[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 6 14:31:15 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e21f566 by Moritz Muehlenhoff at 2022-04-06T15:30:05+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1600,11 +1600,15 @@ CVE-2022-1116
 CVE-2022-1115
 	RESERVED
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
 CVE-2022-1114
 	RESERVED
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
 CVE-2022-1113
@@ -10379,6 +10383,7 @@ CVE-2022-24804
 	RESERVED
 CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard include proces ...)
 	- ruby-asciidoctor-include-ext <unfixed> (bug #1009035)
+	[bullseye] - ruby-asciidoctor-include-ext <no-dsa> (Minor issue)
 	NOTE: https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29
 	NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155 (v0.4.0)
 	NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee (v0.4.0)
@@ -10632,14 +10637,20 @@ CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of server-side
 	NOT-FOR-US: ssr-pages
 CVE-2022-24716 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.9.6-1
+	[bullseye] - icingaweb2 <not-affected> (Vulnerable code not present)
+	[buster] - icingaweb2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw
 	NOTE: https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d
 CVE-2022-24715 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.9.6-1
+	[bullseye] - icingaweb2 <no-dsa> (Minor issue)
+	[buster] - icingaweb2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
 	NOTE: https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
 CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.9.6-1
+	[bullseye] - icingaweb2 <no-dsa> (Minor issue)
+	[buster] - icingaweb2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf
 	NOTE: https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293
 CVE-2022-24713 (regex is an implementation of regular expressions for the Rust languag ...)
@@ -12349,9 +12360,10 @@ CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command injecti
 CVE-2022-24192
 	RESERVED
 CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can l ...)
-	- htmldoc 1.9.15-1
+	- htmldoc 1.9.15-1 (unimportant)
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077 (v1.9.15)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/470
+	NOTE: Hang in CLI tool, no security impact
 CVE-2022-24190
 	RESERVED
 CVE-2022-24189
@@ -55417,7 +55429,11 @@ CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl com
 	NOT-FOR-US: A-Tune OS tuning engine
 CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple  ...)
 	- libsdl1.2 <unfixed>
+	[bullseye] - libsdl1.2 <no-dsa> (Minor issue)
+	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.20+dfsg-2
+	[bullseye] - libsdl2 <no-dsa> (Minor issue)
+	[buster] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20)
 CVE-2021-33656
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e21f56693fa9d0158ec05f427ab99c9bcb7f54f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e21f56693fa9d0158ec05f427ab99c9bcb7f54f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220406/cf199052/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list