[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jan 15 13:05:17 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e63ac987 by Moritz Muehlenhoff at 2022-01-15T14:04:53+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -189,9 +189,13 @@ CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1
 CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...)
 	- glibc <unfixed>
+	[bullseye] - glibc <no-dsa> (Minor issue)
+	[buster] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
 	- glibc <unfixed>
+	[bullseye] - glibc <no-dsa> (Minor issue)
+	[buster] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
 CVE-2022-23217
 	RESERVED
@@ -3154,9 +3158,9 @@ CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via t
 	NOTE: https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/
 	NOTE: Fixed by: https://github.com/vim/vim/commit/5937c7505f444dd896f336fa0119a93a55ebe9a2 (v8.2.3883)
 CVE-2021-46058 (AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2  ...)
-	- inetutils <unfixed>
+	- inetutils <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html
-	TODO: check details
+	NOTE: Negligible security impact
 CVE-2021-46057
 	RESERVED
 CVE-2021-46056
@@ -10524,6 +10528,7 @@ CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line i
 	NOT-FOR-US: jQuery Terminal Emulator
 CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses  ...)
 	- node-mermaid 8.13.8+~cs10.4.16-1
+	[bullseye] - node-mermaid <no-dsa> (Minor issue)
 	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
 	NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
 CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
@@ -20893,6 +20898,8 @@ CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3
 CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos]
 	RESERVED
 	- lemonldap-ng <unfixed>
+	[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+	[buster] - lemonldap-ng <no-dsa> (Minor issue)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c
 CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
@@ -55319,6 +55326,7 @@ CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a tas
 	NOTE: https://puppet.com/security/cve/CVE-2021-27022/
 CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...)
 	- puppetdb <unfixed> (bug #990419)
+	[buster] - puppetdb <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/cve-2021-27021/
 	NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
 	NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266


=====================================
data/dsa-needed.txt
=====================================
@@ -38,8 +38,6 @@ pillow (jmm)
 --
 prosody (jmm)
 --
-puppetdb (jmm)
---
 python-pysaml2 (jmm)
 --
 ruby2.5/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63ac987a26f22356149bae1d84612ca4b1c8e79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63ac987a26f22356149bae1d84612ca4b1c8e79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220115/654a7f42/attachment.htm>

More information about the debian-security-tracker-commits mailing list