[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 27 12:52:29 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f832a040 by Moritz Muehlenhoff at 2022-04-27T13:52:12+02:00
buster/bullseye triage
new busybox issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -755,7 +755,7 @@ CVE-2022-29568
 CVE-2022-29567
 	RESERVED
 CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...)
-	TODO: check
+	NOT-FOR-US: Bulletproofs
 CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...)
 	- mruby <unfixed>
 	[bullseye] - mruby <no-dsa> (Minor issue)
@@ -2210,9 +2210,11 @@ CVE-2022-1305
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...)
 	- e2fsprogs <unfixed>
+	[bullseye] - e2fsprogs <no-dsa> (Minor issue)
+	[buster] - e2fsprogs <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
-	TODO: check when fixed
+	NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u
 CVE-2022-1303
 	RESERVED
 CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...)
@@ -2708,6 +2710,7 @@ CVE-2022-28806
 	RESERVED
 CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...)
 	- lua5.4 <unfixed>
+	[bullseye] - lua5.4 <no-dsa> (Minor issue)
 	NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
 	NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00001.html
 	NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html
@@ -3760,7 +3763,10 @@ CVE-2022-28393
 CVE-2022-28392
 	RESERVED
 CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...)
-	TODO: check
+	- busybox <unfixed>
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
+	NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...)
 	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832a04003eee506d4a3791e4088d1eab1515d61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220427/1280f5bc/attachment.htm>

More information about the debian-security-tracker-commits mailing list