[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 30 Nov 2022 13:48:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d6f78138 by Moritz Muehlenhoff at 2022-11-30T22:46:30+01:00
bullseye triage
mplayer spu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1486,6 +1486,7 @@ CVE-2022-45786
 CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free 
in low-level/imap/mailimap_types.c]
        RESERVED
        - libetpan <unfixed> (bug #1025120)
+       [bullseye] - libetpan <no-dsa> (Minor issue)
        NOTE: https://github.com/dinhvh/libetpan/issues/420
 CVE-2022-4120
        RESERVED
@@ -2959,6 +2960,7 @@ CVE-2022-45344
        RESERVED
 CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to 
contain a hea ...)
        - gpac <unfixed>
+       [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2315
        NOTE: 
https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -3341,6 +3343,7 @@ CVE-2022-3964 (A vulnerability classified as problematic 
has been found in ffmpe
 CVE-2022-45197 [missing certificate hostname validation]
        RESERVED
        - slixmpp 1.8.3-1
+       [bullseye] - slixmpp <no-dsa> (Minor issue)
        NOTE: 
https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
 (slix-1.8.3)
 CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of 
service ( ...)
        NOT-FOR-US: Hyperledger Fabric
@@ -22221,6 +22224,7 @@ CVE-2022-38865 (Certain The MPlayer Project products 
are vulnerable to Divide By
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
        - mplayer <unfixed> (bug #1021013)
+       [bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
        NOTE: https://trac.mplayerhq.hu/ticket/2406
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94
 (r38391)
 CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
@@ -22234,6 +22238,7 @@ CVE-2022-38862 (Certain The MPlayer Project products 
are vulnerable to Buffer Ov
        NOTE: https://trac.mplayerhq.hu/ticket/2404
 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to 
memory  ...)
        - mplayer <unfixed> (bug #1021013)
+       [bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
        NOTE: https://trac.mplayerhq.hu/ticket/2407
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1
 (r38402)
 CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide 
By Zero  ...)
@@ -29726,9 +29731,11 @@ CVE-2022-36181
        RESERVED
 CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting 
(XSS) via /f ...)
        - fusiondirectory <removed>
+       [bullseye] - fusiondirectory <no-dsa> (Minor issue)
        NOTE: 
https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
 CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. 
...)
        - fusiondirectory <removed>
+       [bullseye] - fusiondirectory <no-dsa> (Minor issue)
        NOTE: 
https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
 CVE-2022-36178
        RESERVED


=====================================
data/next-point-update.txt
=====================================
@@ -68,3 +68,23 @@ CVE-2020-29260
        [bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1
 CVE-2022-39353
        [bullseye] - node-xmldom 0.5.0-1+deb11u2
+CVE-2022-38866
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38865
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38864
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38863
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38861
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38860
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38858
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38855
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38851
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38850
+       [bullseye] - mplayer 2:1.4+ds1-1+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to