Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9ae6ff5 by Moritz Mühlenhoff at 2022-09-20T17:03:48+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5240,20 +5240,23 @@ CVE-2022-38855 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
CVE-2022-38854
RESERVED
CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2398
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e
(r38380)
NOTE: Followup:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8
(r38392)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38852
RESERVED
CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to
Out-of-bounds R ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2393
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935
(r38382)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable
to Divide ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2399
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b
(r38390)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38849
RESERVED
CVE-2022-38848
@@ -8585,6 +8588,7 @@ CVE-2022-37704
RESERVED
CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found
in the ca ...)
- amanda <unfixed>
+ [bullseye] - amanda <no-dsa> (Minor issue)
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
CVE-2022-37702
RESERVED
@@ -33634,6 +33638,7 @@ CVE-2022-1228 (The Opensea WordPress plugin before
1.0.3 does not sanitize and e
NOT-FOR-US: WordPress plugin
CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw
allows an a ...)
- libpod 3.4.7+ds1-1
+ [bullseye] - libpod <no-dsa> (Minor issue)
- golang-github-containers-psgo 1.7.1+ds1-1
[bullseye] - golang-github-containers-psgo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368
@@ -36530,6 +36535,7 @@ CVE-2022-27650 (A flaw was found in crun where
containers were incorrectly start
NOTE:
https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562
(1.4.4)
CVE-2022-27649 (A flaw was found in Podman, where containers were started
incorrectly ...)
- libpod 3.4.6+ds1-1
+ [bullseye] - libpod <no-dsa> (Minor issue)
NOTE: https://github.com/containers/podman/releases/tag/v4.0.3
NOTE:
https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
(main)
NOTE:
https://github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13
(v4.0.3)
@@ -41359,6 +41365,7 @@ CVE-2022-25871 (All versions of package querymen are
vulnerable to Prototype Pol
NOT-FOR-US: Node querymen
CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site
Scripting ...)
- angular.js <unfixed>
+ [bullseye] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are
vulnerable to ...)
NOT-FOR-US: socket.io-client-java
@@ -41414,6 +41421,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson before
1.2.83 are vulnerable to
NOT-FOR-US: com.alibaba:fastjson
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular
Expression D ...)
- angular.js <unfixed> (bug #1014779)
+ [bullseye] - angular.js <no-dsa> (Minor issue)
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by
security support)
NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
CVE-2022-25843
@@ -44956,6 +44964,7 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
NOT-FOR-US: Argo CD
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1015217)
[bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
@@ -44963,6 +44972,7 @@ CVE-2022-24729 (CKEditor4 is an open source
what-you-see-is-what-you-get HTML ed
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
- ckeditor3 <unfixed> (bug #1015217)
[bullseye] - ckeditor3 <no-dsa> (Minor issue)
[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
@@ -45539,6 +45549,7 @@ CVE-2022-24579
RESERVED
CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in
SFS_AddStrin ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/
@@ -45568,6 +45579,7 @@ CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based
buffer overflow through
NOTE:
https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb
(v2.0.0)
CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in
gf_dump_vrml_f ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/
@@ -74245,6 +74257,7 @@ CVE-2021-40404 (An authentication bypass vulnerability
exists in the cgiserver.c
NOT-FOR-US: Reolink
CVE-2021-40403 (An information disclosure vulnerability exists in the
pick-and-place r ...)
- gerbv 2.9.2-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
NOTE: https://github.com/gerbv/gerbv/issues/82
NOTE: Fixed by:
https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878
(v2.9.1-rc.1)
=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ expat
--
fish (aron)
--
+gerbv
+--
gdal
--
linux (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9ae6ff53492c18b23e97b41cd9c941f84a1f1ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9ae6ff53492c18b23e97b41cd9c941f84a1f1ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
