[Git][security-tracker-team/security-tracker][master] triage for older issues

Tue, 29 Oct 2024 07:58:24 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c64235bf by Moritz Muehlenhoff at 2024-10-29T15:57:18+01:00
triage for older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -163950,17 +163950,21 @@ CVE-2022-43359 (Gifdec commit 
1dcbae19363597314f6623010cc80abad4e47f7c was disco
 CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function 
Sass::C ...)
        [experimental] - libsass 3.6.5+20231221-1
        - libsass 3.6.5+20231221-2 (bug #1051895)
-       [bookworm] - libsass <no-dsa> (Minor issue)
+       [bookworm] - libsass <ignored> (Minor issue)
        [bullseye] - libsass <no-dsa> (Minor issue)
        [buster] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/3178
+       NOTE: https://github.com/sass/libsass/pull/3184
+       NOTE: 
https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a 
(3.6.6)
 CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function 
Sass::Co ...)
        [experimental] - libsass 3.6.5+20231221-1
        - libsass 3.6.5+20231221-2 (bug #1051895)
-       [bookworm] - libsass <no-dsa> (Minor issue)
+       [bookworm] - libsass <ignored> (Minor issue)
        [bullseye] - libsass <no-dsa> (Minor issue)
        [buster] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/3177
+       NOTE: https://github.com/sass/libsass/pull/3184
+       NOTE: 
https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a 
(3.6.6)
 CVE-2022-43356
        RESERVED
 CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain 
a SQL in ...)
@@ -192064,7 +192068,7 @@ CVE-2022-33065 (Multiple signed integers overflow in 
function au_read_header in
        NOTE: 
https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c 
in Libsnd ...)
        - libsndfile <unfixed> (bug #1051890)
-       [bookworm] - libsndfile <no-dsa> (Minor issue)
+       [bookworm] - libsndfile <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - libsndfile <no-dsa> (Minor issue)
        [buster] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/libsndfile/libsndfile/issues/832
@@ -201169,7 +201173,7 @@ CVE-2022-29979 (Simple Client Management System 1.0 
is vulnerable to SQL Injecti
        NOT-FOR-US: Sourcecodester Simple Client Management System
 CVE-2022-29978 (There is a floating point exception error in 
sixel_encoder_do_resize,  ...)
        - libsixel <unfixed> (bug #1014527)
-       [bookworm] - libsixel <no-dsa> (Minor issue)
+       [bookworm] - libsixel <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - libsixel <no-dsa> (Minor issue)
        [buster] - libsixel <no-dsa> (Minor issue)
        [stretch] - libsixel <no-dsa> (Minor issue)
@@ -201177,7 +201181,7 @@ CVE-2022-29978 (There is a floating point exception 
error in sixel_encoder_do_re
        NOTE: Previously also reported in 
https://github.com/saitoha/libsixel/issues/166
 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, 
stb_ima ...)
        - libsixel <unfixed> (bug #1014526)
-       [bookworm] - libsixel <no-dsa> (Minor issue)
+       [bookworm] - libsixel <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - libsixel <no-dsa> (Minor issue)
        [buster] - libsixel <no-dsa> (Minor issue)
        [stretch] - libsixel <no-dsa> (Minor issue)
@@ -211337,10 +211341,12 @@ CVE-2022-26593 (Cross-site scripting (XSS) 
vulnerability in the Asset module's a
 CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the 
CompoundSelector ...)
        [experimental] - libsass 3.6.5+20231221-1
        - libsass 3.6.5+20231221-2 (bug #1051895)
-       [bookworm] - libsass <no-dsa> (Minor issue)
+       [bookworm] - libsass <ignored> (Minor issue)
        [bullseye] - libsass <no-dsa> (Minor issue)
        [buster] - libsass <no-dsa> (Minor issue)
        NOTE: https://github.com/sass/libsass/issues/3174
+       NOTE: https://github.com/sass/libsass/pull/3184
+       NOTE: 
https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a 
(3.6.6)
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows 
unauthenticated attac ...)
        NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-26590



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c64235bfc652cf519092ff939104a0c77fae07b7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c64235bfc652cf519092ff939104a0c77fae07b7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to