[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a34bb7b by Moritz Muehlenhoff at 2022-02-14T17:36:57+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -947,10 +947,14 @@ CVE-2022-0563
 	RESERVED
 CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within  ...)
 	- tiff 4.3.0-4
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
 CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within  ...)
 	- tiff 4.3.0-4
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
 CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
@@ -6245,6 +6249,8 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT
 	NOT-FOR-US: Octopus Server
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	- tomcat9 <unfixed>
+	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+	[buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
 	NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
@@ -11754,15 +11760,15 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Bu
 CVE-2021-45388
 	REJECTED
 CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
-	- tcpreplay 4.4.0-1
-	[stretch] - tcpreplay <no-dsa> (Minor issue)
+	- tcpreplay 4.4.0-1 (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
-	- tcpreplay 4.4.0-1
-	[stretch] - tcpreplay <no-dsa> (Minor issue)
+	- tcpreplay 4.4.0-1 (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
 	NOT-FOR-US: ffjpeg
 CVE-2021-45384
@@ -16488,6 +16494,8 @@ CVE-2022-21713 (Grafana is an open-source platform for monitoring and observabil
 	- grafana <removed>
 CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
 	- twisted <unfixed>
+	[bullseye] - twisted <no-dsa> (Minor issue)
+	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
 	NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1)
 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/bb2bb9d5/attachment.htm>