[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 4 17:19:06 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd09e673 by Moritz Muehlenhoff at 2022-04-04T18:18:49+02:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -531,6 +531,8 @@ CVE-2022-28353
 	RESERVED
 CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0.  ...)
 	- tiff <unfixed>
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
 CVE-2021-46782
 	RESERVED
@@ -14471,6 +14473,8 @@ CVE-2022-23608 (PJSIP is a free and open source multimedia communication library
 CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
 	{DLA-2954-1}
 	- python-treq <unfixed> (bug #1005041)
+	[bullseye] - python-treq <no-dsa> (Minor issue)
+	[buster] - python-treq <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
 	NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
 CVE-2022-23606 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -32,11 +32,15 @@ ndpi/oldstable
 --
 nodejs (jmm)
 --
+puma
+--
 python-pysaml2 (jmm)
 --
 rpki-client/stable
   new 7.6 release required libretls, which isn't in Bullseye
 --
+salt
+--
 sox
 --
 trafficserver (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd09e673a7b367bc82a13297a8a648b4c583c285

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd09e673a7b367bc82a13297a8a648b4c583c285
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/0aeb0872/attachment.htm>


More information about the debian-security-tracker-commits mailing list