[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 24 09:36:11 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
432d4ffb by Moritz Muehlenhoff at 2022-08-24T10:35:59+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1173,16 +1173,19 @@ CVE-2022-2835
 CVE-2022-2834
 	RESERVED
 CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs. ...)
-	- blender 3.2.2+dfsg-1
+	- blender 3.2.2+dfsg-1 (unimportant)
 	NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
 	NOTE: https://developer.blender.org/T99711
+	NOTE: Hang in CLI tool, no security impact
 CVE-2022-2832 (When rendering with headless builds, show an error instead of crashing ...)
 	- blender <unfixed>
+	[bullseye] - blender <no-dsa> (Minor issue)
 	NOTE: https://developer.blender.org/T99706
 	NOTE: https://developer.blender.org/D15463
 	NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c
 CVE-2022-2831 (A loaded (and valid) image can be crafted such that an out-of-bounds r ...)
 	- blender 3.2.2+dfsg-1
+	[bullseye] - blender <no-dsa> (Minor issue)
 	NOTE: https://developer.blender.org/T99705
 	NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
 	NOTE: https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535
@@ -2657,13 +2660,19 @@ CVE-2022-37771
 	RESERVED
 CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
 	- libjpeg <unfixed>
+	[bullseye] - libjpeg <no-dsa> (Minor issue)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/79
+	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
 	- libjpeg <unfixed>
+	[bullseye] - libjpeg <no-dsa> (Minor issue)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/78
+	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via  ...)
-	- libjpeg <unfixed>
+	- libjpeg <unfixed> (unimportant)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/77
+	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
+	NOTE: Hang in CLI tool, no security impact
 CVE-2022-37767
 	RESERVED
 CVE-2022-37766
@@ -3437,6 +3446,7 @@ CVE-2022-37429
 	RESERVED
 CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...)
 	- pdns-recursor <unfixed>
+	[bullseye] - pdns-recursor <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1
 	NOTE: https://downloads.powerdns.com/patches/2022-02/
 CVE-2022-37427
@@ -3554,10 +3564,11 @@ CVE-2022-2654
 CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
 	NOT-FOR-US: plankanban/planka
 CVE-2022-2652 (Depending on the way the format strings in the card label are crafted  ...)
-	- v4l2loopback 0.12.7-1 (bug #1016685)
+	- v4l2loopback 0.12.7-1 (unimportant; bug #1016685)
 	NOTE: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
 	NOTE: https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd (main)
 	NOTE: https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff (v0.12.6)
+	NOTE: Negligible security impact
 CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...)
 	NOT-FOR-US: BookWyrm
 CVE-2022-2650



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/432d4ffb335a8cec10a21f4c75890d617d122720

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/432d4ffb335a8cec10a21f4c75890d617d122720
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220824/bb838cbe/attachment.htm>

More information about the debian-security-tracker-commits mailing list