[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 30 09:31:02 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe2a6c9c by Moritz Muehlenhoff at 2022-08-30T10:30:39+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -614,9 +614,10 @@ CVE-2022-3018
 CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
 	TODO: check
 CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286. ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371
 	NOTE: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 (v9.0.0286)
+	NOTE: Crash in CLI toool, no security impact
 CVE-2022-3015 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: oretnom23 Fast Food Ordering System
 CVE-2022-3014 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -1025,10 +1026,11 @@ CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reve
 CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
 	NOT-FOR-US: CrowCpp
 CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tool ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2952
 	RESERVED
 CVE-2022-2951
@@ -10434,32 +10436,38 @@ CVE-2022-35022
 CVE-2022-35021
 	RESERVED
 CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via  ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
 	- advancecomp <unfixed>
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md
 	TODO: check, unclear reporting to upstream
 CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via  ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
-	- advancecomp <unfixed>
+	- advancecomp <unfixed> (unimportant)
 	NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md
+	NOTE: Crash in CLI tool, no security impact
 	TODO: check, unclear reporting to upstream
 CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...)
 	NOT-FOR-US: bitbank2/PNGdec
@@ -85243,6 +85251,7 @@ CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379
 CVE-2021-3574 (A vulnerability was found in ImageMagick-7.0.11-5, where executing a c ...)
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3540
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe2a6c9c5ce30cf1222a4c0e772f959a186b1107

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe2a6c9c5ce30cf1222a4c0e772f959a186b1107
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220830/fff7c862/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list