[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 21 16:06:09 GMT 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e4d9721 by Moritz Muehlenhoff at 2022-02-21T17:03:33+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -502,6 +502,8 @@ CVE-2022-0684
 	RESERVED
 CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
 	- libsixel <unfixed>
+	[bullseye] - libsixel <no-dsa> (Minor issue)
+	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/158
 CVE-2021-4222
 	RESERVED
@@ -871,6 +873,8 @@ CVE-2022-0640
 	RESERVED
 CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
 	- node-url-parse 1.5.7-1
+	[bullseye] - node-url-parse <no-dsa> (Minor issue)
+	[buster] - node-url-parse <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
 	NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
 CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
@@ -2404,10 +2408,11 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
 CVE-2022-0535
 	RESERVED
 CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
-	- htmldoc 1.9.15-1
+	- htmldoc 1.9.15-1 (unimportant)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0533
 	RESERVED
 CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18  ...)
@@ -2989,6 +2994,8 @@ CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
 	- node-url-parse 1.5.7-1
+	[bullseye] - node-url-parse <no-dsa> (Minor issue)
+	[buster] - node-url-parse <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
 	NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6)
 CVE-2022-0511
@@ -4834,8 +4841,11 @@ CVE-2021-4214
 CVE-2021-4213
 	RESERVED
 	- jss <unfixed>
+	[bullseye] - jss <no-dsa> (Minor issue)
+	[buster] - jss <no-dsa> (Minor issue)
 	[stretch] - jss <postponed> (revisit when/if fix is complete)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+	NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
 CVE-2022-23941
 	RESERVED
 CVE-2022-23940
@@ -6802,11 +6812,15 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
 	NOT-FOR-US: XMPie uStore
 CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >= ...)
-	- pcf2bdf <unfixed>
-	TODO: check, no additional references provided, double check
+	- pcf2bdf <unfixed> (unimportant)
+	NOTE: https://github.com/ganaware/pcf2bdf
+	NOTE: https://github.com/ganaware/pcf2bdf/issues/5
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attac ...)
-	- pcf2bdf <unfixed>
-	TODO: check, no additional references provided, double check
+	- pcf2bdf <unfixed> (unimportant)
+	NOTE: https://github.com/ganaware/pcf2bdf
+	NOTE: https://github.com/ganaware/pcf2bdf/issues/4
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the  ...)
 	NOT-FOR-US: CobaltStrike
 CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
@@ -10675,22 +10689,32 @@ CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the g
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2002
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2004
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2003
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1999
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2000
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d97218e90b20409fd6147f4f671cda96105fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d97218e90b20409fd6147f4f671cda96105fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220221/5eabbf43/attachment.htm>


More information about the debian-security-tracker-commits mailing list