[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Feb 5 13:06:43 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eff3784b by Moritz Muehlenhoff at 2022-02-05T14:06:23+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3911,12 +3911,16 @@ CVE-2022-0265
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
 	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
+	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+	[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
 CVE-2022-23306
 	RESERVED
 CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
 	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
+	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+	[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
 	NOT-FOR-US: pimcore
@@ -3984,6 +3988,8 @@ CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Applicat
 CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization  ...)
 	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
+	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+	[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142
 	RESERVED
@@ -4426,6 +4432,8 @@ CVE-2022-0205
 CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
 	RESERVED
 	- bluez <unfixed> (bug #1003712)
+	[bullseye] - bluez <no-dsa> (Minor issue)
+	[buster] - bluez <no-dsa> (Minor issue)
 	[stretch] - bluez <no-dsa> (Minor issue)
 	NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63)
@@ -14560,6 +14568,8 @@ CVE-2022-21705
 	RESERVED
 CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
 	- node-log4js 6.4.1+~cs8.3.5-1
+	[bullseye] - node-log4js <no-dsa> (Minor issue)
+	[buster] - node-log4js <no-dsa> (Minor issue)
 	NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1)
 	NOTE: https://github.com/log4js-node/streamroller/pull/87
 	NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q
@@ -14716,6 +14726,8 @@ CVE-2022-21659 (Flask-AppBuilder is an application development framework, built
 	TODO: check
 CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
 	- rustc <unfixed>
+	[bullseye] - rustc <no-dsa> (Minor issue)
+	[buster] - rustc <no-dsa> (Minor issue)
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
 CVE-2022-21657
@@ -68697,10 +68709,14 @@ CVE-2021-23522
 	RESERVED
 CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
 	- juce 6.1.5~ds0-1
+	[bullseye] - juce <no-dsa> (Minor issue)
+	[buster] - juce <no-dsa> (Minor issue)
 	NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
 	NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608
 CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
 	- juce 6.1.5~ds0-1
+	[bullseye] - juce <no-dsa> (Minor issue)
+	[buster] - juce <no-dsa> (Minor issue)
 	NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
 	NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607
 	NOTE: https://snyk.io/research/zip-slip-vulnerability



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff3784b741a917c8925e27afd6aa9a48a5fd383

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff3784b741a917c8925e27afd6aa9a48a5fd383
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220205/046d3c40/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list