Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e24005dd by Moritz Muehlenhoff at 2023-02-21T10:30:07+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20278,6 +20278,7 @@ CVE-2022-45749
RESERVED
CVE-2022-45748 (An issue was discovered with assimp 5.1.4, a use after free
occurred i ...)
- assimp <unfixed> (bug #1029833)
+ [bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <no-dsa> (Minor issue)
[buster] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4286
@@ -42679,6 +42680,7 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered
to contain a heap-buffer o
NOTE:
https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was
discovered to co ...)
- assimp <unfixed> (bug #1021018)
+ [bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <no-dsa> (Minor issue)
[buster] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
@@ -93759,6 +93761,7 @@ CVE-2021-45341 (A buffer overflow vulnerability in
CDataMoji of the jwwlib compo
NOTE: Fixed by:
https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer
dereference ...)
- libsixel <unfixed> (bug #1004377)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -131741,6 +131744,7 @@ CVE-2021-32295
RESERVED
CVE-2021-32294 (An issue was discovered in libgig through 20200507. A
heap-buffer-over ...)
- libgig <unfixed> (bug #1014777)
+ [bookworm] - libgig <ignored> (Minor issue)
[bullseye] - libgig <ignored> (Minor issue)
[buster] - libgig <ignored> (Minor issue)
[stretch] - libgig <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -159072,11 +159076,13 @@ CVE-2020-36121
RESERVED
CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function
of Libsix ...)
- libsixel <unfixed> (bug #988159)
- [bullseye] - libsixel <no-dsa> (Minor issue)
+ [bookworm] - libsixel <no-dsa> (Minor issue, fix modifies the API)
+ [bullseye] - libsixel <ignored> (Minor issue, fix modifies the API)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <postponed> (Minor issue; can be fixed in next
update)
- NOTE: https://github.com/saitoha/libsixel/issues/143
+ NOTE: https://github.com/saitoha/libsixel/issues/143 (old/defunct repo)
NOTE: https://github.com/libsixel/libsixel/issues/46
+ NOTE: https://github.com/libsixel/libsixel/pull/47
CVE-2020-36119
RESERVED
CVE-2020-36118
@@ -333036,6 +333042,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has
incorrect certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the
ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
+ [bookworm] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[bullseye] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[buster] - jabberd2 <ignored> (Minor issue, default init system not
affected)
[stretch] - jabberd2 <ignored> (Minor issue, default init system not
affected)
@@ -434175,11 +434182,7 @@ CVE-2016-1587 (The Snapweb interface before version
0.21.2 was exposing controls
CVE-2016-1586 (A malicious webview could install long-lived unload handlers
that re-u ...)
NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally
widened when ...)
- - apparmor <unfixed> (low; bug #929990)
- [bullseye] - apparmor <ignored> (Minor overall security impact)
- [buster] - apparmor <ignored> (Minor overall security impact)
- [stretch] - apparmor <ignored> (Minor overall security impact)
- [jessie] - apparmor <ignored> (Minor overall security impact)
+ - apparmor <unfixed> (unimportant; bug #929990)
NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=995594
NOTE: Introduced around AppArmor 2.8 upstream.
@@ -434188,6 +434191,7 @@ CVE-2016-1585 (In all versions of AppArmor mount
rules are accidentally widened
NOTE: by default before buster, in particular not with mount rules), 2.
libvirtd
NOTE: but the profile is not meant to be a strong security boundary.
NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017/comments/6
+ NOTE: Negligible security impact / known limitation
CVE-2016-1584 (In all versions of Unity8 a running but not active application
on a la ...)
- unity <itp> (bug #609278)
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c
in the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e24005ddd6defa84189f9ba753f4dd0d48820b39
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e24005ddd6defa84189f9ba753f4dd0d48820b39
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
