[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Wed Apr 27 19:07:29 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3512b536 by Moritz Muehlenhoff at 2022-04-27T20:07:08+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137,6 +137,7 @@ CVE-2022-1475
 	RESERVED
 	{DSA-5124-1}
 	- ffmpeg 7:4.4.2-1
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/9651
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2)
@@ -3535,6 +3536,8 @@ CVE-2022-28507
 	RESERVED
 CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...)
 	- giflib <unfixed>
+	[bullseye] - giflib <no-dsa> (Minor issue)
+	[buster] - giflib <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/giflib/bugs/159/
 CVE-2022-28505
 	RESERVED
@@ -32864,6 +32867,8 @@ CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher
 	NOT-FOR-US: AnyTXT Searcher for Windows
 CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...)
 	- iotjs <unfixed>
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754
 	NOTE: Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f
@@ -35529,6 +35534,8 @@ CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in de
 	NOT-FOR-US: D-Link
 CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...)
 	- opensc 0.22.0-1
+	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448
 	NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0)
@@ -35537,6 +35544,8 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version
 	NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1)
 CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...)
 	- opensc 0.22.0-1
+	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439
 	NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1)
@@ -35545,16 +35554,22 @@ CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version
 	NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1)
 CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in  ...)
 	- opensc 0.22.0-1
+	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139
 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0  ...)
 	- opensc 0.22.0-1
+	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086
 CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in  ...)
 	- opensc 0.22.0-1
+	[bullseye] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
@@ -39363,6 +39378,8 @@ CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7d
 	TODO: check - could be only a test artifact
 CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...)
 	- iotjs <unfixed>
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
 	NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2
 CVE-2021-41750



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220427/10fe0e9d/attachment.htm>
