[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2020-8287 in http-parser for buster LTS.

Tue Aug 16 16:19:30 BST 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc43cf84 by Chris Lamb at 2022-08-16T08:17:34-07:00
Triage CVE-2020-8287 in http-parser for buster LTS.

- - - - -
913c5e79 by Chris Lamb at 2022-08-16T08:17:51-07:00
Triage CVE-2021-41556 in squirrel3 for buster LTS.

- - - - -
506f373e by Chris Lamb at 2022-08-16T08:18:14-07:00
Triage CVE-2022-38223 in w3m for buster LTS.

- - - - -
9ab01064 by Chris Lamb at 2022-08-16T08:18:45-07:00
Triage CVE-2021-23385 in flask-security for buster LTS.

- - - - -
ec45dbf5 by Chris Lamb at 2022-08-16T08:19:07-07:00
Triage CVE-2016-3709 in libxml2 for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -315,6 +315,7 @@ CVE-2022-38224
 CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...)
 	- w3m <unfixed>
 	[bullseye] - w3m <no-dsa> (Minor issue)
+	[buster] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/242
 CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...)
 	TODO: check
@@ -63746,6 +63747,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cros
 CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...)
 	- squirrel3 <unfixed> (bug #1016212)
 	[bullseye] - squirrel3 <no-dsa> (Minor issue)
+	[buster] - squirrel3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2)
 	NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
 CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a  ...)
@@ -109543,6 +109545,7 @@ CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buf
 CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
 	- flask-security <unfixed>
 	[bullseye] - flask-security <no-dsa> (Minor issue)
+	[buster] - flask-security <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
 CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
 	NOT-FOR-US: Node koa-remove-trailing-slashes before
@@ -178901,6 +178904,7 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t
 	{DSA-4826-1}
 	- http-parser 2.9.4-5 (bug #1016690)
 	[bullseye] - http-parser <no-dsa> (Minor issue)
+	[buster] - http-parser <no-dsa> (Minor issue)
 	- nodejs 12.20.1~dfsg-1 (bug #979364)
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
@@ -382139,6 +382143,7 @@ CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on ban
 CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after commit 960 ...)
 	- libxml2 2.9.12+dfsg-3
 	[bullseye] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769760
 	NOTE: Introduced by: https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588 (v2.9.2-rc1)c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/6e313208/attachment.htm>
