE-2021-43177 (As a result of an incomplete fix for CVE-2015-7225, in 
versions of dev ...)
        - ruby-devise-two-factor 4.0.2-1 (bug #1009636)
+       [bullseye] - ruby-devise-two-factor <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tinfoil/devise-two-factor/security/advisories/GHSA-jm35-h8q2-73mp
        NOTE: https://github.com/tinfoil/devise-two-factor/pull/108
        NOTE: 
https://github.com/tinfoil/devise-two-factor/commit/64576bb9e7d29800c5f92bb86fb6ecff91ad6105
 (v4.0.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacc85a3dee80e45a3f10fb953e17cd59a396db1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacc85a3dee80e45a3f10fb953e17cd59a396db1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to