[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2021-3826 in libiberty for buster LTS.

Mon, 10 Oct 2022 12:20:33 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91945f55 by Chris Lamb at 2022-10-10T12:15:30-07:00
Triage CVE-2021-3826 in libiberty for buster LTS.

- - - - -
4a3d07b9 by Chris Lamb at 2022-10-10T12:16:00-07:00
Triage CVE-2022-3277 in neutron for buster LTS.

- - - - -
c061a278 by Chris Lamb at 2022-10-10T12:16:35-07:00
Triage CVE-2021-37819 in pdftk-java for buster LTS.

- - - - -
190ecc94 by Chris Lamb at 2022-10-10T12:18:48-07:00
Triage CVE-2022-31033 in ruby-mechanize for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3311,6 +3311,7 @@ CVE-2022-3277 [unrestricted creation of security groups]
        RESERVED
        - neutron <unfixed>
        [bullseye] - neutron <no-dsa> (Minor issue)
+       [buster] - neutron <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
 CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype 
poisoning in t ...)
        - node-hoek 9.0.3+~5.0.0+~4.0.0-1
@@ -30451,6 +30452,7 @@ CVE-2022-31034 (Argo CD is a declarative, GitOps 
continuous delivery tool for Ku
 CVE-2022-31033 (The Mechanize library is used for automating interaction with 
websites ...)
        - ruby-mechanize 2.8.5-1 (bug #1014809)
        [bullseye] - ruby-mechanize <no-dsa> (Minor issue)
+       [buster] - ruby-mechanize <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
        NOTE: Prerequisite to clear credential headers when redirecting to 
cross site
        NOTE: 
https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83
 (v2.8.0)
@@ -75433,6 +75435,7 @@ CVE-2021-3826 (Heap/stack buffer overflow in the 
dlang_lname function in d-deman
        - binutils 2.37.50.20220121-1 (unimportant)
        - libiberty 20220713-1
        [bullseye] - libiberty <no-dsa> (Minor issue)
+       [buster] - libiberty <no-dsa> (Minor issue)
        NOTE: 
https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html
        NOTE: 
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5481040197402be6dfee265bd2ff5a4c88e30505
        NOTE: binutils not covered by security support
@@ -85102,6 +85105,7 @@ CVE-2021-37820
 CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an 
infinite loop  ...)
        - pdftk-java 3.3.2-1
        [bullseye] - pdftk-java <no-dsa> (Minor issue)
+       [buster] - pdftk-java <no-dsa> (Minor issue)
        - pdftk 2.02-5
        NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
        NOTE: 
https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9
 (v3.3.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/09e390e65a80ea678be856c270e471083b83d5d9...190ecc94ebd89b5529ca1129f3ae32dac60b291c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/09e390e65a80ea678be856c270e471083b83d5d9...190ecc94ebd89b5529ca1129f3ae32dac60b291c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to