[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 27 23:10:14 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0205320 by Moritz Mühlenhoff at 2022-12-28T00:09:34+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -115,9 +115,10 @@ CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS op
 CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...)
 	NOT-FOR-US: OpenMRS
 CVE-2021-4287 (A vulnerability, which was classified as problematic, was found in ReF ...)
-	- binwalk 2.3.3+dfsg1-1
+	- binwalk 2.3.3+dfsg1-1 (unimportant)
 	NOTE: https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd (v2.3.3)
 	NOTE: https://github.com/ReFirmLabs/binwalk/pull/556
+	NOTE: This is not a security vulnerability, but only adds a security-related feature
 CVE-2021-4286 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: cocagne pysrp
 CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios NCPA. Th ...)
@@ -2691,10 +2692,12 @@ CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has
 	NOT-FOR-US: INEX IPX-Manager
 CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ...)
 	- sogo 5.8.0-1
+	[bullseye] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0)
 CVE-2022-4557
 	RESERVED
 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...)
+	[bullseye] - CVE-2022-4556 <no-dsa> (Minor issue)
 	- sogo 5.8.0-1
 	NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0)
 CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...)
@@ -6910,6 +6913,7 @@ CVE-2022-46176
 	RESERVED
 CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be  ...)
 	- node-json5 <unfixed>
+	[bullseye] - node-json5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
 	NOTE: https://github.com/json5/json5/issues/199
 	NOTE: https://github.com/json5/json5/issues/295
@@ -7679,9 +7683,7 @@ CVE-2022-4134
 	NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
 CVE-2022-4133 [reflected XSS]
 	RESERVED
-	- horizon <unfixed>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147389
-	NOTE: check, unclear if specific to Red Hat OpenStack Platform dashboard
+	NOT-FOR-US: Red Hat OpenStack Platform dashboard
 CVE-2022-4132
 	RESERVED
 CVE-2021-46855
@@ -25384,6 +25386,7 @@ CVE-2022-3172
 CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...)
 	[experimental] - protobuf 3.21.7-1
 	- protobuf 3.21.9-3
+	[bullseye] - protobuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
 CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...)
 	- linux <not-affected> (Vulnerable code not present)
@@ -112100,6 +112103,7 @@ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.
 	NOT-FOR-US: ConnectWise Automate
 CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular ...)
 	- node-glob-parent 6.0.2+~5.1.1-1
+	[bullseye] - node-glob-parent <no-dsa> (Minor issue)
 	NOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)
 	NOTE: https://github.com/gulpjs/glob-parent/pull/49
 CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ curl
 --
 frr
 --
+hsqldb
+--
 lava
 --
 linux (carnil)
@@ -59,3 +61,5 @@ sox
 --
 tiff
 --
+trafficserver
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02053201d55bb287d69686ddff7fa56596f37b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02053201d55bb287d69686ddff7fa56596f37b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221227/6be8d482/attachment.htm>

More information about the debian-security-tracker-commits mailing list