[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 26 08:50:47 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d0ad999 by Moritz Muehlenhoff at 2022-08-26T09:50:22+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -62563,18 +62563,22 @@ CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.ja
CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...)
NOT-FOR-US: Android
CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...)
- - colord 1.4.6-1
+ - colord 1.4.6-1 (unimportant)
NOTE: https://github.com/hughsie/colord/issues/110
NOTE: https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405 (1.4.6)
+ NOTE: Memory leak in a system-local daemon, negligible security impact
CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...)
- - anjuta <unfixed>
+ - anjuta <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12
+ NOTE: Memory leak in GUI application, no security impact
CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...)
- vtk9 <unfixed>
+ [bullseye] - vtk9 <no-dsa> (Minor issue)
- vtk7 <unfixed>
+ [bullseye] - vtk7 <no-dsa> (Minor issue)
- vtk6 <unfixed>
+ [bullseye] - vtk6 <no-dsa> (Minor issue)
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818
- TODO: check, potentially as well src:paraview, but needs to check impact
CVE-2021-42520
RESERVED
CVE-2021-42519
@@ -127621,6 +127625,7 @@ CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File Trian
NOTE: Crash in enduser application, no security impact
CVE-2020-28589 (An improper array index validation vulnerability exists in the LoadObj ...)
- tinyobjloader <unfixed> (bug #1014776)
+ [bullseye] - tinyobjloader <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1212
CVE-2020-28588 (An information disclosure vulnerability exists in the /proc/pid/syscal ...)
- linux 5.9.15-1
=====================================
data/dsa-needed.txt
=====================================
@@ -51,3 +51,7 @@ sox
--
thunderbird (jmm)
--
+webkit2gtk
+--
+wpewebkit
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d0ad999e218a3e65817af7df4effe54c638657c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d0ad999e218a3e65817af7df4effe54c638657c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220826/8921b7e4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list