Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: f323fc97 by Thorsten Alteholz at 2022-11-20T01:42:36+01:00 mark CVE-2022-45198 as no-dsa for Buster - - - - - 53093990 by Thorsten Alteholz at 2022-11-20T02:00:05+01:00 mark CVEs for non-free bluez-firmware as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1067,6 +1067,7 @@ CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...) - pillow 9.2.0-1 [bullseye] - pillow <no-dsa> (Minor issue) + [buster] - pillow <no-dsa> (Minor issue) NOTE: https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0) NOTE: https://github.com/python-pillow/Pillow/pull/6402 CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...) @@ -104962,18 +104963,22 @@ CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware <unfixed> (bug #1024356) [bullseye] - bluez-firmware <no-dsa> (Non-free not supported) + [buster] - bluez-firmware <no-dsa> (Non-free not supported) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware <unfixed> (bug #1024356) [bullseye] - bluez-firmware <no-dsa> (Non-free not supported) + [buster] - bluez-firmware <no-dsa> (Non-free not supported) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...) - bluez-firmware <unfixed> (bug #1024356) [bullseye] - bluez-firmware <no-dsa> (Non-free not supported) + [buster] - bluez-firmware <no-dsa> (Non-free not supported) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware <unfixed> (bug #1024356) [bullseye] - bluez-firmware <no-dsa> (Non-free not supported) + [buster] - bluez-firmware <no-dsa> (Non-free not supported) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...) NOT-FOR-US: Zhuhai Jieli View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db1e46eef36397a75820b07a25fadc6fef5d3bf...53093990d5f68db8a1447008d28351ddd0fda408 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db1e46eef36397a75820b07a25fadc6fef5d3bf...53093990d5f68db8a1447008d28351ddd0fda408 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits