Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d561c93 by Moritz Muehlenhoff at 2022-07-05T12:23:40+02:00
buster/bullseye triage
- - - - -
7745a92b by Moritz Muehlenhoff at 2022-07-05T12:25:46+02:00
add additiona reference for older io_uring issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -613,10 +613,11 @@ CVE-2022-2303
CVE-2022-2302
RESERVED
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to
1.10.3. ...)
- - chafa 1.10.3-1
+ - chafa 1.10.3-1 (unimportant)
NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/
NOTE:
https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9
(1.12.0)
NOTE:
https://github.com/hpjansson/chafa/commit/a52325294cc018d4fa9a7f29668faea24362b94c
(1.10.3)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
NOT-FOR-US: microweber
CVE-2022-2299
@@ -740,6 +741,8 @@ CVE-2022-34894 (In JetBrains Hub before 2022.2.14799,
insufficient access contro
NOT-FOR-US: JetBrains Hub
CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim
prior to 9 ...)
- vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
NOTE:
https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe
(v9.0.0018)
CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
@@ -5260,6 +5263,8 @@ CVE-2022-33104
RESERVED
CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to
contain an ...)
- u-boot <unfixed>
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
NOTE:
https://lore.kernel.org/all/CALO=dhfb+yboxxvr5kcsk0ifdg+e7ywko4-e+72kjbcs8jb...@mail.gmail.com/
NOTE:
https://lore.kernel.org/all/[email protected]/
CVE-2022-33102
@@ -56648,6 +56653,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the
Linux kernel 5.10 through 5
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
NOTE:
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
+ NOTE:
https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/
CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows
Director ...)
{DSA-4987-1 DLA-2789-1}
- squashfs-tools 1:4.5-3 (bug #994262)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
