[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 2 10:11:47 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8bfc354 by Moritz Muehlenhoff at 2022-02-02T11:11:29+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2015,6 +2015,8 @@ CVE-2022-23833
 	RESERVED
 	{DLA-2906-1}
 	- python-django 2:3.2.12-1 (bug #1004752)
+	[bullseye] - python-django <no-dsa> (Minor issue)
+	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
 	NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main)
 	NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2)
@@ -3556,12 +3558,16 @@ CVE-2021-46314
 	RESERVED
 CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2039
 	NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
 CVE-2021-46312
 	RESERVED
 CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2038
 	NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
 CVE-2021-46310
@@ -5015,28 +5021,40 @@ CVE-2021-46241
 	RESERVED
 CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2028
 	NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d
 CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid  ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2026
 	NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4
 CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2027
 	NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf
 CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2033
 	NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00
 CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2024
 	NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d
 CVE-2021-46235
 	RESERVED
 CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2023
 	NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
 CVE-2021-46233
@@ -5313,6 +5331,8 @@ CVE-2022-22818
 	RESERVED
 	{DLA-2906-1}
 	- python-django 2:3.2.12-1 (bug #1004752)
+	[bullseye] - python-django <no-dsa> (Minor issue)
+	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
 	NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main)
 	NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2)
@@ -89818,10 +89838,11 @@ CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct O
 	- glpi <removed>
 CVE-2020-27661 (A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-d ...)
 	- qemu 1:5.2+dfsg-1 (bug #972864)
-	[buster] - qemu <postponed> (Fix along in future DSA)
+	[buster] - qemu <not-affected> (Vulnerable code not present)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03 (v5.2.0-rc0)
+	NOTE: Introduced in v5.1.0-rc0
 CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology SafeAccess befo ...)
 	NOT-FOR-US: Synology
 CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8bfc3548cf8c975bd1c891f989a71744a1db7b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8bfc3548cf8c975bd1c891f989a71744a1db7b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220202/81abc095/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list