[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2022-21658 in rustc for stretch LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue Feb 8 17:02:41 GMT 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd61c630 by Chris Lamb at 2022-02-08T08:59:07-08:00
Triage CVE-2022-21658 in rustc for stretch LTS.

- - - - -
949a1a0d by Chris Lamb at 2022-02-08T09:00:13-08:00
Triage CVE-2022-23451 & CVE-2022-23452 in barbican for stretch LTS.

- - - - -
3b0e5db6 by Chris Lamb at 2022-02-08T09:01:01-08:00
Triage CVE-2021-23520 & CVE-2021-23521 in juce for stretch LTS.

- - - - -
d230a67d by Chris Lamb at 2022-02-08T09:02:15-08:00
Triage CVE-2021-36408, CVE-2021-36409, CVE-2021-36410 & CVE-2021-36411 in libde265 for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3789,6 +3789,7 @@ CVE-2022-23452
 	- barbican <unfixed>
 	[bullseye] - barbican <no-dsa> (Minor issue)
 	[buster] - barbican <no-dsa> (Minor issue)
+	[stretch] - barbican <no-dsa> (Minor issue)
 	NOTE: https://storyboard.openstack.org/#!/story/2009297
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
 CVE-2022-23451
@@ -3796,6 +3797,7 @@ CVE-2022-23451
 	- barbican <unfixed>
 	[bullseye] - barbican <no-dsa> (Minor issue)
 	[buster] - barbican <no-dsa> (Minor issue)
+	[stretch] - barbican <no-dsa> (Minor issue)
 	NOTE: https://storyboard.openstack.org/#!/story/2009253
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
 CVE-2022-23450
@@ -15354,6 +15356,7 @@ CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language d
 	- rustc <unfixed>
 	[bullseye] - rustc <no-dsa> (Minor issue)
 	[buster] - rustc <no-dsa> (Minor issue)
+	[stretch] - rustc <no-dsa> (Minor issue)
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
 CVE-2022-21657
@@ -37154,11 +37157,13 @@ CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect acce
 	- libde265 <unfixed>
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	[buster] - libde265 <no-dsa> (Minor issue)
+	[stretch] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/302
 CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	[buster] - libde265 <no-dsa> (Minor issue)
+	[stretch] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/301
 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
 	NOT-FOR-US: Bitdefender
@@ -37166,11 +37171,13 @@ CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' fai
 	- libde265 <unfixed>
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	[buster] - libde265 <no-dsa> (Minor issue)
+	[stretch] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/300
 CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	[buster] - libde265 <no-dsa> (Minor issue)
+	[stretch] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/299
 CVE-2021-36407
 	RESERVED
@@ -69350,12 +69357,14 @@ CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This
 	- juce 6.1.5~ds0-1
 	[bullseye] - juce <no-dsa> (Minor issue)
 	[buster] - juce <no-dsa> (Minor issue)
+	[stretch] - juce <no-dsa> (Minor issue)
 	NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
 	NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608
 CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
 	- juce 6.1.5~ds0-1
 	[bullseye] - juce <no-dsa> (Minor issue)
 	[buster] - juce <no-dsa> (Minor issue)
+	[stretch] - juce <no-dsa> (Minor issue)
 	NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
 	NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607
 	NOTE: https://snyk.io/research/zip-slip-vulnerability



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/292b762852c9e8acd9fbb8ebd993407495f48a61...d230a67d925237756648d945ed9c6c09d39626b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/292b762852c9e8acd9fbb8ebd993407495f48a61...d230a67d925237756648d945ed9c6c09d39626b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/a7bf1edc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list