[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Aug 11 23:17:28 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fb5242a by Moritz Muehlenhoff at 2022-08-12T00:16:58+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6836,6 +6836,7 @@ CVE-2022-2348
CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU]
RESERVED
- u-boot <unfixed> (bug #1014959)
+ [bullseye] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
CVE-2022-35399
REJECTED
@@ -19437,10 +19438,12 @@ CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro
NOT-FOR-US: Trend Micro
CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...)
- unbound <unfixed> (bug #1016493)
+ [bullseye] - unbound <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...)
- unbound <unfixed> (bug #1016493)
+ [bullseye] - unbound <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -63241,6 +63244,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cros
NOT-FOR-US: Sofico
CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...)
- squirrel3 <unfixed> (bug #1016212)
+ [bullseye] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2)
NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ ruby-tzinfo
--
salt
--
+sofia-sip
+--
sox
patch needed for CVE-2021-40426, check with upstream
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb5242a2a2dc6cbc150a31fd145fb0a8b212c18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220811/9ed8514f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list