[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Feb 21 16:06:09 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e4d9721 by Moritz Muehlenhoff at 2022-02-21T17:03:33+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -502,6 +502,8 @@ CVE-2022-0684
RESERVED
CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
- libsixel <unfixed>
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/158
CVE-2021-4222
RESERVED
@@ -871,6 +873,8 @@ CVE-2022-0640
RESERVED
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
- node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
@@ -2404,10 +2408,11 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
CVE-2022-0535
RESERVED
CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
- - htmldoc 1.9.15-1
+ - htmldoc 1.9.15-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0533
RESERVED
CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
@@ -2989,6 +2994,8 @@ CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection
NOT-FOR-US: WordPress plugin
CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
- node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6)
CVE-2022-0511
@@ -4834,8 +4841,11 @@ CVE-2021-4214
CVE-2021-4213
RESERVED
- jss <unfixed>
+ [bullseye] - jss <no-dsa> (Minor issue)
+ [buster] - jss <no-dsa> (Minor issue)
[stretch] - jss <postponed> (revisit when/if fix is complete)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+ NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
CVE-2022-23941
RESERVED
CVE-2022-23940
@@ -6802,11 +6812,15 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on
CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
NOT-FOR-US: XMPie uStore
CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >= ...)
- - pcf2bdf <unfixed>
- TODO: check, no additional references provided, double check
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/5
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attac ...)
- - pcf2bdf <unfixed>
- TODO: check, no additional references provided, double check
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/4
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...)
NOT-FOR-US: CobaltStrike
CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
@@ -10675,22 +10689,32 @@ CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the g
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2002
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2004
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2003
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1999
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2000
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d97218e90b20409fd6147f4f671cda96105fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d97218e90b20409fd6147f4f671cda96105fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220221/5eabbf43/attachment.htm>
More information about the debian-security-tracker-commits
mailing list