Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90fa8546 by Moritz Muehlenhoff at 2022-10-05T12:27:29+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3962,6 +3962,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in
GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to
2.1.0-D ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE:
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
@@ -6119,6 +6120,7 @@ CVE-2022-39836
RESERVED
CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The
vulnerability allo ...)
- gajim 1.5.0-1
+ [bullseye] - gajim <no-dsa> (Minor issue)
NOTE:
https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067
(1.5.0)
CVE-2022-39834
RESERVED
@@ -40933,6 +40935,7 @@ CVE-2022-1036 (Able to create an account with long
password leads to memory corr
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository
gpac/gpa ...)
- gpac <unfixed> (bug #1016443)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
@@ -44986,6 +44989,7 @@ CVE-2022-21802 (The package grapesjs before 0.19.5 are
vulnerable to Cross-site
NOT-FOR-US: grapejs
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to
Arbitrary ...)
- joblib <unfixed> (bug #1020820)
+ [bullseye] - joblib <no-dsa> (Minor issue)
NOTE: https://github.com/joblib/joblib/issues/1128
NOTE: https://github.com/joblib/joblib/pull/1321
NOTE:
https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
(1.2.0)
@@ -58332,6 +58336,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow
Vulnerability exists in HDF5 1.13.
NOTE: Negligible security impact, malicous scientific data has more
issues than a crash...
CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1
in MP4Bo ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1990
@@ -134539,6 +134544,7 @@ CVE-2020-29261
CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak
via the f ...)
{DLA-3125-1}
- libvncserver <unfixed> (bug #1019228)
+ [bullseye] - libvncserver <no-dsa> (Minor issue)
NOTE:
https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination
System ...)
NOT-FOR-US: Online Examination System
=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ netatalk
--
nodejs
--
+openexr
+--
php-horde-mime-viewer
--
php-horde-turba
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
