[Git][security-tracker-team/security-tracker][master] bullseye/buster triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 1 09:43:42 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de79c0c0 by Moritz Muehlenhoff at 2022-07-01T10:42:44+02:00
bullseye/buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4801,16 +4801,22 @@ CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.
NOT-FOR-US: pgadmin on Windows
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
@@ -40811,6 +40817,8 @@ CVE-2022-21950
RESERVED
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...)
- ruby-xmlhash <unfixed> (bug #1010667)
+ [bullseye] - ruby-xmlhash <no-dsa> (Minor issue)
+ [buster] - ruby-xmlhash <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8)
CVE-2022-21948
@@ -45296,6 +45304,8 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame
CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...)
{DLA-2924-1}
- libxstream-java 1.4.19-1
+ [bullseye] - libxstream-java <no-dsa> (Minor issue)
+ [buster] - libxstream-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
NOTE: https://x-stream.github.io/CVE-2021-43859.html
NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de79c0c04d75e4cb744f95532bfcf9b0146b34b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de79c0c04d75e4cb744f95532bfcf9b0146b34b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/459b1f58/attachment.htm>
More information about the debian-security-tracker-commits
mailing list