[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 28 Feb 2023 08:25:01 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bb556c99 by Moritz Muehlenhoff at 2023-02-28T17:24:25+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38083,6 +38083,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 9.
 CVE-2022-3277 [unrestricted creation of security groups]
        RESERVED
        - neutron <unfixed> (bug #1027150)
+       [bookworm] - neutron <no-dsa> (Minor issue)
        [bullseye] - neutron <no-dsa> (Minor issue)
        [buster] - neutron <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
@@ -47524,17 +47525,17 @@ CVE-2022-37772 (Maarch RM 2.8.3 solution contains an 
improper restriction of exc
 CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper 
protecti ...)
        NOT-FOR-US: IObit Malware Fighter
 CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a 
segmentation fault  ...)
-       - libjpeg <unfixed> (unimportant)
+       - libjpeg 0.0~git20220805.54ec643-1 (unimportant)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/79
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a 
segmentation fault  ...)
-       - libjpeg <unfixed> (bug #1025339)
+       - libjpeg 0.0~git20220805.54ec643-1 (bug #1025339)
        [bullseye] - libjpeg <no-dsa> (Minor issue)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/78
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite 
loop via  ...)
-       - libjpeg <unfixed> (unimportant)
+       - libjpeg 0.0~git20220805.54ec643-1 (unimportant)
        NOTE: https://github.com/thorfdbg/libjpeg/issues/77
        NOTE: 
https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
        NOTE: Hang in CLI tool, no security impact
@@ -130427,6 +130428,7 @@ CVE-2021-33814
 CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows 
attackers to c ...)
        {DLA-2712-1 DLA-2696-1}
        - libjdom2-intellij-java <unfixed> (bug #990673)
+       [bookworm] - libjdom2-intellij-java <no-dsa> (Minor issue)
        [bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
        [buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
        - libjdom2-java 2.0.6-2.1 (bug #990671)
@@ -133003,7 +133005,7 @@ CVE-2021-32825 (bblfshd is an open source self-hosted 
server for source code par
 CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. 
Versions prio ...)
        TODO: check
 CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a 
potential deni ...)
-       - ruby-bindata <unfixed> (bug #990577)
+       - ruby-bindata 2.4.14-1 (bug #990577)
        [bullseye] - ruby-bindata <no-dsa> (Minor issue)
        [buster] - ruby-bindata <no-dsa> (Minor issue)
        [stretch] - ruby-bindata <no-dsa> (Minor issue)
@@ -163502,7 +163504,7 @@ CVE-2021-21306 (Marked is an open-source markdown 
parser and compiler (npm packa
        NOTE: 
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
        NOTE: 
https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
 CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple 
and flex ...)
-       - ruby-carrierwave <unfixed> (bug #982551)
+       - ruby-carrierwave 1.3.2-1 (bug #982551)
        [buster] - ruby-carrierwave <no-dsa> (Minor issue)
        [stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
        NOTE: 
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
@@ -204199,6 +204201,7 @@ CVE-2020-16156 (CPAN 2.28 allows Signature 
Verification Bypass. ...)
        NOTE: 
https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 
(2.33-TRIAL)
 CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely 
define sig ...)
        - libcpan-checksums-perl <unfixed>
+       [bookworm] - libcpan-checksums-perl <no-dsa> (Minor issue)
        [bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
        [buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
        [stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to