Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
755f3d05 by Moritz Muehlenhoff at 2023-02-21T19:44:10+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66583,6 +66583,7 @@ CVE-2022-29979 (Simple Client Management System 1.0 is
vulnerable to SQL Injecti
NOT-FOR-US: Sourcecodester Simple Client Management System
CVE-2022-29978 (There is a floating point exception error in
sixel_encoder_do_resize, ...)
- libsixel <unfixed> (bug #1014527)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -66590,6 +66591,7 @@ CVE-2022-29978 (There is a floating point exception
error in sixel_encoder_do_re
NOTE: Previously also reported in
https://github.com/saitoha/libsixel/issues/166
CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode,
stb_ima ...)
- libsixel <unfixed> (bug #1014526)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -79987,6 +79989,7 @@ CVE-2022-0684 (The WP Home Page Menu WordPress plugin
before 3.1 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called
from six ...)
- libsixel <unfixed> (bug #1014469)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -108120,12 +108123,14 @@ CVE-2021-41738 (ZeroShell 3.9.5 has a command
injection vulnerability in /cgi-bi
CVE-2021-41737
RESERVED
- faust <unfixed> (bug #1014783)
+ [bookworm] - faust <no-dsa> (Minor issue)
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
NOTE: https://github.com/grame-cncm/faust/issues/653
CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow
in the ...)
- faust <unfixed> (bug #1014783)
+ [bookworm] - faust <no-dsa> (Minor issue)
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
[stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
@@ -115981,6 +115986,7 @@ CVE-2021-38577
REJECTED
CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the
Platform a ...)
- edk2 <unfixed> (bug #1014468)
+ [bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private)
@@ -136920,24 +136926,28 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia
before 2021-04-07 frees memory
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer
overflow in Pdf ...)
- libpodofo <unfixed> (bug #986794)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/132/
CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive
call in Pd ...)
- libpodofo <unfixed> (bug #986793)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive
call among ...)
- libpodofo <unfixed> (bug #986792)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in
PoDoFo::PdfVecO ...)
- libpodofo <unfixed> (bug #986791)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
@@ -143459,6 +143469,7 @@ CVE-2021-27918 (encoding/xml in Go before 1.15.9 and
1.16.x before 1.16.1 has an
NOTE: https://github.com/golang/go/issues/44913
CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper
overfl ...)
- newlib <unfixed> (bug #984446)
+ [bookworm] - newlib <no-dsa> (Minor issue)
[bullseye] - newlib <no-dsa> (Minor issue)
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
@@ -180510,6 +180521,7 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows
could allow low-privileged us
NOT-FOR-US: SaferVPN
CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer
dereferen ...)
- qemu <unfixed> (bug #970940)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
@@ -180517,6 +180529,7 @@ CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can
trigger a NULL pointer der
NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has
a NULL p ...)
- qemu <unfixed> (bug #971390)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
@@ -180524,6 +180537,7 @@ CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c
in QEMU before 5.1.1 has a
NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL
pointer d ...)
- qemu <unfixed> (bug #970939)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
@@ -180894,6 +180908,7 @@ CVE-2020-25659 (python-cryptography 3.2 is vulnerable
to Bleichenbacher timing a
NOTE:
https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
(3.2)
CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher
timing at ...)
- python-rsa <unfixed> (bug #974685)
+ [bookworm] - python-rsa <no-dsa> (Minor issue)
[bullseye] - python-rsa <no-dsa> (Minor issue)
[buster] - python-rsa <no-dsa> (Minor issue)
[stretch] - python-rsa <no-dsa> (Minor issue)
@@ -195577,6 +195592,7 @@ CVE-2020-18972 (Exposure of Sensitive Information to
an Unauthorized Actor in Po
NOTE: Negligible security impact
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers
to cause ...)
- libpodofo <unfixed> (bug #1014858)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
@@ -236678,7 +236694,8 @@ CVE-2019-19815 (In the Linux kernel 5.0.21, mounting
a crafted f2fs filesystem i
[stretch] - linux 4.9.184-1
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem
image c ...)
- linux <unfixed>
- [bullseye] - linux <no-dsa> (Minor issue)
+ [bookworm] - linux <no-dsa> (Minor issue, no upstream fix available)
+ [bullseye] - linux <no-dsa> (Minor issue, no upstream fix available)
[buster] - linux <no-dsa> (Minor issue)
[stretch] - linux <ignored> (Minor issue; f2fs is not supportable)
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image, ...)
@@ -259584,6 +259601,7 @@ CVE-2019-14561
CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked]
RESERVED
- edk2 <unfixed> (bug #967994)
+ [bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
@@ -271989,6 +272007,7 @@ CVE-2019-10736
RESERVED
CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or
PGP encry ...)
- claws-mail <unfixed> (low; bug #926705)
+ [bookworm] - claws-mail <no-dsa> (Minor issue)
[bullseye] - claws-mail <no-dsa> (Minor issue)
[buster] - claws-mail <postponed> (Revisit when fixed upstream)
[stretch] - claws-mail <postponed> (Revisit when fixed upstream)
@@ -333312,6 +333331,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to
2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755f3d05e40df715d6066c174f4311689b5b566a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755f3d05e40df715d6066c174f4311689b5b566a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
